carnival

New York Fines Carnival $5M on Cyber Fails

By Matt Kelly | June 27, 2022 |

Financial regulators in the state of New York just served up quite the example of cybersecurity enforcement, with a $5 million fine slapped against Carnival Corp. for failing to report several cybersecurity breaches in a timely manner and failing to implement required technical controls that would’ve reduced the odds of those attacks in the first…

Read More
roe

Roe Falls; Compliance Programs Brace

By Matt Kelly | June 26, 2022 |

They say that a columnist writes about what people are talking about, so there’s only one thing to write about today: the immense implications of the Supreme Court’s decision to invalidate Roe v. Wade. Even at this early stage, the consequences for corporate ethics and compliance programs are emerging fast and furious.  We can begin…

Read More
compliance jobs

Compliance Jobs Report: June 24

By Matt Kelly | June 24, 2022 |

The Compliance Jobs Report this week has a few gossipy items about Rite Aid, a new compliance boss at Tesla (good luck), and other personnel items from Rabobank, Google, Victoria’s Secret, Cooper Standard, and more. All our compliance job leads are for the Atlanta area, and Meme of the Week goes out to pushy compliance…

Read More
pre-taliation

SEC Dings Brinks on Pre-taliation

By Matt Kelly | June 23, 2022 |

Just in time for Throwback Thursday, cash management company Brinks Co. has agreed to pay $400,000 to settle charges from the Securities and Exchange Commission that its employment contracts included pre-taliation clauses — a whistleblower no-no that had been largely dormant since 2016. As outlined in a settlement order quietly announced this week, the SEC…

Read More
esg

Two Reports on Building an ESG Program

By Matt Kelly | June 22, 2022 |

ESG issues seem to be a hot issue this week, with two groups publishing reports meant to help companies understand what a good ESG function should be able to do — including how to police against ESG fraud.  Let’s start with the report on ESG reporting, published by Workiva. Workvia polled more than 1,300 corporate…

Read More
cybersecurity

Cybersecurity Risk: Something’s Happening

By Matt Kelly | June 19, 2022 |

I was working at my desk last week when the phone rang. At the other end of the line was my friend the cybersecurity auditor. “Dude, we have to talk,” he said. “Our team here has discovered an issue.”  Ummm, a lot of people in our line of work have issues, I replied. Can you…

Read More
Compliance jobs

Compliance Jobs Report: June 17

By Matt Kelly | June 17, 2022 |

This week’s Compliance Jobs Report includes updates on the SEC itself; new hires at Activision Blizzard, Stony Brook Medicine, Palo Alto Networks, and more; and a bundle of compliance personnel updates in Europe as well. We have job leads in banking, medicine, and e-commerce, and Meme of the Week goes out to CEOs! As always,…

Read More
Activision

Activision Clears Self of Misconduct

By Matt Kelly | June 16, 2022 |

Activision Blizzard published the results of an internal investigation today that found “no widespread harassment” at the videogame giant from 2016 to 2021, despite a lawsuit from California regulators last year alleging exactly that and massive turmoil among Activision employees since then. The investigation was ordered by Activision’s board last year after the California Department…

Read More
goodwill

FASB Retreats on Goodwill Reform

By Matt Kelly | June 16, 2022 |

Well, good riddance to the proposed reform of goodwill accounting. The Financial Accounting Standards Board has shelved a plan that would’ve had companies amortize their goodwill assets over a fixed period, and instead will maintain the longstanding rule that companies must test goodwill at least once a year and then write down the value if…

Read More
NIST

NIST Pushes More Use of Impact Analysis

By Matt Kelly | June 14, 2022 |

NIST, everyone’s favorite publisher of cybersecurity standards, is asking for public comment on another good idea: how to use business impact analysis to guide your risk prioritization and response efforts.  Performing a business impact analysis (BIA) is already an important element of business continuity and disaster recovery planning. True, most cybersecurity and data privacy frameworks…

Read More

About Us

Technically, Radical Compliance is the personal blog of Matt Kelly, long-time writer and observer of the corporate compliance and GRC scene. I was a writer, editor, and publisher at Compliance Week, 2003 through 2015; some of you may know me from my career there. I also speak frequently at compliance conferences and other events, and will pretty much shoot the breeze on any compliance topic with anyone who asks.

Keep in Touch