10 Compliance Threats to Watch Out for in 2025

Have you heard of the iceberg theory of success? It describes success as the tip of an iceberg – only you know how much time and effort it took to get to that shiny point at the top everyone sees. A well-run business is a lot like that iceberg. From the outside, everything looks seamless and easy. But you know how much effort it can take to look effortless.

It’s similar to the amount of work, time and energy your business needs to put in to maintain compliance. There are so many different regulations to keep in mind and laws are constantly changing. So, if you want to avoid the hefty fines that come with compliance violations – not to mention the serious damage it can do your company’s reputation and bottom line - you need to prioritize it. 

On paper, that sounds simple – just stay compliant. But there are so many different types of regulations your business needs to comply with. Between data privacy, health and safety, labor rights, sanctions and financial accounting, it can be hard to keep up with all the different regulations, let alone make sure your company is in compliance. And if your company doesn’t have a specialized team, resources or tools to manage your compliance program, it can be really hard to keep track of it all. 

Thankfully, knowledge is power. The first step is learning about all the compliance risks that could threaten your business. So, we’ve put together a useful outline of 10 compliance risks to  watch out for.

Data is a big issue when it comes to compliance. Your business needs to understand who to target and how, which means digging into data about your customers or clients.  What that means is there’s much more data available about people’s spending habits, locations, opinions and more. But just because that data exists doesn’t mean you’re allowed to access it.

Data privacy can be complicated, because different regions have different laws. In general, though, your business needs to be compliant with the U.S. Privacy Act of 1974, which establishes rules for collecting, maintaining, using and disseminating personal information. This law applies to B2B and B2C businesses and means you can only access data if the customer consents to data collection. If you’re buying data to help your business in marketing and other strategic decisions, you need to make sure that data has been ethically compiled. 

Money laundering happens when stolen money is processed through a legitimate entity, like a bank or a legit business. It disguises the true source of the money and makes it harder to trace the crime back to the fraudster. Needless to say, you want your business to stay very far away from any other business involved in money laundering. 

One of the biggest examples of money laundering was the Wachovia Bank scandal. In 2010, it was discovered that Wachovia allowed Mexican drug cartels to launder close to $390 billion through its branches between 2004 and 2007. The cartel sold drugs and deposited the money into bank accounts in Mexico, which, at the time, had lower standards for investigating the origin of deposited money. After that, the money was transferred to Wachovia bank accounts in the US, clean as a whistle. Once the money laundering was discovered, Wachovia was fined $160 million by the Financial Crimes Enforcement Network.

Remember when you were a kid and your parents told you not to hang out with “bad influences”? Turns out that doesn’t go away in adulthood – even for businesses.

Sanctions are government orders to avoid doing business in certain regions or with certain people or companies. And, you guessed it, you’ll have to avoid sanctioned entities in all parts of your supply chain. That means that, not only are you not allowed to work with a sanctioned entity directly, but your suppliers can’t either. 

Take e.l.f Beauty, for example. In 2019, the cosmetics brand imported a shipment of false eyelash kits from two Chinese suppliers. The suppliers weren’t sanctioned, so why was e.l.f Beauty fined nearly $1 million?

The answer lies deeper in their supply chain. Those Chinese suppliers had sourced materials from North Korea, a sanctioned entity. Thankfully, e.l.f realized the issue themselves while auditing their supply chain and were able to act quickly. But it goes to show you how easy it is for sanctioned entities to slip under the radar in your supply chain – and the hefty fine e.l.f Beauty paid should tell you exactly why you need to keep an eye on sanctions. 

Protecting the rights of your employees is a cornerstone of compliance. A few laws you’ll need to keep in mind include:

• The Fair Labor Standards Act: This is a wide-reaching law that provides the rules for employment standards. Things like employment classification, minimum wage and overtime pay are all laid out in this act.

• Title IIV of the Civil Rights Act: This prevents employment discrimination on the basis of race, color, religion, sex (including sexuality, gender identity and pregnancy), or national origin.

• The Americans with Disabilities Act: This lays out the accommodations employers are required to provide disabled employees with.

• Family and Medical Leave Act: This grants eligible employees with 12 weeks of unpaid leave for family and medical reasons.

