Rethinking Records Retention
Compliance Tip of the Day: Internal Controls for GTE
Work This Way: A Labor & Employment Law Podcast | Episode 48: Opportunities & Risks with Artificial Intelligence in HR with Chingwei Shieh of GE Power
Handling References and Referrals While Safeguarding Your Business
Healthcare Enterprise Risk Management
Hospice Insights Podcast - Still Number One: Healthcare Fraud Remains Central in DOJ’s White Collar Enforcement Plan
Importance of Compliance Management in times of transition
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
Law Firm ERGs Under Scrutiny: Navigating Compliance, Risk, and Culture - On Record PR
Your Guide to Dealing with Subpoenas Effectively
Upping Your Game: Harnessing AI to Revolutionize Third-Party Risk Management
The Future of Supply Chains: Chris Andrassy on Using AI to Predict & Prevent Disruptions
Navigating Legal Strategies for Covering GLP-1s in Self-Insured Medical Plans — Employee Benefits and Executive Compensation Podcast
Podcast: Addressing Patient Complaints About Privacy Violations
London Partner Roberta Downey Wired for Disputes: Tech, Infrastructure, and the New Frontier of Risk
Compliance Amidst a Global Consensus Breakdown
Compliance Tip of the Day: Discipline and Rigor in GTE Internal Controls
Great Women in Compliance: Board Bond - Why Ethics & Compliance Professionals Should Be on Boards and How to Get on One
Daily Compliance News: May 28, 2025, The Moron Premium Edition
Compliance Tip of the Day: What are Internal Controls?
In late May 2025, the Securities Industry and Financial Markets Association (SIFMA), together with the American Bankers Association, Bank Policy Institute, Independent Community Bankers of America, and Institute of...more
During the Biden administration, there was a push to prioritize and modernize cybersecurity responses, and the National Institute of Standards and Technology (NIST) agreed to work with the technology industry to develop a new...more
Politicians’ and tech giants’ embrace of nuclear energy to power AI heightens the urgency to protect critical infrastructure from cyber threats....more
On June 2, 2025, the U.S. Department of Labor (DOL) announced a significant expansion of its compliance assistance tools by launching an Opinion Letter Program across five key enforcement agencies, including the Employee...more
As described in an earlier alert, the Department of Justice (DOJ) recently announced a 90-day pause in enforcement of the "Bulk Data Rule" for entities engaging in good faith compliance. That 90-day grace period ends on July...more
This regular alert covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber threats. It does not...more
The European Union Agency for Cybersecurity (ENISA) has launched the European Vulnerability Database (EUVD), a tool designed to enhance digital security across the EU. The EUVD is available here....more
On May 19, the GAO published a report discussing the use and oversight of AI in financial services. The report highlighted the benefits of AI, such as improved efficiency, reduced costs, and enhanced customer experience,...more
Imagine receiving an email from an unknown actor claiming to have taken approximately 2 terabytes of data from your organization’s network. The threat actor provides a file tree and sample files to substantiate its claim....more
The mining sector is increasingly at risk from cyber attacks, and many companies are racing to defend themselves against the backdrop of a rapidly changing threat landscape. Ross Phillipson and Anna Rudawski explore what is...more
The Cross Market Operational Resilience Group's (CMORG) AI Taskforce has released its AI Baseline Guidance Review (dated January 2025), accompanied by a press release. The CMORG AI Taskforce conducted a baseline review of...more
On May 5, the OIG for the Fed authored a report with several recommendations for the CFPB following a major security incident regarding confidential supervisory information (CSI). The OIG issued four findings with seven...more
Cyber security supply chain risks are growing, and attacks on vendors and other third parties cause severe disruption to businesses. For example, in recent years we have seen many incidents that have involved threat actors...more
The EU Cyber Resilience Act (CRA), adopted by the European Parliament in 2024, marks a major milestone in European cybersecurity legislation. As the first EU-wide law focused on the cybersecurity of digital products, it...more
During the 2024 legislative session, the Colorado General Assembly passed Senate Bill 24-205, which is known as the Colorado Artificial Intelligence Act (CAIA). This law will take effect on February 1, 2026, and requires...more
On May 1, 2025, additional cybersecurity requirements introduced by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) took...more
Cybercriminals look for two things when seeking a victim—access and opportunity. ERISA retirement plans offer both. Cybercriminals exploit weaknesses in systems, software, or human behavior to find opportunities for easy...more
With plans for energy transition infrastructure projects well underway, their successful delivery demands that parties swiftly get to grips with the important issues when negotiating, administering and managing claims and...more
After years of regulatory uncertainty, the Trump administration has signaled a new approach to digital assets, including by establishing a working group focused on digital assets and nominating crypto-friendly chairs to the...more
The Artificial Intelligence and Machine Learning (“AI/ML”) risk environment is in flux. One reason is that regulators are shifting from AI safety to AI innovation approaches, as a recent DataPhiles post examined. Another is...more
On May 1, 2025, additional enhanced cybersecurity controls required by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) take...more
As our world has grown more connected and digitalized, and as smart, data-driven devices — including those that form the Internet of Things (IoT) — have become more prevalent, regulators have begun to reframe how they address...more
As regulatory frameworks tighten and cybersecurity threats grow in complexity, operational resilience is, now more than ever, a boardroom challenge for banks....more
As part of a multiyear rollout, the New York Department of Financial Services (NYDFS) has established May 1, 2025, and November 1, 2025, as effective dates for certain amendments to its cybersecurity regulations. These...more
The Financial Stability Board (FSB) has published its finalised Format for Incident Reporting Exchange (FIRE), together with a press release and updated webpage. FIRE provides a standardised format for financial institutions...more