.png)
In recent years, governments worldwide have been tightening regulatory frameworks and increasing compliance obligations on businesses. This shift is often a response to declining resources available for direct enforcement, particularly in areas such as fraud prevention, financial oversight, and consumer protection. Rather than increasing direct government enforcement, authorities are relying more heavily on businesses to police themselves, often under threat of heavy penalties for non-compliance.
One of the key drivers behind this trend is the gradual reduction in government spending on enforcement agencies. For example, in the United States, the Internal Revenue Service (IRS) has seen a 20% decrease in its enforcement budget over the last decade, according to a 2021 report by the Congressional Budget Office. Similarly, the UK’s Serious Fraud Office (SFO) has faced ongoing funding constraints, leading to reduced investigations into corporate fraud and corruption.
In Australia, the Australian Securities and Investments Commission (ASIC) has also seen reductions in its real-term budget over time, leading it to shift responsibility for detecting and preventing misconduct onto the financial sector itself. In Canada, a 2019 Auditor General’s report noted that the Canada Revenue Agency (CRA) was unable to audit high-risk tax fraud cases effectively due to staffing and resource shortages.
As enforcement agencies struggle to maintain effective oversight, governments have instead sought to strengthen regulatory obligations on businesses, making them responsible for much of the work previously done by public bodies.
To compensate for the reduction in direct oversight, governments have introduced a series of stricter compliance measures across various industries. One prominent example is the financial sector, where anti-money laundering (AML) and counter-terrorism financing (CTF) regulations have become significantly more stringent.
In the European Union, the 6th Anti-Money Laundering Directive (6AMLD), which came into effect in 2021, expanded the liability of financial institutions and introduced tougher penalties for non-compliance. Meanwhile, in the United States, the Corporate Transparency Act (2021) increased reporting requirements for businesses, demanding greater transparency regarding ownership structures to combat tax evasion and fraud.
Another sector experiencing increased regulatory burden is data protection and cybersecurity. The General Data Protection Regulation (GDPR) in the EU and similar laws in California (CCPA/CPRA) have forced companies to take on extensive compliance obligations, with penalties reaching up to 4% of annual global turnover for non-compliance. Governments have effectively delegated the responsibility of safeguarding consumer data to private organisations, reducing the need for direct government oversight.
While these regulatory frameworks aim to reduce crime and misconduct, they also create significant financial and administrative burdens for businesses. A 2022 report by Thomson Reuters estimated that firms globally spent over $213 billion on regulatory compliance costs annually. For banks alone, compliance-related expenditures have grown by over 60% since 2008, according to the Financial Stability Board.
Small and medium-sized enterprises (SMEs) are particularly affected, as they lack the resources to build large compliance teams or invest in sophisticated risk management systems. A 2020 survey by the Federation of Small Businesses (FSB) found that UK small businesses spend an average of 22 hours per month dealing with compliance-related tasks, significantly reducing their capacity for growth and innovation.
Many governments are also expanding corporate liability laws to hold companies accountable for failing to prevent misconduct within their ranks. The UK’s Economic Crime and Corporate Transparency Bill, for instance, introduces a “failure to prevent” model that puts businesses at risk of prosecution if fraud occurs within their organisation, even if management was unaware. Similarly, the U.S. Department of Justice has been pushing for stronger corporate compliance programs by offering reduced penalties to companies that self-report misconduct.
This trend places an increasing expectation on businesses to act as de facto enforcers of the law, essentially outsourcing the policing of financial crimes, data breaches, and consumer protection to private organisations.
Governments are facing growing constraints in their ability to police financial fraud, data security, and other regulatory concerns due to declining enforcement budgets. In response, they have shifted much of the compliance burden onto businesses, requiring them to enforce stricter self-regulation under the threat of heavy penalties. While these measures may reduce crime and improve accountability, they also create significant costs and administrative challenges, particularly for smaller-to-mid-sized businesses. As regulatory frameworks continue to evolve, organisations must stay ahead of compliance requirements or risk severe consequences, making compliance an ever-growing priority in the corporate world.
Experience the power of augmenting your fraud resilience and compliance with AI. Schedule a personalised demo now to see how our advanced platform can give you clearer risk insights and better fraud governance.
We are also available on the details below.
