No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Risk

3 Reality Checks for Compliance and Risk Management in 2017

by Sam Abadir
January 4, 2017
in Risk
GRC predictions for 2017

As the transition to a new Presidential administration unfolds, uncertainty abounds. Predictions made about the regulatory landscape made before November may not ring as true, as Republicans look to make good on promises about smaller government and regulatory reform, particularly in banking and finance. Likewise, the potential repeal of the Affordable Care Act and significant changes to Medicare will make waves in health care regulation. In times characterized by dramatic change and unpredictability, it’s important to refocus on what you know, what you can control and how you can create a more resilient business.

It’s important not to lose perspective: while many federal agencies (and their mandates) will be reshaped by new leadership or directed to change their priorities, state and industry regulations may not shift – or may react in opposition. Enterprise risk profiles and existing threat conditions may not be markedly affected by changes at the federal level. Organized cybercrime syndicates, for example, probably don’t care much about who’s in the White House.

Organizations that have been working to strengthen their cybersecurity stance, manage risk and protect customer data and privacy have no reason to pull back on those efforts; in fact, they should work to optimize their governance, risk and compliance programs as organized defense against threats to their goals and trusted status.

The following are some forward-looking statements that will help guide regulated enterprises through the transition and beyond.

Billions will be spent on cybersecurity by thousands of companies.  Only a fraction of those companies will get the full value from their investments.

Governments, insurance agencies and consumers are turning up the pressure on those responsible for protecting data security and privacy. In response, organizations are spending more and more on cyber tools such as SIEMs, vulnerability scanners, penetration tests and threat feeds. Other companies are responding by building robust governance frameworks and ensuring their policies address risks, legal concerns, contractual obligations and best practices. Each element of cybersecurity is important and required for a successful cybersecurity program, but better integration among components will strengthen the enterprise.

The duplicative and separate efforts required to manage all the tools, feeds, workflows and other components of a cybersecurity program with manual processes in spreadsheets and email are often overlooked and lead to wasted resources and gaps in protection. This extra and unnecessary burden will slow down efforts, make reporting inefficient and ineffective and add unnecessary complications and delays that ultimately render security programs costlier and less secure. Centralizing and integrating security, compliance and risk management in a comprehensive governance, risk management and compliance (GRC) platform ensures a better return on investments of time, effort and money. It also brings greater visibility into the effectiveness of controls and processes across the enterprise. Advanced analytics, automation and streamlined reporting increase accountability and collaboration.

Governments will increasingly mandate stronger cyber risk management, beginning with regulated industries, but eventually reaching all types of businesses.

Cybercriminals are not going away.  They will continue to hack into sensitive data of businesses, celebrities, politicians, financial institutions, health care organizations and more. If there is value in the data, the criminals will try to capture it and leverage it for financial gain, power plays or larger exploits. We have already seen rapid evolution in cybersecurity and data privacy regulations in industries such as health care and financial services. Regulators are somewhat removed from partisan politics and often set rules outside of federal legislative processes.  We should expect more industry regulators to focus on cybersecurity initiatives.

States will also step into the void, pushing laws that require industries to protect their cyber assets and customers. This is likely to happen at an industry level first; many states have a handful of dominant industries to protect and oversee. We will see more states developing laws that are stronger or slightly different than federal regulations and laws, leading to extra compliance-related work and costs for organizations in those industries of focus. New York’s newly proposed cybersecurity requirements for financial services firms (23NYCRR Part 500), planned to take effect in January 2017, are a prime example. Integrating risk management processes is the best way to prepare for multiple, evolving layers of regulation.

Third-party risk management practices will extend to customers as vendors are fined more for violations related to the customers they support.

The continued effort to reduce risk will lead to greater focus on organizations’ customers and suppliers. As companies deepen their knowledge of operational and compliance risks, they will learn how suppliers and customers add to their risks. By now, everyone has heard the cautionary tale of the HVAC vendor that was partially responsible for the massive breach at Target. It makes sense that material suppliers can impact the overall quality of goods manufacturers make. Customers’ actions can likewise expose the organizations that supply them goods and services to various threats and vulnerabilities. For example, internet and cloud service providers may need to assess customers on their propensity to download illegal content and to enforce sanctions against customers that use the internet to perform illegal actions. As organizations get wiser about risk and how customers and vendors impact it, they will start taking specific protective and preventative measures: monitoring key performance indicators and key risk indicators and performing risk assessments of vendors and customers.

Instead of wasting energy speculating about the incoming administration’s next move, regulated enterprises should use the next several months to focus on cybersecurity best practices, review and assess risk profiles across the enterprise and improve compliance and policy management processes by integrating these efforts in a comprehensive GRC platform. Pay attention to the details of process and execution; commit to a higher degree of accountability and collaboration; and plan strategically for multiple scenarios. Optimized and streamlined governance, risk and compliance programs that are integrated across the enterprise will strengthen the business overall and build more agile response capabilities, key to success in periods of uncertainty.


Previous Post

Overtime Rules in Overtime

Next Post

M&A in the Age of Data

Sam Abadir

Sam Abadir

Sam Abadir is Vice President of Industry Solutions at Lockpath. Sam has over 20 years of experience helping companies realize value through improving processes, identifying performance metrics and understanding risk. Early in Sam’s career, he worked directly with financial institutions and manufacturing companies to help them realize institutional value. As a Senior Manager at Deloitte, he focused on improving processes and increasing value for Global 2000 companies. In the past seven years, Sam has worked with software companies like Lockpath to build the tools that help companies manage risk and create value that enhance performance in a structured and efficient manner.

Related Posts

low battery on iphone warning

Ethics Fatigue: The Burnout That’s Putting Your Organization at Risk

by Nick Gallo
June 20, 2025

The psychology behind why ethics professionals are exhausted and what companies risk when they let it go unchecked

news roundup new

Few Business Leaders Feel Fully Prepared for Challenges of 2025

by Staff and Wire Reports
June 20, 2025

Data center operators not using full slate of available sustainability tactics; companies continue to use AI without policies

SmartSearch Daon Partnership

SmartSearch Partners With Daon for Enhanced ID Verification

by Corporate Compliance Insights
June 19, 2025

UK digital compliance provider SmartSearch has partnered with digital identity company Daon to integrate AI-powered biometric identity technology into its...

Ondato Media Screening Launch

Ondato Launches AI-Powered Adverse Media Screening for AML Compliance

by Corporate Compliance Insights
June 19, 2025

Global online ID verification provider Ondato has released an AI-powered adverse media screening feature that automatically scans online sources for...

Next Post
Preventing cybersecurity issues around M&As

M&A in the Age of Data

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights