In a move aligned with Executive Order on Fighting Overcriminalization in Federal Regulations, the Office of the Comptroller of the Currency (OCC) has issued a new policy statement clarifying its approach to referring criminal regulatory violations to the Department of Justice.

The OCC plans to compile and submit by May 2026 a comprehensive list of all criminal regulatory offenses under its remit (those violations of federal regulations carrying criminal penalties) alongside corresponding penalty ranges and the applicable mental state (“mens rea”) required for conviction.

The guidance, developed in consultation with the Attorney General, responds to growing concerns about the unchecked expansion of criminal liability within the federal regulatory framework.

The policy also introduces a more transparent referral framework, emphasizing that the OCC will weigh specific factors before deciding whether to refer alleged violations to prosecutors. While exceptions remain, the default approach favors discretion over automatic escalation.

Reining in regulatory overreach

President Trump’s Executive Order 14294, issued on May 9, 2025, signals a sweeping recalibration of federal regulatory enforcement, particularly where criminal penalties are concerned.

Citing the ballooning size and opacity of the Code of Federal Regulations, now exceeding 175,000 pages, the order challenges the legitimacy of imposing criminal liability on citizens for infractions they may not reasonably understand or anticipate.

The order criticizes the prevalence of “strict liability” offenses that do not require a guilty state of mind and frames such enforcement practices as both unjust and structurally biased in favor of large entities with legal firepower.

At its core, EO 14294 seeks to disincentivize criminal referrals for regulatory offenses unless clear intent to break the law is present. It states that criminal prosecution is appropriate only when a person knowingly violates a regulation and causes or risks substantial public harm.

Agencies are instructed to prefer civil or administrative actions for low-level or unintentional infractions and to limit the use of strict liability provisions, which are now “generally disfavored.” Future rulemakings must include explicit statements regarding the rule’s criminal enforceability, relevant statutes, and applicable mens rea standards.

EO 14294 seeks to disincentivize criminal referrals for regulatory offenses unless clear intent to break the law is present.

The order mandates a detailed audit of all federal criminal regulatory offenses. Within one year, every federal agency, working with the Department of Justice (DOJ), must submit and publicly post a report listing all such offenses, along with the statutory penalties and mental state requirements.

Any criminal enforcement action against an offense not included in the report is to be “strongly discouraged.” Additionally, agencies are encouraged to adopt a default mens rea framework, unless statutory exceptions apply, and must justify any deviations from that standard.

Finally, EO 14294 outlines a refined approach for DOJ referrals. Agencies must now weigh multiple factors, such as harm caused, financial incentive, the defendant’s professional expertise, and awareness of wrongdoing, before initiating criminal proceedings.

This guidance carves out exceptions for immigration and national security regulations but otherwise represents a structural effort to restore proportionality, and transparency in administrative enforcement.

For compliance professionals, it marks a meaningful shift: regulatory violations will increasingly be viewed through a civil, rather than criminal, lens unless intent is clear and consequences grave.

OCC guidelines

The OCC’s guidance affirms that future criminal referrals must be deliberate and grounded in proportionality.

Before forwarding cases to the DOJ, OCC officers will be expected to consider multiple contextual factors: the actual or potential harm caused by the offense, the financial gain involved, the defendant’s level of professional expertise, and evidence of the defendant’s awareness of wrongdoing or regulatory obligations.

These factors mirror the Executive Order’s call for criminal enforcement only in cases involving clear intent and meaningful risk to the public.

This policy shift explicitly discourages the blanket use of criminal referrals for minor or technical violations, particularly in situations where defendants may lack fair notice of the rules in question.

The OCC’s move applies across its regulatory reach, including national banks and community financial institutions, and reflects a broader regulatory philosophy that favors civil or administrative responses for unintentional breaches of law.

The OCC also signals its intent to maintain consistency with applicable statutes while preserving agency discretion on a case-by-case basis.

Importantly, while the guidelines reshape internal decision-making, they stop short of creating enforceable rights for regulated entities. The document reiterates that this policy is advisory and subject to statutory and practical limitations.

Still, for banks and financial compliance officers, the shift represents a meaningful reduction in criminal exposure and signals a wider recalibration of regulatory power across the financial enforcement landscape.

Regulatory retrenchment

The OCC’s new criminal referral framework is not an isolated development, it is part of a broader institutional realignment across key financial regulators, reflecting a distinct shift away from expansive or discretionary enforcement practices.

This trend is especially evident at the Department of Justice, where Criminal Division Chief Matthew Galeotti has reprioritized resources toward combating foreign crime and systemic fraud, while scaling back white-collar criminal enforcement.

Galeotti’s recent directives emphasize prosecutorial restraint, procedural clarity, and a preference for civil or administrative resolutions in cases of low-level corporate misconduct. These principles dovetail with the OCC’s policy: both institutions now require a case-specific inquiry into intent, risk, and harm before criminal consequences can be triggered.

The convergence is particularly visible in the renewed emphasis on internal remediation, voluntary self-disclosure, and proportionality. Just as the DOJ’s updated Corporate Enforcement Policy offers meaningful leniency for companies that report misconduct and cooperate, the OCC’s guidance requires officers to weigh a firm’s awareness of wrongdoing and its institutional context before escalating cases to federal prosecutors.

At the same time, the OCC’s decision to eliminate reputational risk as a formal examination category further underlines its regulatory retrenchment.

Long criticized for enabling politicized or ideologically motivated bank supervision, particularly in the context of “debanking” controversies, the reputational risk framework had blurred the line between financial soundness and public image management.

Its removal signals a desire to return to a narrower, more technically grounded interpretation of supervisory responsibility. This institutional self-discipline mirrors the DOJ’s move to scale back corporate monitorships and constrain investigations that produce compliance fatigue rather than legal certainty.

Viewed together, these regulatory reforms suggest a coordinated effort across agencies to recalibrate the balance of power between government oversight and enterprise autonomy, marking a subtle but consequential departure from the enforcement environment of the previous decade.