t has been said that if a butterfly flaps its wings in the Serengeti, it can change the climate half a world away. Similarly, if an EU regulator enacts regulation in the EU Commission, it can have a major impact as far away as the United States.

We saw this through the ubiquity of website cookie notices and recent state-level laws like the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), which, if nothing else, took some inspiration from the EU’s General Data Protection Regulation (GDPR).

Get ready for another EU regulation that, while not directly applicable in the United States, will nonetheless have a major impact on compliance at U.S. organizations. The Digital Operational Resilience Act (DORA) will be similarly impactful once it comes into force on January 17, 2025—especially for those in the financial services industry.

Nominally, DORA is a cyber-resilience regulation aimed at protecting the operational stability of the European financial services industry. It is the first ever EU regulation of its kind that targets resilience at a sectoral level and, partially speaking, is an extensive suite of requirements for financial institutions and businesses that provide services to them around how information and communication technology (ICT) contracts should be written, risks assessed, incidents reported and security systems tested, among other things.

Like any good EU regulation, DORA will come with large potential fines (one percent of global turnover) for violators.

DORA Is Not Just an EU Regulation

The key thing auditors need to understand about DORA, especially as they are being asked to take on more risk-based responsibilities, is that DORA is very broad. It creates significant regulatory risk for potentially tens of thousands of entities in and outside the EU.

According to a recent McKinsey survey, most EU financial entities have started their journey towards DORA compliance, but only a third expect they will be ready on time for January 17. Globally, the state of DORA readiness is likely far lower.

This is important because, like the GDPR, DORA does not just apply to the 22,000 or so financial entities based in the EU. Instead, it is enforced based on where an organization’s customers are based. This means that if a financial institution in the United States, the United Kingdom, or any other location outside the EU deals with EU customers, there is a strong chance that DORA applies to them.

The best starting point for a compliance officer or internal auditor to see whether their organization falls under DORA is to look at the list of financial entities that are not in DORA’s scope.

Organizations excluded from DORA include non-financial entities, (some) alternative investment fund managers, very small insurance and reinsurance firms, financial entities outside the EU that do not serve the EU financial sector, and some others like post office GIRO institutions and small occupational pension funds.

As a rule, if a financial institution trades actively and is large enough to have EU-based customers, it will need to comply with DORA’s rule sets. Fintechs, crypto brokers, hedge funds, asset managers, and more traditional banks and financial institutions will all be impacted.

What Types of Companies Does DORA Cover?

Some organizations will have more stringent DORA requirements than others. A large multinational bank, for example, with complicated ICT systems and a lot of interdependent relationships will have relatively tough requirements.

To comply with DORA, an entity like this will likely have to conduct threat-led penetration testing (a form of offensive cybersecurity exercise in which you test IT systems against realistic cyber-attack scenarios and threats) at least every three years and other security testing on an annual basis.

They will also need to be able to report ICT incidents, such as data breaches, within 24 hours for significant events and conduct detailed third-party risk assessments for all critical ICT service providers. Ideally, the entity in question will already be ahead of this task, and the compliance officer or internal auditor’s job will not change to a great degree due to DORA.

A smaller organization, like an investment firm with a more basic ICT infrastructure that is less critical to the overall financial services industry, will have different requirements. They will have longer windows for incident reporting (72 hours) and simpler third-party risk requirements. Testing will still be required but on a less stringent basis.

Although many smaller organizations may have slightly less to do to become DORA compliant, they may find that many of DORA’s requirements, like threat-led penetration testing, are completely new to them.

Microenterprises, “very small entities,” defined as having a revenue of less than €2 million per year ($2.11 million) and less than 10 employees, and simple IT environments will have much lighter compliance requirements.

Critical Third Parties Covered by DORA

Another quirk of DORA is that it’s not just applicable to financial institutions but will also impact businesses that serve them, such as companies that provide services that are essential to the EU financial services industry, but are not financial institutions themselves. Some of these businesses will be designated as Critical ICT Third-Party Service Providers (CTPP) and have especially strict requirements.

An essential requirement for ICT third-party service providers to be considered critical by DORA is that they must provide ICT services that support critical or important functions to at least 10 percent of the financial entities for any given category, as defined in DORA. “Critical or important functions” refer to functions whose discontinued, defective, or failed performance would materially impair the financial entity.

In a broad sense, a CTPP is a service that, if it fails, would cause serious damage to a significant portion of the EU financial services industry. A company is designated as such, either by voluntarily declaring itself to be a CTPP or by being appointed as such by a European Supervisory Authority, such as the European Banking Authority. Major cloud service providers like Google Cloud, for example, will likely become CTPPs and have been taking steps to comply with DORA for quite some time.

Compliance Matters

Sectoral, global, and coming into force in less than six months by the European Commission, DORA will become a mainstay of boardroom conversation in 2025.

Hopefully, this article will help compliance officers and internl auditors better understand who is and isn’t covered by DORA. In practice, DORA compliance is a significant top-down effort. The average major financial services industry organization will dedicate significant resources to DORA compliance.  

Nikos Vassakis is the Head of Consulting Services at SECFORCE, an IT security and cybersecurity firm based in London, U.K.

The post Are You Ready for Compliance with EU’s DORA? appeared first on Compliance Chief 360.

new report predicts that compliance and assurance functions could double the amount they spend on new technology by 2027. According to the research, issued by Gartner Inc., generative AI, machine learning, and large language models will fuel a surge in spending by compliance, risk management, and assurance functions.

The news isn’t all good. The report also predicts a wave of disillusionment with advanced technologies as expectations are exceeding capabilities in many cases. Accordingly, Gartner experts have placed AI at the “peak of inflated expectations” in the 2024 “Hype Cycle” for legal, risk, compliance and audit technologies.

“Some assurance leaders are prematurely expecting AI technology to greatly enhance productivity,” said Weston Wicks, senior director analyst in the Gartner Legal & Compliance Practice. “While these technologies show promise, in the near-term Gartner recommends assurance leaders identify where they can pilot and experiment with them while maintaining healthy skepticism as they are implemented.”

Gartner experts believe that GenAI will have a foreseeable impact on adjacent innovations in the analytics space, and therefore certain innovations, such as data and analytics governance, audit analytics, legal analytics, and advanced contract analytics, have moved further toward the trough as the te to plateau for these innovations becomes nearer-term — two-to-five years.

“Certain notable movements on the 2024 Hype Cycle are driven by assurance leaders convinced that incorporating new technology and generative AI (GenAI) tools is necessary to manage the growing burden of new rules and regulations imposed on executives and enterprises globally,” said Wicks. “Select emerging innovations, such as compliance monitoring solutions, have been directly impacted by GenAI and have seen substantial movement along the Hype Cycle as a result.”

