Episode 381 -- NAVEX's 2025 Annual Hotline Report
AI and the False Claims Act
Disparate Impact & Enforcement Rollbacks: What’s the Tea in L&E?
What’s in Your Operating Agreement? Legal Tips for Healthcare Providers
A New Brand of Uncertainty? — PE Pathways Podcast
The Rise of OTAs in Defense Contracting: Opportunities, Risks, and What Contractors Need to Know
Breaking the Cycle: Flooding, Infrastructure, and Climate Law in Practice
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
Understanding BBB Ratings: Building Trust and Mitigating Risks — Regulatory Oversight Podcast
Beyond the Bylaws: The Medical Staff Show - Need to Know: How to Manage Medical Staff Confidentiality and Privilege Protections
False Claims Act Insights - The Mathematics of Nuclear FCA Verdicts
PODCAST: Williams Mullen's Benefits Companion - Cost, Care and Captives: A Mid-Size Employer’s Guide to Benefit Trends
Compliance Tip of the Day: Citibank and Continuous Monitoring
Lawyers Beware: There Could Be Serious Ethics Issues With The New AI Browsers
Compliance and AI: Navigating Risk Management in the AI Era with Gaurav Kapoor
Data Driven Compliance: Understanding the UK’s New Failure to Prevent Fraud Offense with Sam Tate
Avoiding a Bored Board
Compliance Tip of the Day: Crowd Sourcing Risk Intelligence
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Last month, the Federal Trade Commission issued guidance on the updated Safeguards Rule in the form of a set of Frequently Asked Questions for Automobile Dealers. Although directed to auto dealers, the FAQs are a useful...more
The European Central Bank (ECB) has published its Guide on outsourcing cloud services to cloud service providers (the "Guide") clarifying how banks are expected to comply with obligations under the EU Digital Operational...more
In June 2025, the ABA held its annual Risk and Compliance Conference. The conference heavily focused on how banks are leveraging AI to support front-, middle-, and back-office functions. Conference participants noted that...more
With the seemingly never-ending updates to B2B contracts for compliance with new (and amended) comprehensive state privacy laws, the U.S. Department of Justice’s bulk data transfer rule, and artificial intelligence (AI)...more
Financial institutions across the United States have grappled with compliance requirements under the Customer Identification Program (CIP) Rule for more than two decades. A new exemption, approved in June 2025, promises...more
Earlier this year, North Dakota’s Governor signed HB 1127, which introduces new compliance obligations for financial corporations operating in North Dakota. This new law will take effect on August 1, 2025....more
In the rapidly evolving financial ecosystem, financial institutions (FIs) increasingly rely on third parties, including Fintech companies, Banking-as-a-Service (BaaS) providers, and other financial service entities—to expand...more
North Dakota recently passed a law establishing new rules for certain financial companies operating in the state – specifically “financial corporations.” The new obligations will take effect on August 1, 2025. They will apply...more
Innovation is present in many areas, and compliance professionals must not only be prepared for it but also actively embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and...more
On June 9, multiple financial services trade associations sent a letter to Treasury Secretary Scott Bessent expressing concerns about cybersecurity risk management practices at federal regulatory agencies following the OCC’s...more
On May 5, the OIG for the Fed authored a report with several recommendations for the CFPB following a major security incident regarding confidential supervisory information (CSI). The OIG issued four findings with seven...more
On May 1, 2025, additional cybersecurity requirements introduced by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) took...more
On April 11, North Dakota enacted HB 1127, overhauling its regulatory framework for financial institutions and nonbank financial service providers. The law amends multiple chapters of the North Dakota Century Code and creates...more
The Financial Stability Board (FSB) has published its finalised Format for Incident Reporting Exchange (FIRE), together with a press release and updated webpage. FIRE provides a standardised format for financial institutions...more
On April 14, the OCC released a letter providing more details on the recent security breach involving its email systems. The breach — identified as a major incident under the Federal Information Security Modernization Act...more
On April 3, 2025, the New York State Department of Financial Services (“DFS”) issued reminders about upcoming implementation and reporting deadlines related to its cybersecurity regulations. Upcoming deadlines require...more
Introduction to DORA and its Implications - As of Jan.17, 2025, the European Union’s Digital Operational Resilience Act (DORA) became enforceable. This new regulatory framework significantly impacts financial institutions and...more
Members of the health care and financial industries, along with other industries that hold sensitive data, are warned that a ChatGPT vulnerability is being actively exploited by threat actors to attack security flaws in AI...more
Covered entities regulated by the New York State Department of Financial Services (NYDFS) must submit cybersecurity compliance forms by April 15, 2025. New sets of requirements for system monitoring and access privileges,...more
A rapid transformation in consumer finance is being brought about by open banking—a pivotal innovation that allows consumers to give third parties real-time access to their detailed financial data. Open banking has the...more
The European Supervisory Authorities (ESAs) have published a roadmap for the designation of critical ICT third-party service providers (CTPPs) under the EU Digital Operational Resilience Act (DORA). The roadmap of key dates...more
Cryptocurrency exchanges continue to be a target of hackers – and theft is the prize. On February 21, the cryptocurrency exchange Bybit reported that an Ethereum transaction was transferred to an unidentified address,...more
New York State’s Department of Financial Services is warning all regulated entities has released a Cybersecurity Regulation Updates and Reminder warning all companies that all regulated entities without a full exception that...more
The European Central Bank (ECB) has published an updated version of the threat intelligence-based ethical red teaming framework (TIBER-EU framework) (dated January) to align with the Digital Operational Resilience Act (DORA)...more
The European Banking Authority (EBA) has published a final report with amending guidelines in respect of Guidelines EBA/GL/2019/04 on ICT and security risk management. The EBA reviewed the Guidelines in light of the Digital...more