Stephen Pope

DOI: https://doi.org/10.69554/uwfw1045

2022-03-01

Abstract:Financial compliance management continues to complexify between the addition of ponderous quantities of new regulatory guidance and the development and exchange of new, fairly unregulated asset types. Contrasting these monumental industry shifts against the frequent inertia of company positions toward compliance makes it clear that modernisation requires both the addition of new tools and of new ways of building relationships. This paper discusses the importance of instilling a compliance focus within an organisation, through the use of technology, the conscious development of a compliance-driven culture and the intentional engagement and connection between compliance professionals and other members of the organisational leadership team. In addition, it outlines the key components most likely to yield success when implementing new regulatory compliance tools, and how the addition of such tools can create bandwidth for both expanding the compliance function and creating greater value through strategic compliance-related decisions. Modernising compliance includes using compliance as a tool for horizon planning and making decisions with long-term impact, as well as creating deeper, more trust-driven bonds with consumers.

Kholekile L. Gwebu,Jing Wang,Li Wang

DOI: https://doi.org/10.1080/07421222.2018.1451962

IF: 7.582

2018-01-01

Journal of Management Information Systems

Abstract:Despite the significant financial losses associated with data breaches, little is known about the (in)effectiveness of the tools that firms have to protect their value following a breach. Drawing on cognitive dissonance theory and the research on cue diagnosticity and crisis management, this study examines the relative efficacy of firm reputation and a range of post-breach response strategies. The results indicate that firm reputation is an important asset in protecting firm value. However, only certain response strategies are found to mitigate the negative financial impact of a breach on lower-reputation firms, and response strategies are found to matter less for high-reputation firms. These findings offer practitioners evidence-based guidance for protecting firm value following data breaches and underscore the need for developing more nuanced strategies for managing breaches. The theoretical arguments developed here serve as a conceptual base for examining the efficacy of various data breach response strategies.

A Yuspeh,K Whalen,J Cecelic,S Clifton,L Cobb,M Eddy,J Fainter,J Packard,S Postal,J Steakley,P Waddey

Abstract:How can a healthcare organization improve the public's confidence in the conduct of its business operations? What can it do to ensure that it can thrive despite being the subject of public and governmental scrutiny and doubt? Healthcare providers must establish standards of conduct that are above reproach and ensure that those standards are clearly articulated and strictly adhered to. This article describes the merits of a comprehensive ethics and compliance program, suggests five basic elements of such a program--organizational support/structure, setting standards, creating awareness, establishing a mechanism for reporting exceptions, and monitoring and auditing--and then demonstrates how those elements should be applied in several high-risk areas. Fundamentally, an ethics and compliance program has two purposes: to ensure that all individuals in an organization observe pertinent laws and regulations in their work; and to articulate a broader set of aspirational ethical standards that are well-understood within the organization and become a practical guideline for organization members making decisions that raise ethical concerns. Every ethics and compliance program should contain certain fundamental aspects. First, the effort must have the active support of the most senior management in the organization. To instill a commitment to ethics and compliance absent a clear and outspoken commitment to such purposes by organization leaders is simply impossible. Second, an ethics and compliance program is fundamentally about organizational culture--about instilling a commitment to observe the law and, more generally, to do the right thing. Third, ethics and compliance are responsibilities of operating management (sometimes called line management). Although staff such as compliance officers are obligated to provide the necessary resources for a successful program and to design the program, such staff officers cannot achieve implementation and execution. Only operating managers can do that. Fourth, an ethics and compliance effort should be about the conduct of individuals, not about "checking the boxes" in a model plan or generating attractive written or educational materials. Such an effort is about individuals on a day-to-day basis knowing what is expected of them and doing it and about never compromising integrity, regardless of pressures faced. A great deal of progress has been made in healthcare organizations in the development of increasingly sophisticated ethics and compliance programs. A particularly energetic focus has been placed on these programs since formal government guidance regarding compliance programs was first issued in the laboratory area about two years ago and as more sophisticated automated monitoring tools have been developed. As ethics and compliance programs have become more sophisticated, certain best practices have been established. This discussion will set forth approaches to ethics and compliance in the context of what are believed to be illustrative best practices. Much of what is described here is descriptive of the efforts of Columbia/HCA Healthcare Corporation from October 1997 to the present; however, this article has been presented not as a mere descriptive piece but rather as a set of normative guidelines. We hope that other healthcare providers will find this to be of practical use. Provider settings pose certain unique challenges that are specifically addressed in this discussion; however, many of the issues raised can be adapted to other healthcare organizations. For simplicity's sake, because the authors of this article all work on a daily basis primarily with hospitals, the article is written from a hospital perspective.