Proceed with Caution

While there are some expectations that the advancements in GenAI will be transformative in assurance, Gartner experts caution that early adopters must acknowledge the risks of these new advancements and their impact on teams’ ability to manage them.

“Early lessons learned by assurance leaders include understanding the importance of information management and data governance, and the importance of intentionally including humans in the loop to mitigate bias and other risks,” said Wicks. “For these reasons, Gartner estimates the innovations will achieve high benefit ratings across the next five years.” 

The post Report: Compliance Functions Could Double Tech Spend by 2027 appeared first on Compliance Chief 360.

igital disruption and climate change have emerged as the two fasting-growing risk areas for organizations across industries, according to a new report.

Based on feedback from more than 3,500 internal audit leaders around the world, global risk levels for digital disruption and climate change are projected to increase 20 percent and 16 percent, respectively, over the next three years, outpacing other risk areas. The research was conducted by the Institute of Internal Auditor’s Internal Audit Foundation for its latest Risk in Focus report.

Despite the growing intensity of these risks, most audit plans do not currently prioritize them, the study found. In fact, neither digital disruption nor climate change were named among the top five areas where internal audit functions allocate the most time and effort, with both ranked in the lower half of audit priorities. Globally, internal audit functions focus predominantly on cybersecurity, governance and corporate reporting, and business continuity, indicating a gap between evolving threats and current areas of attention.

“Our latest research tells us cybersecurity, business continuity, and human capital continue to hold the top three spots in risk ratings. However, respondents anticipate significant changes as risks related to climate change and digital disruption accelerate in the coming years,” said Anthony Pugliese, president and CEO of the IIA. “To ensure both short-term success and long-term sustainability, organizations and their internal audit functions must adapt risk management practices to keep pace with the changing risk landscape.”

Risk in Focus offers a comprehensive view of the current global risk landscape and how it is expected to evolve in the coming years. Because threats are expected to rise steeply for technological advancements and climate change, the 2025 reports focus on leading practices for mitigation of these risks.

Keeping Pace with Digital Disruption

Approximately 39 percent of survey respondents worldwide ranked digital disruption as a top five risk, with that number expected to jump to 59 percent in three years. For North America, these figures are even higher at 48 percent and 70 percent, respectively. Furthermore, respondents worldwide expect digital disruption to rise from the fourth to the second highest ranked risk area in three years.

Artificial intelligence (AI) has introduced new risks to track, especially related to cybersecurity, according to 75 percent of respondents. AI has also impacted many other risk areas, including human capital, fraud, communications, reputation, and more.

AI is a particular focus for internal audit leaders concerning technology-related risks. Specifically, challenges include upskilling and adopting new tools, as well as global disparities in access to and knowledge of emerging technology.

Climate Regulations Driving New Risks

Climate-related risks are currently ranked relatively low, but they are expected to rise substantially soon. About one in four (23 percent) of global respondents view climate change as a top five risk today. However, nearly 40 percent of respondents anticipate it will reach the top five in the next three years, climbing from 13^th place to 5^th.

Globally, roundtable participants agree that sustainability reporting and compliance requirements are the primary drivers for boards, management, and internal audit functions to allocate resources to climate change. The report revealed significant regional differences in climate-related risk perceptions. For instance, 33 percent of European audit leaders and 30 percent of Canadian audit leaders rate climate change as a top five risk, compared to 9 percent for U.S. audit leaders. Despite the U.S. position, North American respondents expect ratings for climate change as a top 5 risk will double from 13 percent to 27 percent in three years.

“While climate change has long been recognized as a growing risk for organizations, these findings reveal the extent to which climate-related risks are expected to surge in the near term,” said Pugliese. “It is imperative for organizations, stakeholders, and internal audit leaders to objectively assess the short-term and longer-term risks to their organizations beyond basic compliance with regulations.”

Extreme weather can cause supply chain disruptions, higher operational costs, flooding, famine, and more. Some consumers and investors are calling on organizations to implement more sustainability initiatives. These sustainability initiatives, however, must be reported accurately to avoid greenwashing and reputational damage.

Regional Risk Differences

The study also explored regional differences in the risk landscape through roundtables and separate Risk in Focus reports for Africa, Asia Pacific, Europe, Latin America, the Middle East, and North America. These regional reports outline proactive steps that organizations and audit leaders across industries can take today to mitigate threats and embrace opportunities.

Embracing artificial intelligence and emerging technologies will be critical, as well as prioritizing upskilling, technology-oriented training, and recruitment to manage these risks effectively.

“The IIA has strongly advocated for internal audit functions to take a more strategic advisory role to better serve organizations and stakeholders,” said Pugliese. “The Risk in Focus findings underscore the importance of agile collaboration and partnership among internal audit functions, boards, and management to stay ahead of emerging threats and improve understanding of potential risk exposures.”  

The post New Report Identifies Fastest Growing Risks for Companies appeared first on Compliance Chief 360.

ells Fargo’s recent disclosure of regulatory investigations related to its anti-money laundering (AML) and sanctions programs and agreement to “work with U.S. bank regulators to shore up its financial crimes risk management” serves as a timely reminder of the ongoing importance of robust compliance measures in the financial sector.

These events underscore the need for vigilance at all levels of the industry, from major institutions to smaller financial companies, and further highlight the critical role of due diligence in selecting and monitoring payment solution providers for compliance officers, risk practitioners, and internal audit executives.

To that end, here are four essential questions to ask when evaluating potential partners, informed by the latest industry developments:

1. How comprehensive is the BSA/AML compliance program?

A robust Bank Secrecy Act and Anti-Money Laundering (BSA/AML) compliance program is vital to any financial institution’s risk management strategy. When evaluating a provider’s program, look for well-defined internal policies and controls. These should include a documented BSA/AML policy that outlines the organization’s approach to identifying, assessing, and managing money laundering and terrorist financing risks.

The policy should encompass clear customer identification procedures, risk-based customer due diligence processes, and transaction monitoring systems. Additionally, it should detail suspicious activity reporting procedures and record-keeping practices that meet or exceed regulatory requirements. Equally important is a defined process for staying current with regulatory changes and implementing updates promptly.

A dedicated compliance officer should oversee these efforts. This individual should possess relevant experience in BSA/AML compliance, appropriate certifications, and have direct access to senior management and the board of directors. They should be empowered to implement necessary changes across the organization.

