Insights

In my earlier piece, Governing the Extended Enterprise: The TPRM Platform I Would Demand, I laid out what a future-proof third-party governance platform must look like. But if the architecture is the “what,” organizations are now asking about the “how.” How do we take those principles and turn them into capability, authority, and action? Technology alone won’t get us there. Governance needs orchestration.

The UK has recently published a series of consultation papers pertaining to its Employment Rights Bill, originally introduced in October 2024 as a sweeping reshaping of UK employment law. These papers aim to clarify the goals and practicalities set out by the original, as yet codified, legislation. While the Bill is being pushed through as a cornerstone reformation effort towards employment laws in the UK. However, Many of its most consequential changes, such as protections against unfair dismissal, particularly regarding new mothers, are not totally defined in the legislation itself. These papers are designed to facilitate feedback to, and to clarify the intent behind these provisions.

In this article, Norman Marks looks into why so many organizations continue to operate with ineffective risk management programs, even while acknowledging the consequences. Drawing on industry survey data and decades of experience, he explores how boards and CEOs often settle for compliance-driven approaches that fail to support decision-making, and why meaningful change must start at the top.

In this article, Graeme Keith expands on the evolving terrain of quantitative risk modeling, charting how ambiguity, complexity, and scope shape the decisions organizations must make in uncertain environments. Building on his earlier work on modeling uncertainty and enterprise-scale decision making, Keith explores the fundamental axes that define the mathematical landscape, unpacking how trends, structural uncertainty, instability, and nonlinear dynamics challenge traditional approaches while revealing where established methods still hold power and where new paradigms are essential.

Comunicaciones Celulares (better known as Comcel), the company behind TIGO Guatemala, has wrapped up a Foreign Corrupt Practices Act investigation that has managed to outlast joint-venture partners, ownership structures, and even an earlier DOJ case closure. The company’s newly finalized deferred prosecution agreement brings more than $118 million in fines and forfeiture, and a close to a decade-long saga that proves, once again, that FCPA matters rarely fade quietly into the night just because companies hope they will.

In a recent article, Norman Marks asks a pointed question that’s becoming increasingly urgent across boardrooms, risk teams, and C-suites alike—are organizations truly leveraging the potential of AI, or are they still circling the runway while competitors take off? Drawing on new insights from Google AI and McKinsey’s latest 2025 survey, Marks explores whether companies are moving fast enough, cautiously enough, or strategically enough to turn AI from hype into real enterprise value, and what it means for practitioners who risk being left behind.

In this article, Graeme Keith explores how enterprise leaders can move beyond traditional risk matrices and adopt a simple, quantitative approach to modeling operational risk across complex organizations. By breaking down how to structure uncertainties, estimate losses, align assessments with decision-making, and aggregate risks into meaningful enterprise-wide insights, he illustrates how even basic quantitative inputs can transform the usefulness and credibility of enterprise risk management programs.