Evolving US white collar enforcement priorities and impacts for German companies facing cross-border investigations

The Trump Administration’s enforcement policies have introduced significant updates to the United States Department of Justice’s (DOJ) priorities for white collar enforcement and investigations. Recent changes include the prioritization of “high-impact areas,” such as criminal money laundering, national security issues, immigration, and trade and government procurement fraud.

Simultaneously, German regulators, courts, and public prosecutors are accelerating criminal sanctions, money laundering, and supply chain investigations while tightening data privacy and whistleblowing frameworks that affect how German enterprises collect, review, and transfer evidence.

German companies operating globally may be subject to US jurisdiction and therefore confront an enforcement environment in which:

1. New US enforcement policies favor quick, focused prosecutions of “high-impact” cases that implicate US national security, economic competitiveness favoring US companies, and victims’ rights, and
2. German authorities operate on a different investigative time scale but remain willing to open parallel proceedings and coordinate with US authorities, even when US actions have different priorities.

Below, we outline the principal updates to the US white collar enforcement landscape and how they intersect with German enforcement priorities, as well as offer practical insight for German corporates, their boards, in-house legal teams, and compliance functions that will need to manage risks from both jurisdictions.

Key US enforcement updates

In May and June 2025, DOJ issued two significant policy documents reflecting an updated approach to white collar crime and anti-corruption enforcement. As discussed in a prior alert, the DOJ Criminal Division’s White Collar Enforcement Plan (Enforcement Plan) issued on May 12, 2025 outlines DOJ’s updated priorities for prosecuting criminal corporate misconduct. The Enforcement Plan emphasizes the need to concentrate resources on the most urgent threats, ensure equitable treatment of individuals and corporations, and streamline investigations to minimize burdens on US businesses.

Shortly thereafter, and as discussed in a prior alert, DOJ released guidelines on Foreign Corrupt Practices Act (FCPA) enforcement, which direct prosecutors to focus on cases that impact US interests, economic security, and fair competition, while limiting investigations and enforcement actions that could unduly burden US companies operating abroad. Together, these policy shifts signal a more targeted US approach to white collar enforcement, with key implications for both US and German companies operating in both jurisdictions. The key developments under these new guidelines include:

• Three core tenets – “focus, fairness, and efficiency”: DOJ’s Criminal Division will prioritize investigation and prosecution of criminal conduct for “high-impact areas,” including sanctions violations, trade fraud, tariff evasion, government program fraud, bribery that impacts US interests or harms US economic competitiveness, money laundering and financial crimes related to cartels, transnational criminal organizations (TCOs), Chinese Money Laundering Organizations, illicit drug enterprises, or foreign terrorist organizations (FTOs).
  
  
• “America First” investigations: Investigations into corporate criminal misconduct will focus on cases that implicate US national security and US economic competitiveness and must be conducted swiftly and efficiently to minimize impacts on company day-to-day operations. However, the US government is not hesitating to use all of its tools – both civil and criminal – on corporate entities that threaten US interests, as discussed in a prior alert.
  
  
• Credit for cooperation and early termination: DOJ’s revised Criminal Division Corporate Enforcement Policy clarifies that self-disclosure, remediation, and cooperation may result in declinations or reduced penalties. In criminal cases where a corporate resolution is warranted, the policy instructs that resolutions should run no longer than three years, and monitorships must be narrowly scoped.
  
  
• FCPA refocused: New FCPA cases now require approval from DOJ Criminal Division leadership and must tie directly to US economic harm, national security impact, cartels or TCOs, or key industries. Routine hospitality, or so-called “grease payments,” will rarely meet the bar for prosecution; by contrast, corrupt procurement schemes that disadvantage identifiable US companies may be prioritized.
  
  
• Priority for national security issues: Conduct that threatens US national security is a priority for DOJ criminal enforcement, which includes threats to the financial system, such as sanctions violations or parties that enable transactions by cartels, TCOs, or FTOs.
  
  
• Expanded whistleblower risks: DOJ revised its Corporate Whistleblower Awards Pilot Program in May 2025 to expand the types of reported misconduct eligible for a whistleblower award to include corporate sanctions offenses; trade, tariff, and customs fraud; procurement fraud; material support of terrorism; violations of federal immigration law; and violations related to cartels or TCOs. These changes may prompt significant increases in whistleblower reports to US authorities.
  
  
• Increased immigration enforcement: The Trump Administration is utilizing cross-agency resources to prioritize immigration enforcement to identify persons who are located in the US illegally, including those on expired visas or in violation of the restrictions of the visa waiver program. German companies with US operations that employ foreign nationals may face increased scrutiny as part of these policy objectives.

