General
State-Level AML Enforcement Gets Wise
Today we have another example of U.S. state regulators stepping up their own enforcement regimes against corporations for compliance failures. That’s not quite a new trend, but it is one that seems to be accelerating as the Trump Administration retreats from vigorous corporate enforcement generally. Let’s take a look. What happened? The states of New…
Read MoreNotes From #RISK Conference
This week I had the good fortune to attend the #RISK New York conference, a two-day event where 300-ish audit, risk, and compliance professionals gathered to talk shop about the evolving challenges of GRC and risk management. We had lots to discuss and I took lots of notes, so let me jot down a few…
Read MoreCompliance at Small Companies
Earlier this week I had the privilege of speaking to a law school class about corporate compliance programs, and specifically about how compliance officers at small companies can succeed in the job when they typically have precious few resources to do it. That’s a terrific subject to explore, so let me recap some of my…
Read MoreHertz Lessons on AI Governance
I didn’t plan on writing about artificial intelligence again so soon, but sometimes clumsy human intelligence at major corporations forces my hand. Hertz, please join us here in the spotlight today. Bring your AI adoption strategy along with you. The story is as follows. In April, car rental giant Hertz rolled out a new AI…
Read MoreOh Boy: ‘Agentic Misalignment’ Risk
Today we return to artificial intelligence, and a new report from AI software developer Anthropic that unpacks the threat of “agentic misalignment” — that is, when an AI agent behaves in ways that no longer align with what an organization wants it to do. Brace yourselves, audit and compliance teams; there are nightmarish governance and…
Read MoreNo, the FCPA Is Not ‘Back’
Folks, we need to have a conversation about all these legal bulletins, marketing emails, and conference agendas declaring that enforcement of the Foreign Corrupt Practices is now somehow “back,” simply because the Justice Department released guidelines the other week explaining how it will consider FCPA enforcement from here forward. Snap out of it. FCPA enforcement…
Read MoreBoeing’s Report on Speakup Culture
Today we return to Boeing and the various steps it’s been taking to improve its safety and compliance culture. The company discussed those steps in an “aerospace safety report” Boeing released a few weeks ago, with lots of material on how Boeing is trying to improve its speakup culture. Let’s take a look. Boeing has…
Read MoreNew Insights on ERM Obstacles
Every organization says it wants to get better at managing risk, even though lots of organizations struggle to achieve that goal in practice. Now a new report has flagged some of the possible obstacles to strong risk management, which in turn raises some interesting questions about how risk management teams might overcome said obstacles. The…
Read MoreThoughts on the AI Job-Pocalypse
By now you may have seen one of numerous media reports recently that artificial intelligence is poised to decimate the white-collar job market in coming years. I’m not sure I agree with those dire reports, but clearly AI is going to transform how white-collar workers — such as compliance and audit professionals — arc through…
Read MoreCOSO’s Draft Corporate Governance Framework
Executives and board directors are always searching for a better way to manage their organizations — and rightly so, considering how messy and bewildering corporate governance can be at large organizations. Now COSO is trying to remedy that situation with a proposed framework for corporate governance, and we should all take a close look. COSO…
Read More