N Fowler

Abstract:The federal government has created numerous programs to combat fraud and abuse. The government now encourages healthcare facilities to have a corporate compliance program (CCP), a plan that reduces the chances that the facility will violate laws or regulations. A CCP is an organization-wide program comprised of a code of conduct and written policies, internal monitoring and auditing standards, employee training, feedback mechanisms and other features, all designed to prevent and detect violations of governmental laws, regulations and policies. It is a system or method ensuring that employees understand and will comply with laws that apply to what they do every day. Seven factors, based on federal sentencing guidelines, provide the framework for developing a CCP. First, a facility must establish rules that are reasonably capable of reducing criminal conduct. Second, high-level personnel must oversee the compliance effort. Third, a facility must use due care in delegating authority in the compliance initiative. Fourth, standards must be communicated effectively to employees, and fifth, a facility must take reasonable steps to achieve compliance. Sixth, standards must be enforced consistently across the organization and last, standards must be modified or changed for reported concerns, to ensure they are not repeated. PROMINA Health System, Inc. in Atlanta, Ga., designed a program to meet federal guidelines. It started with a self-assessment to define its areas or risk. Next, it created the internal structure and assigned organizational responsibility for running the CCP. PROMINA then developed standards of business and professional conduct, established vehicles of communication and trained employees on the standards. Finally, it continues to develop evidence of the program's effectiveness by monitoring and documenting its compliance activities.

Omar Shareef

DOI: https://doi.org/10.47760/ijcsmc.2024.v13i02.006

2024-02-28

International Journal of Computer Science and Mobile Computing

Abstract:The security and resilience of organizational IT systems are of paramount importance in today's fast-paced digital environment. With the proliferation of “cyber threats”, organizations must adopt proactive measures to protect their assets and maintain operational continuity. The purpose of this article is to provide insight into the nuances of the implementation of a robust framework for “IT controls”, so that organizations seeking to strengthen their defenses can better understand the importance of each component. The article begins by emphasizing the foundational role of governance and oversight in establishing clear policies, procedures, and accountability structures. Strong governance sets the stage for cultivating a culture of compliance and accountability throughout the organization. Next, the article delves into the critical aspect of “risk management”, highlighting the importance of identifying and mitigating IT-related risks to safeguard organizational security and resilience. Through comprehensive “risk assessments”, organizations can prioritize mitigation efforts and allocate resources effectively. In order to prevent unauthorized access to critical IT systems and resources, access controls are discussed, emphasizing the importance of robust authentication mechanisms and role-based access controls. Change management processes are explored as essential components in managing IT changes effectively, minimizing the risk of disruptions and vulnerabilities associated with system changes. “Data security” emerges as a key focus area, with an emphasis on protecting the confidentiality, integrity, and availability of organizational data assets through robust encryption, access controls, and data loss prevention technologies. Incident management processes are highlighted as crucial for responding swiftly and effectively to security incidents, minimizing their impact and restoring normal operations promptly. Compliance and audit processes are discussed in the context of ensuring adherence to regulatory requirements and industry standards, mitigating the risk of non-compliance penalties and reputational damage. The importance of security awareness training in cultivating a culture of security among employees is emphasized, along with the need for continuous monitoring and improvement to adapt to evolving “threats” effectively. Overall, the article underscores the importance of implementing a comprehensive framework for IT controls to enhance “organizational security”, “compliance” and resilience in today's digital landscape. Through collaborative efforts across all levels of the organization, organizations can effectively “mitigate risks”, safeguard their assets and achieve their business objectives amidst evolving “cyber threats”.

