Healthcare Enterprise Risk Management
Managing Sanctions Compliance
Regulatory Ramblings: Episode 68 - Why Geopolitical Risk Matters to Compliance and Legal Staff with Mark Nuttal and Chad Olsen
FCPA Compliance Report: Amanda Carty on a Due Diligence and Risk Management
Episode 364 -- Five Strategies to Mitigate a New Risk Environment
Strengthening Compliance: Lessons From the OCC's Consent Order With Patriot Bank — Payments Pros – The Payments Law Podcast
Compliance and AI: Ali Khan on Implementing AI Risk Management Systems
Compliance Tip of the Day: Superforecasting
Compliance Tip of the Day: The Last Mile
Key Takeaways From the OIG's New Compliance Guidance for Nursing Facilities — Assisted Living and the Law Podcast
Envisioning a Compliant Workforce
Updating the Research Compliance Handbook
The Election's Impact on the FTC Will Bring Big Changes, But Being Vigilant Must Remain a Priority
Navigating the NYDFS' Cybersecurity Guidance on AI — The Consumer Finance Podcast
The Future of AI Regulation and Legislation: 5 Key Takeaways
Investigations and Cognitive Interviews
Fraud Prevention Techniques for Nonprofit Organizations - Part 3
Steps Your Nonprofit Can Take to Mitigate Fraud Risks - Part 2
A Third Party's Perspective on Third Party Risk
Implications of the SEC Cybersecurity Disclosure Rule
Cybersecurity firm CSC recently issued its CISO Outlook 2025 Report, which predicts cybersecurity challenges CISOs will face in the next year. The report, from a survey of 300 CISOs and cybersecurity professionals globally,...more
North Dakota recently passed a law establishing new rules for certain financial companies operating in the state – specifically “financial corporations.” The new obligations will take effect on August 1, 2025. They will apply...more
Brazil intends to regulate AI through Bill No. 2,338/2023 ("Brazil's Proposed AI Regulation"), although there are currently no specific codified laws, statutory rules or regulations in Brazil that directly regulate AI....more
Risk assessments are not new in healthcare, and in specific regulatory areas are required. But, that doesn’t mean things aren’t changing. More and more organizations are embracing enterprise risk assessments (ERM) as a way...more
As described in an earlier alert, the Department of Justice (DOJ) recently announced a 90-day pause in enforcement of the "Bulk Data Rule" for entities engaging in good faith compliance. That 90-day grace period ends on July...more
On May 15, 2025, the Center for Environmental Accountability (CEA) filed a petition under Section 21 of the Toxic Substances Control Act (TSCA) requesting that the U.S. Environmental Protection Agency (EPA) reconsider the...more
On 22 May 2025, the European Commission (“Commission”) made public risk classification of countries under the EU Deforestation Regulation (“EUDR”)1 which assigned a low level of risk to 140 countries and high level of risk to...more
What Happened? As the Trump Administration’s deregulatory, pro-innovation approach to emerging technology moves forward, the use of artificial intelligence has taken center stage, and it is clear that the Administration...more
Chief Compliance Officers face the challenge of running a comprehensive yet efficient compliance program that nimbly adapts to changing regulatory requirements and business practices. As compliance consultants, we see our...more
When disruption strikes—be it a cyberattack, supply chain failure, or extreme weather—your systems and team’s ability to respond with speed, clarity, and confidence are tested....more
Governance, risk, and compliance (GRC) can feel like thankless work at times. You can’t ship risk mitigation to market. It's not usually reflected on your balance sheet. Only especially canny investors notice the absence of...more
On May 2, 2025, U.S. Environmental Protection Agency (EPA) Administrator Lee Zeldin announced the “[n]ext phase of organizational improvements to better integrate science into agency offices.” As part of this reorganization...more
Some early actions by the Trump administration have led corporate legal departments to question the extent to which they need to invest in ethics and compliance at this time, based on a perceived reduction in enforcement...more
During the NAIC Spring National Meeting, the Big Data and Artificial Intelligence (H) Working Group reviewed its blueprint to build an overarching regulatory edifice to oversee insurers’ use of artificial intelligence...more
The 1:10:100 rule—coined in 1992 by George Labovitz and Yu Sang Chang, the rule describes how much bad data costs. Preventing the creation of bad data at its source costs $1. Remediating bad data costs $10. Doing nothing...more
The North American Electric Reliability Corporation (NERC) outlined forthcoming activities to identify and address the potential impacts to reliability as a result of the rapid expansion of data centers and other large...more
As part of a multiyear rollout, the New York Department of Financial Services (NYDFS) has established May 1, 2025, and November 1, 2025, as effective dates for certain amendments to its cybersecurity regulations. These...more
The Bottomline: Five Practical Steps for Generative AI Risk Management - As the first line of defense, employees within business operations must own and manage risks related to the business, including risks resulting from...more
Unlock a New Era of Customer Risk Assessment - Legacy customer risk rating (CRR) models—built on static KYC data and subjective judgment—are no longer sufficient in a world of dynamic threats and tightening regulatory...more
In the FDA-regulated industry, a compliance program isn’t just a formality—it’s a critical tool for protecting your business, patients, and reputation. Still, too many companies treat compliance policies as static...more
The midstream oil and gas industry, a vital artery of the energy sector encompassing crucial transportation and storage infrastructure, operates within a highly competitive and intensely scrutinized market. Beyond the usual...more
Remediation occurs for a host of reasons. You may identify remediation risk from internal activities (e.g., an audit, a control break) or external activities (e.g., a complaint, a regulatory exam, a lawsuit). Sometimes a...more
Congressman Rick Crawford of Arkansas’ First District introduced H.R. 2594 which is titled: Establishment of the Water Risk and Resilience Organization. The Bill would establish a Water Risk and Resilience...more
Artificial intelligence keeps improving at all sorts of things – including how to challenge corporate ethics and compliance programs. Even while you may still be struggling to tame the risks of generative AI, its more...more
On April 3, 2025, the New York State Department of Financial Services (“DFS”) issued reminders about upcoming implementation and reporting deadlines related to its cybersecurity regulations. Upcoming deadlines require...more