Another crucial element is ongoing, comprehensive training. Look for providers that offer role-specific training tailored to different departments, annual refresher courses for all staff, and ad-hoc training to address new regulations or emerging risks. The training program should include testing to ensure comprehension and retention of key concepts, with all activities documented for audit purposes.

Finally, the provider should conduct rigorous auditing and monitoring. This includes regular internal audits of all BSA/AML processes, periodic independent third-party audits, and continuous monitoring of transactions and customer activity. There should be a straightforward process for addressing and remediating audit findings, with regular reporting to senior management and the board on audit results and program effectiveness.

2. Who comprises the compliance team?

The expertise of the compliance team is crucial in navigating complex regulatory landscapes. Look for a diverse team with a mix of legal, financial, and technological expertise.

A well-rounded team might include a chief legal & compliance officer, corporate counsel, senior compliance analysts, a finance settlement manager, information security leaders, and an operations director. This diversity helps ensure a comprehensive approach to compliance and security, reducing the risk of oversight that could lead to regulatory issues.

3. How does the organization embed compliance responsibilities across all departments?

Compliance should not be confined to a single department but should be integrated throughout the organization. A company-wide commitment to compliance should be evident through clear statements from leadership emphasizing its importance, inclusion of compliance objectives in departmental and individual performance metrics, and regular compliance updates in company-wide communications.

Training should extend beyond the compliance department. Look for providers that offer role-specific training illustrating how compliance impacts different job functions. Scenario-based learning can help employees identify and respond to potential compliance issues. The use of multiple training formats can cater to different learning styles, ensuring comprehensive understanding across the organization.

Clear communication channels for reporting potential issues are essential. This includes an anonymous whistleblowing hotline or reporting system, a defined escalation process for compliance concerns, and protection for employees who report potential violations. Regular reminders about these reporting channels reinforce the importance of speaking up.

A culture of compliance is characterized by the incorporation of compliance considerations into all business decisions and processes. This might include recognition for employees who demonstrate strong compliance behavior, zero tolerance for willful non-compliance regardless of an employee’s position, and regular compliance “town halls” or Q&A sessions to foster open dialogue about compliance matters.

4. What is the approach to regular internal audits and regulatory examinations?

In light of increased regulatory scrutiny, regular, independent audits are crucial. Inquire about the frequency and scope of their audits, including how often internal audits are conducted, what areas they cover, and how findings are categorized and addressed.

The provider’s relationship with regulatory bodies and sponsor banks is also important. Ask about their interaction with regulators outside of formal examinations, participation in regulatory outreach events or industry working groups, and their track record with past regulatory examinations.

A strong provider will have a formal process for reviewing and acting on audit and examination findings. This should include tracking and validating corrective actions, measuring the effectiveness of implemented changes, and sharing learnings across the organization.

Staying updated on regulatory changes and industry best practices is crucial. Look for providers that subscribe to regulatory update services, have relationships with outside counsel or consultants for complex regulatory matters, and participate in industry associations or forums.

Finally, inquire about their approach to continuous improvement. This might include using data analytics to enhance compliance programs, conducting regular risk assessments to identify potential gaps or emerging risks, and benchmarking their practices against industry peers.

Proactive Compliance in a Complex Regulatory Environment

The recent Wells Fargo disclosure reminds us that compliance is an ongoing process requiring constant attention and proactive measures. For compliance officers, risk practitioners, and internal audit executives, this underscores the importance of thorough due diligence when selecting and monitoring payment solution providers.

By asking these four key questions and critically evaluating the responses, you can significantly mitigate risks and ensure a more secure financial ecosystem for your organization. Remember, in today’s regulatory environment, compliance isn’t just about meeting minimum requirements—it’s about fostering a culture of integrity and security that permeates every aspect of your operations.

As you evaluate potential payment solution providers, look for partners who share this philosophy and demonstrate a commitment to excellence in compliance and security. In doing so, you’ll not only meet regulatory requirements but also build a foundation of trust with your customers, stakeholders, and regulators—a crucial asset in navigating today’s financial landscape.  

Anna Fron is Chief Legal and Compliance Officer at Dash Solutions, a platform that provides digital payments and engagement program management to thousands of customers.

The post Compliance Lessons from Wells Fargo: Four Questions to Ask Your Payment Solution Provider appeared first on Compliance Chief 360.

he Securities and Exchange Commission’s Division of Examinations has released its 2025 examination priorities. This year’s examinations will prioritize perennial and emerging risk areas, such as fiduciary duty, standards of conduct, cybersecurity, and artificial intelligence. For fiscal year 2025, in addition to conducting examinations in core areas such as disclosures and governance practices, the Division will also examine for compliance with new rules, the use of emerging technologies, and the soundness of controls intended to protect investor information, records, and assets.

The Division publishes its examination priorities annually to inform investors and registrants of potential risks in the U.S. capital markets and to make them aware of the examination topics that the Division plans to focus on in the new fiscal year.

“The Division of Examinations 2025 priorities enhance trust in our ever-evolving markets,” said SEC Chair Gary Gensler. “In examining for compliance with our time-tested rules, the Division plays a critical role in protecting investors and facilitating capital formation. Working with registrants to understand the rules helps ensure that markets work for investors and issuers alike.”

The Division examines SEC-registered investment advisers, investment companies, broker-dealers, clearing agencies, and self-regulatory organizations, among others, for compliance with federal securities laws. The Division prioritizes examinations of the practices, products, and services that were found, through a risk-based assessment, to present a heightened risk to investors or the integrity of the U.S. capital markets, it said in a statement. The annual publication of the examination priorities furthers the SEC’s mission and aligns with the Division’s four pillars to promote and improve compliance, prevent fraud, monitor risk, and inform policy, the Commission said.

“Our 2025 examination priorities identify the key areas of potentially increased risks and related harm for investors,” said Keith Cassidy, acting director of the division of examinations. “We hope that registrants will evaluate their compliance programs in the areas we identified and make the changes necessary to protect investors and maintain fair and orderly capital markets.”

The 2025 examination priorities cover a broad landscape of potential risks to investors that firms should consider as they review and strengthen their compliance programs. They are not, however, an exhaustive list of all the areas the Division will focus on in the upcoming year, the SEC noted. The scope of any examination includes analysis of other risk factors such as an entity’s history, operations, and products and services.  

The post SEC Issues It’s List of 2025 Examination Priorities appeared first on Compliance Chief 360.

he Justice Department filed a civil antitrust lawsuit against Visa accusing the payments processor of monopolization and other unlawful conduct in debit network markets in violation of anti-trust laws.

