The Massachusetts Society of CPAs, Boston, appointed 19 members to its board of directors for its 2025-26 fiscal year. MassCPAs appointed to board chair Declan Lee, KPMG LLP; chair-elect Ron Tull, Schofer Dillberg & Co.; board vice-chair, finance committee chair Carol Ruiz, PwC LLP; board vice-chair, audit committee chair Marquis Cooper, Boston Scientific; board vice-chair Mark Audi, Baker Newman Noyes; board chair Laura Felice, BJ’s Wholesale Club; president and CEO Zach Pitter, MassCPAs; and directors: Julie Chasse, Northeastern University ; Molly Griffiths, RSM US LLP; Sean Keenan, WS Development; Josh LaPan, Citrin Cooperman; LeeAnn Manning, Floyd Advisory LLC;  Greg O’Brien, Anomoly CPA; Kathy Parker, BerryDunn; Kristi Reale, Meyers Brothers Kalicka; Linda Smith, Smith, Sullivan & Brown; Katie Soule, Merrill Lynch; Jeff Strassman, Grant Thornton Advisors LLC; and Ryan Sturma, Deloitte. 

Jane Steinmetz, Atlantic growth markets leader and Boston office managing principal at EY, received an honorary doctor of laws degree from Curry College in Milton.

The far-reaching tax legislation that passed early Thursday morning in the House included a provision that would transfer the responsibilities of the Public Company Accounting Oversight Board to the Securities and Exchange Commission, effectively eliminating the PCAOB.

The House Financial Services Committee passed a bill at the end of April that would transition the PCAOB’s responsibilities to the SEC within one year of enactment, and it was included as part of the overall tax package, which is now headed to the Senate. 

PCAOB chair Erica Williams has been speaking out against the proposal in recent weeks since the bill emerged unexpectedly in the House committee in late April only days before it passed. On Thursday, he reiterated her objections during a meeting of the PCAOB’s Standards and Emerging Issues Advisory Group.

“Like many of you, I am deeply troubled by legislation being considered in Congress to eliminate the PCAOB as we know it,” she said. “This policy idea is not new. It has been around for decades, since the PCAOB was first created in response to Enron, WorldCom and the other accounting scandals of the early 2000s that left devastation in their wake. In the more than 20 years since, the PCAOB, led by its expert staff, has made invaluable contributions to the safety and security of U.S. capital markets. Investors are better protected because of the PCAOB. Audit quality has improved because of the PCAOB.” 

Williams pointed out that she used to work for the SEC and is familiar with the agency. “The SEC was my professional home for 11 years,” she said. “I have deep admiration and respect for the incredible professional staff there. They are excellent at what they do. It is different from what we do here at the PCAOB. The unique experience and expertise built up by the PCAOB over decades cannot simply be cut and pasted without significant risk to investors at a time when markets are already volatile.”

She noted that the PCAOB has specific agreements with other audit regulators in countries around the world. “Getting an inspections program off the ground alone would take years,” she said. “It would require hiring hundreds of experienced inspectors and renegotiating agreements around the world, including in China, wasting time and money all while creating significant risk of fraud slipping through the cracks while no one is looking. Not to mention the disruption to enforcement around the world and potential loss of unmatched expertise built by [PCAOB chief auditor Barbara Vanich] and her team at a time when firms are relying on their support to implement new standards.I have said this before, and I will say it again any chance I get: every member of the PCAOB team plays a critical role in executing our mission of protecting investors on U.S. markets. And they are irreplaceable.”

SEC chairman Paul Atkins said at a conference this week that the SEC would be able to take over the tasks over the PCAOB, but would need the extra funding and staff provided under the bill.

“Congress outsourced those tasks to the PCAOB, and it’s up to Congress to decide where they should be housed,” he told reporters, according to Thomson Reuters. “And if they were decided to be merged into the SEC, I think we could handle it and be able to have enough people in the funding to accomplish it because, at least the way the bill is structured, they have thought about that.”

