101 Compliance Statistics for 2025

• 85% of compliance professionals say regulations have grown more complex in the past three years.
• 90% of compliance professionals report an expansion in their responsibilities.
• 82% of businesses reported increasing compliance complexity negatively impacted their transformation and change activities.
• 30% of employees witnessed misconduct in 2023.
• 63% of those who reported misconduct experienced retaliation.
• 124 officer/director bars were imposed in the United States in 2024.

The burden of compliance differs across jurisdictions, but some challenges are universal. Issues around pressure on competitiveness, digital transformation, and resource capacity are common worldwide. 

• 64% of PWC’s 27th Global CEO Survey respondents agreed that regulation impedes their company’s ability to deliver value, with complexity a significant factor.
• 56% of executives report negative impacts on key growth drivers like profitability, market expansion, and new product launches. 
• 71% of global respondents identified digital transformation as a key area requiring compliance involvement. 
• 28% of organizations are experiencing resource capacity issues that make effective compliance difficult. 
• More than 94% of respondents found that the increasing complexity of compliance had negatively affected senior leadership’s focus.

Culture & ethics

The compliance landscape can be fraught with ethical issues. Reporting a concern is not always a positive experience; employees who report misconduct regularly report negative repercussions. 

• 20% of employees have felt pressure to compromise standards.
• 63% of those who reported misconduct experienced retaliation.
• Reports of wrongdoing have risen 18% since 2022.
• There has been a 33% increase in reports of workplace incivility since 2016.
• 33.4% of whistleblowing submissions were online in 2025,  whereas 29.4% were via hotlines.

Third-party risk

Organizations concerned about compliance don’t just have to worry about their own activities; they increasingly have to factor in the influence of third-party failures.

• 75% of organizations experienced disruption due to third-party failures in 2024.
• 35% of directors surveyed said they were concerned about third-party data breaches, considering it one of the top three cyber threats.

Financial crime & anti-money laundering (AML)

Measures to prevent illicit funds from entering the economy are becoming more advanced to keep pace with sophisticated money laundering methods. Bodies like the new EU Anti-Money Laundering Authority (AMLA) create and enforce rules to verify identity, track customer transactions, and report suspicious activities to prevent financial crime.

• Global AML fines fell 30% to $4.6 billion in 2024.
• $3.3 billion in penalties were associated with transaction-monitoring failures.
• Under the Foreign Corrupt Practices Act (FCPA), the SEC resolved six corporate cases and the Department of Justice resolved nine cases in 2024.
• FCPA sanctions exceeded $1.5B in 2024.
• 19 individuals were charged in relation to FCPA-related conduct.

Compliance in the United States involves many federal, state, and local government laws, regulations, and internal policies that align with different industries, locations, and business structures. Some key areas include securities regulation, workplace safety, environmental protection, and audit oversight. 

Securities & investor protection (SEC)

Investor protection is covered by several federal and state entities, including the Securities and Exchange Commission (SEC) and state securities regulators, who prevent fraud and enforce laws.

• Enforcement actions dropped 26% in 2024, to 583.
• The SEC secured a record $8.2 billion in remedies in 2024.
• Disgorgement (a legal penalty that forces an individual or company to surrender profits gained from illegal or wrongful actions) reached $6.1 billion — also a record.
• Penalties of $2.1 billion were imposed in 2024.
• A judgment of $4.5B was approved in a civil case that the SEC brought against crypto firm Terraform Labs and founder Do Kwon.
• The SEC returned $345 million to investors in 2024.
• $2.7 billion has been returned since 2021.
• 45,130 tips/complaints/referrals were received.
• 24,000+ whistleblower tips were submitted.
• $255M was paid in whistleblower awards.
• There was a record 396 applications for whistleblower awards.
• The whistleblower program has awarded $2.2B since 2011.
• In 2024, the SEC imposed $600 million in penalties for recordkeeping cases.
• The recordkeeping initiative has imposed $2 billion in penalties since 2021.
• In 2024, the SEC imposed the biggest-ever whistleblower rule penalty — $18 million — on J.P. Morgan due to its use of confidential release agreements that did not permit clients to voluntarily contact the SEC.
• Notable settlements made during 2024 include Morgan Stanley ($249M combined disgorgement & penalty), FirstEnergy ($100M penalty), SAP ($98M+), and Macquarie ($79.8M).

Commodities & derivatives (CFTC)

The Commodity Futures Trading Commission (CFTC) is a U.S. federal agency that regulates derivatives markets to stop fraud and manipulation and maintain market integrity and sound financial practices. It was set up to promote open, competitive, and financially solid derivatives markets by overseeing exchanges (DCMs), swap execution facilities (SEFs), and intermediaries such as swap dealers and futures commission merchants.