But keep in mind that this is just a selection of the laws you’ll need to be aware of. And remember that new laws are introduced all the time – you'll need to stay on top of them, too. In 2021, for example, the Uyghur Forced Labor Prevention Act was passed in congress. In essence, this act has banned imports from China’s Xinjiang region unless companies can prove their goods weren’t produced with forced or child labor.

You’ll find similar legislation in Canada and elsewhere in the world, but fines aren’t the only thing you’ll need to worry about when it comes to keeping your supply chain clear. As we discovered in our research study, The Murky Waters of Overseas Manufacturing, 28% of respondents said they were most worried about the reputational damage that comes with working with a company that uses forced labor.   

In the US, you’re probably familiar with OSHA, or the Occupational Safety and Health Administration. They’re the ones who keep workplaces safe – depending on your industry, you may have a lot of interaction with them. In warehouses, for example, OSHA mandates training and protocols to prevent falls. A few examples of other OSHA regulations include:

• Training and awareness around chemical hazards

• The requirement for employers to provide PPE to employees

• Accurate record-keeping for accidents and injuries 

We’ve seen big fines come from OSHA investigations – if you aren’t making sure your workers and your suppliers’ workers are well taken care of, you could very well be next. In July 2024, for example, Viscofan USA, the American subsidiary of Viscofan, one of the world’s leading makers of meat casings, was fined $197,000. OSHA found that Viscofan USA hadn’t properly trained its workers about appropriate health and safety protocols. Unfortunately in this case, that lack of training led to two major accidents – an employee’s arm being caught in a roller machine and another suffering chemical burns – both in the same week.

Taxes aren’t exactly the sexiest part of running a business, but that doesn’t make them less important. And skimping on taxes – even if you don’t realize you’re doing it – can have serious consequences for your business. 

Your finance team needs to keep a very close eye on the tax implications for your business. The US has tax treaties with several countries, including Canada and the UK, which limits the amount of taxes you have to pay on income from those countries.

Keep an eye on the Marketplace Fairness Act, currently pending in Congress. If passed, companies will be legally required to collect sales taxes. B2B companies who previously weren’t required to collect sales taxes will need to take their tax compliance much more seriously.  

But what about the regulations you need to know right now? Let’s take a look at a few:

• The Securities Act of 1933: Also known as the “Truth in Securities” law, this act requires investors to have key financial information about a company. It was passed as a way to prevent fraud and misrepresentation in the securities industry and means you’ll need to disclose specific financial information about your company where required.

• The Securities Exchange Act of 1934: While the Securites Act of 1933 regulates purchases in the primary market (so securities being purchased directly from the company), the Securities Exchange Act of 1934 governs secondary markets. It was introduced to prevent insider trading and other types of fraud. Anyone trying to purchase more than 5% of a company is entitled to key financial information about the company.

• The Uniform Limited Liability Company Act: This act states that employees of a limited liability company owe only “loyalty and care” to their company. In simple terms, that means employees aren’t on the hook for any legal issues the company may find itself in.

It can be hard to win trust – and even harder to regain it. But, in general, people look for certain markers to know whether or not they can trust a person or a business. One of those key markers is licenses. When a business is properly licensed, other businesses, governments and customers understand that they’ve been vetted and are safe to work with. And it goes beyond trust – several licenses are required before you can even do business. For example, financial services companies require different licenses depending on the type of work they do. Brokers, investors, and dealers all need to be properly licensed and registered to be compliant.  

So it probably goes without saying that keeping your licenses up to date and compliant is a massively important part of your business. Without proper licensing, you could face fines, closure and, in extreme cases, even arrest.  

Picture this: a shopper walks into a Louis Vuitton boutique in China and purchases a bag. Even if you aren’t a fashionista, you probably know that a Louis Vuitton bag comes at a pretty hefty price, and that counterfeits are rampant. So, that shopper in search of an authentic Louis Vuitton bag made the right choice shopping directly from the Louis Vuitton boutique, right? 

You’d think, but it was later alleged that the bag was a counterfeit. Yes, that bag purchased directly from the shop itself. While Louis Vuitton denied the allegations, they were still ordered to reimburse the customer. 

The moral of this story? IP (or Intellectual Property) theft can be so rampant and skillful that you don’t even realize it’s happening. Somewhere in LV’s supply chain, counterfeit bags made their way into the hands of shoppers. And when your supply chain is found to have IP compliance issues, you’re the one that has to pay up. Sure, one bag isn’t much for a major French fashion house, but do you really want to risk toppling your entire supply chain?

