Major compliance scandals and enforcement actions, nonstop political and regulatory drama in Washington, D.C., the rise of transformative technologies, and much more all made compliance headlines in 2017. With the inauguration of President Trump, the year began with an air of regulatory uncertainty as compliance officers wondered exactly what rulemaking the new administration would roll back, defund, or overturn with a stroke of an executive pen. And there was further uncertainty with a Congress that promised to overturn healthcare reform, diminish the Dodd-Frank Act, and overhaul corporate taxation. Meanwhile, major enforcement actions continued to roll in, as did major corporate compliance failures around the world, some of which merely resulted in reputational damage while others resulted in massive financial losses. And as the year wound down, we saw yet another massive leak of confidential legal files that uncovered what the world already knew: that many of the most powerful individuals and organizations on the planet routinely use, abuse, and misuse financial law to preserve wealth and exert influence. With 2018 on the horizon, the question on everyone’s mind is not whether the next year will top this one in terms of attention-grabbing developments … but by how much it will do so.

Wells Fargo: Eight isn’t so great Last September, retail banking giant Wells Fargo announced it would pay some $185 million in fines to the federal government and the state of California to settle charges that it had opened millions of unauthorized accounts and credit cards for its existing customers as part of an aggressive cross-selling strategy that had turned toxic. But that settlement announcement was just the start of things, with the news creating a reputational firestorm that would haunt Wells for the duration of 2017. CEO John Stumpf at first tried to pass the scandal off to some 5,300 “rogue employees,” but the public wasn’t buying it. Stumpf was called before Congress, where Senator Elizabeth Warren and Treasury Secretary Jack Lew upbraided Wells in general and Stumpf in particular. As Wells went into damage control, it announced it was axing its “eight is great” sales goals. But further outcry ensued when it was discovered that Carrie Tolstedt, the head of the sales unit responsible for the unauthorized accounts, retired before the scandal was discovered with a huge payout. Amid growing calls for his ouster, CEO Stumpf would also retire in October, taking some $133 million with him. In reaction, the Wells Fargo Board retroactively terminated Tolstedt for cause and partially clawed back both her compensation as well as Stumpf’s. But neither executive will suffer that much for their actions. Meanwhile, Rep. Maxine Waters has unveiled the Megabank Accountability and Consequences Act, legislation demanding that federal banking regulators initiate proceedings to wind down big banks that repeatedly violate consumer protection laws.

Hobby Lobby: Raiders of the lost art In July, Oklahoma City-based retailer Hobby Lobby faced a civil action by the Department of Justice over allegations that it smuggled thousands of ancient Iraqi artifacts into the country. In October 2010, an expert on cultural property law retained by Hobby Lobby had warned the company that the acquisition of cultural property likely from Iraq, including cuneiform tablets and cylinder seals, carried a risk that such objects may have been looted from archaeological sites in Iraq. The expert warned that an improper declaration of country of origin for cultural property could lead to seizure and forfeiture of the artifacts. The company proceeded anyway and bought over 5,500 artifacts—comprised of cuneiform tablets and bricks, clay bullae, and cylinder seals—for $1.6 million. The federal government took a dim view of the deal, confiscated some of the artifacts, and filed a civil action against Hobby Lobby, which the company settled for $3 million. The company also agreed to adopt internal policies and procedures governing its importation and purchase of cultural property, provide appropriate training to its personnel, hire qualified outside customs counsel and customs brokers, and submit quarterly reports to the government on any cultural property acquisitions for the next eighteen months. Next time your internal expert warns you might be about to commit a grand act of cultural theft, listen to him.

JBS: The flesh is weak In April, Brazilian enforcement authorities raided the offices of meat-processing giant JBS as part of Operation Weak Flesh, investigations into allegations of widespread bribery of Ministry of Agriculture inspectors to overlook unsanitary practices such as processing rotten beef and poultry. With the Brazilian meat processing industry still reeling from multinational recall against tainted meat products, the raids were about more than fighting corruption; it was a fight for the soul of one of Brazil’s most important export industries. The JBS raids were part of a sweep involving more than 1,000 federal agents and 300 judicial warrants across multiple Brazilian states. Things moved swiftly from there. By June 1, JBS’ holding company, J&F Investimentos, agreed to a record-setting $3.2 billion (10.3 billion reais) fine as part of a leniency agreement with the Brazilian Federal Prosecutor’s Office that also related to a separate investigation—Operation Bullish—into questionable loans made to JBS by the National Economic and Social Development Bank. It’s not often that a company pays billions in fines for leniency, but that is how significant the JBS bribery scheme really was … and how seriously Brazilian authorities are when it comes to driving a national anticorruption effort that will stop at nothing less than rooting out decades of corrupt business practice.

