In October 2023, the International Organization for Standardization (ISO) published ISO 7101, Healthcare organization management: Management systems for quality in healthcare organizations.^[1] ISO 7101 is the latest in a series of management systems standards, which includes ISO 37301 on compliance management systems and 37001 on anti-bribery management systems. ISO standards are utilized extensively in Europe and by many multinational companies, including U.S. companies.

Over the past decade, there has been a heightened awareness related to the protection of minors in the higher education environment. More institutions are hiring individuals to oversee youth protection efforts, and state/regional peer groups are growing in numbers. In addition, a national association, the Higher Education Protection Network,^[1] was created in 2017, and the American Camp Association recently created a new member section, Camps on Campus.^[2] Both organizations are committed to promoting good practices, risk awareness, health and safety, staff training, and quality of youth programs on campus across the nation.

If you are a compliance professional for a company with federal contracts, you’ve likely heard the term “CMMC,” or Cybersecurity Maturity Model Certification.^[1] It is one of those terms that seems to trigger almost immediate high anxiety with executives and IT leaders no matter the organization’s size. It does not have to be this way. Understanding what it is, what it means to your organization, and what you can do about it is essential to protecting the company—now and well into the future. It is not just a “thing to fuss about”; it is essential business practice today.

ESG—environmental, social, and governance—has become the buzzword among businesses today. With Europe leading the way, U.S. companies are quickly catching up. Meanwhile, regulatory authorities are working hard to create standards that apply everywhere. The Securities and Exchange Commission (SEC) in the U.S. has recently increased its involvement in monitoring and regulating this area, leaving many companies unsure about their next steps. Adding to the uncertainty, California has introduced the new California Climate Accountability Package.

If your company is new to the ESG scene and in the early stages of building your program, you’re not alone. The main challenge for most companies is figuring out how to collaborate across the different silos of the business involved in ESG, all aiming for the common goal of a robust ESG program.

A recent issue of SCCE’s Corporate Compliance Weekly News contained a link to a startling report I was not previously familiar with. An investigation by the U.S. Coast Guard found numerous instances of sexual assault spanning many years.^[1] However, in the aftermath of the investigation, senior leaders decided not to voluntarily report the findings to Congress, instead waiting several years until being forced to do so.

All organizations inherently face bribery risks to some degree, whether it is the organization itself or persons related to it that offer a bribe (active bribery) or when the organization or persons related to it receive or act on the expectation of receiving a bribe (passive bribery). In this respect, on December 9, 2003, the United Nations (UN) passed the Convention Against Corruption, and International Anti-Corruption Day is observed annually on that date. In addition, the 2030 Agenda for Sustainable Development was launched in 2015 during a UN summit. Target 16.5 of that agenda aimed at substantially reducing corruption and bribery in all their forms (emphasis mine).^[1]

GZ: At what point in your life did you decide to study law? Were other career paths given much consideration, or did you know law was for you from an early age?

ML: In France, we study law right after high school. I went into law because I didn’t want to have to continue to study mathematics, which would have been necessary if I had gone with a major in business or economics.

I studied law without thinking I would become a lawyer—much less a “pleading” lawyer, which I was at the beginning of my career. I believed I would be able to escape law to go into journalism or work for an international organization.

The EU recently introduced the AI Act, landmark legislation aimed at regulating artificial intelligence (AI) technologies. This article provides an in-depth overview of the EU AI Act, its implications for organizations, and detailed guidance on how compliance professionals can prepare and build programs around its requirements.^[1] Additionally, we will explore how organizations can effectively prepare for the implementation of the AI Act.

As we’ve noted here before, numerous environmental, social, and governance aspects have very clear compliance ramifications, whether in the form of laws and regulations or stakeholder expectations that can result in serious adverse consequences if a company comes up short. A February amendment to ISO 37301, Compliance management systems, places one of these risk areas clearly within the scope of compliance programs.^[1]