Filed in the U.S. District Court for the Southern District of New York, the complaint alleges that Visa illegally maintains a monopoly over debit network markets by using its dominance to thwart the growth of its existing competitors and prevent others from developing new and innovative alternatives. “Visa’s exclusionary and anti-competitive conduct undermines choice and innovation in payments and imposes enormous costs on consumers, merchants, and the american economy,” the DoJ said in a statement.

According to the complaint, more than 60 percent of debit transactions in the United States run on Visa’s debit network, allowing it to charge over $7 billion in fees each year for processing those transactions. The complaint further alleges that Visa illegally maintains its monopoly power by insulating itself from competition. For example, the DoJ said, “Visa wields its dominance, enormous scale, and centrality to the debit ecosystem to impose a web of exclusionary agreements on merchants and banks. These agreements penalize Visa’s customers who route transactions to a different debit network or alternative payment system.”

In so doing, the complaint alleges, Visa locks up debit volume, insulates itself from competition, and smothers smaller, lower-priced competitors. Visa also induces would-be competitors to become partners instead of entering the market as competitors by offering generous monetary incentives and threatening punitive additional fees, the DoJ said. As the complaint alleges, Visa coopted the competition because it feared losing share, revenues, or being displaced by another debit network altogether.

Creating an Anti-competitive Market

“We allege that Visa has unlawfully amassed the power to extract fees that far exceed what it could charge in a competitive market,” said Attorney General Merrick Garland. “Merchants and banks pass along those costs to consumers, either by raising prices or reducing quality or service.  As a result, Visa’s unlawful conduct affects not just the price of one thing – but the price of nearly everything.”

Debit transactions are an important and popular part of the U.S. financial system. Millions of Americans prefer or must use debit for online and in-person purchases. According to the DoJ, Visa dominates debit network markets that facilitate these transactions, charging significant fees and stifling competition in the process. “Visa’s systematic efforts to limit competition for debit transactions have resulted in billions of dollars in additional fees imposed on American consumers and businesses and slowed innovation in the debit payments ecosystem,” the department said. Through this lawsuit, the Justice Department seeks to restore competition to this vital market on behalf of the American public.

“Anticompetitive conduct by corporations like Visa leaves the American people and our entire economy worse off,” said Principal Deputy Associate Attorney General Benjamin Mizer. “Today’s action against Visa reminds those who would stifle competition rather than competing on price or investing in innovation that the Justice Department will never hesitate to enforce the law on behalf of the American people.”

Visa maintains enormous scale on both sides of the debit market—with merchants and their banks and with consumers and their banks—and the complaint alleges that Visa’s exclusionary practices extend, deepen, and protect what it refers to as an “enormous moat” around its business. When faced with the possibility that smaller debit networks or new technology entrants would threaten that position, Visa engaged in a deliberate and reinforcing course of conduct to cut off competition and prevent rivals from gaining the scale, share, and data necessary to compete for customers’ business:

• Smaller Debit Networks: Visa uses leverage based on the large number of transactions that must run over Visa’s payment rails to impose expansive volume commitments on merchants and their banks, as well as on financial institutions that issue debit cards. These agreements are priced so that, unless all or nearly all debit volume runs over Visa’s payment rails, large disloyalty penalties can be imposed on all Visa transactions. Merchants cannot afford to use Visa’s smaller competitors for transactions where options do exist, even when those competitors offer lower per-transaction prices.
• Tech Entrants: As Visa’s internal documents make clear, Visa feared that some technology companies and fintech startups with “network ambitions” would cut Visa out as the middleman between merchants, consumers, and their banks by offering a better or cheaper payment product. Visa aimed to stop that development by entering into agreements to pay potential competitors to partner instead of innovating. As Visa’s then-CFO put it: “Everybody is a friend and partner. Nobody is a competitor.”

In 2020, the Justice Department filed a civil antitrust lawsuit to stop Visa from acquiring Plaid, a technology company that powers fintech apps developing disruptive options for online debit payments. The companies abandoned their planned $5.3 billion merger.  

The post Justice Dept. Sues Visa over Accusations of Monopolizing Debt Markets appeared first on Compliance Chief 360.

The program offers monetary awards to those provide original information relating to financial crimes, bribery or healthcare fraud. If such information results in a forfeiture greater than $1 million, the whistleblower will be entitled to a financial award granted that the whistleblower.

“With this program we’re doubling down on a proven strategy to ferret out criminal activity that might otherwise go unreported,” said Deputy Attorney General Lisa Monaco. “Law enforcement has long offered rewards to coax tipsters to report crimes — from the “Wanted” posters of the Old West to the reforms in Dodd-Frank that created whistleblower programs at the SEC and the CFTC. Those agencies alone have received thousands of tips, paid out many hundreds of millions of dollars, and disgorged billions in ill-gotten gains from corporate bad actors.”

As outlined in the program’s guidance document, there are multiple criteria to meet in order to qualify for such an award. The whistleblower’s disclosure must be voluntary, the information must be original, the submission must be truthful and complete, including everything the individual knows about the conduct at issue and the individual must cooperate with the DOJ in the investigation, including testifying as required.

Individuals that meet these requirements will be eligible for an award, calculated based on the total proceeds forfeited. Eligible whistleblowers may receive up to 30% of the net proceeds forfeited to the DoJ For the first $100 million in net proceeds. Whistleblowers are eligible to receive up to 5% of any forfeiture between $100 and $500 million. Ultimately, this system sets a maximum award at $50 million.

In determining how much to give as an award the DoJ will consider multiple factors. These factors include the significance of the information; assistance provided by the whistleblower; participation by the whistleblower in the company’s internal compliance systems; any delay or interference in reporting; and if the individual was occupying an oversight role at the company.

The Program Faces Criticism for Implementing a Maximum Award Limit

Although this system has received praise from many of its observers, some have criticized it for its award cap. “Whistleblowers take enormous risks stepping forward, particularly in reporting the kind of wrongdoing targeted by DOJ’s new program,” said Erika Kelton, a partner at whistleblower law firm Phillips & Cohen. “By limiting the amount of an award, individuals may choose to stay silent, particularly because the larger recovery may also increase the risks.”

A Justice Department official noted that the $50 million maximum payment was established considering the history of SEC whistleblower awards, where most have been $50 million or less. According to agency data, the SEC has issued only three awards exceeding $50 million since the whistleblower program’s inception in 2011.

To file a claim for a whistleblower award, an individual must file a claim form located on the DoJ’ website. In order to be considered for an award all claim forms and required attachments must be received by the Department within 90 days of its publications of the successful forfeiture.  