The Paradise Papers: This time, it’s personal In November, the International Consortium of Investigative Journalists, German newspaper Süddeutsche Zeitung, and more than 381 journalists in 67 countries revealed a massive leak of 13.4 million various business documents (including e-mails, business agreements, bank statements, and more) going back almost 70 years that revealed an extensive network of shell companies, offshore tax shelters, and secret trusts of questionable legality. Together, they reveal a secret world where the world’s largest companies and wealthiest and most powerful people hide their money to dodge taxes. If this all sounds familiar, it should. The exact same thing happened almost a year ago, in what became known as the Panama Papers, a revelation so explosive that it forced heads of state to resign. This new leak, the Paradise Papers, consists of millions of internal files from the international law firm Appleby that detail the tax planning/avoidance strategies of nearly 100 global companies, including Apple, Nike, and Uber. The Paradise Papers also includes millions of files from Asiaciti Trust, a Singapore-based family trust company, which links numerous Trump friends, donors, and Cabinet members to a shipping company owned by Vladimir Putin’s nephew, as well as sensitive financial details on Queen Elizabeth II, Microsoft co-founder Paul Allen, and eBay founder Pierre Omidyar.

LaFargeHolcim: Doing business with terror In March, French-German cement company LafargeHolcim found itself under intense scrutiny when it was accused of breaking international law by doing business with the terror group ISIS in Syria. In 2010, the company finished building a nearly $700M cement plant in Syria, on the eve of that country’s descent into a brutal, internecine civil war that would eventually give rise to the fundamentalist group ISIS in the area. As ISIS took over that portion of Syria, the company’s cement plant essentially fell into enemy territory. Rather than write off the operation, LafargeHolcim decided to pay ISIS protection money to allow the facility to continue operations. The company initially tried to explain its actions as a tough and unpalatable call made to ensure the safety of its plant personnel. But then it became clear that the company wasn’t as interested in getting its people out of harm’s way, as it was in making sure its investment in the plant wasn’t a huge hole on its balance sheet. Following damaging press reports and NGO criticism that the company might be complicit in crimes against humanity by helping to fund terrorism, LafargeHolcim conducted an internal review and in March admitted publicly that it had done wrong. In July, CEO Eric Olsen resigned.

Equifax data breach: Free credit monitoring for everyone On July 29, the Atlanta-based credit monitoring agency Equifax experienced a data breach that had exposed the personally identifiable information of some 143 million consumers mostly in the United States (but also Canada and the United Kingdom). Hackers potentially gained access to names, Social Security numbers, birth dates, addresses, and even some driver’s license numbers. Equifax immediately engaged a cyber-security firm to address the data vulnerability and alerted law enforcement, but the company waited almost two months before telling the public on Sept. 7. Not surprisingly, Equifax’s stock price dove nearly 14 percent in a single day, against what had been a 20 percent year-over-year climb. Not something that would destroy the company, for sure, but still a nasty wound for investors no matter how one approached it. Since then, Equifax has spent $87.5 million dealing with the breach and its aftereffects, causing the company’s 3Q profits to dive by 27 percent. But that might just be the beginning. CEO Richard Smith was forced into retirement over the disaster, and the company might still face criminal investigation by the U.K.’s Financial Conduct Authority over it. For anybody who suffered a poor credit rating from Equifax, the entire episode delivered schadenfreude on a grand scale, while the episode gave compliance officers everywhere a scary warning about perils of data security and third-party risk assessment.

Labor Department Fiduciary Rule: Much ado about something Last April, the Labor Department finalized a new rule that established a fiduciary duty for brokers and registered investment advisers who offer retirement advice. In simple terms, the rule mandates that such professionals must provide services to their clients that benefit their clients first, and themselves second. Not surprisingly, the retirement advisory industry savaged the rule, using all its lobbying power to get legislators in Washington to try to kill it. Whether or not the rule will be dissolved by Congress remains to be seen, as it has become a political hot potato. But it is also something not easily dismissed, either. As a seemingly endless comment period grinds on, 2017 became an extended debate session regarding the rule, including whether it would excessively harm the retirement finance industry, or if the Department of Labor even has the authority to issue such a rule (the SEC might have a stronger claim to this area, and it has long turfed with the Labor Department over it). One thing is for certain, the rule has become a partisan issue, pitting Democrats and Republicans against each other along familiar battle lines and, when that happens, the kind of intelligent compromise that makes for sound law becomes impossible.

CFPB: Battle over arbitration rule becomes a stinging defeat The Consumer Financial Protection Bureau, a Dodd-Frank mandated consumer protection agency long reviled by Congressional Republicans, lost a major battle that consumed much of its energy throughout the year: a regulatory ban on mandatory arbitration clauses. The ban would prohibit financial services companies, such as lenders, to require their customers to bring any kind of legal redress to arbitration first, before going to court. Critics contend that arbitration often favors the financial services firms and constitutes an unfair playing field for customers who have been done wrong. The House and Senate weren’t hearing it, however, and voted to eliminate the rule, though it went down to a 50-50 split in the Senate with Vice President Mike Pence breaking the tie. The defeat of the rule was seen as a major loss by consumer advocates, but it was a tough loss for the CFPB itself, and its embattled director, Richard Cordray, both of whom face a strong movement to remove them entirely. Congressional Republicans have repeatedly called the CFPB a rogue agency, with excessive and extraconstitutional authority. Congressional Democrats point out the need for an autonomous agency that can hold rogue financial firms to task for wrongdoing. The truth lies somewhere in the middle, though nobody is likely to find it in this kind of partisan fog.

