All Best Practices articles
-
OpinionWhen AI acts: The compliance challenge of agentic systems
Artificial intelligence is no longer limited to generating insights or supporting analysis. With every passing day, AI systems are being designed to initiate actions, trigger workflows, and influence outcomes with minimal human intervention.
-
OpinionTips for creating and implementing a global gifts and hospitality policy
Across the globe, gift giving and wining and dining play a role in building business relationships. But be it a tin of cookies, coveted concert tickets, or a gourmet meal, employees should understand what types of gifts and hospitality are acceptable to avoid exposing their company to risk.
-
ArticleExperts urge stronger compliance involvement to mitigate AI liability
Companies look set to increase their spend on AI technologies during 2026, but not every investment is likely to pay off. In fact, most appear to offer little return quickly.
-
OpinionWhat to know about double materiality assessments for ESG initiatives
Double materiality assessments help organizations identify and prioritise ESG topics that matter most, both in terms of their impact on society and the environment, and their financial implications for the business.
-
OpinionStart considering contracts as part of your compliance infrastructure
For many compliance teams, 2025 marked an inflection point: A familiar problem in an unfamiliar form, significant regulatory exposure without settled rules, benchmarks, or enforcement patterns.
-
OpinionCybersecurity terms in third-party contracts: Are you being served, or served up?
Governance failures embedded in standard agreements are amplifying organizations’ exposure to cyber incidents by failing to account for modern supply-chain realities, where third- and fourth-party vendors, cloud platforms, subcontractors create a cascading risk far beyond the contracting entity.
-
OpinionBeyond the paper shield: Noting differences between U.S. and Brazilian anti-corruption law
The difference between U.S. and Brazilian anti-corruption laws lies in the logic of their enforcement, writes Gustavo Aguiar, a Brazilian attorney whose practice specializes in public procurement, compliance, and land regulation.
-
ArticleQ&A with Norm Ashkenas, CCO at Robinhood, on compliance challenges, opportunities and being a strategic adviser
Chief among Norm Ashkenas’ priorities is positioning compliance as a strategic adviser, supporting those leading this global expansion in a complex financial services world. He stresses that compliance puts a huge effort into ensuring that it is not seen as a back-office function.
-
ArticleThe hidden compliance costs behind failed AI deployments
Companies look set to increase their spend on AI technologies during 2026, but not every investment is likely to pay off. In fact, most appear to offer little return quickly.
-
OpinionFive questions business leaders should be asking in 2026 to manage transformation risk
Working with clients in various sectors over the past year, one thing is clear: Transformation is bigger, faster, and more interconnected. Tech, talent, regulation, and operations—it’s hitting at once.
-
OpinionWhen AI Is Forced on Compliance: The ECCP as your Guide
When a company rapidly adopts AI, compliance officers can be blindsided, tasked with governance almost immediately. Luckily, there is a guide from the U.S. Department of Justice to help.
-
OpinionEthics as strategic value: When compliance becomes a board-level decision tool
For many Boards of Directors, compliance reporting feels familiar and reassuring. Dashboards are green. Policies are updated. Training is complete. Incidents are investigated and closed. On paper, the system works.
-
OpinionSafely leveraging generative AI: A practical guide for compliance leaders
Generative AI (GenAI) has moved rapidly from experimentation into day-to-day use across many organizations. Over the past year, teams have shifted from exploratory pilots to relying on these tools for core activities such as contract analysis, research, and software development.
-
OpinionThe illusion of control: How shrinking teams and AI are redefining cyber risk
Over recent years, cybersecurity executives have been tasked with an almost impossible Challenge: reduce headcount, accelerate transformation, integrate artificial intelligence, meet regulatory obligations, and still maintain resilience.
-
OpinionBest practices for responding to government investigations
In the current business environment, companies must have a documented plan for responding to government investigations. Shifts in tariffs, dynamic export controls, and a potentially less strict enforcement environment around international bribery all increase the risk that an employee or representative could violate the law – inadvertently or intentionally.
-
OpinionWhy “just do the work” fails in regulated organizations
Most organizational failures are not failures of effort, discipline, or follow-through. They are interpretation failures misdiagnosed as execution problems.
-
OpinionCreating effective compliance messages for specific employee groups
As 2026 arrives, have you considered the efficacy of your compliance messaging efforts? We have all seen these compliance taglines “Speak Up!,” “See Something, Say Something,” “Ethics Matter!”
-
OpinionTeaching the business to speak risk
Compliance professionals understand the value of risk assessments. We conduct them annually, map risks to controls, and present heat maps to the board. But there is a strategic opportunity that many compliance programs overlook: Teaching the business itself to think in the language of risk.
-
OpinionSOX was built for humans. AI doesn’t fit that model.
For more than two decades, assurance and compliance frameworks have rested on a simple assumption: Material decisions are made by people. Post‑Sarbanes-Oxley Act (SOX) assurance reset worked because it aligned accountability with human behavior. That assumption shapes how internal controls are designed, how accountability is assigned, and how assurance is ...
-
OpinionManaging the permanent tension between compliance and business delivery
Business delivery runs on market deadlines. Compliance runs on regulatory mandates.