Managing Sanctions Compliance
Regulatory Ramblings: Episode 68 - Why Geopolitical Risk Matters to Compliance and Legal Staff with Mark Nuttal and Chad Olsen
FCPA Compliance Report: Amanda Carty on a Due Diligence and Risk Management
Episode 364 -- Five Strategies to Mitigate a New Risk Environment
Strengthening Compliance: Lessons From the OCC's Consent Order With Patriot Bank — Payments Pros – The Payments Law Podcast
Compliance and AI: Ali Khan on Implementing AI Risk Management Systems
Compliance Tip of the Day: Superforecasting
Compliance Tip of the Day: The Last Mile
Key Takeaways From the OIG's New Compliance Guidance for Nursing Facilities — Assisted Living and the Law Podcast
Envisioning a Compliant Workforce
Updating the Research Compliance Handbook
The Election's Impact on the FTC Will Bring Big Changes, But Being Vigilant Must Remain a Priority
Navigating the NYDFS' Cybersecurity Guidance on AI — The Consumer Finance Podcast
The Future of AI Regulation and Legislation: 5 Key Takeaways
Investigations and Cognitive Interviews
Fraud Prevention Techniques for Nonprofit Organizations - Part 3
Steps Your Nonprofit Can Take to Mitigate Fraud Risks - Part 2
A Third Party's Perspective on Third Party Risk
Implications of the SEC Cybersecurity Disclosure Rule
Privacy Issues from Third-Party Website Tags
This month, the California Privacy Protection Agency (CPPA) Board discussed updates to the California Consumer Privacy Act (CCPA) draft regulations related to cybersecurity audits, risk assessments, automatic decision-making...more
After a relatively slow start to 2025, the California Privacy Protection Agency (CPPA) is firing on all cylinders now. In recent weeks, the CPPA (i) revised the proposed Delete Request and Opt-out Platform (DROP) regulations...more
On May 1, 2025, the California Privacy Protection Agency (“CPPA”) Board convened to discuss revisions to the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic...more
The California Privacy Protection Agency (“CPPA”) Board released newly modified draft regulations addressing automated decision-making technology (“ADMT”), risk assessments, and cybersecurity audits under the California...more
The U.S. Environmental Protection Agency (EPA), under Administrator Lee Zeldin, has unveiled its anticipated strategy for addressing the pervasive issue of per- and polyfluoroalkyl substances (PFAS), often referred to as...more
The Environmental Protection Agency announced April 28 a list of upcoming agency actions to address Per- and Polyfluoroalkyl Substances (PFAS). This week’s announcement provides a broad outline of EPA’s plans that centers...more
Interested parties — including businesses raising crops or animals on agricultural and ranch lands potentially impacted by PFAS in groundwater; entities operating wastewater treatment plants (WWTPs); and related interest...more
In a consequential policy shift, the US Environmental Protection Agency (EPA) under the Trump administration announced its intent to reevaluate a cornerstone of modern chemical regulation: the risk evaluation framework rule...more
On April 4, 2025, the California Privacy Protection Agency (CPPA) Board met to discuss the latest draft California Consumer Privacy Act (CCPA) regulations related to cybersecurity audits, risk assessments, automated...more
When evaluating legal risk relating to per- and polyfluoroalkyl substances (“PFAS”), most businesses typically consider wastewater, groundwater, or soil impacts, not air emissions. However, state and federal regulatory...more
Key Takeaways - - The California Privacy Protection Agency (CPPA) is substantially revising its draft privacy regulations. - Definitions for automated decision-making technology (ADMT) and "significant decisions" are...more
This week, the California Privacy Protection Agency (CPPA) board held its April meeting to discuss the latest set of proposed regulations, including automated decision-making technology (ADMT) regulations. Instead of...more
In advance of its April 4, 2025, board meeting, the California Privacy Protection Agency (CPPA) released a discussion draft of revisions to its proposed California Consumer Privacy Act (CCPA) regulations. These revisions...more
On February 21, 2025, the U.S. Environmental Protection Agency (EPA) extended the comment deadline for the January 17, 2025, proposed rule to clarify the timeframe for when companies must first notify a customer that one of...more
On January 6, 2025, the Biden Administration issued a new proposed rule updating the HIPAA Security Standards ( “Proposed Rule”). The original HIPAA Security Standards were issued in 2003 and updated in 2013 and require that...more
The California Privacy Protection Agency released proposed regulations in November 2024 that will, if finalized, create significant new hurdles for employers using artificial intelligence to assist with a variety of...more
A few days ago, the U.S. Department of Health and Human Services (“HHS”), through its Office for Civil Rights, issued the proposed rule HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health...more
The U.S. Department of Commerce's Bureau of Industry and Security (BIS) issued an Advance Notice of Proposed Rulemaking (ANPRM) on January 3, 2025, seeking public input to inform the potential development of a rule to secure...more
On 5 December 2024 the UK's Sanctions (EU Exit) (Miscellaneous Amendments) (No.2) Regulations 2024 came into force. The UK Regulations are made under the UK Sanctions and Anti-Money Laundering Act 2018 ("SAMLA") and make...more
With the HIPAA Security Rule set to undergo a massive overhaul to boost cybersecurity protections, PEOs need to take note. After all, as stewards of worksite employee and client company data – and as sponsors of group health...more
Welcome to the Regulatory Roundup. Each month, Eversheds Sutherland Investment Services attorneys review significant regulatory developments (including notable rulemakings and guidance from securities regulators) from the...more
On August 22, 2024, the United States intervened in a whistleblower suit against the Georgia Institute of Technology, initially filed by current and former members of Georgia Tech’s cybersecurity team, alleging that Georgia...more
Earlier this summer, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a Proposed Rule revising its regulations under the Bank Secrecy Act (BSA) requiring financial institutions to...more
On August 15, 2024, the Department of Defense (DOD) announced the much-anticipated Proposed Rule that would amend the Defense Federal Acquisition Regulation Supplement (DFARS) to include Cybersecurity Maturity Model...more
On July 19, 2024, the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), and the National Credit Union Administration...more