Skip to content.

Secondary navigation

Get Your Demo

Matt Kelly

CEO

Radical Compliance

Matt Kelly is editor and CEO of Radical Compliance, a blog and newsletter that follows corporate governance, risk, and compliance issues at large organizations. He speaks and writes on compliance, governance, and risk topics frequently. Follow him at @compliancememe or get in touch with him via email.

Articles by the author

  • 11 Mar 2025 Matt Kelly

    Strong Compliance Programs Will Always Matter

    How should Compliance programs should respond to the Trump Administration’s new priorities – spoiler, the answer is to keep calm and compliance on.

    Read more

  • 4 Feb 2025 Matt Kelly

    Exploring California’s AI Laws

    This article explores how California’s approach to AI laws have a much broader impact than the state’s geography – and what compliance can learn from how California is governing AI.

    Read more

  • 29 Oct 2024 Matt Kelly

    Compliance Lessons from a Bowl of Ice Cream

    Compliance officers can learn a lot from small businesses, and today we have a fascinating example of that point from the smallest sort of business there is – a boy selling ice cream.

    Read more

  • 24 Oct 2024 Matt Kelly

    Bracing for New AI-Fraud Risks

    Preventing AI-related fraud should be top-of-mind for Compliance officers – this article explores the new frontier of fraud and how AI will keep you on your toes.

    Read more

  • 11 Jul 2024 Matt Kelly

    Supply-Chain Risk Is Eating the World

    What if we’ve been thinking about the intersection of compliance and sustainability all wrong? What if, at the bottom of all this, it’s really about supply-chain risk?

    Read more

  • 1 Jul 2024 Matt Kelly

    Regulation of AI Keeps Revving Up

    This NAVEX blog discusses the increasing regulation of AI related to the recent Colorado law and what trends in AI regulation may be on the horizon.

    Read more

  • 28 May 2024 Matt Kelly

    What a New SEC Enforcement Sweep Is Really Telling Us

    Attention all compliance officers at large technology companies – have you checked your mail lately? Because you might find a letter from the Securities and Exchange Commission with FCPA risk written all over it.

    Read more

  • 7 May 2024 Matt Kelly

    The Ethics and Compliance Challenges of Noncompete Bans

    The U.S. Federal Trade Commission sent shockwaves through the corporate world in April when the agency imposed a ban on noncompete agreements – and like any good shockwave, this new rule will reverberate through the ethics and compliance function too.

    Read more

  • 1 May 2024 Matt Kelly

    How Ethics Supports Compliance Management and Innovation

    Financial regulator Michael Hsu argues strong ethics and compliance culture isn’t at odds with innovation, but fuels it by helping anticipate and avoid future problems. Learn how to implement this approach in your organization.

    Read more

  • 19 Mar 2024 Matt Kelly

    Using the NIST CSF for Strong Cybersecurity Compliance

    Corporations have struggled to manage cybersecurity risk for years, and now they have a new tool to help them bring order to chaos: a new and improved cybersecurity risk management framework, released at the end of February by the National Institute of Standards and Technology.

    Read more

  • 27 Feb 2024 Matt Kelly

    Supreme Court Gives a Boost to Whistleblowers

    The U.S. Supreme Court recently paved an easier path for whistleblowers to win retaliation lawsuits they file, making the always delicate task of handling corporate whistleblowers that much more delicate.

    Read more

  • 8 Feb 2024 Matt Kelly

    How to Build a Good Risk Assessment Process

    Risk assessments are one of the most important tasks a compliance officer performs – and also one of the most confounding. How do you keep assessing your organization’s risks in a disciplined, methodical manner, when the range and nature of those risks changes so often?

    Read more

  • 28 Dec 2023 Matt Kelly

    SEC Rule or Not, Keep Your Eye on the Climate Change Ball

    The U.S. Securities and Exchange Commission recently announced that its long-awaited greenhouse gas disclosure rule will be delayed yet again, most likely until April 2024. This raises an important question for compliance and audit concerned about climate change regulation.

    Read more

  • 7 Dec 2023 Matt Kelly

    From Healthcare Sector, a Big Push for CCO Autonomy

    This post discusses what you need to know about the guidelines released from the Department of Health and Human Services Office of the Inspector General on effective compliance programs for the healthcare sector.