Nathalie Jalabert-Doury,Farhad Sorabjee,Douwe Groenevelt,Theodore L. Banks,Bill Batchelor,Simon Albert,Kala Anandarajah,Khaled H. Attia,Ahmet Buğra Aydın,Shai Bakal,Jean-Maxime Blutel,Amanda Bodger,Reeti Choudhary,Simone Evans,Gustavo Flausino Coelho,Gönenç Gürkaynak,C. M. Hwang,Akihisa Inoue,Matthew F. Jones,Marilyn Leblanc,Martin Nedelka,Zeynep Ortaç,Arti Raghavan,Madeleine Renaud,Bilal Shaukat,Gillian Sproul,Kylie Sturtz,David Tadmor,Mario Vogl

2012-01-01

Abstract:Les entreprises devraient toutes mettre en place des programmes de conformite au droit de la concurrence pour assurer le respect de ces regles complexes par leurs salaries. Ceci etant, il n'y a guere…

J A Lovitky,J Ahern

Abstract:The federal government continues to expand its initiatives to uncover healthcare fraud, waste, and abuse. It is therefore more important than ever that healthcare organizations have an effective compliance program in place. The organization should have a compliance officer with adequate authority and staff to carry out the compliance program's functions. The program should include an ethics code, an internal hotline that employees can use to report compliance concerns, and education and training for all employees. In addition, the program should be audited periodically to ensure its viability. To be successful, a compliance program also needs the support of the healthcare organization's senior management.

Jian Li,Zhenghui Pan,Yang Sun,Wei Zheng,Zhisheng Zhang,Zhifang Wang

DOI: https://doi.org/10.25236/ajhss.2024.070225

2024-01-01

Academic Journal of Humanities & Social Sciences

Abstract:This article comprehensively analyzes the evolution of corporate Environmental, Social, and Governance (ESG) practices, transitioning from an initial phase of compliance-oriented practices (ESG 1.0) to a mature phase led by strategic integration (ESG 2.0). The paper begins with a retrospective of the historical development of corporate ESG practices, highlighting that in the early 21st century, corporate focus on ESG was predominantly centered on meeting external regulations and standards. With the deepening understanding of sustainable development goals, businesses have started to recognize ESG as a core component of their strategy, realizing that robust ESG practices can bring long-term benefits to the company. The article further explores the current state of corporate ESG cognition and action, noting that most businesses still remain at a basic stage in their ESG practices. Additionally, it delves into key issues in ESG management, such as the role of the board of directors, the allocation of management functions, the construction and implementation of performance management frameworks, and strategies for information disclosure. Lastly, the paper forecasts the future development of ESG practices, emphasizing the challenges and opportunities that businesses will face, with an anticipation of a further deepening and maturation of ESG practices.

M M Mustokoff,M S Yecies

Abstract:An effective corporate compliance program is facilitated by three essential elements: a well-qualified compliance officer; a policy of immediate investigation of every report of potential fraud and abuse; and clearly defined roles for both corporate and outside counsel in conducting the investigations. A government agency is less likely to exercise the full extent of its powers when these elements are in place and three is evidence of a sincere compliance effort.

Brandon Weber

DOI: https://doi.org/10.48550/arXiv.0711.4634

2007-11-29

Computers and Society

Abstract:Most organizations today use spreadsheets in some form or another to support critical business processes. However the financial resources, and developmental rigor dedicated to them are often minor in comparison to other enterprise technology. The increasing focus on achieving regulatory and other forms of compliance over key technology assets has made it clear that organizations must regard spreadsheets as an enterprise resource and account for them when developing an overall compliance strategy. This paper provides the reader with a set of practical strategies for addressing spreadsheet compliance from an organizational perspective. It then presents capabilities offered in the 2007 Microsoft Office System which can be used to help customers address compliance challenges.