Although the Enforcement Plan was issued by DOJ’s Criminal Division, many of the stated white collar enforcement priorities can carry both criminal and civil enforcement risks. For example, criminal trade fraud or tariff evasion often involves underlying civil violations of US customs regulations or export controls that are separately investigated and enforced by US Customs and Border Protection and the US Department of Commerce’s Bureau of Industry and Security, respectively, in civil administrative matters.

Criminal investigation and prosecution relating to sanctions violations are also a stated priority of DOJ’s Criminal Division and DOJ’s National Security Division. However, sanctions violations can also carry civil liability, with enforcement and administrative actions overseen by the US Department of the Treasury’s Office of Foreign Assets Control. Even though the Enforcement Plan reflects only the Criminal Division’s enforcement priorities, companies may face criminal and/or civil exposure and may anticipate significant coordination among these US authorities.

Current trends in German white collar enforcement

German authorities are simultaneously expanding their enforcement toolkit in response to evolving risks and regulatory expectations. Unlike the US enforcement regime, where corporations can be liable under both civil and criminal federal and/or state law, German law does not provide for criminal liability for corporations – only individuals can be held criminally liable. However, corporations may be held liable under German administrative and civil law.

For example, the German Administrative Offenses Act (OWiG) creates an avenue for administrative liability for corporations in cases where a representative or manager is involved in criminal conduct or an administrative offense that violates the corporation’s duties or enriches the corporation, or if the corporation’s lack of a compliance program enables corporate crimes by employees. Such administrative offenses can result in fines of up to EUR10 million for intentional conduct, or even higher if the profits from the relevant misconduct exceed this amount. Alternatively, authorities may also confiscate gross revenues obtained as a result of misconduct.

In recent years, there has been an increase in German criminal investigations on individuals with a focus on tax evasion, sanctions violations, money laundering, and environmental crime, prompting related administrative and civil exposure for corporations subject to German law. Legislative reforms, new anti-money laundering measures, and enhanced whistleblower protections reflect a broader commitment to ensuring corporate accountability and transparency and alignment with the refocused US white collar enforcement priorities.

These developments signal a robust and proactive approach by German regulators and prosecutors, with companies facing heightened scrutiny across a range of enforcement areas, including:

• Fraud and anti-money laundering: Environmental, social, and governance (ESG) or “greenwashing” frauds, and sophisticated money laundering operations (including Chinese Money Laundering Organizations and cases related to terrorist financing, which are also specific focus areas of DOJ), continue to dominate German prosecutors’ dockets. Germany hosts the new European multinational Anti-Money Laundering Authority (AMLA) and has strengthened resources at the Financial Intelligence Unit to ensure the timely processing of suspicious transaction reports. These developments signal that enforcing anti-money laundering (AML) and financial crimes, and ensuring that companies have effective AML and counter-terrorist financing compliance programs, is a top priority.
  
  
• Supply chain and ESG scrutiny: Since January 2024, the Supply Chain Due Diligence Act (LkSG) applies to companies with as few as 1,000 employees and requires such companies to identify and assess risks related to human rights and environmental standards throughout their supply chains, implement preventive measures, and establish reporting mechanisms for supply chain risks. However, the current administration intends to replace the LkSG with a new statute aligned with the forthcoming EU Corporate Sustainability Due Diligence Directive (CSDDD). Similar to the LkSG, the CSDDD requires companies to conduct due diligence to prevent adverse human rights and environmental impacts associated with their operations and supply chains. As a result, enforcement of the LkSG has been significantly scaled back. The annual reporting requirements have been abolished, and sanctions are only imposed in cases of severe human rights violations. The LkSG remains formally in force until the CSDDD is fully implemented. Companies are encouraged to closely monitor further developments and consider preparations for a transition to the EU framework.
  
  
• Sanctions and trade controls: Violations of EU sanctions or German foreign trade law, including Germany’s export control regime, may result in administrative violations for corporations. German authorities have been particularly focused on pursuing Russia-related sanctions violations, including with the establishment of the new government agency, the Zentralstelle für Sanktionsdurchsetzung (ZfS), in 2023 to enforce asset freezes within the EU financial sanctions framework. ZfS has broad authority to identify and seize assets; initiate administrative proceedings to investigate sanctioned party assets; and appoint monitors to oversee the implementation and remediation of sanctions compliance policies in companies that have violated EU financial sanctions. Despite the creation of the ZfS, public prosecutors’ offices remain the central enforcement authority in sanctions matters.
  
