Deepfakes Are Now a Board-Level Risk & Regulators Are Watching
Deepfake‑enabled fraud is moving from novelty to enterprise‑level threat, with recent scams costing a Hong Kong firm $25 million and a Singapore company $0.5 million. The UK’s Economic Crime and Corporate Transparency Act (ECCTA) and the updated corporate governance code (Provision 29) now make deepfake risk a board‑level responsibility, imposing unlimited fines for non‑compliance. Companies must embed multi‑factor verification, detection tools, and scenario‑based training into their risk frameworks. Failure to act could trigger regulatory sanctions, reputational harm, and criminal liability.
Responsible AI Governance Starts With Ownership
The article asserts that responsibility for workplace AI systems rests with the organization that deploys them, not the vendors. It highlights the need for cross‑functional ownership—HR, legal, compliance, security, and business leaders must be involved before any AI goes live....
The $5B Test: Why Healthcare Compliance Programs Keep Failing the Same Way
In fiscal year 2025 the U.S. government recovered a record $6.8 billion under the False Claims Act, with $5.7 billion stemming from healthcare fraud. Despite mandatory compliance programs, many are built to pass audits rather than change behavior, leading to a surge...
Future-Proofing Global Compliance Policies
Compliance leaders must abandon static, document‑first policies and adopt a data‑first, living compliance system that embeds rules directly into the tools employees use. Rapid AI adoption and a patchwork of U.S., EU and state privacy and AI regulations have made...
2 Places ADA Compliance Breaks Down — and How to Fix Both
The article highlights two common failure points in ADA compliance—front‑line managers missing informal accommodation requests and poorly conducted disability‑related investigations. It outlines practical steps such as training supervisors to recognize cues, initiating the interactive process without delay, and documenting essential...
OpenClaw Reveals Hidden Security Risks of Agentic AI
OpenClaw, an open‑source platform that lets AI agents share system access, was exposed as a major security liability. A February report identified nearly 43,000 public control panels in 82 countries and a mis‑configured database leaking 1.5 million authentication tokens and 35,000...
FINRA Is Still Following Off-Channel Enforcement Even If the SEC Isn’t Leading
The SEC has stepped back from aggressive off‑channel communication enforcement, but FINRA continues to levy penalties. Between 2021 and early 2025 the SEC and CFTC imposed hundreds of millions in fines, yet in 2025‑2026 FINRA fined Velox Clearing $1.3 million and...
Lessons Learned From 3 Corporate Governance Failures
The article examines three high‑profile corporate governance collapses—Blockbuster, Washington Mutual, and Theranos—to illustrate how stagnant culture, weak board risk oversight, and inadequate expertise can doom even market leaders. Blockbuster’s refusal to embrace digital streaming caused its 2010 bankruptcy despite a $50 million...
Hyper TPRM: Rethinking Third-Party Risk for Scale, Speed, and Confidence
Third‑party risk management (TPRM) is straining under exploding vendor ecosystems and fragmented risk signals. A new framework called Hyper TPRM replaces questionnaire‑driven reviews with data‑first intelligence, AI‑accelerated assessments, and community‑validated data. The model delivers continuous, risk‑based monitoring while retaining human...
GRC News Roundup: Aravo, RAMPxchange, BYU Law & More
The GRC sector saw a wave of AI‑driven product launches, with Aravo unveiling Aravo AI for third‑party risk, Diligent adding an AI Board Member assistant for directors, Serrala deploying AI agents for finance automation, and Thrive introducing managed Abacode Compliance...
Layoff Two-Step Underscores AI’s Limitations
Companies have begun reversing AI‑driven layoffs, a phenomenon dubbed the “AI boomerang.” High‑profile cases such as Klarna illustrate how firms eliminated roles assuming automation could fully replace humans, only to discover critical gaps and rehire the same workers. Legal experts...
Who’s Really to Blame When a White Hat Goes Gray?
A security researcher, frustrated by a slow and dismissive vulnerability disclosure process, released exploit code publicly, endangering customers. The company’s compliance team labeled the researcher a villain, while the author questions whether firms have an ethical duty to maintain respectful,...