Jacob Horowitz is a contributing editor at Compliance Chief 360° 

The post DoJ Launches New Corporate Whistleblower Program appeared first on Compliance Chief 360.

While these elements are important for the board to understand, the actual compliance presentation at board meetings often misses the mark by failing to showcase the proactive work that a compliance team is doing. Compliance officers are often not effectively demonstrating how they are aligned with the evolving and innovative strategies of their business, industry, and environment.

Compliance officers occupy a unique vantage point in their companies. They have unparalleled visibility into almost every facet of an organization’s operations. This allows them to understand the workings and interplay between technology, ever-evolving regulations, and day-to-day business practices. In my experience, the most engaging board presentations are the ones where the compliance officer can articulate what the compliance department is proactively doing to address emerging phenomena, discussing both the risks and the mitigation strategies in place. It positions the compliance officer as a strategic partner, not one who impedes progress.

This proactive approach not only progresses the compliance agenda at the highest levels of the organization, it also directly aligns with the expectations of the U.S. Department of Health and Human Services – Office of Inspector General (HHS-OIG), Department of Justice (DOJ), Securities and Exchange Commission (SEC), and other relevant regulators.

Next, we’ll consider five key topics compliance officers should be actively discussing with their boards in 2024. We’ll explore how to move beyond reactive reporting and demonstrate your role as a strategic partner. While we’ll focus on the life sciences sector, many of the topics are relevant to all compliance functions.

1 Digital Enablement
Digital enablement continued to increase in importance during in the first six months of 2024. Artificial Intelligence and Machine Learning (AI/ML) are revolutionizing drug development and clinical trials by enabling the analysis of vast amounts of data and accelerating the discovery of new treatments. AI/ML algorithms can identify patterns and predict outcomes, aiding in the selection of potential drug candidates and predicting patient response to treatments. By optimizing trial design, AI/ML can improve the efficiency of clinical trials, leading to faster and more accurate results. Outside the life sciences sector, AI is quickly inhabiting nearly every aspect of the organization, raising endless possibilities for innovation and efficiency, while also unveiling several complex risks.

Drug Discovery

• AI/ML algorithms are being used to analyze vast amounts of data from genomics, proteomics, and other sources to identify potential drug candidates and predict their efficacy and safety.

Clinical Trial Design

• AI/ML can be used to optimize clinical trial design, such as identifying the most appropriate patient population, optimal dosing levels, and predicting potential adverse events.

Trial Data Analysis

• AI/ML can be used to analyze clinical trial data more efficiently and identify potential safety signals or trends, allowing for faster course correction and improved drug development outcomes.

Similarly, AI/ML is transforming the way nearly all companies approach commercial activities. Using predictive analytics, AI/ML can assist companies in identifying potential customers, creating personalized marketing strategies, and predicting future market trends.

Content Personalization

• AI can generate personalized marketing materials, such as email content, website landing pages, and social media posts, tailored to the specific needs and interests of customers and other stakeholders.

Sales Optimization

• AI can analyze sales data with healthcare professionals (HCPs) and Healthcare Organizations (HCOs) to prioritize them based on likelihood of Rx conversion, helping sales teams focus their efforts on the most promising opportunities.

Sentiment Analysis

• AI can analyze patient and caregiver feedback and social media conversations to identify trends and potential issues, allowing for proactive customer service and reputation management.

Action Items: Compliance officers should be proactive in establishing robust data governance policies, collaborating with the AI/ML team to mitigate potential algorithmic bias, and working across the company to develop a comprehensive compliance framework for AI/ML use. When communicating with the board, keep them informed about how you are tracking with the company’s AI/ML initiatives, highlighting the potential benefits and associated risks. Discuss the steps your compliance team is taking to mitigate these risks, including partnering on data governance policies, bias mitigation strategies, and adherence to regulatory frameworks.

2 The Talent Shuffle
The life sciences industry in 2024 presents a tale of two realities. While a wave of innovation is fueling growth for some, established players are resorting to cost-cutting measures, leading some companies to institute major layoffs. These same forces are impacting companies in just about every industry.

Cost Cutting: Life sciences companies often face the need to reduce costs to remain competitive. We’ve seen several announcements thus far this year:

• Pfizer – $4 billion cost-cutting by end of 2024 + $1.5 billion over next 3 years
• Bristol Myers Squibb – 2,000 employees impacted by layoffs
• Bayer – reduced headcount by 1,500 employees
• Takeda – 641 workers impacted by layoffs

Talent Retention: Retaining talented employees contributes to the long-term success of the company. Companies are using a variety of mechanisms to attract and retain talent. These include: highlighting the company’s unique mission and culture; innovative compensation models; hybrid work arrangements; upskilling programs; wellbeing offerings; Diversity, Equity, and Inclusion (DEI) focus; and commitment to career development.

Depending on the stage of a company’s product lifecycle and market, different strategies may be implemented. Some life sciences companies may focus on cost-cutting, while others prioritize talent retention. In certain cases, companies may simultaneously pursue both objectives.

Action Items: Compliance officers need to be proactive as the employee landscape shifts. With new hires and role changes, a crucial focus should be on providing targeted training and education on role-specific compliance requirements. However, this isn’t the only concern. Compliance officers should also identify areas where existing controls may become inadequate or even disappear entirely due to staffing changes. The compliance officer should inform the board about these potential control gaps and propose solutions, such as increased monitoring or adjustments to existing processes and controls. More importantly, these changes may necessitate a revision of the company’s risk assessment. If key personnel with deep operational and compliance knowledge depart or controls are weakened, the overall risk profile of the company can shift significantly. The compliance officer should work with relevant departments to re-evaluate the risks, identify new vulnerabilities, and update the risk assessment accordingly.

3Decentralized Clinical Trials
Decentralized Clinical Trials (DCTs) are a growing trend in the pharmaceutical industry. These trials leverage technology to collect data remotely, reducing the need for in-person visits. This allows for greater patient participation, especially from geographically dispersed populations or those with mobility limitations. Examples include telehealth-based trials using video conferencing, wearable devices collecting health data like heart rate and activity levels, and mobile apps for patient-reported outcomes and communication.

However, DCTs also raise compliance concerns. Data security and privacy require robust security measures, clear data governance policies, and strong encryption protocols. Patient privacy is another consideration, as remote data collection necessitates carefully adapted informed consent procedures to address potential coercion or undue influence. Finally, regulatory bodies are still developing guidelines for DCTs, creating some uncertainty for companies.

