General
Fresh Thoughts on AI and Compliance
A few weeks ago I had the privilege of moderating (yet another) webinar on artificial intelligence and its implications for corporate compliance functions. The discussion was excellent, and as usual I took lots of notes. For all you AI aficionados out there who missed it, I’ve recapped some of the best insights below. First, one…
Read MoreA Memo on Cyber Materiality
So there I was the other day, pondering that new Securities and Exchange Commission rule for expanded disclosure of cybersecurity issues, when my phone rang. It was my friend the cybersecurity auditor. “Hey,” he said, “I have an idea for how companies can prepare for that new rule about disclosing cybersecurity stuff.” I was intrigued.…
Read MoreOIG’s Big Boost for CCO Independence
Here’s news sure to leave healthcare compliance officers feeling good: the guidance released last week on healthcare compliance programs expressly says that compliance officers should not be the general counsel or the CFO, and should directly report to the CEO or the board. An eagle-eyed compliance officer noticed that directive on Page 39 of the…
Read MoreSolarWinds, Part III: ‘Following’ the NIST Framework
Today we return to the lawsuit the Securities and Exchange Commission has filed against SolarWinds, the IT services firm that suffered a disastrous cyber attack in 2020. How much does SolarWinds’ compliance with the NIST framework for cybersecurity — or its lack thereof — figure into this risk management morass? Quite a lot, at least…
Read MoreRemediation Efforts That Work
Before our fond memories of the Society of Corporate Compliance & Ethics 2023 conference sail into the sunset, I want to recap one more session I attended at the conference since it’s a subject well worth a compliance officer’s attention: the delicate art of remediating a compliance failure while you’re still investigating it. This has…
Read MoreReport: Insourcing Up, Confidence Too
Thomson Reuters has published a fascinating new survey of corporate compliance professionals, finding that most companies are bringing more risk management and compliance work in-house — and that a solid majority of compliance officers are confident that their teams can handle the compliance risks they face. That’s one major conclusion of the 2023 Thomson Reuters…
Read MoreIs AI Leaving Your Internal Controls Behind?
So everyone is freaking about artificial intelligence and its rapid deployment throughout the corporate enterprise. That brings up an important question: are companies updating their internal controls fast enough to keep pace with that AI adoption? This is on my mind because the other week Deloitte released the results of a survey that suggests no,…
Read MoreThat Clear Channel FCPA Settlement
Before the moment slips by, we should take a look at that FCPA enforcement action against Clear Channel Outdoor Holdings that the Securities and Exchange Commission announced two weeks ago. The more you read the details, the more you wince at this tale of poorly managed executives and ineffective internal auditing. Don’t let this stuff…
Read MoreThe Monaco Speech, Part II
Today let’s return to that speech that deputy attorney general Lisa Monaco delivered last week at the Society of Corporate Compliance & Ethics annual conference. Monaco’s announcement of a new safe harbor policy for acquisitions got the headlines, but there was plenty else in her remarks that also deserves our attention. For starters, Monaco talked…
Read MoreThe Art of Compliance Program Assessment
One of the many sessions I attended at the Society of Ethics & Compliance conference last week was about how to perform an assessment of your compliance program. The discussion was great and I took lots of those notes. So today let’s run through those notes on this important task for compliance officers. We can…
Read More