The SEC might also need to bring over staff from the PCAOB with the necessary experience. Atkins said under the bill “we could get the people who are at the PCAOB and be able to consolidate.”

However, a group of former PCAOB officials doubts the SEC could quickly take up those responsibilities and wrote a letter to the House committee, saying, “We are skeptical that the SEC could replicate the PCAOB’s expertise and infrastructure with similar positive results.”

The American Institute of CPAs has been watching the developments closely in recent months and AICPA president and CEO Mark Koziel said late last month, “We stand ready to assist policymakers as they consider potential changes to the regulatory infrastructure overseeing public company auditing.”

The AICPA had set auditing standards for public companies until the passage of the Sarbanes-Oxley Act of 2002 created the PCAOB in 2003 and still sets many assurance and attestation standards for private companies. The PCAOB has been working to update many of the older auditing standards it inherited from the AICPA, and former SEC chair Gary Gensler had encouraged the PCAOB and Williams to accelerate those efforts. 

Cycles are nothing new in the world of white-collar enforcement, which often impact the perceived importance of corporate governance processes. However, as we say in my other home country, “plus ça change, moins ça change” (the more things change, the more they stay the same!) 

Rules tighten in the aftermath of scandal or financial crisis, then loosen in the name of relaxing regulations that stifle innovation, economic growth or administrative priority shifts. Regulatory enforcement intensity waxes and wanes, but the importance of appropriate governance and controls remains critical to corporate well-being.

We now appear to be entering another familiar enforcement phase: a pullback in domestic focus, deeper scrutiny on specific areas, a lighter touch on corporate accountability and greater attention on foreign actors. While this is certainly not unprecedented, this environment raises important questions and challenges about corporate behavior, compliance resilience and the long-term risks of a less stringent enforcement environment.

Like a pandemic, fraud spreads silently at first — thriving in weak systems, exploiting human vulnerabilities and multiplying rapidly before anyone realizes the true scale of the contagion. Just as the Enron and WorldCom scandals in the early 2000s were preceded by a deregulatory boom and SOX was the response, the 2008 financial crisis followed years of unchecked risk-taking with the results we all saw. Today’s enforcement climate raises questions about whether we are once again setting the stage for the next wave of misconduct. And in order to have fraud, one needs opportunity, pressure and rationalization. 

Where the risk may surface first

Certain sectors are especially vulnerable in this type of environment. As well as the more traditionally targeted industries, new areas like crypto and digital assets,  which continue to develop ahead of clear regulatory frameworks, are particularly at risk. While high-profile prosecutions have taken place, certain new industry participants still operate in a regulatory gray zone, and investors lack many of the protections common in more mature financial markets.

Often overlooked, environmental claims also deserve attention. If enforcement around environmental disclosures and emissions standards weakens, it could create incentives for companies to exaggerate sustainability efforts or underreport risk. These actions often don’t attract immediate scrutiny — but they can lead to significant liability down the line.

Opportunity: The return of the light-touch era?

Recent developments suggest a clear change in tone from federal regulators. Penalties are being moderated in some cases, deferred prosecution agreements seem to have less teeth, and monitoring remedies may be refocused. While enforcement has not disappeared — nor is it likely to — its domestic focus appears to be narrowing. At the same time, there’s greater emphasis on foreign companies and overseas corruption and there are signals that foreign regulators, particularly in Europe, are willing to step in.

For today’s financial and compliance leaders — many of whom may not have been in senior roles during prior enforcement waves — this could seem like a reprieve. But it may also create blind spots. When rules seem less urgent or enforcement risk feels more distant, some organizations deprioritize the very controls and practices that help them navigate.

The past reminds us that such lulls can create fertile ground for misconduct, especially if companies start to believe that scrutiny is less likely, or consequences will be delayed.

Here’s a simple equation: Economic Pressure + Relaxed Oversight = Increased Fraud Risk.

At the same time, macroeconomic signals point to uncertainty. If economic headwinds intensify — especially with recessionary concerns, uncertainty around tariffs, extended and disrupted supply chains leading to margin compression — companies may feel increasing pressure to meet or maintain performance expectations. In such a climate, the line between aggressive accounting and earnings manipulation can start to blur and the need to gain market share may lead to bribes, among other malfeasance.