Action Items: To navigate the evolving DCT landscape, compliance officers must stay informed about changing regulations and develop clear policies for ethical conduct in DCTs. This includes adapting informed consent procedures for the remote setting, implementing robust patient data protection protocols, and establishing clear communication channels to address patient concerns. Compliance officers should be proactively informing their boards on how the compliance program is helping the company leverage the benefits of DCTs while minimizing risks and maintaining ethical practices.

4ESG Considerations
Environmental, Social, and Governance (ESG) factors continue to remain important for investors and stakeholders. Boards are discussing how to integrate ESG principles into their corporate strategy and demonstrate their commitment to sustainability and social responsibility. Boards are facing challenges in this space.

Lack of Standardized Regulations

• Currently, there’s no single, overarching set of ESG regulations globally. Different countries have varying regulations and reporting and disclosure requirements, making it complex for companies with international operations.
• Action Item: Compliance officers must stay updated on these diverse regulations to ensure adherence across all markets.

Greenwashing Concerns

• Regulatory bodies are increasingly scrutinizing ESG claims to prevent “greenwashing,” where exaggerated information is presented about a company’s sustainability efforts.
• Action Item: Compliance officers should be working cross-functionally and sharing with the board how the company’s is ensuring its ESG reporting is accurate, transparent, and verifiable to avoid potential penalties and reputational damage.

Consumer Protection

• Consumer protection regulations are evolving to address misleading environmental claims in marketing.
• Action Item: Compliance officers must collaborate with commercial teams, corporate affairs, and their PRC committees to ensure all ESG-related messaging is accurate and substantiated.

Cybersecurity Risks

• The increasing collection and use of ESG data introduces new cybersecurity risks.
• Action Item: Compliance officers need to work with IT and other groups gathering data in the organization to implement policies and robust data security measures to protect sensitive ESG information from breaches or misuse.

5 Economic and Geopolitical Headwinds
The life sciences industry is continuing to face several disruptive macro forces in 2024. Beyond the ongoing challenges of scientific advancement and regulatory compliance, boards of directors are grappling with a complex economic and geopolitical landscape. This is across all industries, not just life sciences. The war in Ukraine, ongoing tensions between major powers, and escalation in the Israeli-Palestinian conflict are creating significant supply chain disruptions, potentially impacting research collaborations and access to critical resources. Coupled with a persistent inflationary environment, boards are strategizing on how to navigate these economic headwinds. This could involve cost-cutting measures (previously explored), investigating alternative sourcing options, or even raising prices to maintain profitability.

Action Items: For compliance officers, these disruptions present unique challenges. Inflationary pressures may incentivize corners being cut, potentially impacting quality control measures or adherence to Good Manufacturing Practices (GMP). Compliance officers should be informing the board about potential risks associated with cost-cutting measures, as well as the potential legal and reputational consequences of non-compliance. Additionally, compliance officers should be prepared to advise the board on navigating the complexities of a shifting geopolitical landscape. This could involve ensuring robust due diligence on new suppliers and research partners, mitigating the risk of sanctions violations, and helping the business ensure continued access to critical resources.

From Reactionary to Proactive

Compliance officers have a golden opportunity to continue to transform their role. By proactively tackling the aforementioned topics and demonstrating a strategic grasp of the industry’s evolving landscape, they can become invaluable partners to their boards. This shift transcends mere reporting. Instead of simply reacting to events, compliance officers can anticipate risks, propose solutions, and actively align with the company’s strategic goals. This proactive approach will only strengthen their compliance program.

Key Takeaways

• Compliance officers must align with board priorities to truly become a strategic partner.
• Compliance officers should discuss with the board how they are helping mitigate digital enablement risks, including partnering on data governance, adherence to regulatory frameworks, and bias mitigation strategies.
• High turnover weakens controls, raising risk. When the employee landscape shifts, compliance officers need to identify gaps and refresh risk assessments.
• Compliance officers need to ensure their programs are adapting for decentralized clinical trials (DCTs).
• Compliance officers must continue to advise the board on responsible ESG reporting and navigating sanctions and supply chain risks.

Amy Pawloski, CCEP, CFE, PMP (amy.pawloski@strategicversatility.com) is the president of Strategic Versatility LLC a healthcare compliance consulting practice in Phoenixville, Pennsylvania.

The post The Top Five Boardroom Issues Compliance Officers Should Be Discussing appeared first on Compliance Chief 360.

When the SEC seeks to punish those who commit civil crimes, such penalties are enforced exclusively in fines. The Court reasoned that since “relief is legal in nature when it is designed to punish or deter the wrongdoer rather than solely to ‘restore the status quo,’ such fines can only be enforced in courts of law.”

The SEC argued that the “public rights” exception to the Seventh Amendment applied, allowing Congress to grant the right to adjudicate a case to an agency without a jury. To fall under this exception depended on whether the SEC was enforcing “public rights” belonging to the government or seeking remedies similar to those sought by private parties. Ultimately, the Court decided that securities fraud did not trigger the exception and as a result meant that Congress could not delegate adjudication rights to the SEC.

Before this ruling took place, the SEC was able to initiate enforcement actions before administrative law judges, who rendered a final decision regarding the case at hand. Now, if the SEC seeks civil penalties like fraud, it must do so in a federal court. “Now the entire federal government is forced to play by the same litigation rules as everyone else—in real courts before real judges, just as our Founders intended,” S. Michael McColloch, Jarksey’s attorney, said.

Implications of the Court’s Ruling

Although this decision is a significant one, it is not unexpected. Due to its anticipation of a ruling similar to this one, the SEC, in recent years, has begun to pursue enforcement actions in federal court as opposed to internal forums. “The SEC anticipated this outcome, so I don’t think the ruling marks a seismic shift,” said Allison Kernisky, a securities litigator at Holland & Knight.

Nevertheless, this decision may potentially affect its overall success rate in securities fraud cases. Historically, the SEC has had a much higher success rate in in-house administrative proceedings, winning 90 percent of those cases compared to 69 percent in federal court. This decision is also likely to lead to an increase in the number of contested cases, rather than those settled before a complaint is filed.

The consequences from this decision will require the SEC to address the approximately 200 open administrative proceedings as well as reassess their use of in-house tribunals. Its reconsideration may result in a sense of hesitancy to use such proceedings for any enforcement actions that seeks civil penalties however, only time will tell.  

Jacob Horowitz is a contributing editor at Compliance Chief 360° 

The post Supreme Court Curtails SEC’s Use of In-House Tribunals for Civil Penalties appeared first on Compliance Chief 360.