In the US, the FTC (or Federal Trade Commission) protects consumers and businesses who purchase goods and services from the US and abroad. Their job is to make sure consumers and businesses receive the products they’ve purchased and that they’re fully informed about the choices they make. 

The other side of that, of course, is that the FTC also imposes fines on the businesses that don’t fully inform consumers. In January 2024, for example, they fined Kubota North America Corporation $2 million. Kubota had imported materials from abroad, but labelled the products as “Made in USA.” Since they were, essentially, lying to consumers, the FTC stepped in.

Compliance is about more than just checking in on things every now and then. Matthew Debbage, CEO of the Americas and Asia for Creditsafe, shared his thoughts on this topic  in our recent research study. “Many companies are simply running compliance checks to tick a box and show that they did the necessary due diligence. But they’re not using the results to protect the integrity of their global supply chains. And this needs to change if brands want to restore customer confidence and position themselves for long-term revenue growth. That’s the purpose of compliance checks – to give you the information you need to avoid working with unethical, corrupt suppliers and, ultimately, prevent your company from incurring financial and reputational damage as a result.”

But what types of damage, exactly, could your business face when it comes to non-compliance? Let’s take a look at a few examples.

It’s pretty clear that non-compliance comes at a high cost.  In 2018, for example, the Canadian gold manufacturer Kinross Gold was fined $950,000. But it wasn’t Kinross Gold themselves who were in violation. Instead, they purchased two African subsidiaries without anti-corruption compliance protocols in place. When they did finally implement those controls, they didn’t maintain them to a high enough standard. It meant that their products could have come from corrupt, illegal sources – a big mistake.

Research from Aflac shows that 25% of consumers cite a “zero tolerance” policy towards companies with unethical practices. Plus, OpenText’s research also found that 88% of consumers would choose to buy from companies with ethical practices over those without. The numbers seem pretty clear from this end: ethical practices aren’t just about non-compliance fines, they’re also a key selling point of your business to consumers.

I don’t think I need to emphasize how important revenue is for any business. Without it, there wouldn’t be much of a business at all. So hearing that declining revenue is a consequence of non-compliance should have you sitting up straighter, right?

In our study, The Murky Waters of Overseas Manufacturing, we found that 74% of businesses have seen their operating expenses increase in the last 12 months. There’s never a good time for revenue to decline, but it seems as though there’s even less wiggle room now.

If your company is publicly traded, you’ll also need to think about the value it brings to investors – and compliance might have more to do with that than you think. If your company is found to be non-compliant, people may see you as too much of a risk. After all, other companies have their own supply chains to think about – no one wants to be caught working with a non-compliant business.  

And there are lots of reasons why non-compliance could cause your stock to take a dive. No matter what your opinion on “cancel culture” is, you’ve no doubt seen and heard the stories surrounding bad behavior recently. And if your company is publicly traded, you could see stock prices plummet as a result of non-compliance.  

In 2011, the then-CEO of GoDaddy showed support for the unpopular Stop Online Privacy Act. The resulting protest led the website host to lose 72,000 domains in a short period of time. The damage to GoDaddy’s value – and the potential for the protests to continue – forced GoDaddy to change their stance on the bill in an attempt to regain customers and the value they brought to their company. 

If you’re lucky enough to have a steady stream of loyal customers, you might think they’ll never go to a competitor. After all, you have a great relationship with them and provide an excellent product – why would anyone go elsewhere?

That logic can actually work against you, believe it or not. If customers start jumping ship when they see your business is non-compliant, it could draw unwanted attention. Would you think a company people are avoiding is doing well? Probably not.  

Major brands like H&M have recently seen hits to their reputations. In 2022, they were sued for labelling their products as “sustainable” when that wasn’t actually the case. Lucille DeHart, principal at MKT Marketing Services/Columbus Consulting, wrote “There is nothing worse for a brand than breaking the brand promise. Claiming to be ‘green’ is not enough today, consumers are savvy and will demand transparency.”

Compliance can be a difficult beast to tame, but it’s really just a matter of understanding where to look. With the right training, technology and awareness, your business can easily tackle compliance.