We’re witnessing a notable shift in how US enforcement agencies operate. The FTC, SEC, FINRA, and CFPB have moved from broad policy signals to targeted, specific action - and they've been transparent about where they're looking next. Subscription practices, financial promotions, hidden fees, and abusive marketing practices are all in the crosshairs, backed by rising penalty frameworks and better-resourced enforcement teams. Read on for four key pressure points for in-house GCs this year.

But abiding by regulations is only half the challenge. The other half is operational. AI adoption without proper governance frameworks is creating silent exposure across product, marketing, and go-to-market teams. Most in-house functions don't have the infrastructure to catch it before it becomes a regulatory problem. The most acute compliance risk in 2026 isn't necessarily what your company says to consumers. It's the systems you've built and the choices embedded within them.

Regulatory Focus for 2026

FTC Dark Patterns and Subscription Traps

Negative-option billing has moved from nascent enforcement concern to institutional FTC priority. The scale of recent enforcement makes the stakes clear: in September 2025, Amazon settled with the FTC for $2.5 billion - including $1 billion in penalties and $1.5 billion in consumer refunds - over its Prime subscription enrollment and cancellation practices. The FTC alleged Amazon designed a deliberately labyrinthine cancellation process to discourage users from completing it. 

Under ROSCA, the FTC's standard is precise: the simplicity of cancellation must match the simplicity of signup. Pre-charge disclosure of all material terms must appear at the moment of purchase - not buried in a multi-page terms-of-service document. For legal teams, this extends compliance review into interface design. A sign-off that stops at the terms and conditions will miss the risk entirely.

Watch out for:

• Cancellation flows that require more steps, calls, or channels than signup

• Free trial disclosures that appear below the fold or after the purchase decision

• Confirmation screens that default to "keep my subscription"

Get ahead of it:

• Test your cancellation flow as a customer and count the steps

• Ensure pre-charge disclosure appears at the point of purchase, not in terms of service

SEC and FINRA Financial Promotions

The SEC and FINRA have both sharpened their focus on how financial products and services are marketed, particularly as AI-generated content, social media, and influencer partnerships become standard parts of the marketing mix. FINRA's updated guidance on digital communications makes clear that the same standards applying to traditional advertising apply to social posts, podcasts, and AI-assisted content. The channel doesn't change the obligation.

The approval and supervision requirements are where most firms run into trouble. Content moves fast in digital channels; compliance workflows haven't kept pace. FINRA expects firms to have documented supervisory procedures for all retail communications - and when examiners ask to see the approval chain for a specific LinkedIn post or email campaign, an undocumented email thread is a difficult defense. The risk isn't only in what gets published. It's in the process behind it.

Watch out for:

• AI-generated or influencer-published financial content without documented supervisory review

• Social media campaigns approved informally without a traceable approval chain

Get ahead of it:

• Map every channel through which retail communications reach consumers

• Ensure your supervisory procedures explicitly cover digital and social content - not just traditional advertising

FTC Pricing Transparency and Drip Pricing

The FTC, CFPB, and FCC are aligned on a consistent message: material costs cannot be hidden, and surprise fees that emerge at checkout violate unfairness standards. The FTC's proposed rule requires all-in pricing disclosure upfront. Recent enforcement has targeted booking sites, travel platforms, ticket sellers, and subscription services where processing and service fees inflate the final price well beyond what was advertised.

For organizations managing pricing across multiple systems, channels, and regions, inconsistency in how pricing is displayed is itself a regulatory risk - not just the underlying fees. A compliant pricing disclosure on the website that doesn't match what appears in the mobile app or email campaign creates material exposure.

Watch out for:

• Fees that only appear at the final stage of checkout

• Pricing displayed differently across web, app, and email channels

Get ahead of it:

• Audit your full pricing display across every customer-facing channel

• Document the business rationale for any fee that isn't included in the headline price

UDAAP’s Focus on Marketing Content

UDAAP is the CFPB's primary enforcement framework for consumer financial protection, and it's one of the most consequential compliance obligations for in-house teams in financial services, insurance, and fintech. The "abusive" prong is deliberately broad: conduct that exploits consumers' lack of understanding, or that takes unreasonable advantage of their inability to protect their own interests, can ground a claim even where no outright deception occurred.

In practice, UDAAP enforcement is increasingly focused on marketing content specifically. Confusing pricing disclosures, buried terms, misleading claims about product features or costs are exactly the kinds of practices the CFPB is targeting. The overlap with the FTC's dark patterns focus is significant: subscription traps, drip pricing, and manipulative choice architecture can simultaneously attract FTC and CFPB scrutiny. For GCs managing consumer-facing content at scale, UDAAP means that every marketing asset carries potential regulatory exposure.

Watch out for:

• Marketing content that exploits complexity to obscure the true cost of a product

• Claims that are technically accurate but structured to create a misleading impression

Get ahead of it:

• Review marketing content through the lens of consumer understanding, not just factual accuracy

• Document your UDAAP risk assessment for high-volume content workflows - the CFPB will ask

The Operational Reality: Why Manual Compliance Can't Keep Pace

The common thread across these pressure points is speed. Regulators are moving faster, enforcement is more targeted, and the content surface that needs to be managed, across digital channels, social media, email, and web, is growing exponentially. The compliance infrastructure most in-house teams are working with wasn't built for this environment.

The doubled complexity of managing FTC, CFPB, SEC, and FINRA obligations simultaneously means that error rate compounds with content volume. A firm publishing hundreds of marketing assets a month across multiple channels cannot achieve consistent compliance through manual review alone - the math simply doesn't work. And in a regulatory environment where the process behind a piece of content matters as much as the content itself, an undocumented workflow is its own liability.

The firms managing this well have stopped treating compliance as a final gate before publication and started building it into the content creation process itself. Compliance standards become documented rules that marketing and legal teams both work against: applied consistently, updated centrally, and visible to the board when it matters. 

Modern enterprises are embedding AI-powered compliance platforms that integrate into existing workflows, reduce manual review time substantially, and capture institutional knowledge before it walks out the door.

About Haast

Leading financial services, telecommunications, and retail organizations in the US are already deploying compliance automation platforms to manage regulatory risk at scale. Haast is purpose-built for this environment: combining pre-publish review, live monitoring, and regulatory horizon scanning into a single compliance platform powered by AI agents trained on FTC, SEC, FINRA, CFPB, and other regulatory standards.

To learn how in-house teams are managing regulatory pressure without proportionally scaling legal headcount, visit haast.io.