• The CFTC implemented 58 new enforcement actions in FY2024.

It secured a record $17.1 billion in monetary relief in 2024. More than $12.7 billion of this was awarded from the enforcement action against the defunct cryptocurrency exchange FTX and its sister hedge fund, Alameda Research.

• The CFTC secured $2.6 billion in penalties and $14.5 billion in disgorgement/restitution in 2024
• 15 whistleblower awards totaling more than $42M were made in 2024.
• The CFTC received 1,700 whistleblower tips in 2024.
• It recorded the first-ever fraud actions in carbon credit markets.
• Substantial fines imposed include $55 million against Trafigura and $48 million against TotalEnergies.

Broker-dealer oversight (FINRA)

The Financial Industry Regulatory Authority’s (FINRA’s) broker-dealer oversight maintains market integrity by creating and enforcing rules for its member firms and their registered representatives. It sets supervision standards, deals with fraud and cybersecurity issues, and publishes an Annual Regulatory Oversight Report that lists priorities and emerging risks in the securities industry.

• FINRA took 552 actions in 2024 — an increase of 22%.
• It imposed $59 million in fines — a drop of 35%.
• Restitution rose 207% to $23 million.
• The biggest individual fine it imposed was $6 million.

Sanctions & export controls (OFAC)

OFAC (Office of Foreign Assets Control) is a U.S. Department of the Treasury agency that imposes economic and trade sanctions to counter threats to national security, foreign policy, or the U.S. economy. Its sanctions programs can involve banning transactions with an entire country or blocking the property of particular individuals, entities, or groups. They can also restrict the activities of U.S. persons and can involve trade and financial restrictions against targeted foreign countries, organizations, and individuals. 

• OFAC took 26 enforcement actions in 2024.
• It imposed $1.54 billion in penalties.
• Four of the office’s ten largest penalties were imposed in 2024.

Audit oversight (PCAOB)

The PCAOB oversees the audits of public companies and SEC-registered brokers and dealers to safeguard investors and the public interest by ensuring audit reports are informative, accurate, and independent.

• The audit deficiency rate dropped from 46% to 39% in 2024.
• The average audit deficiency rate for the “Big Four” (Deloitte, EY, KPMG, and PwC) has fallen from 26% to 20%.
• EY’s deficiency rate has fallen from 46% in 2022 to 28%.
• Deloitte’s audit deficiency rate is the lowest among the Big Four, at  14%.

Workplace safety (OSHA)

OSHA (the Occupational Safety and Health Administration) is the U.S. federal agency responsible for ensuring safe and healthy working conditions. It was established to prevent work-related injuries and illnesses by enforcing laws that protect employees and helping employers provide a safe and healthy workplace. 

• OSHA conducted 34,696 inspections in 2024.
• Of these inspections, 17,455 were unprogrammed and 17,170 programmed.
• Fines associated with violations reached $131.4 million in 2024.
• For the 14th consecutive year, fall protection was the top violation.
• The maximum penalty for a serious violation is $16,550.
• The maximum penalty for willful and repeat violations is $165,514.
• Fatal workplace injuries reached 5,283 in 2023 (3.5 per 100k FTE).

Environmental protection (EPA)

The Environmental Protection Agency (EPA) is an independent agency of the U.S. government responsible for environmental protection issues. 

• In 2024, U.S. EPA enforcement actions compelled companies to invest over $5 billion in injunctive relief, which covers investment in activities and equipment to resolve violations and ensure compliance with environmental laws.
• The EPA resolved 1,851 cases in 2024.
• It issued 709 compliance orders.
• It concluded 1,082 penalty orders.
• Its actions resulted in 60 civil judicial cases.
• The first Climate Enforcement & Compliance Strategy was introduced in 2024.

Health privacy (HIPAA)

HIPAA (Health Insurance Portability and Accountability Act) sets rules for how health plans, healthcare providers, and their business associates must look after Protected Health Information (PHI), gives patients rights to manage their health records (e.g., accessing and requesting corrections), and creates a framework for the electronic exchange of health information

• HIPAA took 43 enforcement actions in 2024.
• It imposed $36.9 million in penalties.
• The largest single settlement in 2024 was $4.75 million, paid by Montefiore Medical Center to the Office for Civil Rights (OCR) to resolve alleged violations of the HIPAA Security Rule regarding a malicious insider incident.

Corporate crime (Department of Justice Fraud Section)

The Department of Justice’s Fraud Section deals with corporate crime by investigating and prosecuting individuals who commit fraud. It also highlights corporate accountability with policies, including the Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP), which rewards companies that voluntarily reveal misconduct and cooperate with investigations. 

