Insights

If you’ve been keeping up with the evolving world of Governance, Risk, and Compliance (GRC), you may have come across my recent article that argues many GRC programs are fundamentally backward by focusing too much on compliance and risk before objectives. The article makes the case that true GRC should always start with clear organizational objectives, and everything else—risk, governance, and compliance—should support those goals. But why does this matter, and how can organizations better align their GRC strategies?

Cybersecurity is not a new concept for modern organizations. Scheduled password changes, two-factor authentication, and mandatory training sessions are standard practices in most office environments. As computers have become the primary tool for business operations, the data they generate has become one of the most valuable assets across industries.

When President Donald Trump signed an executive order on February 10, 2025, pausing the enforcement of the Foreign Corrupt Practices Act (FCPA), he set off a chain reaction that has reverberated through boardrooms and government offices alike. The executive order gives the Department of Justice (DOJ) 180 days to review and revise its approach to FCPA enforcement, a move that could dramatically reshape how the U.S. tackles international corruption.

With the clock ticking down to the 2025 implementation of Provision 29 under the revised UK Corporate Governance Code (UK CGC), companies are in a race to align their risk management and internal controls with the new requirements. The mandate, which calls for boards to provide a declaration on the effectiveness of their risk frameworks, has sparked widespread discussion among compliance professionals, corporate leaders, and risk strategists.

In J.R.R. Tolkien's The Lord of the Rings, the Palantír—a mystical seeing stone—gives its user the power to peer into distant lands and foresee possible futures. While this gift is fraught with danger in the story, it’s a fitting metaphor for today’s organizations facing a world of uncertainty. Just as the Palantír offers a glimpse into potential futures, modern risk management tools provide organizations with the ability to foresee emerging risks and prepare for the unexpected. In this article, we’ll explore how businesses can use a Palantír-like approach—combining foresight with strategic planning—to anticipate challenges and better navigate the evolving landscape of risk.

The U.S. District Court for the Northern District of Illinois has handed down a default judgment against a network of offshore entities and individuals behind a massive binary options fraud scheme. The total financial penalty reaches a staggering $451 million in restitution and civil penalties. And for those involved? It’s a permanent ban from future trading in U.S. markets.

Environmental, Social, and Governance (ESG) has been generating immense pressure on organizations across various industries and around the globe in recent years. Corporate investors are now making capital investment decisions based on a company’s ESG commitments, metrics, and ratings. Legislators and regulators worldwide are introducing regulations that focus on both the broad scope of ESG and its specific aspects (e.g., modern slavery, carbon emissions). Potential employees are choosing workplaces aligned with their values, not just their benefits. Similarly, customers are favoring products and services that reflect their principles. ESG has captured the attention of every level of an organization, from the boardroom to the operational frontlines.