  
• Tax crime and international cooperation: German authorities have intensified their focus on tax crime, often in close cooperation with international partners, including US cross-border tax investigations. EU directives such as the 6th Directive of Administrative Cooperation (DAC6), and the increasing use of “joint audits” – coordinated tax examinations by authorities from two or more countries – have heightened the risk of parallel proceedings and information sharing. In cases involving fraud against the financial interests of the EU, the European Public Prosecutor’s Office (EPPO) may also become involved. The EPPO is empowered to investigate and prosecute cross-border value-added tax fraud, subsidy fraud, and other crimes affecting the EU budget.

Where violations of US federal criminal law are typically investigated and prosecuted with oversight by the centralized DOJ and with the support of local US Attorneys’ Offices, German criminal offenses are investigated and prosecuted by the local public prosecutor’s office in the district in which the criminal act occurred. For criminal offenses relating to a corporation’s business activities, this is typically the relevant public prosecutor’s office where the corporation is registered. In tax proceedings, the Fines and Criminal Matters Offices (BuStra) within the competent tax authority may investigate as well.

Investigations of corporations for administrative offenses may be initiated at the discretion of the relevant prosecutor’s office, although many stem from underlying investigations into criminal offenses by individuals. In addition, several regulatory authorities in Germany have independent enforcement powers for violations of administrative laws. These include the Federal Financial Supervisory Authority (BaFin), export control, customs, sanctions, and AML authorities, which may impose fines for administrative violations.

Practical challenges for companies facing US–German cross-border investigations

With many US and German enforcement priorities aligned – such as sanctions, AML, conduct involving TCOs and FTOs, and supply chain and trade controls scrutiny – German companies may face expanded exposure from EU authorities, local German prosecutors, and the US government.

For example, a company embroiled in sanctions, trade, money laundering, or large-value procurement fraud allegations could face (1) a fast-moving DOJ criminal investigation with parallel civil proceedings, and (2) a broad German probe focused on the corporate entity and its senior management, as well as a potential investigation by the EU authorities. Neither authority will defer automatically to the other, and duplicative penalties remain a risk given the US “New Credit Policy,” which limits offsets for fines and payments made to foreign agencies in parallel enforcement proceedings unless foreign fines demonstrably compensate victims.

To the extent that US and German enforcement interests align, cooperation between enforcement authorities from each country is expected to continue. Historically, US and German authorities have coordinated with respect to information sharing through the Mutual Legal Assistance Treaty (MLAT) process and diplomatic channels. However, in part due to the structural differences between the US and German corporate enforcement frameworks, this relationship has not manifested in the same type of “global” US–German settlements of criminal conduct that US authorities have reached with other jurisdictions, such as the United Kingdom or France. Future coordination between US and German authorities in cross-border investigations may hinge upon whether a given matter implicates US national security or economic interests in line with the DOJ’s Enforcement Plan. If so, German and US authorities may coordinate more closely. If not, German authorities may face a more cumbersome journey in obtaining information located in the US.

Several practical challenges that companies may face in US–German cross-border investigations include:

• Heightened evidence-collection challenges: DOJ expects rapid production of emails, chat logs, and accounting records. However, German data protection laws often require notice to employees, works council consultation, and, where private communications are involved, redaction or anonymization. Failure to balance these regimes may result in perceived lack of cooperation or even obstruction accusations in the US, friction with the requirements of US subpoenas or administrative requests for information, or General Data Protection Regulation (GDPR) penalties in Germany.
  
  
• Privilege gaps: US attorney-client privilege is broad, whereas German legal privilege is narrow and generally excludes in-house counsel. Documents shared with German prosecutors may therefore be treated as public and could create broad subject matter privilege waivers in US proceedings unless protective steps are taken.
  
  
• Monitor and compliance expectations: DOJ’s updated guidance disfavors long-term compliance monitorships and overly intrusive compliance requirements. Although German authorities typically do not impose specific remediation requirements on companies like US monitorships, German prosecutors can demand compliance improvement and may open OWiG proceedings, even if individuals are not convicted. A compliance program that satisfies the requirements of one jurisdiction may not be enough to satisfy the other, so coordinated German and US counsel are key to developing an appropriate strategy.
  
  
• Potential blocking statute tensions: If US authorities demand prompt production of documents, German companies must weigh cooperation credit with US authorities against possible criminal exposure under Germany’s Foreign Trade and Payments Act, the EU Blocking Regulation, or strict GDPR restrictions on third-country transfers.
  
