Last week I was in Atlanta speaking to a group of IT auditors. Conversation turned to the SEC’s proposals for expanded disclosure of cybersecurity risks, and attendees raised a good question: Does this mean that CISOs and other executives will need to attest that, yes, the company’s cybersecurity measures are effective? Under the text of…
Read More
Another big Compliance Jobs Report! Personnel updates at Snap, JetBlue, Alnylam Pharmaceuticals, Cook Medical, Firefly Aerospace, and lots more. We also have some interesting hires in the vendor world; job leads in vaccines, automotive tech, and higher ed; and Meme of the Week goes out to one-person compliance departments! As always, thank you to all…
Read More
The Consumer Financial Protection Bureau has issued a fresh warning to financial firms that they must keep customer data safe, and cited three specific cybersecurity controls as measures that firms should implement if they want to avoid liability under federal consumer protection law. The CFPB fired its warning shot on Thursday afternoon in the form…
Read More
Everyone knows I’ll talk ethics and compliance with just about anybody. So when Facebook decided to roll out its new AI-driven chatbox, of course I swung by its website and started asking the bot what it thought of corporate compliance programs. The bot, apparently named BlenderBot 3, was launched on Monday. People can strike up…
Read More
Our post last week about the lack of clear standards for a “reasonably designed” compliance program drew lots of comment from compliance professionals — enough that the issue deserves continued exploration, since there’s plenty more to say on the subject. First let’s consider a concrete example of the confusion that could arise here. Imagine your…
Read More
Following this morning’s monster jobs report for the U.S. economy, the Compliance Jobs Report has its own brisk update for this week too! We have items to report from Blackstone, Walmart, Fifth Third Bank, Alexion Pharmaceuticals, and many more. Job leads in banking, software sales, and stock trading; and our Meme of the Week goes…
Read More
Today I want to revisit the Justice Department’s plans to have chief compliance officers certify the effectiveness of their compliance programs, to unpack a question that’s been bothering me. When the department says it wants certification that your program is reasonably designed to prevent future violations, what does “reasonable” actually mean? Readers of Radical Compliance…
Read More
New York financial regulators have issued a scorcher of an enforcement action against Robinhood, hitting the online trading app with a $30 million for allowing a weak compliance program that, in turn, allowed a wide range of other compliance failures. The New York Department of Financial Services (DFS) announced the sanction on Tuesday. The precise…
Read More
IT audit professionals looking for a fresh example of cybersecurity risk to study should turn their gaze to Wisconsin. A voter fraud conspiracy theorist there uncovered what is indeed a legitimate risk to election integrity, and his discovery speaks volumes about taking a risk-based approach to design of internal controls. The gadfly in question is…
Read More
One of the largest PR firms in the world is going through its own minor PR crisis this week, with its former CFO pleading guilty to embezzling $16 million from the firm over the course of nearly a decade. Frank Okunak, who ran financial operations at PR firm Weber Shandwick from 2009 to 2019, pleaded…
Read MoreAbout Us
Technically, Radical Compliance is the personal blog of Matt Kelly, long-time writer and observer of the corporate compliance and GRC scene. I was a writer, editor, and publisher at Compliance Week, 2003 through 2015; some of you may know me from my career there. I also speak frequently at compliance conferences and other events, and will pretty much shoot the breeze on any compliance topic with anyone who asks.