Revenue recognition: Winter is coming In 2014, the Financial Accounting Standards Board and the International Accounting Standards Board issued converged guidance on recognizing revenue in contracts with customers. Previous revenue recognition standards within Generally Accepted Accounting Principles were widely seen as needing improvement, and the new standard would improve financial reporting overall. The deadline for compliance with this new standard is January 1, 2018, and all year long, advisory firms have issued a steady drumbeat to companies to begin preparing for it. There is far more work than may at first appear when it comes to meeting the new revenue standards, and, as survey after survey revealed, most companies were falling increasingly behind on this as the year wore on. By 4Q, the situation had grown dire, recalling the fable of the ant and the grasshopper; since the grasshopper fiddled all summer long while the ant worked, when winter came, the grasshopper starved. Well, the ants are compliant with the new standard now while the grasshoppers are going to see just how far they can get by living with a modified adoption of the new standard or by just not having adopted it at all. Meanwhile, there is no rest for the weary. A new lease adoption standard deadline is about a year out, and a new standard for current expected credit loss—the biggest change to bank accounting rules ever—is just two years away.

The SEC: New faces and agendas 2017 was the year when Washington got to shake out all of its administration changes, and compliance officers watched the SEC especially closely for signs of what to expect in the future when it came to regulatory direction, and enforcement priorities. Incoming chair Jay Clayton laid out his vision for the SEC in July, when he gave his first public speech and outlines the eight principles he said would guide his SEC chairmanship. First: to uphold the SEC’s three-part mission to protect investors, maintain fair and orderly markets, and to facilitate capital formation. Second: to look after the long-term interests of the Main Street investor. Third: to maintain disclosure and materiality as the heart of the SEC’s regulatory approach. Fourth: to be aware of the cumulative effect of incremental regulatory change and its lasting impact. Fifth: to embrace technology and innovation so the SEC evolves along with the markets it oversees. Sixth: to review its own rules retrospectively, to listen to investors, and to acknowledge where and when rules are not functioning as intended. Seventh: to coordinate with the wide universe of fellow regulators—including more than 15 U.S. federal regulatory bodies, more than 50 state and territory securities regulators, the Justice Department, state attorney’s general, self-regulatory organizations, and non-SRO standard-setting entities, as well as with regulators in over 115 foreign jurisdictions—especially regarding cyber-security. Eighth, and perhaps most importantly to compliance officers: to take into consideration the cost of compliance with any new rules, and to avoid vaguely written rulemaking in general to facilitate easier compliance. For some, this last point might be code for simply not writing new rules deemed too expensive to comply with, but for compliance officers everywhere, Clayton’s words come as a welcome bit of news.

The Trump administration: A trio of bellwether Treasury reports President Trump spent his first 100 days in the White House signing a raft of executive orders and promising to make good on his campaign pledges of widespread, substantial federal deregulation. One of those, Executive order 13772, instructed the Treasury Secretary to report to the President the extent to which the existing financial regulatory system promotes the Administration’s own priorities. This resulted in a series of three reports released over the course of the year that suggested a wide range of initiatives that, broadly speaking, would seek to scale back or undo a number of key provisions of the Dodd-Frank Act and generally create a more business-friendly regime of financial regulation. Among the many suggested changes: to restructure the Consumer Financial Protection Bureau so that it answers to Congress; to give the Financial Stability Oversight Committee a broader regulatory mandate; to harmonize cyber-security regulations; to scale back capital and liquidity requirements, Dodd-Frank enhance prudential standards, and the Volcker Rule; to promote better access to capital for all types of companies, to scale back regulations on securitized products so as to encourage lending and risk transfer; to reduce the regulatory hurdles for companies seeking to go public; to reduce overall capital and disclosure requirements for securitization; to harmonize SEC and CFTC derivatives regulation; to ensure appropriate oversight of clearinghouses and other financial market utilities; to recommend that the SEC and CTFC make their rulemaking process more transparent and less reliant on guidance or no-action letters; to review the roles and responsibilities of self-regulatory organizations; to reform the evaluation of systemic risk, to eliminate mandatory stress testing for investment companies; and more. The next step on any of these suggestions would be for the Treasury Department and the Trump administration to work with Congress, independent regulators, the financial industry, and trade groups to implement these recommendations through changes to statutes, regulations, and supervisory guidance. Any changes will likely take place only after a protracted period of time and public debate.