Compliance Tip of the Day: Why Engage in Pre-acquisition Due Diligence
Compliance Tip of the Day: Bringing Predictive Analytics into Your Compliance Regime
Compliance into the Weeds: Sanctions Compliance Failures: Lessons from Harman International and Interactive Brokers
Sanctions Compliance Failures: Lessons from Harman International and Interactive Brokers
Adventures in Compliance: The Novels – The Hound of the Baskervilles, Introduction and Compliance Lessons Learned
Compliance Tip of the Day: Assessing Internal Controls
Compliance Tip of the Day: COSO Objective 5 – Monitoring Activities
Compliance Tip of the Day: COSO Objective 2 - Risk Assessment
FCPA Compliance Report: Fraud Risk Management - Insights and Experiences with Peter Schablik
#Risk New York Speaker Series – Inside Behavioral Insights: Tom Hardin on Compliance at #RiskNYC
Compliance Tip of the Day: COSO Framework
#Risk New York Speaker Series: Exploring AI Risks in Compliance with Gwen Hassan
Healthcare Enterprise Risk Management
Compliance Tip of the Day: Assessing Internal Controls in International Operations
Managing Sanctions Compliance
Regulatory Ramblings: Episode 68 - Why Geopolitical Risk Matters to Compliance and Legal Staff with Mark Nuttal and Chad Olsen
FCPA Compliance Report: Amanda Carty on a Due Diligence and Risk Management
Episode 364 -- Five Strategies to Mitigate a New Risk Environment
Strengthening Compliance: Lessons From the OCC's Consent Order With Patriot Bank — Payments Pros – The Payments Law Podcast
Compliance and AI: Ali Khan on Implementing AI Risk Management Systems
On May 9, the California Privacy Protection Agency (CPPA) announced it opened the formal public comment period for its proposed regulations concerning updates to the California Consumer Privacy Act. The proposed rules would...more
As part of a multiyear rollout, the New York Department of Financial Services (NYDFS) has established May 1, 2025, and November 1, 2025, as effective dates for certain amendments to its cybersecurity regulations. These...more
Lynda A. Bennett, Heather Weaver, and Josh Weisberg of SterlingRisk continue their year-end conversation about what changed in the insurance recovery space in 2024 and what to expect in 2025. Lynda, Heather, and Josh...more
The California Privacy Protection Agency (CPPA) announced the formal public comment period for its latest proposed rulemaking package, which includes updates to existing regulations and introduces new guidelines for automated...more
AI emerges as both threat and solution in cyber insurance, reshaping risk assessment and breach response. AI is transforming the work of professionals everywhere. Unfortunately, that includes cybercriminals....more
This month, an interim report on artificial intelligence in the financial sector was published for public comment. The report was written by the Ministries of Justice and Treasury, the Competition Authority, the Securities...more
Over the past 20 years, technology has changed the way we communicate, conduct business, and live. It is rare to walk down a city street and not see a person using some type of technology. It has become an integral and...more
In Part I of this series, we posed a series of questions to consider when purchasing cyber insurance. Our approach was deliberate: the right questions help get you the right insurance to address cyber risks facing your...more
On July 15, 2024, the California Privacy Protection Agency (CPPA) released proposed updates to the California Consumer Privacy Act (CCPA) regulations, including updates to the draft risk assessments, automated decisionmaking...more
In the run-up to this Friday’s December Board meeting, the California Privacy Protection Agency (CPPA or the “Agency”) has continued its recent flurry of regulatory activity. Late last week, the CPPA published an additional...more
Generative AI is transforming our economy in previously unimagined ways, with Goldman Sachs estimating a $7 trillion (7%) increase in global GDP by virtue of this ecosystem. Insurance is but one sector that will be impacted,...more
In recent years, especially through 2019 and 2020, the cyber insurance market in the U.S. has seen significant growth. Middle-market companies have been actively requesting cyber insurance policies with low rates and broad...more
On July 29, 2022, the New York Department of Financial Services (“NYDFS”) released Draft Amendments to its Part 500 Cybersecurity Rules, which propose substantial new obligations for the cybersecurity programs of companies...more
Change is a constant in the world today. This is particularly true of the past two tumultuous years, which saw a worldwide pandemic that impacted nearly every aspect of everyday life. Rapidly advancing technology and...more
Kentucky became the latest state to adopt the NAIC insurance data security model law with Governor Andy Beshear’s signing of House Bill 474. The new law goes into effect Jan. 1, 2023, and gives covered licensees one or two...more
The Mitchell Williams Insurance Regulatory team of lawyers recently attended the National Association of Insurance Commissioners (NAIC) 2022 Spring National Meeting which was held April 4-8 in Kansas City, Missouri. The...more
In reaction to the continued uptick in high profile data incidents, yesterday, Wisconsin Governor Evers signed into law Act 73, a law establishing cybersecurity requirements for the insurance industry’s protection of data...more
The Illinois Department of Insurance (the "Department") recently released guidance to all regulated entities concerning vulnerabilities in Microsoft's Exchange Server installations. Issued on the heels of other state and...more
This month, the Illinois Department of Insurance issued guidance to insurers recommending assessments in response to a Microsoft Exchange vulnerability, detailed in the guidance. In the Bulletin dated May 5, the Department...more
Keypoint: New York’s Division of Financial Services (DFS) now requires Property and Casualty Insurers writing cyber insurance to comply with the Division’s Cyber Insurance Risk Framework to manage their risk. In her...more
The cyber insurance market size is currently valued in the billions, and this does not include insurance policies that do not explicitly mention cyber incidents but may nevertheless cover them. With this in mind,...more
On February 4, 2021, New York’s Department of Financial Services (DFS) issued Insurance Circular Letter No. 2, which builds on the robust cybersecurity regulation provided in its 2017 Cybersecurity Regulation (23 NYCRR 500)....more
The New York Department of Financial Services (NYDFS) has launched its first enforcement action under New York’s Cybersecurity law for financial services, so-called Part 500. Part 500 requires NYDFS licensed institutions to...more
Developing Contingency Plans: The NYDFS Mandate on Licensed Virtual Currency Businesses - The events surrounding COVID-19 have increased the use of fintech products, both out of necessity and convenience. Shelter-in-place...more
Virginia has a new law, the Insurance Data Security Act (New Law), going into effect on July 1, 2020, which will expand the data security and incident notification requirements on insurers licensed in the Commonwealth. The...more