A NAVEX blog covering all things governance, risk and compliance related - including the latest regulatory updates you need to know.
Latest
12 May 2026 Matt Kelly
The EU Anti-Corruption Directive introduces stricter penalties, broader accountability, and greater expectations for compliance programs operating across Europe.
Read more
Featured
Featured
11 Dec 2025 NAVEX Editorial Team
Read more
Featured
15 Sep 2020 MaryAnn Rains
It’s not optional - organizations must prioritize cybersecurity risk. To do that, you need a framework. NIST CSF is a risk-based framework and common language for understanding, managing, and indicating cybersecurity risk. Here’s why and how you should use it.
Read more
10 Sep 2020 Mike Ogden
As data protection and customer privacy become higher corporate priorities, compliance and risk professionals would be wise to leverage privacy frameworks. Here are 5 reasons you need a framework for you data privacy and protection.
Read more
8 Sep 2020 Matt Kelly
Regulatory guidance isn’t always direct and specific. It’s often left to interpretation. That’s the case with two August regulatory reports related to the CDD Rule and the issue of high-risk customers, especially politically exposed persons (PEPs).
Read more
3 Sep 2020 Andrew Burt
This Labor Day, we explore the often-overlooked story of organized labor in America, and examine what those experiences can teach us about the importance of ethics and compliance in the workplace today.
Read more
31 Aug 2020 Mike Ogden
Business relies on census data to make business decisions, yet there are concerns about the integrity of the 2020 Census. How can business trust this once trusty resource? Start by identifying it as a business risk.
Read more
27 Aug 2020 Mike Ogden
What is Integrated Risk Management? IRM is a necessary step in digital transformation, as business risks become more complex and connected, thanks to digital technology. Technology and globalization grow business, but they also introduce risk. IRM is inevitable for successful business - here’s why.
Read more
25 Aug 2020 Andrew Burt
NAVEX Global’s Definitive Risk & Compliance Benchmark Report identified 7 “Drivers of Program Performance” – compliance elements and activities linked with program success. This week, we take a look at how to use evaluative tools to build a list of DOJ-Friendly “Lessons Learned” in 2020.
Read more
20 Aug 2020 Matt Kelly
During COVID-19, compliance has been overlooked in many organizations. Crisis management has been the priority. So when regulatory bodies offer guidance, compliance professionals listen. Here are three key takeaways.
Read more
18 Aug 2020 Andrew Burt
On Friday, California officially approved final regulations under the California Consumer Privacy Act (CCPA). Here are 7 tips for keeping your company’s website CCPA compliant – and out of regulators’ crosshairs.
Read more
14 Aug 2020 Mike Ogden
HIPAA compliance is even more challenging with the Dark Web’s bounty on electronic protected health information. Such data is worth a pretty penny. That’s why healthcare organizations look for solutions that can provide tighter control over ePHI,whether it’s hackers exposing vulnerabilities or the weakest link is a business associate or the intentional/unintentional employee.
Read more
11 Aug 2020 Matt Kelly
The Justice Department gave compliance officers a significant piece of guidance in June which begs the fundamental question: Is the compliance program “adequately resourced and empowered to function?” Here are three ways to use the latest guidance to test your antitrust compliance.
Read more
6 Aug 2020 Andrew Burt
This year’s Definitive Risk & Compliance Benchmark Report identified 7 drivers of compliance program performance – key compliance elements and activities linked with program success. This week, we take a look at how compliance practitioners can use board engagement to enhance their programs and protect their organizations from risk.
Read more
4 Aug 2020 NAVEX Editorial Team
Here’s a framework to address and mitigate risk during return-to-work planning, amid increased disruption from the pandemic. Most R&C professionals are concerned with risks that roll up to three main categories: managing a remote workforce, COVID-specific risks, and risk related to employee conduct.
Read more
3 Aug 2020 Andrew Burt
For the first time, Acting Assistant Attorney General Brian Rabbitt spoke publicly about the Department of Justice’s thoughts and intent behind the publication of its 2020 update to the Evaluation of Corporate Compliance Programs. Here’s what he had to say.
Read more