A forensic post-mortem investigation into the cause of any corporate scandal or failure will identify a number (or perhaps all) of these deficiencies and weaknesses. But what if we could do a “pre-mortem” investigation? What if we could predict the scandal in advance and head it off by considering all the ways things could go wrong?

Artificial Intelligence is the latest buzz among compliance departments, and for good reason: It has the potential to completely transform compliance as it does for many corporate functions. But there is also a downside in the potential for massive risks that stem from the use of AI. It’s not hard to imagine that these AI risks will come to pass at one or more organizations and blow up into the latest scandal of epic proportions.

Artificial Intelligence technology as it evolves is certain to contribute to the creation, preservation, and destruction of stakeholder value in the coming weeks, months, and years. In terms of value creation, digital and smart technologies are already pervasive and AI in its many forms, such as machine learning, natural language processing, and computer vision, has the potential to leverage from this in order to add significant value, to make enormous contributions, and to create long-term positive impacts for society, the economy, and the environment.

It has the potential to solve complex problems and create opportunities that benefit all human beings and their ecosystems. Unfortunately, AI systems also have the potential for tremendous value destruction, and to cause an unimaginable level of harm and damage to human ecosystems, including business, society, and the planet.

Given the deficiencies and weaknesses described above in relation to everyday corporate scandals, one does not have to be a rocket scientist to predict that these same issues are also likely to arise in relation to AI technology. It is therefore incumbent upon our leaders to consider the potential serious impact, consequences, and repercussions which could emerge in relation to the development, deployment, use, and management of AI systems.

Anticipation of Future AI Hazards

An AI defense cycle can be viewed in terms of the corporate defense cycle, with the same unifying defense objectives representing the four cornerstones of a robust AI defense program.

Prudence and common-sense would suggest that it is therefore considered both logical and rational to anticipate the following deficiencies and weaknesses in relation to AI technology and to fully consider their potential for value destruction.

1. Failures in AI Governance
The current lack of a single comprehensive global AI governance framework has already led to inconsistencies and differences in approaches across various jurisdictions and regions. This is likely to result in potential conflicts between stakeholder groups with different priorities. The lack of a unified approach to AI governance can result in a lack of transparency, responsibility, and accountability which raises serious concerns about the social, moral, and ethical development and use of AI technologies. The ever-increasing lack of human oversight due to the development of autonomous AI systems simply reinforces these growing concerns. Prevailing planet governance issues are also likely to negatively impact on AI governance.

2. Poor AI Risk Management
Currently there appears to also be a fragmented global approach to AI risk management. Some suggest that this approach seems to overemphasize a focus on risk detection and reaction and underemphasize a focus on risk anticipation and prevention. It can tend to focus on addressing very specific risks (such as bias, privacy, security, and others) without giving due consideration to the broader systemic implications of AI development and its use.

Such a narrow focus on AI risks also fails to address the broader societal and economic impacts of AI and overlooks the interconnectedness of AI risks and their potential long-term consequences. Such short-sightedness is potentially very dangerous as it fails to address and keep pace with the potential damage of emerging risks while also failing to prepare for already flagged longer-term risks such as those posed by superintelligence or autonomous weapons systems and other potentially catastrophic outcomes.

3. AI Compliance Failures
AI compliance consists of a patchwork of AI laws, regulations, standards, and guidelines at national and international levels. This lack of harmonization of laws and regulations means that they are not in clear alignment, meaning they can be inconsistent in nature. This makes them both confusing and ineffective, making it difficult for stakeholders to comply with, and for regulators to supervise and enforce, especially across borders.

This lack of clear regulation and the lack of appropriate enforcement mechanisms makes it difficult to hold actors to account for their actions and can encourage non-compliance, violations, and serious misconduct leading to the potential unsafe, unethical, and illegal use of AI technology. The existence of algorithmic bias can result in a lack of fairness and lead to an exacerbation of existing inequality, prejudice, and discrimination. A major concern is that the current voluntary nature of AI compliance and an over reliance on self-regulation is not sufficient to address these potentially systemic issues.

4. Unreliable AI Intelligence
Unreliable intelligence can ultimately result in poor decision making in its many forms. Many AI algorithms can be opaque in nature and are often referred to in terms of a “Black Box,” which hinders the clarity and transparency of the development and deployment of AI systems. Their complexity makes it difficult to interpret or fully comprehend their algorithmic decision-making and other outputs.

It is therefore difficult for stakeholders to understand and mitigate their limitations, potential risks, and the existence of biases. This can further contribute to accountability gaps and make it difficult to hold AI developers and users accountable for their actions. AI development can also lack the necessary stakeholder engagement and public participation which can mean a lack of the required diversity of thought needed for the necessary alignment with social, moral, and ethical values. This lack of transparency and understanding can expose the AI industry to the threat of clandestine influence.

5. Inadequate AI Security
The global approach to AI security also appears to be somewhat disjointed. Data is one of the primary resources of the AI industry and AI systems collect and process vast amounts of data. AI technologies can be vulnerable to cyberattacks which can compromise assets (including sensitive data), disrupt operations, or even cause physical harm. If AI systems are not properly protected and secured, they could be infiltrated or hacked, resulting in unauthorized access to data and this could be used for malicious purposes such as data manipulation, identity theft, or fraud. This raises concerns about data breaches, data security, and personal privacy.

Indeed, AI powered malware could help malicious actors to evade existing cyber defenses thereby enabling them to inflict significant destruction to supply chains and critical infrastructure. Examples include damage to power grids, disruption of financial systems, and others.

6. Insufficient AI Resilience
The global approach to AI resilience is naturally impacted by the chaotic approach to some of the other areas noted above. Where AI systems are vulnerable to cyberattacks, this can allow hackers to disrupt operations leading to possible unforeseen circumstances which are difficult (if not impossible) to prepare for. This can impact on the reliability and robustness of the AI system and its ability to perform as intended in real-world conditions and to withstand, rebound, or recover from a shock, disturbance or disruption. AI systems can of course also make errors, incorrect diagnoses, faulty predictions, or other mistakes, sometimes termed “hallucinations.”

Where an AI system malfunctions or fails for whatever reason, this can lead to unintended consequences or safety hazards that could negatively impact on individuals, society, and the environment. This may be of particular concern in critical domains such as power, transportation, health, and finance.

7. Ineffective AI Controls
The global approach to AI controls also seems to be somewhat disorganized. Once AI systems are deployed, it can be difficult to change them. This can make it difficult to adapt to new circumstances or to correct mistakes. There are therefore some concerns that an overemphasis on automated technical controls (such as bias detection and mitigation) and not enough attention given to the importance of human control can create a false sense of security and mask the need for human control mechanisms.

