Insights

The European Union has recently unveiled the AI Act, published on July 12, 2024, and set to gradually come into force from August 1, 2024. This landmark legislation, working in tandem with the existing General Data Protection Regulation (GDPR), establishes a comprehensive framework for the development, deployment, and use of artificial intelligence across the EU. As stakeholders grapple with the implications of this new regulatory landscape, the French data protection authority, CNIL, has stepped forward with guidance to illuminate the complex interplay between these two pivotal regulations.

In today's landscape of governance, risk management, and compliance (GRC), there's a prevalent but often misguided approach that begins with compliance rather than governance. If we were to parse the acronym logically, one might expect it to be CRG, or even Cr (intentionally lowercase), reflecting the common tendency where compliance takes precedence over governance and strategic performance considerations. This approach, while common, can lead to fragmented risk management efforts and overlooks the foundational role that governance plays in setting objectives and guiding risk mitigation strategies.

The last few years have shined a light on GRC (governance, risk management, and compliance) processes and shifted many attitudes towards risk. Yet, many organizations are left with numerous questions: What are the best practices to identify, analyze, monitor, and manage risks specific to your organization? Do these risk activities support future business growth, and should you implement ESG controls or reporting?

The landscape of Governance, Risk Management, and Compliance (GRC) is undergoing a profound transformation as organizations contend with rapid change, complexity, and interconnectedness. In this evolving environment, traditional approaches to GRC are proving insufficient, necessitating a shift towards more agile, resilient, and integrity-driven frameworks.

In today's rapidly evolving business environment, the development of a mature risk and resiliency strategy has transitioned from being an optional consideration to an indispensable necessity for organizational survival and success. This strategic imperative hinges on several critical elements: a profound comprehension of existing and potential threats, a comprehensive understanding of internal operational dynamics, and the adept utilization of state-of-the-art risk intelligence tools.

As regulatory landscapes grow increasingly complex, organizations are turning to governance, risk and compliance (GRC) programs as a force-multiplier. When implemented effectively, GRC can drastically improve an organization's ability to efficiently navigate rules and requirements while becoming more risk-intelligent. However, capturing these benefits requires taking a holistic, strategic approach from the outset.

On April 7, 2024, U.S. Senator Maria Cantwell (D-WA), Chair of the Senate Committee on Commerce, Science and Transportation, and U.S. Representative Cathy McMorris Rodgers (R-WA), Chair of the House Committee on Energy and Commerce, released a discussion draft of the American Privacy Rights Act (APRA). This bipartisan, bicameral draft legislation seeks to unify the fragmented landscape of sectoral-based and state-specific data privacy laws in the United States.