To learn more about what makes GRC solutions effective, we worked with OCEG (Open Compliance Ethics Group) to conduct the 2025 GRC Maturity Survey. This survey provided a global snapshot of where organizations stand today and the differentiating factors that equate to GRC maturity. Drawing on input from over 850 professionals (including 368 senior executives), the findings are clear: a formal strategy around the right ...
APRA CPS 230 is a regulatory standard introduced by the Australian Prudential Regulation Authority. Its goal is to improve operational resilience in the financial sector. It applies to a wide range of institutions—banks, insurers, super funds, and others that provide essential financial services in Australia. At the heart of CPS 230? A key focus on protecting critical services. These are the functions that, if disrupted, ...
Organizational silos aren’t just a byproduct of growth. They are a clear sign that something is not working. And while they can show up anywhere, certain environments are especially prone to them. Eight in ten companies say there's a stark mismatch between their department initiatives and their larger business initiatives.¹ The result? Nearly $9 trillion in estimated economic losses each year. When communication is stifled ...
Hidden risks can vaporize anticipated Merger & Acquisition (M&A) returns and derail deal synergies. Acquiring a company means acquiring that company’s risk. Yet, too many deals stumble because compliance expertise arrives late, or not at all. Below, we highlight five common missteps related to compliance that can disrupt M&A transactions. Compliance Joins After the Ink Dries Clients tell us, “We weren’t informed of a pending M&A ...
When it comes to hospital regulatory compliance, no two days are ever the same. Constant change related to evolving regulations, new threats, and shifting policies is the norm, not the exception. This means hospital compliance teams must foster a culture that embraces continuous improvement and responsiveness to change. Below we offer several strategies that can support a continuous improvement mentality for the long-term, leading to ...
The integrated risk management process connects and funnels every risk area—think cybersecurity, third‑party, compliance, data privacy, and more—into one unified strategy. Instead of having each team manage threats in isolation, you assign clear accountability for each domain and agree on a common set of definitions. Visibility, check. Accountability, check. A more holistic vantage point, check. In the not-so-distant past, companies handled risks within isolated teams, ...
Can you walk the healthcare compliance walk? Regulators no longer accept activity reports as proof of success. They want hard evidence that your compliance program changes behavior and operates independently. What's next? Here are three actionable steps to improve your healthcare compliance program, as suggested by our annual survey, in partnership with Strategic Management Services, on the current state of healthcare compliance programs. Since Outcomes ...
One third-party misstep can damage a brand in a matter of minutes. For example, a data breach can grant hackers access to customer data, a vendor's offensive social media post can trigger public backlash, or a logistics partner’s delay can ruin a product launch. Quantifying reputational risk is now essential. Organizations all around the world face increased pressure. Pressure to assess, monitor, and mitigate reputational ...
SAI360 Acquires Lawcode to Disrupt U.S. Legacy Whistleblower Hotline Market Modern whistleblower platform solution expands to U.S. with top-tier security, faster deployment, and intuitive UX SAI360, the leader in integrated risk and compliance software, has acquired Germany-based Lawcode GmbH, creators of Hintbox — a next-generation whistleblower hotline and case management platform trusted across the DACH region. This strategic acquisition marks a major leap forward in ...
On June 9, 2025, the Department of Justice (DOJ) issued new DOJ FCPA guidelines that reshape how—and when—the Foreign Corrupt Practices Act (FCPA) will be enforced. The update follows a 180-day pause under Executive Order 14209, which directed prosecutors to stop initiating new FCPA investigations unless tied to national security, cartel activity, or competitive harm to U.S. companies. What is the FCPA? The FCPA prohibits ...