Excel G Chukwurah,Samuel Aderemi

DOI: https://doi.org/10.51594/csitrj.v5i4.1044

2024-04-17

Computer Science & IT Research Journal

Abstract:Data protection compliance is a critical issue for U.S. technology companies, especially in light of increasingly stringent regulations such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). Achieving compliance requires a harmonized approach that aligns internal teams and processes with regulatory requirements. This review explores strategies for U.S. technology companies to harmonize teams and regulations to ensure data protection compliance. The first key strategy is to establish a cross-functional team dedicated to data protection compliance. This team should include representatives from legal, IT, security, and other relevant departments. By bringing together experts from different areas, companies can ensure a comprehensive approach to compliance that takes into account legal requirements, technical capabilities, and organizational policies. Secondly, companies should invest in training and education for all employees on data protection principles and compliance requirements. This includes raising awareness about the importance of data protection, as well as providing specific training on how to handle personal data in accordance with regulations. By ensuring that all employees are informed and knowledgeable about data protection, companies can reduce the risk of non-compliance. Another important strategy is to implement privacy by design and by default principles in product development and business processes. This means building privacy considerations into products and services from the outset, rather than trying to retrofit them later. By incorporating privacy into the design process, companies can ensure that their products and services are compliant with regulations and protect user data. Finally, companies should establish a culture of continuous improvement and accountability when it comes to data protection compliance. This includes regularly reviewing and updating data protection policies and procedures, as well as conducting regular audits and assessments to identify and address compliance gaps. By making data protection a priority at all levels of the organization, companies can reduce the risk of data breaches and non-compliance with regulations. Keywords: Data Protection, Compliance, Strategies, Technology, Regulations.

W. Laufer

DOI: https://doi.org/10.2139/SSRN.3034699

2018-06-08

Abstract:Expenditures underwriting corporate compliance in the United States are approaching a very special regulatory milestone. Compliance costs are nearing municipal policing costs. The trajectory of compliance expenditures over the past several decades may be traced to a good corporate citizenship movement in the mid-1990s where the government proposed a public-private sector partnership to combat corporate crime. In this Essay, it is argued that this “partnership” was never really about a fair sharing the enforcement responsibilities. The government hoped to overcome the near insurmountable challenge of getting evidence of corporate wrongdoing, while shifting as much of the burden and costs of policing to the regulated. Companies continue to justify making compliance expenditures in reasonably defensive ways to levels that are now unprecedented. The Essay highlights that those who rail against over-criminalization or corporate criminal liability, more generally, miss speaking out against a one-sided regulatory strategy of compliance cost shifting that brings us to this historic milestone. Moreover, the threat of unfair and burdensome costs was never with the very rare event of corporate criminal liability. Rather, the threat came from firms taking the government’s bait that they needed to spend, and spend, and spend more. This boundless spending, it is concluded, may be seen as imposition of a preemptive penalty on firms. This is a way for regulators to ensure that firms pay a fair share for their wrongdoing for the “dark figure” of corporate culpability. In this Essay, some of the most significant questions about the private and public administration of justice are asked on the precipice of a gradual retreat from this very special regulatory milestone. This retreat will come from efficiencies brought about by the digitalization of compliance and a convergence in compliance technology, evaluation science, international standards, and investments in sophisticated enterprise-wide risk management systems. The resulting reduction in compliance expenditures will bring about a corresponding decline in preemptive penalties. The hope is that this will motivate government functionaries to join firms as an active partner in forging new and innovative paths to regulation.

Law,Business,Political Science

Jamal Ashoori

DOI: https://doi.org/10.61838/kman.jrmde.2.2.3

2023-01-01

Abstract:Resource-intensive industries face continuous challenges due to evolving regulatory environments, which demand strategic responses to ensure compliance and sustain competitive advantage. The objective of this study is to explore how corporations in these industries adapt their strategies to manage regulatory changes, with a focus on identifying the key themes and strategies employed by corporate leaders to navigate this complex landscape. This qualitative study is based on semi-structured interviews with 31 participants holding key roles in strategic management, compliance, and operations across various resource-intensive sectors. The methodology aimed at achieving theoretical saturation involves in-depth interviews designed to explore corporate strategies, challenges, and adaptive practices in response to regulatory changes. Thematic analysis was employed to identify and categorize the main themes from the data. Three main themes were identified: Strategic Adaptation, Organizational Impact, and Stakeholder Engagement. Strategic Adaptation includes risk assessment, regulatory compliance strategies, and innovation. Organizational Impact covers internal communication, change management, resource allocation, and performance metrics. Stakeholder Engagement focuses on government relations, public relations, and partner collaboration. Each theme is detailed with specific strategies and concepts that corporations use to adapt to regulatory pressures. The study concludes that effective management of regulatory changes in resource-intensive industries requires a multifaceted strategic approach that includes robust risk management, proactive organizational changes, and dynamic stakeholder engagement. These strategies are not only vital for compliance but also for fostering innovation and sustainability within corporations.

