Wednesday, 10 September 2025
More than one in three Irish financial firms identify the softening of US data privacy and cybersecurity rules as their top compliance risk, according to a Compliance Institute survey. Other key concerns include US trade restrictions and the rollback of ESG regulations, reflecting growing uncertainty in global regulatory environments.
More than one in three Irish financial organisations see the softening of US data privacy and cybersecurity rules as the biggest compliance risk to their business, according to a new survey published by the Compliance Institute, Ireland’s professional body for compliance professionals.
The survey, which gathered responses from around 110 compliance experts working primarily in the financial services sector, also found that 23% of organisations view US tariffs and trade restrictions introduced during Donald Trump’s presidency as their most significant regulatory threat.
A further 15% of respondents identified the rollback of environmental, social, and governance (ESG) regulations in the US as their top concern, underscoring the broader regulatory challenges Irish firms face when engaging with American markets.
Irish financial firms operating across borders are increasingly challenged by diverging regulatory priorities between jurisdictions. While the European Union continues to strengthen frameworks around data privacy, ESG standards, and corporate transparency, the United States has shown signs of deregulation in these same areas.
This divergence is creating operational and strategic friction for firms that must comply with stricter EU laws while managing expectations from US partners and clients. The lack of harmonisation in compliance obligations can lead to duplicated efforts, conflicting reporting standards, and higher operational costs for organisations with cross-border activities.
Michael Kavanagh, CEO of the Compliance Institute, said that recent developments in US policy, especially around regulatory enforcement and data privacy, are creating growing uncertainty for firms trying to plan their compliance strategies.
“We’ve seen a rollback in the States on various regulatory fronts—for example reduced funding of various agencies, a freeze on all new regulations, a loosening in cybersecurity and anti-money laundering laws, and the dismantling of parts of existing legislation,” Kavanagh explained.
On the issue of data privacy, he pointed to inconsistencies between US states and the lack of a federal law to unify privacy regulations. “On the data privacy front, there’s uncertainty – each state has its own laws and regulations, there was going to be a federal law to bring these together, there’s uncertainty around that.”
Kavanagh highlighted the specific risks associated with cybersecurity deregulation in the US, warning that the impact could be global, even for firms without direct operations in the country.
“Cybercriminals operate in various jurisdictions, there’s no borders, there’s no boundaries, so it needs a global response,” he said. “If there’s a weakening in one jurisdiction, and such a jurisdiction being the US, which is one of the major players internationally, that is a concern.”
The survey also explored the compliance implications of the scaling back of ESG standards in the US, which some companies are being encouraged to abandon altogether. Kavanagh said this puts Irish firms in a difficult position, particularly when they must comply with stricter EU standards while facing different political pressures abroad.
“The challenge around all of that is trying to get data, trying to get information, the culture that’s coming from some of the US firms, some have very publicly scaled back on their DE&I targets, and again that is proving problematic for compliance professionals, and companies in general,” he added.
While much of the focus has been on the US, Kavanagh noted that regulatory easing is also happening at the European level, with a reduction in the scope of some laws in response to complaints of over-regulation. However, he warned against overcorrecting.
“In quarter one of this year, we saw a huge amount of laws and regulations. The profession was telling me they were almost overwhelmed by the amount of regulation that’s there,” he said. “But it’s about getting that balance right, going to the other extreme is going back to light-touch regulation and all the problems that led to in the past.”
Interestingly, 18% of financial organisations surveyed said that current US policy changes do not pose a compliance threat to their business operations. Kavanagh suggested this may be because a portion of Irish firms do not have direct engagement with the US market.
This survey underscores the growing compliance challenges Irish financial institutions face due to changing US policies on data privacy, cybersecurity, trade, and ESG. As global regulatory environments diverge, firms must carefully navigate the risks associated with these developments, even when operating from outside the US.
At All-Ireland Sustainability, we’re committed to building a greener, fairer island, together. Stay informed on the latest environmental initiatives, community action, and policy developments shaping sustainability across Ireland, North and South.
👉 Sign up for our newsletter today and be the first to hear about upcoming events, expert insights, and ways to get involved.
Whether you’re a seasoned advocate or just starting your journey, new members are always welcome.
Subscribe now and be part of the All-Ireland Sustainability Membership.