• In 2024, the Fraud Section charged 234 individuals and convicted 252.
• It resolved 13 corporate cases.
• It recovered $2.3 billion.
• The FCPA Unit charged 23 individuals and resolved nine corporate cases.
• Its Health Care Fraud Unit recovered $3.26 billion in claims.

EU compliance revolves around laws, regulations, and standards set by the European Union by both Member States and companies. It involves areas including data protection (GDPR), competition law, product safety, AML, and fiscal policy. Compliance is enforced through Member State implementation, market surveillance, infringement procedures, and regulatory bodies such as the European Commission and the European Medicines Agency. 

Data protection — the General Data Protection Regulation (GDPR)

The GDPR is the strictest privacy and security law in the world. Drafted and passed by the European Union (EU), it applies to organizations anywhere, if they target or collect data connected to people in the EU.

• The GDPR imposed fines of €1.2 billion in 2024 (a drop of 33%).
• It has imposed a total of €5.88 billion in fines since 2018.
• By March 2025, it had recorded 2,245 fines.
• The average GDPR fine is €2.14 million.
• The biggest fine ever imposed — €1.2 billion — was on Meta.
• Ireland’s Data Protection Commissioner imposed eight of the ten largest fines.

Capital markets & financial regulation

The EU’s capital market regulation focuses on creating a single market for financial services through directives like MiFID II and regulations covering digital finance and AML. The EU’s supervisory architecture includes the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA).

• In 2024, 970+ sanctions worth about €71M were imposed across the EU.

• ESMA 2024 enforcement priorities focused on sustainability reporting, taxonomy disclosures, and digital reporting.
• ESMA’s report on the supervision and enforcement of corporate reporting in 2024 revealed that 253 actions were taken that year (down from 250 in 2023).

Antitrust & competition

Antitrust and competition in the EU are regulated by authorities, including the European Commission’s Directorate-General for Competition and the national competition authorities (NCAs) of each Member State. These bodies operate within the European Competition Network (ECN), which ensures consistent and effective enforcement of EU competition law. 

• In June 2025, the European Commission fined food delivery companies Delivery Hero and Glovo a total of €329 million for operating in a cartel in the online food delivery sector.
• In 2024, the European Commission fined Apple more than €1.8 billion for abusing its dominant market position when distributing music streaming apps used by iPhone and iPad users.
• It fined Meta €797.72 million for abusing its dominant market position.

Workplace Safety (EU-OSHA)

• The Fourth European Survey of Enterprises on New and Emerging Risks (ESENER 2024) surveyed 41,000+ establishments in 30 countries about occupational safety and health management.
• The most frequently reported risk factors were:
  • Prolonged sitting (64% of establishments, up from 61% in 2019)
  • Repetitive hand or arm movements (63% of establishments, down from 65% in 2019)
  • Dealing with demanding customers (56%, down from 59%)
  • Lifting or moving people or heavy loads (52%, same as in 2019)

Sustainability & environmental, social, and governance (ESG) compliance

Sustainability and ESG compliance in the EU is driven by the Corporate Sustainability Reporting Directive (CSRD), which requires large and listed companies to report standardized ESG information using European Sustainability Reporting Standards (ESRS). Complementing the CSRD, the Corporate Sustainability Due Diligence Directive (CSDDD) is an EU law that will oblige large companies to identify, prevent, and address adverse human rights and environmental impacts in their operations and supply chains starting July 2027.

• The CSDDD can impose fines of up to 5% turnover or €40M.
• The EU has approved new penalties for environmental crime of up to 10 years in prison.

Despite the wide range of jurisdictions and sectors relevant to compliance, there are some common trends: 

• Enforcement is increasing worldwide (SEC, CFTC, OFAC, ESMA).
• Most fines relate to privacy breaches and AML (GDPR €1.2 billion; AML $4.6 billion).
• Whistleblower systems are expanding (SEC: 24,000 tips; CFTC: 1,700+ tips).
• Workplace safety remains a problem (28,000 OSHA citations).
• ESG and sustainability are now central to compliance (CSRD, CSDDD).

Compliance is costly. As well as bearing the direct costs of things like legal fees, new equipment, hiring, and permits, organizations also indirectly pay for employee time spent implementing regulations and possible lost productivity if resources must be diverted from core business activities. However, non-compliance can be significantly more expensive. Fines, reputational damage, lost business, operational disruption, and internal chaos make it a far riskier and more expensive option than investing in robust compliance efforts.

Ensuring compliance is an ever-moving target. As administrations change and introduce new enforcement and policy imperatives, the compliance landscape shifts in response. Effective compliance officers need to ensure their policies and procedures are flexible enough to accommodate pivoting priorities. Adopting a vigilant and proactive approach is the best compliance policy.