  
• Whistleblower dynamics: The 2023 Whistleblower Protection Act in Germany has triggered a surge of external reports to the Federal Office of Justice and public prosecutors, often in parallel with reports being made to US authorities, such as under DOJ’s Corporate Whistleblower Awards Pilot Program. Unlike the US system, Germany does not offer financial incentives for whistleblowers. This may lead to mismatched reporting incentives.

Key takeaways

For German companies, the enforcement pendulum is swinging in two directions: US authorities are narrowing their focus but accelerating their pace, while EU and German authorities are broadening their scope and sharpening penalties for organizational failures. A coherent, integrated defense strategy – grounded in a single factual record, built on transparent remediation, and mindful of divergent privilege and data-protection rules – may help in navigating overlapping demands without duplicative fines, operational disruption, or reputational harm.

Boards and compliance leaders for German companies may consider these changes as an opportunity to stress-test cross-border investigation protocols, refresh risk mapping in light of DOJ’s new criminal enforcement priorities and German risk assessment requirements, and embed resilient privacy and evidence-preservation processes that can withstand scrutiny.

Key considerations include:

• Consider risk assessments on key areas: Where US authorities are prioritizing targeted enforcement areas, including sanctions, dealings with TCOs or FTOs, and trade compliance, companies may consider conducting proactive risk assessments to identify potential “hot spots” for enforcement risks based on their particular industry, organizational structure, and business profile.
  
  
• Coordinate early, coordinate often: As soon as potential misconduct surfaces, whether through internal risk assessments or whistleblowing hotlines, companies may consider assembling a joint US–German legal team to harmonize investigation work plans, document-collection efforts, and messaging to regulators. Misalignment in legal strategies or timelines may erode credibility with both US and German authorities and fail to protect key information.
  
  
• Map data flows and obtain consent up front: Identify where personal and business data reside, assess lawful bases for processing, and prepare tailored privacy notices before an investigation begins. If employee consent is required, ensure it is separate from employment contracts and that it clearly explains cross-border transfers.
  
  
• Document board oversight: German boards must demonstrate that they investigated whether there are red flags of criminal or regulatory misconduct under Section 93 of the Aktiengesetz. Failure to properly investigate potential misconduct may be a basis for personal liability and sanctions against board members. US prosecutors view robust, board-level compliance oversight as a key factor for minimal penalties and potential lesser sanctions, such as declinations. Companies are encouraged to record board minutes, risk assessment reports, and remediation actions.
  
  
• Consider parallel self-reporting: With greater incentives for voluntary self-disclosure of potential corporate misconduct in the US, voluntary disclosure may unlock a potential for a declination or significant fine mitigation, but it could also trigger German proceedings for conduct that would otherwise never have been identified. Conversely, a voluntary self-report to the German public prosecutor’s office or the Federal Financial Supervisory Authority may accelerate US interest in potential misconduct and increase the chance of parallel investigations. Any decision regarding disclosure must examine which jurisdiction has the stronger factual and legal nexus, the availability of leniency, potential victim-compensation obligations, and the likelihood of information sharing between authorities.
  
  
• Plan for speed: DOJ’s new mantra is expeditious resolution. Prosecutors expect charging decisions within two to three years, which places a premium on quick investigations by experienced counsel who have handled hundreds of investigations. German investigations still tend to run longer than those in the US, but German authorities increasingly request interim corporate investigation updates. This may lead to substantial conflicts in cross-border matters, as US authorities expect swift resolutions, while German procedures may extend over several years. A proactive evidence-gathering timeline may position companies to manage both sides.
  
  
• Mitigate monitor risk through early remediation: Given DOJ’s narrowed monitor policy and Germany’s focus on compliance improvements, both legal frameworks reward swift, demonstrable reforms – including updated policies, enhanced third-party due diligence, new whistleblower channels, and claw-back provisions for bonuses linked to misconduct. Companies may consider beginning a root-cause analysis and compliance enhancements early in the investigation to avoid burdensome compliance obligations.
  
  
• Prepare for asset tracing and forfeiture: Both DOJ and German prosecutors emphasize confiscating profits from corruption, sanctions evasion, and money laundering. When estimating the costs of noncompliance, companies should consider evaluating not only the initial costs of compliance enhancements but also the long-term impact of potential investigations. During an investigation, companies may wish to investigate potentially tainted revenue streams, segregate funds where possible, and be prepared to propose victim-compensation frameworks.

For more information, please contact the authors.