Managing Risk When the Board Is Over-Confident

over-confident boards on risk and compliance

According to a recent survey, corporate board directors believe their organizations are better at managing key business risks than corporate executives do. Let's discuss why risk and compliance professionals need to amend this misalignment to develop one coherent view of risk management effectiveness.

Read More

EU antitrust compliance
Compliance in Era of EU’s New Anti-Competition Climate

Later this fall Margrethe Vestager will begin an unprecedented second five-year term as the European Union competition commissioner. Vestager’s first term was marked by huge regulatory fines, and she plans to use her second term to explore structural remedies that prevent anti-competitive behavior. Here's what you need to know. 


sanctions compliance risk
Five Common Weaknesses in OFAC Sanctions Compliance Programs

As companies elevate their “game” in sanctions compliance, it is important that compliance officers critically examine the strengths and weaknesses of their sanctions compliance programs. Here are five common weaknesses third party risk management programs need to be aware of. 


whistleblower hotline report
Don’t Encourage Employees to Speak Up if You’re not Ready to Listen

“Speak-up culture” has been a buzzword in our industry almost as long as ethics and compliance has been a profession. But the phrasing is anemic. It only identifies half the ingredients needed for a successful workplace in which employees feel comfortable and compelled to raise their voices. A speak-up culture only exists when it is paired with a true listen-up culture.


CCPA Data Subject Access Request
Mastering the Full Life Cycle of PII to Deliver on CCPA Data Requests

As organizations prepare for January 1, 2020 – the California Consumer Privacy Act commencement day – there is a lot of compliance chatter around how best to manage Data Subject Access Requests (DSARs). Let's discuss key steps for data mapping and PII collection and retention to ensure the inevitable DSAR will only trigger a preplanned response and data retrieval exercise rather than a data panic.