Posts

Showing posts with the label Radical Compliance

Keeping Humans in the AI Loop

I spent this week in Lithuania attending a conference for compliance officers in Eastern Europe, and this being Europe, of course that meant artificial intelligence and data privacy were all over the agenda. So it’s rather poetic that European regulators also just published fresh guidance on human oversight of automated decision-making systems.  The guidance  was released last month by the European Data Protection Supervisor , which acts as the EU’s independent data protection authority — and more recently, also as one of the lead agencies responsible for enforcing the EU AI Act. As part of that mission, the EDPS releases guidance on privacy and AI issues that other regulators and corporations alike can consider.  Why care about this specific piece of guidance? Because automated decision-making systems are regulated by both the EU General Data Protection Regulation ( Article 22 ) and the EU AI Act ( Article 14 );  and  those same regulatory demands for human ove...

A Report on Codes of Conduct

Image
Compliance software vendor  LRN Corp.  released its latest study of corporate codes of conduct last week. Given that the code of conduct is a sacred text for compliance programs everywhere, let’s look at the findings to see what’s common practice for codes these days and how much those practices do or don’t matter in today’s world. The  report is available on LRN‘s website , and we should always beware that LRN does sell software and consulting services to compliance officers, so it has a commercial interest in talking about this stuff. That said, the study is still worth your time. LRN reviewed 194 codes from large corporations around the world, and surveyed 2,000 employees across 15 countries about how their codes are used or perceived in the workplace. So there’s plenty of food for thought here.   Among the major findings… Companies are updating their codes at a fairly steady pace .  LRN found that 73 percent of codes it studied had been updated within the l...

Google Promises Compliance Overhaul

Image
Google has agreed to spend $500 million over the next decade to overhaul its compliance operations, including a new board-level committee dedicated to regulatory compliance and multiple new compliance teams embedded across the 184,000-person enterprise. Google  made that sweeping promise to settle a lawsuit from unhappy shareholders , who had sued the company for its numerous alleged antitrust violations over the years. The two sides reached a proposed settlement on Friday, although the federal district court judge presiding over the case still needs to give the deal her final blessing.  The lawsuit was filed by a Michigan pension fund in 2021, which basically said that because Google and its board had exercised poor oversight of antitrust issues, the company lurched into widespread anti-competitive behaviors and ensuing regulatory probes, which have ended up costing Google a fortune.  Those investors have a point; Google  has  endured one migraine after anothe...

Uh-Oh: AI’s New Whistleblower Impulses

Image
Here’s a tough one for all you compliance professionals who like to think about artificial intelligence: how would you handle an AI agent in your enterprise that, all on its own, decides to report suspected misconduct directly to regulators?  This is no longer a theoretical question; it’s a possibility embedded within Claude Opus 4, the latest AI software system developed by Anthropic, which released Claude 4 to the public last week. Anthropic also r eleased a report summarizing the testing developers performed on Claude 4  and the behavior they observed — and under certain circumstances, Claude 4 decided for itself to report suspected wrongdoing to regulators, law enforcement, and the media. To be clear, Claude 4 never actually alerted regulators to any real misconduct at real companies. This all happened in testing environments, using fake information and isolated from the real world; and the tests gave Claude 4 expanded permissions to act independently that the standard Cl...

Another Refresher on Conflicts of Interest

Image
  Managing conflicts of interest is a big part of any corporate compliance officer’s job. Today we have a fascinating glimpse of how complicated that work can be, courtesy of the Wall Street Journal and its detailed account of how the now-former Kohl’s CEO Ashley Buchanan sent company business to his girlfriend. You probably remember the original story, which first hit the headlines on May 1. That was the day the  $16 billion retail chain fired Buchanan , who had arrived as CEO only four months earlier, because Buchanan had “directed the company to engage in vendor transactions that involved undisclosed conflicts of interest.” It soon became clear that the conflict  was Buchanan steering consulting and business contracts to Chandra Holt  — a former colleague from Walmart, an accomplished business executive in her own right, and Buchanan’s romantic partner for years. Lots of people in the ethics and compliance community have praised Kohl’s board for its commitment to ...

Justice Dept. Promises More Declinations

Image
The Justice Department has announced new, more relaxed policies for when it will prosecute corporate crime, promising “a clear path to declination” that bypasses the criminal resolution process entirely for companies that self-disclose and remediate their misconduct.   Matthew Galeotti , acting head of the Criminal Division at the Justice Department,  announced the new policy in a speech he delivered Monday . In many ways the new policy follows previous corporate enforcement policy under the Biden Administration, with an emphasis on voluntary self-disclosure, cooperation with prosecutors, and timely remediation of the offenses.  This new policy goes even further, however, clearly states that companies meeting all three criteria  will  receive a declination, not just the “presumption of a declination” standard that had existed previously.  Galeotti “ Those companies that meet our core requirements — voluntarily self-disclose to the Criminal Division, fully c...