    Read more

  • 30 Nov 2023 Matt Kelly

    The Subtle but Significant Shift at U.S. Justice Department

    In October, deputy attorney general Lisa Monaco made headlines when she announced a new leniency policy at the U.S. Justice Department for companies that disclose compliance violations discovered during mergers and acquisitions.

    Read more

  • 20 Nov 2023 Matt Kelly

    New Healthcare Compliance Guidance

    The Department of Health and Human Services has released long-awaited guidance on compliance programs in the healthcare world. This post covers the highlights and what you need to know.

    Read more

  • 24 Aug 2023 Matt Kelly

    The Path from CISO to Board Director

    Everyone even peripherally involved with corporate governance, compliance, or risk management knows that corporate boards need more CISOs to help them navigate today’s cyber-saturated world. This post discusses how CISOs can deepen ties and increase influence with, and presence on, boards of directors.

    Read more

  • 31 Jul 2023 Matt Kelly

    SEC Adopts Cyber Disclosure Rule

    As expected, the Securities and Exchange Commission adopted new rules on June 26, 2023, requiring publicly traded companies to make more disclosures about the cyber risks they have and the specific cyber attacks they suffer. This post, originally featured on Radical Compliance, explains what you need to know to comply.

    Read more

  • 18 Jul 2023 Matt Kelly

    Whistleblower Hotline Success, in the EU and Beyond

    This post discusses the recent wave of EU Whistleblower Protection Directive transpositions and how, when paired with research from both KPMG and NAVEX, a picture begins to form about how organizations need to focus on gaining trust in hotline reporting systems in order to see true program success.

    Read more

  • 8 Jun 2023 Matt Kelly

    Why a ‘Policy on Policies’ Is So Important

    A policy about policies is just what the name suggests: a single, master policy that dictates how all other policies at your business are created and used. This blog post discusses why your organization should have a policy on policies.

    Read more

  • 28 Mar 2023 Matt Kelly

    More on Clawbacks, Message Apps

    This blog discusses recent updated guidance from the U.S. DOJ and the new policies regarding compensation clawbacks and expectations around company governance of “ephemeral messaging apps.”

    Read more

  • 15 Mar 2023 Matt Kelly

    How CISOs Can Start Talking About ChatGPT

    The rise of ChatGPT is changing the risk and compliance landscape. This NAVEX blog explores what CISOs need to know about ChatGPT’s effect on risk and compliance.

    Read more

  • 1 Dec 2022 Matt Kelly

    Good Information Protection Programs Coming into Focus

    Corporate compliance officers grapple all the time with what their companies should do to develop effective information protection programs. This blog discusses two recent examples of Federal Trade Commission enforcement actions that outline what that looks like.

    Read more

  • 19 Oct 2022 Matt Kelly

    The Compliance Program’s Role in Anti-Fraud Efforts

    Corporate compliance professionals can learn a lot from the audit world. Our latest lesson comes in a statement from the Securities and Exchange Commission, warning auditors to do better at identifying the risk of fraud among their corporate clients – and that statement has plenty of practical implications for compliance officers, too.

    Read more

  • 22 Sep 2022 Matt Kelly

    The Justice Department’s New Emphasis on a Culture of Compliance

    The week of September 12 was an important one for corporate compliance professionals. This post discusses the speeches made by two high-ranking officials at the U.S. Justice Department outlining ambitious plans to transform the prosecution of corporate misconduct.

    Read more

  • 17 Aug 2022 Matt Kelly

    Another Reminder About a Commitment to Compliance

    The U.S. Justice Department has long said that a culture of compliance is what matters in regulatory enforcement actions, and can pay dividends in the form of smaller monetary penalties. This post discusses a recent example of this in practice.

    Read more

  • 3 May 2022 Matt Kelly

    Bringing Together the People, Processes, and Tools for Cyber Risk Management

    Recent cyber-related events and news about the SEC oversight proposal is bringing the cybersecurity management and oversight conversation to the forefront for many organizations. With or without formal rules regarding oversight from the SEC, businesses should start shoring up cybersecurity practices to protect against an ever-evolving threat landscape.