Misconduct in these environments rarely becomes visible right away. It builds quietly over time, often uncovered only years later during internal audits, in the aftermath of bankruptcies when performance was stretched to the breaking point, in the case of restatements, or as a result of a whistleblower. The risk may not be immediately visible — but it is cumulative and real.

The guardrails that remain

That said, several key safeguards are still intact — offering a measure of counterbalance even as federal enforcement evolves:

• International enforcement continues to expand. Regulators abroad are increasingly assertive, particularly in Europe and Asia. U.S.-based companies operating globally are still subject to foreign anti-corruption laws and cross-border cooperation among authorities is increasing.
• Domestically, state attorney generals can fill some of the gaps. Many AGs have a long history of stepping in — particularly in areas like health care fraud, consumer protection and investor rights. But these offices may lack the scale, budget and investigative horsepower of federal agencies.
• Federal action continues in targeted areas. Enforcement efforts remain active in sectors like health care, particularly in cases involving government reimbursement fraud or improper billing practices. These cases suggest that federal oversight has not disappeared — just narrowed in focus.
• Auditing standards are as demanding as ever. Despite other regulatory changes, public company auditors remain under pressure to detect fraud and report weaknesses. Regulatory expectations in this area have not been relaxed, and auditors are increasingly expected to identify red flags in financial statements.
• Private litigation remains a meaningful deterrent. Shareholder lawsuits and class actions continue to hold companies accountable when disclosures fall short or risks are misrepresented. This legal pressure — driven by investors and plaintiffs’ attorneys rather than government — operates independently of political cycles.
• Whistleblowers are still protected and can be highly incentivized. Tipsters have played a key role in uncovering many recent frauds, and protections for whistleblowers remain strong. In a lower-enforcement climate, their role becomes even more important.

Compliance programs: Relevance beyond enforcement

Many organizations have made real strides in strengthening internal compliance programs over the past decade — driven by regulatory pressure, investor expectations and reputational concerns. Even in a less stringent enforcement environment, these investments remain vital.

First, reputational risk and public accountability haven’t faded. In fact, social media and stakeholder activism make it easier than ever for ethical lapses to attract attention — even without government involvement.

Second, mergers and acquisitions continue to present risk. Acquiring entities are often held responsible for inherited compliance failures. Robust internal controls, due diligence and risk assessments are essential for identifying hidden liabilities before they become public problems.

Finally, even in the absence of immediate enforcement, forward-thinking organizations understand that compliance isn’t just about staying out of trouble. It’s about building sustainable operations, maintaining trust with stakeholders, establishing a reputation of integrity and anticipating risk — not reacting to it.

A moment to be proactive

As enforcement priorities shift, the temptation to loosen internal controls or scale back compliance efforts and investments may be tempting. But this moment is not one for complacency. If history is any guide (and it usually is), misconduct that begins under light scrutiny tends to end under a more intense spotlight — often years later.

Strong compliance programs can stop the spread of fraud before it takes hold, building organizational immunity through vigilance, accountability and early detection. This is a time to take stock:

• Are controls over financial reporting keeping pace with business complexity and the evolving new risks created by change in policies, and geopolitical uncertainty identified?
• Are new risks — especially in fast-evolving unregulated sectors — being properly identified, assessed and mitigated?
• Are compliance programs appropriately resourced and empowered to act?

These are the questions worth asking now, before risk has a chance to compound.
The enforcement cycle may be reprioritized, but risk itself hasn’t gone anywhere. Economic pressures, evolving industries and shifting regulatory priorities all create new vulnerabilities. And while some external guardrails remain in place, they are no substitute for proactive, internal risk management.

Those who treat this moment as a time to reinforce — rather than retreat from — strong compliance will be better positioned to navigate whatever comes next. Because while enforcement climates may rise and fall, the consequences of ethical failure are always significant, often lasting — and sometimes, fatal.