A newly released study finds that the vast majority of software systems that businesses use to manage their operations rely to at least some extent on open-source software — and the vast majority of that open-source code contains multiple high-risk vulnerabilities. So says the 2025 Open Source Security and Risk Analysis Report, released Tuesday by…
Read More
Today I want to return to President Trump’s efforts to consolidate executive power, and what that might mean for regulatory compliance and corporate governance if he succeeds. Our latest example worth dissecting: his executive order issued last week to take control of independent government agencies. Those agencies include regulators near and dear to compliance professionals’…
Read More
The Compliance Jobs Report this week has new hires at McKinsey, Schneider Electric, Kingfisher, Oxxo, and elsewhere; plus promotions at Unisys, Husqvarna, Royal Caribbean, and more. Job leads are in teaching hospitals, electronics, and environmental defense; and Meme of the Week goes out to Chris Pratt fans! Always remember that we need your help to…
Read More
The Securities and Exchange Commission has launched a new cybersecurity enforcement unit — or, more accurately, dropped crypto stuff from its previously existing crypto assets and cybersecurity enforcement unit. Anyway, it’s a reminder that cybersecurity issues are still on the SEC’s radar screen, so corporate audit and financial disclosure teams need to respond accordingly. Acting…
Read More
Centene Corp. is paying $11.2 million to settle a lawsuit claiming that poor cybersecurity at one of its subsidiaries qualifies as a violation of the False Claims Act, in yet another example of how cybersecurity risk is worming its way into all parts of corporate compliance. The subsidiary in question is Health Net Federal Services,…
Read More
LRN released its annual compliance program effectiveness report last week, which is always worth a read to understand the challenges of holding your corporate culture together and driving it forward in a unified way. One big issue in this year’s report: a perceptions gap on ethical culture that exists between senior executives and other employees.…
Read More
What better way to celebrate Valentine’s Day than the Compliance Jobs Report? This week we have news from Walmart, Bicycle Therapeutics, Pax8, Goldman Sachs, Square, and more. Job leads are in banking, online auctions, and fintech firms; and Meme of the Week goes out law firms feeling the pressure. Always remember that we need your…
Read More
I wanted to share more thoughts today about President Trump’s order to pause all enforcement of the Foreign Corrupt Practices Act. Lots of corporate compliance professionals have been talking about it — and while nobody has any clear sense yet of what comes next, we do have a better sense of the important questions to…
Read More
OK, the inevitable has happened. President Trump has issued an executive order directing the Justice Department to halt all enforcement of the Foreign Corrupt Practices Act and devise new enforcement guidelines for future prosecution. Let’s all take a deep breath, and then move on to consider the implications for corporate compliance programs. Is Trump’s anti-anti-corruption…
Read More
I didn’t expect to write another post so soon on the deregulatory shenanigans of the Trump Administration and the implications for compliance officers, but already we have an example too perfect to ignore: the Consumer Financial Protection Bureau, and the deep freeze that agency entered this weekend. In case you missed it, on Saturday night…
Read MoreAbout Us
Technically, Radical Compliance is the personal blog of Matt Kelly, long-time writer and observer of the corporate compliance and GRC scene. I was a writer, editor, and publisher at Compliance Week, 2003 through 2015; some of you may know me from my career there. I also speak frequently at compliance conferences and other events, and will pretty much shoot the breeze on any compliance topic with anyone who asks.