SEC Risk-Disclosure Rule Changes Seem Certain & Are Certainly Troubling
SEC Chairman Paul Atkins is poised to overhaul Regulation S‑K risk‑factor disclosures, aiming to strip out immaterial language and possibly introduce a universal set of generic risks. The agency has opened a public comment period that closed in mid‑April and...
Data Authenticity & Accountability Crucial in the AI Age
Data authenticity has become a cornerstone of AI deployment as deepfake and synthetic‑data threats rise, exposing firms to fraud, litigation and reputational damage. The EU’s new digital omnibus aims to streamline AI, cybersecurity and data rules, promising roughly $6 billion in...
Negligence & AI: Can the Courts Keep Up?
U.S. courts are confronting a surge of AI‑related negligence lawsuits in the absence of any federal standard defining harmful AI use. Plaintiffs are leveraging common‑law tort theory to hold developers, integrators, and even end users accountable for design flaws, inadequate...
Will AI Change FinServ Regulation? Here’s What History Tells Us.
U.S. securities regulators are not drafting new AI‑specific rules; instead they rely on technology‑neutral existing regulations. The SEC’s 2023 proposal to address AI‑induced conflicts of interest was withdrawn, while state legislatures such as California, Texas and Colorado have enacted broader...
Executive & GCs at Odds Over Legal’s Business Contributions
A Thomson Reuters Institute survey of 2,300 general counsel uncovers a widening perception gap between legal departments and C‑suite executives on lawyers’ contribution to business goals. While 86% of GCs say legal adds significant value, only 17% of executives agree,...
Prediction Market Risk Is Hiding in Your Organization Whether You Know It or Not
Prediction‑market platforms such as Kalshi and Polymarket are exploding in popularity, with user numbers jumping from roughly 600,000 to over 5 million since 2025. The CFTC has declared that insider‑trading rules apply to trades on these platforms, while state regulators argue...
Do Your Entity Structure & Immigration Strategy Play Well Together?
Choosing the right U.S. entity structure is critical for foreign founders because it directly impacts non‑immigrant visa eligibility and tax outcomes. Greenspoon Marder’s experts argue that a Delaware C‑Corporation offers the safest “immigration shield,” supporting L‑1, O‑1, H‑1B and QSBS benefits,...
$253M Settlement Raises the Bar on Re-Exports, ‘Dual‑Build’ Models & Entity List Risk
The U.S. Bureau of Industry and Security imposed a $253 million civil penalty on Applied Materials and its Korean affiliate for illegally re‑exporting semiconductor equipment to China’s SMIC. The settlement highlights BIS’s view that partial assembly abroad does not erase U.S....
The Compliance Blind Spots Hiding Inside Financial Data
Compliance programs often boast robust policies, yet many overlook the granular details hidden in transaction‑level data. Steve Markle of Itemize argues that fraud now embeds itself in invoices, vendor records, and expense reports, slipping past traditional controls. Without deep analysis...
AI Insurance Exists. Getting It Is the Hard Part.
Businesses are confronting a fragmented regulatory landscape and rising litigation risk, prompting a growing demand for AI‑specific insurance. While some insurers are adding outright AI exclusions, others offer tailored policies, algorithmic riders, or silent coverage within existing cyber and professional...
GRC News Roundup: Drata, Diligent, HICX, Ibex & More
The GRC (governance, risk, and compliance) sector saw a flurry of product launches in April. HICX introduced a Supplier Registration platform, Drata rolled out an agentic AI TPRM assessment tool and named a new chief product and technology officer, and...
Pay Day: What States, Job Seekers & Workers Expect on Salary Transparency
Pay transparency statutes are rapidly expanding, now covering 12 states and the District of Columbia, and many localities, forcing employers to disclose salary ranges, benefits, and sometimes additional job details in postings. The rules also extend to remote positions, meaning...
Why Black Colleagues Still Do Not Feel Safe Reporting Racial Discrimination at Work
Black professionals increasingly view corporate "speak‑up" programs as unsafe, citing retaliation, subtle career penalties, and a lack of race‑literate investigators. Research shows every participant experienced discrimination, yet most avoid internal channels until damage is severe. The article argues that compliance...
