All Best Practices articles
-
OpinionWhen AI Is Forced on Compliance: The ECCP as your Guide
When a company rapidly adopts AI, compliance officers can be blindsided, tasked with governance almost immediately. Luckily, there is a guide from the U.S. Department of Justice to help.
-
OpinionEthics as strategic value: When compliance becomes a board-level decision tool
For many Boards of Directors, compliance reporting feels familiar and reassuring. Dashboards are green. Policies are updated. Training is complete. Incidents are investigated and closed. On paper, the system works.
-
OpinionSafely leveraging generative AI: A practical guide for compliance leaders
Generative AI (GenAI) has moved rapidly from experimentation into day-to-day use across many organizations. Over the past year, teams have shifted from exploratory pilots to relying on these tools for core activities such as contract analysis, research, and software development.
-
OpinionThe illusion of control: How shrinking teams and AI are redefining cyber risk
Over recent years, cybersecurity executives have been tasked with an almost impossible Challenge: reduce headcount, accelerate transformation, integrate artificial intelligence, meet regulatory obligations, and still maintain resilience.
-
OpinionBest practices for responding to government investigations
In the current business environment, companies must have a documented plan for responding to government investigations. Shifts in tariffs, dynamic export controls, and a potentially less strict enforcement environment around international bribery all increase the risk that an employee or representative could violate the law – inadvertently or intentionally.
-
OpinionWhy “just do the work” fails in regulated organizations
Most organizational failures are not failures of effort, discipline, or follow-through. They are interpretation failures misdiagnosed as execution problems.
-
OpinionCreating effective compliance messages for specific employee groups
As 2026 arrives, have you considered the efficacy of your compliance messaging efforts? We have all seen these compliance taglines “Speak Up!,” “See Something, Say Something,” “Ethics Matter!”
-
OpinionTeaching the business to speak risk
Compliance professionals understand the value of risk assessments. We conduct them annually, map risks to controls, and present heat maps to the board. But there is a strategic opportunity that many compliance programs overlook: Teaching the business itself to think in the language of risk.
-
OpinionSOX was built for humans. AI doesn’t fit that model.
For more than two decades, assurance and compliance frameworks have rested on a simple assumption: Material decisions are made by people. Post‑Sarbanes-Oxley Act (SOX) assurance reset worked because it aligned accountability with human behavior. That assumption shapes how internal controls are designed, how accountability is assigned, and how assurance is ...
-
OpinionManaging the permanent tension between compliance and business delivery
Business delivery runs on market deadlines. Compliance runs on regulatory mandates.
-
ArticleSix AI questions compliance officers must answer in 2026
As artificial intelligence reshapes business, compliance teams face new questions about risk and oversight. These are the key issues compliance professionals should be asking as they evaluate their programs heading into 2026.
-
OpinionHow banks are responsibly embedding machine learning and GenAI into AML surveillance
As financial crime grows in scale, speed, and sophistication, banks are increasingly turning to artificial intelligence, machine learning, and generative AI to strengthen anti-money laundering and surveillance programs.
-
OpinionCongress is about to regulate crypto. Criminals are ready.
Congress is moving toward rules for cryptocurrency. That’s overdue. For years, crypto markets have grown faster than the laws meant to ensure they aren’t exploited by criminals.
-
OpinionExperts outline core skills compliance teams need to develop in 2026
Compliance teams will face a range of ongoing challenges in the coming year, as well as greater demands from boards and management for better, wider, and more real-time assurance on an increasing range of risk topics.
-
ArticleFrom NATO to nature crime. A practitioner’s perspective on greenwashing
From NATO and the UN to wildlife crime and finance, Chris Jagger explains why banks need smarter, more agile compliance to stay ahead of criminals.
-
OpinionBribery exposure doesn’t start with policy failure. It starts with training.
Anti-bribery and corruption failures in financial institutions rarely stem from bad policies.
-
OpinionBuilding resilient teams in cyberdefense
The stress on cyberdefense teams can be accurately described as a form of chronic occupational trauma stemming from several unique pressures. But there are ways to build a culture that combats these pressures.
-
OpinionThe invisible cost of digital defense on mental health
Cybersecurity professionals, particularly those in leadership roles, often face immense pressure and stress due to the constant threat of cyberattacks.
-
OpinionFINRA’s GenAI wake-up call: What compliance professionals must do now
FINRA’s rules are intended to be technologically neutral. They apply when companies use GenAI or similar technologies in their businesses, just as they apply when companies use any other technology or tool. But what does that mean for a compliance professional using GenAI?
-
OpinionHow to identify and mitigate risks posed by Foreign Terrorist Organizations
Since Inauguration Day on Jan. 20, 2025, the Trump Administration has made it a priority to expand the list of designated Foreign Terrorist Organizations.