Federal oversight may be loosening, but compliance risk remains. As 2026 approaches, financial institutions continue to navigate an uneven landscape in which enforcement priorities change with political winds, and state regulators continue to gradually expand their authority.
At RiskExec’s annual virtual event, RiskExec Connect 2025, Erik Pieczkowski, CEO of RiskExec, and Andy Sandler, CEO and Chairman of Temerity Partners, explored how banks can maintain consistency despite regulations and enforcement shifts. Their shared message was straightforward: stability is not passive. It is strategic. Successful institutions learn to “tack to the middle,” to borrow a sailing analogy, anchoring their compliance programs to durable legal obligations that outlast any specific administration.
Hear directly from Erik Pieczkowski, CEO of RiskExec, and Andy Sandler, CEO and Chairman of Temerity Partners, as they discuss the regulatory pendulum, shifting enforcement priorities, and how institutions can stay compliant despite ongoing change.
Every change in administration in Washington D.C. brings a shift in priorities, but the past three cycles—Obama to Trump, Trump to Biden, and now Trump into 2026—represent the sharpest swings the industry has seen in 40 years.
One administration expands fair lending enforcement and consumer protection. The next pulls back. Agencies oscillate between enforcement surges and policy pauses, creating uncertainty about what “good compliance” looks like for financial institutions.
“What financial institutions want most from regulators is consistency,” Sandler noted in the 30 minute session. “Tell us what the rules are, and enforce them consistently.”
In times of inconsistency, strong institutions default to fundamentals: adherence to statutory law, transparent documentation, and balance between legal interpretation and business best practices.
Key takeaway: Compliance discipline must outlast political cycles, and continue despite short-term changes.
Next year, enforcement may ebb and flow, but expectations remain unchanged. Agencies such as the CFPB, DOJ, and prudential regulators retain five-year lookback authority. This means actions from 2021 through 2025 can still be examined in 2026, regardless of any future leadership changes.
Pieczkowski emphasized that the C-suite conversation has matured during the last few years: “Institutions are asking not only what regulators focus on now, but what they will review five years from now.”
That shift within boardrooms across America reflects a growing awareness that lookback risk is permanent. If compliance programs were relaxed during lighter enforcement cycles, those decisions could quickly become liabilities under a new regime.
Sandler and Pieczkowski outlined three proactive steps institutions can take now to get ahead:
Both speakers agreed that regulatory uncertainty does not reduce risk. It only delays accountability.
As federal agencies recalibrate, states are filling the gap. California’s Department of Financial Protection and Innovation (DFPI), New York’s Department of Financial Services (NYDFS), and Illinois’ Department of Financial and Professional Regulation (IDFPR) continue to expand their oversight of fair lending, consumer protection, and CRA-type frameworks.
Sandler described this shift as an “atomized compliance environment,” where institutions must manage diverging interpretations and reporting standards across multiple jurisdictions. Some states are forming multi-state task forces, similar to those seen during the mortgage crisis, while others are pursuing their own paths based on local priorities.
This decentralization has three key implications, according to Sandler, which tie into how institutions can better prepare for state-led oversight moving forward:
“You cannot build 50 different compliance programs to satisfy the states,” Sandler said. “Instead, you build one strong foundation and then document how it meets every jurisdiction’s standard.”
While enforcement swings are cyclical, records are permanent. Regulators and state attorney generals use lookbacks to identify which institutions relaxed their compliance posture.
Sandler warned that reducing compliance headcount during quieter years is a false economy. Institutions that trimmed staff in 2019–2020 became early enforcement targets when increased oversight resumed following the first Trump administration’s departure from office.
According to Sandler, documentation is the most effective form of defense.
Maintain:
Institutions that can demonstrate consistency and awareness across administrations are far less likely to face retroactive penalties.
Andy Sandler described “tacking to the middle” as a practical strategy for staying steady when enforcement swings from one extreme to another, similar to a strong wind in a storm. His guidance is to navigate uncertainty by anchoring to statutory obligations, rather than shifting political priorities.
| Area | How to "Tack to the Middle" to Weather the Storm |
| Policy Enforcement | Follow the law as written, not the prevailing tone of a specific administration. |
| Governance | Maintain enterprise-level oversight, even when regulatory pressure feels low. |
| Technology | Use centralized compliance systems to standardize CRA, HMDA, and Fair Lending data. |
| Training | Reinforce consistent interpretations across business lines and geographies. |
| Documentation | Keep policies, decision logs, and board minutes aligned with regulatory frameworks. |
Sandler emphasized that stability is achievable when institutions treat compliance as a continuous discipline, and not as a temporary priority.
In an environment defined by uncertainty, stability is strategy. Institutions that focus on consistency, documentation, and automation are positioned not only to survive in these turbulent times, but to grow.
The next phase of compliance leadership will favor organizations that:
Compliance leaders who build for endurance will transform volatility into opportunity.
They typically shift every four to eight years with administrative changes. Each cycle can alter priorities around fair lending, CRA, and consumer protection.
First develop a unified compliance framework that satisfies federal standards, then map it to state-specific requirements. Maintain version-controlled policies and centralized data for consistent responses.
Many fair lending and consumer protection statutes allow regulators to review decisions from the past five years. Historical actions often become focal points under new leadership.
