Episode 374 -- Justice Department Resumes FCPA Enforcement with New, Focused Guidance
Cruising Through Change: The Auto-Finance Industry’s New Era Under Trump Unveiled — The Consumer Finance Podcast
2023 CRA Rule Repeal: Lessons to be Learned
The Classification of Gasoline & Gasoline Fumes as a Carcinogen: Considerations for Corporate Executives & Attorneys
Hot Topics in International Trade - Let's Be Serious-Supply Chain Audits
Regulatory Rollback: Inside the CFPB’s FCRA Guidance Withdrawal — The Consumer Finance Podcast
Cruising Through Change: The Auto-Finance Industry’s New Era Under Trump Unveiled — Moving the Metal: The Auto Finance Podcast
Regulatory Rollback: Inside the CFPB's FCRA Guidance Withdrawal — FCRA Focus Podcast
Innovation in Compliance: The Critical Importance of Mobile Application Security: Insights from Subho Halder
2 Gurus Talk Compliance: Episode 53 – The AI as a Whistleblower Edition
Compliance Tip of the Day: Internal Controls for Third Parties
Healthcare Enterprise Risk Management
GILTI Conscience Podcast | Navigating Brazil's New Transfer Pricing Landscape: A Shift to OECD Standards
Importance of Compliance Management in times of transition
Great Women in Compliance: From Hotline to Headline: The DOJ’s Whistleblower Awards Reboot with Mary Inman and Liz Soltan
Compliance into the Weeds: Autonomous AI Whistleblowing Misconduct
Understanding MALPB Charters: A Collaborative Approach to Banking Innovation — Payments Pros – The Payments Law Podcast
Law Firm ERGs Under Scrutiny: Navigating Compliance, Risk, and Culture - On Record PR
Compliance Tip of the Day: Risk Assessments and Internal Controls
This post is one in a series where we discuss the US Department of Justice’s (DOJ’s) bulk sensitive data rule (rule), which prohibits individuals or entities from certain foreign countries, including China, from accessing...more
Cybersecurity firm CSC recently issued its CISO Outlook 2025 Report, which predicts cybersecurity challenges CISOs will face in the next year. The report, from a survey of 300 CISOs and cybersecurity professionals globally,...more
North Dakota recently passed a law establishing new rules for certain financial companies operating in the state – specifically “financial corporations.” The new obligations will take effect on August 1, 2025. They will apply...more
Through May 2025, corporate deal activity in the United States demonstrates remarkable resilience despite mounting economic pressures. Hart-Scott-Rodino (HSR) premerger notification filings through the first eight months of...more
As described in an earlier alert, the Department of Justice (DOJ) recently announced a 90-day pause in enforcement of the "Bulk Data Rule" for entities engaging in good faith compliance. That 90-day grace period ends on July...more
On May 9, the California Privacy Protection Agency (CPPA) announced it opened the formal public comment period for its proposed regulations concerning updates to the California Consumer Privacy Act. The proposed rules would...more
After a relatively slow start to 2025, the California Privacy Protection Agency (CPPA) is firing on all cylinders now. In recent weeks, the CPPA (i) revised the proposed Delete Request and Opt-out Platform (DROP) regulations...more
On May 1, 2025, the California Privacy Protection Agency (“CPPA”) Board convened to discuss revisions to the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic...more
The California Privacy Protection Agency (“CPPA”) Board released newly modified draft regulations addressing automated decision-making technology (“ADMT”), risk assessments, and cybersecurity audits under the California...more
As part of a multiyear rollout, the New York Department of Financial Services (NYDFS) has established May 1, 2025, and November 1, 2025, as effective dates for certain amendments to its cybersecurity regulations. These...more
The CRA will affect a broad range of digital products placed on the EU market (including by those based outside the EU), including connected hardware/devices, software and remote data processing solutions. The EU has adopted...more
On April 3, 2025, the New York State Department of Financial Services (“DFS”) issued reminders about upcoming implementation and reporting deadlines related to its cybersecurity regulations. Upcoming deadlines require...more
On April 1, 2025, the subcommittee on Oversight and Investigations of the House Committee on Energy and Commerce held a hearing on cybersecurity vulnerabilities in legacy medical devices. The hearing was largely a...more
Asking the right questions within your organization is key to effectively managing cyber risk. Here are 10 questions that you should ask your team...more
On March 24, 2025, the Federal Risk and Authorization Management Program (“FedRAMP”) announced a major overhaul of the program, which is being called “FedRAMP 20x.” The FedRAMP 20x announcement stated there are no immediate...more
The European Commission has adopted a Delegated Regulation supplementing Regulation 2022/2554 on digital operational resilience for the financial sector (DORA) with regard to regulatory technical standards specifying the...more
The Artificial Intelligence Act (AI Act) is the world's first comprehensive legal framework for AI regulation, which entered into force on August 1, 2024. The AI Act aims to ensure that AI systems are trustworthy, safe and...more
In advance of its April 4, 2025, board meeting, the California Privacy Protection Agency (CPPA) released a discussion draft of revisions to its proposed California Consumer Privacy Act (CCPA) regulations. These revisions...more
On 19 March 2025, the Legislative Council (the “LegCo”) passed the Protection of Critical Infrastructure (Computer System) Bill (the “Bill”), which is due to come into effect on 1 January 2026. This is a significant step in...more
On Jan. 6, 2025, the U.S. Department of Health and Human Services (HHS) proposed new regulations to enhance cybersecurity protections for electronic protected health information (ePHI) under the Health Insurance Portability...more
Artificial Intelligence (AI) has been touted as the answer to a multitude of business challenges. However, AI – along with machine learning and large language models (LLMs) – is still fraught with technical and regulatory...more
Learn how automating third-party risk management (TPRM) can enhance efficiency, security, and compliance and help businesses proactively address vendor risks....more
The European Commission (EC) has adopted a Commission Delegated Regulation supplementing the Digital Operational Resilience Act (DORA) with regard to RTS specifying the criteria used for identifying financial entities...more
Considering the rapid development and deployment of artificial intelligence (AI) in a wide array of applications and business sectors, it can be a daunting task for a company’s General Counsel (GC) to keep pace in identifying...more
The European Supervisory Authorities have published the terms of reference for the EU systemic cyber incident co-ordination framework Forum established under the EU Digital Operational Resilience Act. The Forum will be...more