EU Inc.: Questions Remain, But a Step Forward for Europe
The European Commission has released its first proposal for EU Inc., a new EU‑wide limited‑liability company designed to cut red tape and speed up cross‑border business formation. The draft promises registration in as little as 48 hours for under €100 (about $108)...
Texas Is Using Consumer Protection Law to Police Chinese Supply Chain Ties
In February 2026 the Texas attorney general filed a coordinated series of lawsuits under the Texas Deceptive Trade Practices Act against companies alleged to have Chinese affiliations, accusing them of misrepresenting product origin, concealing cybersecurity vulnerabilities, and omitting foreign data‑access...
FCPA Compliance Programs Are Missing Important Nuances About How Bribery Works in the Persian Gulf
Four Western multinationals spent over $5 billion settling FCPA violations linked to Gulf Cooperation Council markets. Although each firm operated formal compliance programs, due‑diligence and audit reports, the controls failed because they were calibrated for Western commercial norms. The article highlights...
What Detractors Keep Getting Wrong About the FCPA
Critics argue that aggressive enforcement of the Foreign Corrupt Practices Act (FCPA) puts American companies at a competitive disadvantage overseas. Experts counter that the law actually strengthens U.S. firms by forcing them to compete on quality, reliability and transparency rather...
Smaller Investment Advisers Staring Down June Deadline on Reg S-P
The SEC’s amended Regulation S‑P, effective August 2, 2024, imposes new privacy and breach‑notification rules on investment advisers. Smaller advisers—those managing less than $1.5 billion in assets—must comply by June 3, 2025, while larger firms have until December 3, 2025. The amendments require...
When Efficiency Becomes Fragility
Stuart J. Green warns that relentless efficiency can make compliance governance fragile in today’s discontinuous regulatory landscape. He argues that tightly calibrated controls, while cost‑effective in stable times, lack the capacity to adapt when sanctions, enforcement interpretations, or technology‑driven risks...
2026 Commercial Litigation Outlook
Seyfarth Shaw’s sixth annual Commercial Litigation Outlook highlights how AI, privacy regulation, economic strain, and shifting restrictive‑covenant law are reshaping corporate legal risk in 2026. Courts are wrestling with authentication of AI‑generated evidence while businesses seek to protect hybrid intellectual‑property...
A Busy Month at the SEC: What Compliance Teams Need to Do Now
Over the past month the SEC overhauled its enforcement manual for the first time in nearly ten years, announced the resignation of its enforcement chief, and signed a memorandum of understanding with the CFTC. It also hinted at a rule...
Measles Is on the Rise. Have You Reviewed Your Vaccine Policies Since Covid?
Measles cases in the United States are climbing sharply, with 2025 recording over 2,200 infections—the highest in two decades—and 2026 already reporting nearly 1,500 cases across 27 states. The CDC has identified 14 new outbreaks this year, and the nation...
Uh-Oh, You Built a Compliance Automation Tool & Everybody Hates It
The article highlights a trust gap in compliance automation where control owners and auditors distrust system‑generated evidence, leading to parallel manual processes. Even though technology works, resistance stems from loss of professional identity and lack of auditor‑friendly documentation. Successful programs...
US Regulatory Fines Plummet in 2025
US federal regulatory penalties plunged 83% in 2025, falling to $654 million in the second half after a $4 billion first‑half peak, while the number of violations stayed roughly steady. Wolters Kluwer warns that weaker deterrence shifts risk toward fragmented state enforcement and...
Are Your Anonymous Reporting Channels Hiding a Bigger Problem?
The column examines the paradox of anonymous reporting channels, highlighting their essential role in protecting whistleblowers while exposing their vulnerability to incomplete or malicious claims. It uses a real‑world dilemma—an employee receiving an anonymous allegation against a trusted colleague—to illustrate...
EU Data Act: Time for a Reality Check
The EU Data Act obliges manufacturers of IoT devices and SaaS providers to make user‑generated data readily accessible and transferable by design. Articles 3 and 4 require that data be supplied in a structured, machine‑readable format, often forcing back‑end redesign...
