Compliance Tip of the Day: Rethinking Corporate AI Governance Through Design Intelligence
Compliance Tip of the Day: COSO Governance Framework: Part 4, Culture
Compliance Tip of the Day: COSO Governance Framework: Part 1, Introduction
Compliance Tip of the Day: Internal Control Deficiencies
FCPA Compliance Report: Stay the Course: Ellen Lafferty on Navigating Anti-Corruption Compliance in 2025
Adventures in Compliance: The Novels – The Hound of the Baskervilles, Introduction and Compliance Lessons Learned
Compliance Tip of the Day: Assessing Internal Controls
Key Discovery Points: BYOD Case Law Covering Subpoenas and Employee Handbooks
Compliance Tip of the Day: COSO Objective 5 – Monitoring Activities
Compliance Tip of the Day: COSO Objective 4 - Control Information and Communication
Hospice Insights Podcast - Election Inspection: Be Proactive to Avoid Costly Election Statement Denials
Compliance Tip of the Day: COSO Objective 3 – Control Activities
Compliance Tip of the Day – COSO Objective 1 – Control Environment
Compliance Tip of the Day: Code of Conduct as an Internal Control
Rethinking Records Retention
Compliance Tip of the Day: Internal Controls for GTE
FCPA Compliance Report: Revolutionizing Speak Up: Ariel D. Weindling on Enhancing Whistleblower Systems
Compliance Tip of the Day: Implementing Internal Controls
Podcast: Addressing Patient Complaints About Privacy Violations
Compliance Amidst a Global Consensus Breakdown
In June 2025, the ABA held its annual Risk and Compliance Conference. The conference heavily focused on how banks are leveraging AI to support front-, middle-, and back-office functions. Conference participants noted that...more
As we bid farewell to 2024, we welcome not only another year but also several new disclosure requirements. In this Snapshot, we summarize several developments and best practices for public companies to consider as the 2024...more
There are a variety of information gathering and other compulsory notices available to regulatory and enforcement agencies based in the Cayman Islands, as tools these agencies can draw on to carry out their functions. In this...more
On May 17, 2024, the Governor of Colorado, Jared Polis, signed Senate Bill 24-205, “Concerning Consumer Productions in Interactions with Artificial Intelligence Systems” (“AI Law”). The AI Law takes effect on and from...more
On Friday, May 17, 2024 Colorado Governor Jared Polis signed SB205 (Consumer Protections for Interactions with Artificial Intelligence) into law with an effective date of February 1, 2026. Unlike the artificial...more
The development of AI continues to advance at a blistering pace, increasing the need for companies to employ AI governance and adopt policies for the responsible development and deployment of AI. While the term “responsible...more
Colorado is the latest state to introduce a bill focused on consumer protection issues when companies develop AI tools. The bill imposes obligations on developers and deployers of AI systems. Additionally, the bill provides...more
Start Planning Now to Reduce Your Increased Money Laundering, Sanctions, and Conflicts of Interest Risks The introduction and use of generative artificial intelligence (GenAI) and predictive data analytics (PDAs) by...more
FINRA recently published its 90-page 2024 Annual Regulatory Oversight Report (Report) providing member firms with insight into six primary topics: Financial Crimes, Crypto Asset Development, Firm Operations, Communications...more
Guidance for the largest US financial institutions is intended to promote climate risk management consistent with general safety and soundness practices. On October 30, 2023, the three US federal bank regulatory agencies...more
The US Securities and Exchange Commission (SEC) Division of Examinations recently released its 2024 Examinations Priorities, a yearly report that provides insight into the Division’s areas of focus to improve compliance,...more
The growing concern around cyberthreats for companies across the nation is reflected in the increasingly crowded legislative landscape that provides guidance to organizations, employers, employees, consumers, and investors....more
Traditionally deployed to protect a corporation from its board’s imprudent investment or financial decision-making, in recent years shareholders have taken to bringing derivative actions on a corporation’s behalf for its...more
Investment Advisers: Assessing Risks, Scoping Examinations, and Requesting Documents* I. Introduction - The SEC-registered investment adviser (“adviser”) population is large and diverse, ranging from global asset managers...more
Key Point: The decision making processes to determine whether a cybersecurity incident is material or not, should include documenting the factors behind each determination and should be practiced before an incident occurs. ...more
In a narrow 3-2 decision on July 26, the SEC adopted its final rule concerning cybersecurity risk management, strategy, governance, and incident disclosure (the “Final Rule”). Below we highlight some of the principal changes...more
On July 26, 2023, the Securities and Exchange Commission (“SEC”) adopted final rules, rule amendments and form amendments to expand and standardize disclosures regarding cybersecurity risk management, strategy, governance,...more
The SEC’s Cybersecurity Proposals - The SEC has proposed four rules designed to address cybersecurity risk and management, including incident reporting by public companies....more
Last month, Gurbir Grewal, the Director of the SEC’s Division of Enforcement, spoke at the Financial Times Cyber Resilience Summit. During the remarks, he outlined the importance of cybersecurity and signaled that the SEC is...more
Based on updates to its rulemaking agenda that were released last week, the U.S. Securities and Exchange Commission (SEC) has delayed approval of two cybersecurity rules until at least October 2023. Both proposed rules were...more
Late last month the Securities and Exchange Commission (“SEC”) charged JP Morgan, UBS and Trade Station with violations of Regulation S-ID based on a range of inadequacies in their identity theft red flag policies and...more
According to the Cybersecurity & Infrastructure Security Agency, cybersecurity is the process whereby information and communications systems, and the information contained in those systems, are protected from and/or defended...more
Corporate risk and compliance officers already labor under an influx of concerns related to cybersecurity, so you might have missed this latest news: the U.S. Securities and Exchange Commission has proposed new rules for more...more
Requirements under the proposed rules would include the disclosure of: •Material cybersecurity incidents within four business days of the determination that a material cybersecurity incident has occurred in a Form 8-K- ...more
After many years of signaling potential expansion of cybersecurity rules, the Securities and Exchange Commission (SEC) has issued in the past month two new sets of proposed rules governing cybersecurity. The more recent set...more