Categories
Daily Compliance News

Daily Compliance News: August 31, 2023 – The Switzerland AML Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News, all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

·       Goldman Sanctioned for ephemeral messaging compliance failures.  (WSJ)

·       NIST framework and AI.  (Bloomberg Law)

·       China crackdowns rip through healthcare industry corruption. (FT)

·       Switzerland unveils money-laundering crackdown. (FT)

Categories
Innovation in Compliance

Innovation in Compliance – Travis Howerton on Automating Security & Compliance

In this episode, Tom welcomes back Travis Howerton and they explore the importance of NIST 800-53 Rev. 5, the latest version of the National Institute of Standards and Technology’s security guidance for organizations. With new controls to address privacy and a heightened focus on supply chain and third-party risk, this version of the NIST standard is essential for organizations to access government contracts and revenue and is increasingly important to protect organizations from cyberattacks. Automation is also becoming increasingly necessary to help organizations meet these standards, highlighting the need for continuous improvement of security measures. This episode goes in-depth on NIST 853 Rev Five, making it a must-listen for organizations looking to stay secure and compliant.

The US government is increasingly turning to automation and AI to meet its security and compliance standards. With the transition of FedRAMP from guidance to law, companies are now required to use it and meet certain cybersecurity standards to do business with the US government. NIST 800-53 Rev. 5 addresses regulatory change around privacy with GDPR and other things and includes new control families and changes to existing ones.

As the government continues to revise its standards, the need for automation is becoming increasingly important. The National Institute of Standards and Technology (NIST), a standards body within the federal government, is working with the Open Security Controls Assessment language (OSCAL) team to develop standards. NIST has interacted closely with the OSCAL team, creating an open-source repo on GitHub and building communities of interest. Additionally, NIST works with other government agencies, tool providers, and industry to develop standards.

FedRAMP provides clarity of goal for vendors and customers but is expensive and time consuming to achieve. Cybersecurity is no longer a cost center, but a requirement to do business with the US government. The Department of Defense requires companies to meet certain cybersecurity standards to do business with them. Other agencies are taking similar stances in regard to cybersecurity. Companies are now required to have a compliance program to do business with them. Cybersecurity is now seen as one of the top risks to businesses, causing legal risk, revenue loss, and embarrassment.

Key Highlights

·      NIST 800-53 Rev. Five

·      NIST and FedRAMP

·      Cybersecurity Requirements

·      Cybersecurity Regulations

·      Continuous Improvement of Standards

 Resources

 Travis Howerton on LinkedIn

RegScale

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Into the Weeds

ChatGPT for the Compliance Professional

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt and I take a deep dive into ChatGPT, a natural language processing tool that works by indexing every piece of written content on the Internet. We discuss the impact of the Biden administration’s proposals for AI and discusses NIST’s voluntary AI framework and  the utility of chat GPT in the workplace. What should your organization consider about incorporating AI into both their shipping decisions and mission-critical processes. If you’re interested in efficient and advanced AI technology, you don’t want to miss this episode.

Key Highlights Include

  • Impact of Chat GPT on Jobs -The Quality of Chat CPG for non-English Speakers
  • The Biden Administration’s Nonbinding Guidelines for Artificial Intelligence.
  • The Benefits of Adopting a Voluntary AI Framework by NIST for Defense Contractors
  • The Impact of Artificial Intelligence on Shipping and Work Processes

 Notable Quotes

  1. “Chat GPT can answer pretty much anything. It won’t necessarily tell you where it is getting this information. It will just give you information pretty much like the way Tom, I am answering your question right now. Just imagine text-based bot answering those questions in the same way. That’s what it is.”
  2. “Will it make your job easier? Probably for a lot of people who struggle to come up with written content. Yes, it could. But specifically then for compliance officers and let’s bring it back to what matters for our audience. We’ll chat GPT as used by others make my job harder. Compliance officers. Now I think, actually, you have a lot to worry about there, and we could get into that.”
  3. “But I just view this as a huge boom to anyone who is interested in research, anyone who is interested in learning, can’t replace the weekly and business journalist, Matt. So you’re good to go at Radical Compliance.”
  4. “But you have identified really, I think, the heart of the problem that compliance officers need to think about now. Because to me, it’s just 1 more tool.”