Warranty Language Might Be Your Biggest Right-to-Repair Liability
The FTC is zeroing in on warranty language as the most tangible right‑to‑repair liability for manufacturers. By tying warranty voiding clauses to third‑party repairs, the agency has leveraged the Magnuson‑Moss Warranty Act and antitrust tools, as seen in recent orders...
FCPA Enforcement Isn’t Dead; a Former Coal Executive Found Out the Hard Way
A federal jury in Pennsylvania convicted former Corsa Coal vice‑president Charles Hunter Hobson on two FCPA counts, conspiracy, money‑laundering and wire‑fraud charges, despite the 2025 Trump‑era pause on FCPA enforcement. The DOJ completed its review and proceeded, emphasizing that bribery...
ProcessUnity Research Finds Third-Party Risk Management Confidence Outpaces Breach Reality
ProcessUnity’s State of Third‑Party Risk Assessments 2026, conducted with the Ponemon Institute, surveyed 1,465 risk leaders and found a stark disconnect between confidence in TPRM programs and actual breach outcomes. Respondents report an average of 12 third‑party breaches per year...
Reimagining KYC
Capgemini released a whitepaper outlining perpetual KYC, a shift from periodic, manual reviews to near‑real‑time, event‑driven monitoring. Early adopters report 20‑40% fewer false positives, 40‑60% faster onboarding, and 50‑70% reduction in case backlogs. The proposed pKYC triad blends data modernization,...
The Rising Tide of AI-Washing Cases in Securities Fraud Litigation
Public companies are increasingly inflating AI capabilities to attract investors, a practice dubbed AI‑washing that has sparked a surge in securities fraud litigation. Recent cases such as Opendoor and Upstart illustrate how exaggerated AI claims led to false statements, stock...
Back to Basics: 14 Risk Oversight Rules You Know (But May Be Ignoring)
Jim DeLoach’s article revisits 14 timeless risk‑oversight principles, urging leaders to refresh them with today’s digital capabilities. He stresses that avoiding risk is itself a risk, and that AI, machine learning, and real‑time data can dramatically improve early‑warning systems. The...
US Companies Increasingly Face Investor Pushback on M&A Deals
Activist investors intensified pressure on U.S. companies, with push‑to‑sell campaigns rising 29% in 2025, reaching a five‑year high. More than 30 firms encountered shareholder resistance to M&A deals, while overall activist activity modestly declined to 579 targets. Concurrently, private‑equity firms...
A Year After Designation of Cartels as Terrorists, What Is the Risk Landscape for Multinationals Operating in Mexico?
In February 2025 the U.S. designated six Mexican drug cartels as foreign terrorist organizations, extending material‑support statutes and national‑security enforcement to any company dealing with them. The DOJ’s new guidelines prioritize terrorism‑finance violations, while FinCEN’s geographic targeting orders have already...
Your Foreign AI Vendor’s Black Box Is an Ethics Problem, Not a Technical One
Boards and senior leaders are confronting a growing dilemma: critical AI systems supplied by foreign vendors operate as opaque black boxes, delivering efficiency while limiting auditability. Ethicists Vera Cherepanova and Brian Haman argue this is fundamentally an ethical issue of...
Sphinx Raises $7M Seed Round for AI Compliance Agents
Sphinx announced a $7 million seed round, led by Cherry Ventures with participation from Y Combinator, Rebel Fund, Deel Ventures and Singularity Capital. The San Francisco‑based startup builds browser‑native AI agents that embed directly into existing case‑management systems, third‑party portals and internal dashboards...
EU Companies Face Double Workload on AML Before 2027 Harmonization Arrives
The EU will introduce a unified anti‑money‑laundering regulation (AMLR) and the sixth AML directive on July 10 2027, replacing the patchwork of national transpositions of the fifth directive. Until then, companies must continue to meet divergent local UBO reporting and due‑diligence rules...
Internal Controls: The Quiet Infrastructure Behind Financial Trust
Recent SEC enforcement actions have spotlighted ineffective internal controls over financial reporting, emphasizing approval workflow and reconciliation gaps. Experts argue that robust control environments, paired with knowledgeable teams, shift compliance from a reactive task to a predictable process. As organizations...