Davide Pasetto,Hubertus Franke,Weihong Qian,Zhili Guo,Honglei Guo,Dongxu Duan,Yuan Ni,Yingxin Pan,Shenghua Bao,Feng Cao,Zhong Su

DOI: https://doi.org/10.1145/2482767.2482798

2013-01-01

Abstract:Governance, Risk Management and Compliance are key success factors for corporations. Every company worldwide must ensure a proper compliance level with current and future laws and regulations, but managing the dynamic nature of the regulatory environment is a challenge, for both small and medium business as well as large corporations. Specifically the challenge is knowing and interpreting which regulations impact a particular business. Governments and standard bodies keep producing new, revised legislation, and businesses today rely on employees and consultants for tracking and understanding impact on their operations. This paper introduces a novel prototype solution that addresses these concerns through the use of advanced text analytics. In particular the system is able to discover sources of regulatory content on the world wide web, track the changes to these regulations, extract metadata and semantic information and use these to provide a semantically guided comparison of regulation versions. Moreover, by leveraging the IBM DeepQA architecture, the solution is able to cross reference business objectives with the regulatory database and provide insights about the impact of new and revised laws on a company's business.

D B Yoffie,M Kwak

Abstract:Microsoft and Intel are both obvious targets for antitrust litigation; both wield considerable control in their respective segments of the computer industry. But while Mircrosoft has been mired in court for years now--its name and business practices dragged through the mud, and its very future as a single company thrown into doubt--Intel has avoided a prolonged, high-profile antitrust case. Intel's success is not a matter of luck. The company's antitrust compliance program, refined over many years, has been an integral element in the chip maker's business strategy. In this article, the authors suggest that Intel's approach to compliance provides a valuable model for any enterprise that may come under regulators' scrutiny. They describe how Intel created extremely conservative antitrust compliance standards and then instituted a series of unique training events that had active support from then--CEO Andy Grove and others in senior management. First, live training -- not just instructional pamphlets or videos -- was given to all affected employees. Those classes were followed by customized training programs for different parts of the company. Then, to drive antitrust awareness deeper into the company's memory, Intel carried out random audits of employees' files and conducted mock depositions. "It's fascinating to see," Grove says. "A memo is introduced into evidence and you shrug. You fully understand how that memo could be written. Moreover, you could have written it yourself. And then you see that memo turned into a tool and a weapon against you, in front of your eyes." Intel recognizes that no matter how cautious it is, it will always face extraordinary scrutiny as a market leader. But "since antitrust is embedded in everything we do," Grove says, "we can control our destiny."

Ben Charoenwong,Zachary T. Kowaleski,Alan Kwan,Andrew G. Sutherland

DOI: https://doi.org/10.1016/j.jfineco.2024.103792

IF: 8.9

2024-04-01

Journal of Financial Economics

Abstract:Compliance-driven investments in technology—or “RegTech”—are growing rapidly. To understand the effects on the financial sector, we study firms’ responses to new internal control requirements. Affected firms make significant investments in ERP and hardware. These expenditures then enable complementary investments that are leveraged for noncompliance purposes, leading to modest savings from avoided customer complaints and misconduct. IT budgets rise and profits fall, especially at small firms, and acquisition activity and market concentration increase. Our results illustrate how regulation can directly and indirectly affect technology adoption, which in turn affects noncompliance functions and market structure.

