Fresh Thoughts on AI and Compliance 

AI risk

A few weeks ago I had the privilege of moderating (yet another) webinar on artificial intelligence and its implications for corporate compliance functions. The discussion was excellent, and as usual I took lots of notes. For all you AI aficionados out there who missed it, I’ve recapped some of the best insights below. First, one…

Read More

A Memo on Cyber Materiality

SolarWinds

So there I was the other day, pondering that new Securities and Exchange Commission rule for expanded disclosure of cybersecurity issues, when my phone rang. It was my friend the cybersecurity auditor. “Hey,” he said, “I have an idea for how companies can prepare for that new rule about disclosing cybersecurity stuff.”  I was intrigued.…

Read More

OIG’s Big Boost for CCO Independence

OIG

Here’s news sure to leave healthcare compliance officers feeling good: the guidance released last week on healthcare compliance programs expressly says that compliance officers should not be the general counsel or the CFO, and should directly report to the CEO or the board. An eagle-eyed compliance officer noticed that directive on Page 39 of the…

Read More

SolarWinds, Part III: ‘Following’ the NIST Framework

SolarWinds

Today we return to the lawsuit the Securities and Exchange Commission has filed against SolarWinds, the IT services firm that suffered a disastrous cyber attack in 2020. How much does SolarWinds’ compliance with the NIST framework for cybersecurity — or its lack thereof — figure into this risk management morass? Quite a lot, at least…

Read More

Remediation Efforts That Work

Before our fond memories of the Society of Corporate Compliance & Ethics 2023 conference sail into the sunset, I want to recap one more session I attended at the conference since it’s a subject well worth a compliance officer’s attention: the delicate art of remediating a compliance failure while you’re still investigating it. This has…

Read More

Report: Insourcing Up, Confidence Too

survey

Thomson Reuters has published a fascinating new survey of corporate compliance professionals, finding that most companies are bringing more risk management and compliance work in-house — and that a solid majority of compliance officers are confident that their teams can handle the compliance risks they face.  That’s one major conclusion of the 2023 Thomson Reuters…

Read More

Is AI Leaving Your Internal Controls Behind?

AI risk

So everyone is freaking about artificial intelligence and its rapid deployment throughout the corporate enterprise. That brings up an important question: are companies updating their internal controls fast enough to keep pace with that AI adoption? This is on my mind because the other week Deloitte released the results of a survey that suggests no,…

Read More

That Clear Channel FCPA Settlement

Clear Channel

Before the moment slips by, we should take a look at that FCPA enforcement action against Clear Channel Outdoor Holdings that the Securities and Exchange Commission announced two weeks ago. The more you read the details, the more you wince at this tale of poorly managed executives and ineffective internal auditing. Don’t let this stuff…

Read More

The Monaco Speech, Part II

fcpa

Today let’s return to that speech that deputy attorney general Lisa Monaco delivered last week at the Society of Corporate Compliance & Ethics annual conference. Monaco’s announcement of a new safe harbor policy for acquisitions got the headlines, but there was plenty else in her remarks that also deserves our attention. For starters, Monaco talked…

Read More

The Art of Compliance Program Assessment

One of the many sessions I attended at the Society of Ethics & Compliance conference last week was about how to perform an assessment of your compliance program. The discussion was great and I took lots of those notes. So today let’s run through those notes on this important task for compliance officers.  We can…

Read More