As AI systems become more sophisticated, there is a real risk that humans will lose control over AI leading to situations where AI may make decisions that have unintended consequences that can significantly impact on individuals’ lives with potentially harmful consequences. Increasing the autonomy of AI systems without the appropriate safeguards and controls in place raises valid concerns about issues such as ethics, responsibility, accountability, and potential misuse.

8. Failures by AI Assurance Providers
There is currently no single, universally accepted framework or methodology for AI assurance. Different organizations and countries have varying approaches, leading to potential inconsistencies. The opaque nature and increasing complexity of AI can make it difficult to competently assess AI systems, creating gaps in assurance practices, and thus hindering the provision of comprehensive assurance.

The expertise required for effective AI assurance is often a scarce commodity and may be unevenly distributed which in turn can create accessibility challenges for disadvantaged areas and groups. The lack of transparency, ethical concerns, and the lack of comprehensive AI assurance can lead to an erosion of public trust and confidence in AI technologies which can hinder its adoption and potentially create resistance to its potential benefits. Given all of the above, the provision of AI assurance can be a potential minefield for assurance providers.

AI Value Destruction and Collateral Damage

Should any assurance provider worth their salt undertake to benchmark these eight critical AI defense components to a simple 5 step maturity model ( 1. Dispersed, 2. Centralized, 3. Global (Enterprise-wide), 4. Integrated, 5. Optimized) then each one of them individually and collectively would currently be rated as being only at step 1, Dispersed. This level of immaturity in itself represents a recipe for value destruction.

Each of these eight critical AI defense components are interconnected, intertwined, and interdependent as individually each impacts on, and is impacted by, each of the other components. They represent links in a chain where the chain is only as strong as its weakest link. Collectively they can provide an essential cross-referencing system of checks and balances which helps to preserve AI stakeholder value. Therefore, the existence of deficiencies and weaknesses in more than one of these critical components can collectively result in exponential collateral damage to stakeholder value.

Examples of Potential Value Destruction

Misuse and Abuse:AI technologies can be misused and abused for all sorts of malicious purposes with potentially catastrophic results. They can be used for deception, to shape perceptions, or to spread propaganda. AI generated deepfake videos can be used to spread false or misleading information, or to damage reputations. Other sophisticated techniques could be used to spread misinformation and be used in targeted disinformation campaigns to manipulate public opinion, undermine democratic processes (elections and referendums) and destabilize social cohesion (polarization and radicalization).

Privacy, Criminality, and Discrimination: AI powered surveillance such as facial recognition can be intentionally used to invade people’s privacy. AI technologies can help in the exploitation of vulnerabilities in computer systems and can be applied for criminal purposes such as committing fraud or the theft of sensitive data (including intellectual property). They can be used for harmful purposes such as cyberattacks and to disrupt or damage critical infrastructure. In areas such as healthcare, employment, and the criminal justice system AI bias can lead to discrimination against certain groups of people based on their race, gender, or other protected characteristics. It could even create new forms of discrimination potentially undermining democratic freedoms and human rights.

Job Displacement and Societal Impact: As AI technologies (automobiles, drones, robotics, and others) become more sophisticated, they are increasingly capable of performing tasks that were once thought to require human workers. AI powered automation of tasks raises concerns relating to mass job displacement (typically the most vulnerable), and the potential for widespread unemployment which could impact on labor markets and social welfare, potentially leading to business upheaval, industry collapse, economic disruption, and social unrest. AI also has the potential to amplify and exacerbate existing power imbalances, economic disparities, and social inequalities.

Autonomous Weapons: AI controlled weapons systems could make decisions about when and who to target, or potentially make life-and-death decisions (and kill indiscriminately) without human intervention, raising concerns about ethical implications and potential unintended consequences. Indeed, the development and proliferation of autonomous weapons (including WMDs) and the competition among nations to deploy weapons with advanced AI capabilities raises fears of a new arms race and the increased risk of a nuclear war. This potential for misuse and possible unintended catastrophic consequences could ultimately pose a threat to international security, global safety, and ultimately humanity itself.

The Singularity: The ultimate threat potentially posed by the AI singularity or superintelligence is a complex and uncertain issue which may (or may not) still be on the distant horizon. The potential for AI to surpass human control and pose existential threats to humanity cannot and should not be dismissed and it is imperative that the appropriate safeguards and controls are in place to address this existential risk. The very possibility that AI could play a role in human extinction should at a minimum raise philosophical questions about our ongoing relationship with AI technology and our required duty of care. Existential threats cannot be ignored and addressing them cannot be deferred or postponed.

AI Value Preservation Imperative

Under the prevailing circumstances the occurrence of some or all of the above AI related hazards represent both an unacceptably high probability and impact, with potentially catastrophic outcomes for a large range of stakeholder groups. Serious stewardship, oversight, and regulation concerns have already been publicly expressed by AI experts, researchers, and backers. It represents an urgent issue which requires urgent action. This is one matter where a proactive approach is demanded, as we simply cannot accept a reactive approach to this challenge. In such a situation “prevention is much better than cure,” and it is certainly not a time to “Shut the barn door after the horse has bolted.”

Addressing this matter is by no means an easy task but it is one which needs to be viewed as a compulsory or mandatory obligation. Like many other challenges facing human beings on Planet Earth this is one that will require global engagement and a global solidarity of purpose.

AI value preservation requires a harmonization of global, international, and national frameworks, regulations, and practices to help ensure consistent implementation and the avoidance of fragmentation. This means greater coordination, knowledge sharing, and wider adoption in order to help ensure a robust and equitable global AI defense program.

This needs to begin with a much greater appreciation and understanding of the nature of AI value dynamics (creation, preservation, and destruction) in order to help foster responsible innovation. Sooner rather than later, the approach to due diligence needs to include adopting a holistic, multi-dimensional and systematic vision that involves an integrated, inter-disciplinary, and cross-functional approach to AI value preservation. Such an approach can help contribute to a more peaceful and secure world, by creating a more trustworthy, responsible, and beneficial AI ecosystem for all.

This pre-mortem simply cannot be allowed to develop into a post-mortem!   

Sean Lyons is a value preservation & corporate defense author, pioneer, and thought leader. He is the author of “Corporate Defense and the Value Preservation Imperative: Bulletproof Your Corporate Defense Program.”

The post Anticipating a Scandal: Is AI a Ticking Time Bomb for Companies? appeared first on Compliance Chief 360.