    Read more

  • 4 Apr 2022 Matt Kelly

    The SEC's Message for Companies on Cybersecurity: ‘Do Better’

    With cyber-attacks on the rise and frequently making headlines, organizations must be diligent in their efforts to protect the enterprise from growing threats. The U.S. Securities and Exchange Commission has proposed new rules for the disclosure of cybersecurity issues – setting in motion a future of increasingly regulated cybersecurity programs and communication about incidents.

    Read more

  • 8 Mar 2022 Matt Kelly

    Building the Case for Case Management

    A recent report by the Association of Certified Fraud Examiners (ACFE) reveals that many businesses lack dedicated and disciplined technology for managing fraud cases. Detecting fraud in today’s environment is increasingly complex, and businesses that only do the minimum or use outdated or disjointed technology are well-advised to reevaluate how fraud is detected and addressed.

    Read more

  • 4 Feb 2022 Matt Kelly

    The New Normal Workplace (pt. 1) – R&C Management

    Each year, NAVEX publishes the Top 10 Trends in Risk and Compliance. This publication features trends and predictions for the year to come and features contributions from experts in the industry. In this article, Matt Kelly outlines how risk and compliance management is evolving in the “new normal” workplace.

    Read more

  • 21 Jan 2022 Matt Kelly

    Building a Better Response for Ransomware

    Businesses need to do better at reducing the threat of cyberattacks - which means compliance and risk officers need to understand what ransomware truly is. Here are practical steps your organization can take to identify and neutralize cyber threats.

    Read more

  • 1 Dec 2021 Matt Kelly

    Ethical Culture Is Becoming More Valuable. Know How to Nurture It

    Corporate ethics and compliance officers have long argued that maintaining an ethical corporate culture is important to a business for all sorts of reasons. Now you might be able to offer one more: failing to maintain an ethical corporate culture might violate federal securities rules.

    Read more

  • 30 Sep 2021 Matt Kelly

    Mitigating Conduct Risks in Strategic Objectives & Performance Metrics

    Corporations depend on strategic objectives and performance metrics - but they can sometimes warp your corporate culture to the point of corporate misconduct and regulatory enforcement actions. Learn what compliance can do to keep those risks at bay.

    Read more

  • 3 Sep 2021 Matt Kelly

    How Compliance Can (and Should) Improve Diversity Efforts

    Organizations have a compelling interest in taking diversity, equity and inclusion (DEI) seriously, and in including diverse voices at every rung of the organizational ladder. But how can compliance help advance DEI, and what challenges should they expect?

    Read more

  • 26 Aug 2021 Matt Kelly

    The Complicated Tango of Compliance & Cybersecurity

    Boards and senior management agree that they must move beyond a compliance-centric approach to cybersecurity. But what role should compliance play? Here are some key steps compliance can take to break down silos and develop “hardened” business operations.

    Read more

  • 16 Jun 2021 Matt Kelly

    How to Get From Whistleblower Protection to Accountability

    In advance of World Whistleblower Day on June 23, we examine the growing importance and goals of whistleblower protection laws – and the critical role a strong speak-up culture plays in achieving them.

    Read more

  • 15 Mar 2021 Matt Kelly

    Leveraging Due Diligence To Strengthen Supply Chain Risk Management

    Supply chains are longer and more complex, and suppliers pose more risks than ever before: legal, logistical, reputational, regulatory, cybersecurity, to name a few. Luckily, compliance teams and due diligence can play an important role in your supply chain risk management.

    Read more

  • 9 Feb 2021 Matt Kelly

    4 Steps To Start a Business Continuity Plan

    Planning for disruption has never been more important. To start creating a business continuity plan, you’ll need a risk assessment, business impact analysis, business continuity plan, and ongoing testing and communication.

    Read more

  • 13 Jan 2021 Matt Kelly

    Anti-Money Laundering Act of 2020 Creates a New Whistleblower Award

    Congress gave compliance professionals quite the gift on New Year’s Day: a new whistleblower awards program that will allow compliance officers an easier path to seek awards, regardless of whether you raise those misconduct concerns internally. Here’s what compliance needs to know.

    Read more

  • 23 Sep 2020 Matt Kelly

    3 Keys to an Effective Compliance Program, According to the CFTC

    The new CFTC memo is the latest in a chorus of regulatory bodies asking for an “effective compliance program.” What does this mean for compliance professionals? Find out with these three key takeaways for building and effective compliance program.

    Read more

  • 8 Sep 2020 Matt Kelly

    Clarifying New Customer Due Diligence (CDD) Guidance on PEPs

    Regulatory guidance isn’t always direct and specific. It’s often left to interpretation. That’s the case with two August regulatory reports related to the CDD Rule and the issue of high-risk customers, especially politically exposed persons (PEPs).

    Read more

  • 20 Aug 2020 Matt Kelly

    3 Coronavirus Compliance Tips From the SEC

    During COVID-19, compliance has been overlooked in many organizations. Crisis management has been the priority. So when regulatory bodies offer guidance, compliance professionals listen. Here are three key takeaways.

    Read more

  • 11 Aug 2020 Matt Kelly

    3 Ways to Apply New DOJ Guidance to Antitrust Compliance

    The Justice Department gave compliance officers a significant piece of guidance in June which begs the fundamental question: Is the compliance program “adequately resourced and empowered to function?” Here are three ways to use the latest guidance to test your antitrust compliance.

    Read more

  • 16 Jul 2020 Matt Kelly

    FCPA Compliance Puts the Spotlight on Internal Accounting Controls

    It’s time to look at FCPA compliance again, as the SEC sanctions U.S. companies for poor accounting controls. But while accounting is in the hot seat, the requirements of training, risk assessment sound a lot like a compliance officer’s responsibility.

    Read more

  • 2 Jul 2020 Matt Kelly

    How to Use Data to Build a Compliance Program and Meet New DOJ Guidance

    The DOJ’s latest guidance calls on compliance programs to leverage multiple sources of data to assess organizational risk, review their programs, and update policies, procedures and controls. To do that, compliance officers must work closely with IT departments and learn how to put the information they collect to good use.

    Read more

  • 16 Jun 2020 Matt Kelly

    Navigating Risk Assessment Challenges During COVID-19

    The pandemic has changed the scope of  business risk assessments in many ways. Risk assessors must rely on a different set of tools, like good relationships with other business units, to get buy-in for needed changes.

    Read more

  • 8 May 2020 Matt Kelly

    Fraud Risks and Anti-Fraud Programs During COVID-19

    COVID-19 is putting an old issue — fraud — into a stark new spotlight.  With close communication and teamwork now more difficult, risks previously mitigated by trust and teamwork now must be managed by policy and stronger internal control. Companies will need to give this risk careful attention and develop a new, multi-pronged approach to reducing it.

    Read more

  • 24 Apr 2020 Matt Kelly

    Banking Regulator Talks Third Party Risk, & All Should Listen

    The United States’ top regulator of community banks has issued new guidance on how to approach third party relationships - and it’s a message all companies should hear. Lean why and how resilient businesses are reframing due diligence from a regulatory requirement into a strategic advantage.

    Read more

  • 25 Feb 2020 Matt Kelly

    New Report Stirs Old Fears of Compliance Officer Liability

    A new report from the NYC Bar Association raises a thought-provoking question: To what extent should a compliance officer be personally responsible for a program that’s floundering because the company just doesn’t care enough about compliance?

    Read more

  • 13 Feb 2020 Matt Kelly

    Organizational Trust Is in a Perilous Place Right Now

    Data from the latest Edelman Trust Barometer indicates that growing inequality and pessimism about the future are causing widespread distrust of societal leaders and institutions. Can business be an effective catalyst for change?

    Read more

  • 2 Jan 2020 Matt Kelly

    What Is the Australian Modern Slavery Act & How Does It Differ from UK’s

    Technically the Modern Slavery Act went into effect last year, but 2020 is the first year that companies within scope of the law — which is a lot of firms, around the world — will need to start publishing statements about their anti-slavery efforts. Here is a look at basics of the Australian Modern Slavery Act and steps to ensure your organization aligns.

    Read more