economics,business, finance

Oluwatosin Ilori,Nelly Tochi Nwosu,Henry Nwapali Ndidi Naiho

DOI: https://doi.org/10.30574/wjarr.2024.22.3.1728

2024-06-30

World Journal of Advanced Research and Reviews

Abstract:The Sarbanes-Oxley Act (SOX) of 2002 was enacted to enhance corporate governance and strengthen financial disclosures, thereby improving the accuracy and reliability of corporate financial statements. Despite its crucial role in safeguarding financial integrity, compliance with SOX requirements presents significant challenges for organizations due to its stringent and comprehensive mandates. This review explores strategic approaches and best practices for optimizing SOX compliance, focusing on the intersection of regulatory adherence and operational efficiency. SOX compliance primarily revolves around internal control over financial reporting (ICFR), auditor independence, corporate responsibility, and enhanced financial disclosures. The complexity of these requirements often leads to substantial compliance costs, increased administrative burdens, and potential operational disruptions. Identifying and mitigating these challenges is essential for maintaining financial integrity and organizational resilience. Implementing a risk-based approach to prioritize compliance efforts on areas with the highest risk of material misstatements. Conducting thorough risk assessments to identify and address vulnerabilities in financial reporting processes. Leveraging automation and advanced technologies, such as artificial intelligence and machine learning, to streamline compliance processes and enhance accuracy. Utilizing data analytics to monitor and assess control effectiveness continuously. Establishing and maintaining robust internal controls tailored to the organization's specific risk profile and operational environment. Regularly reviewing and updating controls to adapt to evolving regulatory requirements and business changes. Providing comprehensive training programs for employees at all levels to ensure awareness and understanding of SOX requirements and their roles in compliance. Promoting a culture of ethical behavior and accountability throughout the organization. Engaging independent third-party auditors to conduct objective assessments of compliance efforts and provide recommendations for improvement. Implementing continuous monitoring mechanisms to detect and address compliance issues proactively. The review highlights several best practices for achieving and maintaining SOX compliance, including integrating compliance into the broader corporate governance framework, fostering collaboration between internal audit and compliance functions, and adopting a proactive rather than reactive compliance mindset. Optimizing SOX compliance is pivotal for ensuring financial integrity and corporate accountability. By adopting strategic approaches and best practices, organizations can navigate the complexities of SOX requirements effectively, mitigate compliance risks, and reinforce stakeholder trust in their financial disclosures. In this review paper, I discuss the strategic approaches, challenges, and best practices in ensuring robust SOX compliance. I emphasize how meticulous internal audits and effective internal controls can enhance financial reporting accuracy and organizational integrity, drawing from my extensive experience in the field.

Iain Macneil,Xiao Li

DOI: https://doi.org/10.1111/j.1467-8683.2006.00524.x

2006-09-01

Abstract:The "comply or explain" principle adopted by the UK's Combined Code on Corporate Governance has now been in operation for 12 years. In this paper we focus on two aspects of this regime. The first is the nature of the explanations that have been given by companies with an established record of non-compliance ("serial non-compliers") and the role of the market in permitting deviations from the Combined Code. In particular, we consider the significance of share price performance as a factor that is relevant in justifying non-compliance and the extent to which investors appear to rely on this indicator rather than engage in the more difficult task of judging the relative merits of the Code provisions against alternatives. Our approach differs from much of the research linking corporate governance with financial performance in that it focuses on the potential influence of financial performance (as measured by share price) on governance structure rather than vice versa. Our study of FTSE 100 serial non-compliers suggests that there is a "prima facie "link between share price performance and investors' tolerance of non-compliance with the Combined Code. The second issue we examine is the link between the principle of "comply and explain" and the self-regulatory status of the Code. We conclude that the benefits of flexibility generally associated with the self-regulatory status of the Code are overstated and that the Code could be integrated into mainstream company law. Copyright (c) 2006 The Authors; Journal compilation (c) 2006 Blackwell Publishing Ltd.

Economics

Drijesh Patel -

DOI: https://doi.org/10.36948/ijfmr.2023.v05i04.5213

2023-08-09

International Journal For Multidisciplinary Research

Abstract:Cloud-based programs offer numerous advantages to businesses and governments, including cost reduction, scalability, and on-demand services. Software as a Service (SaaS) is a prominent cloud computing model, providing potential cost-savings and improved cost control. Cloud-based programs enable efficient resource provisioning, auto-scaling, and dynamic resource acquisition and release, leading to increased profitability and reduced reliance on on-site IT infrastructure. However, adopting cloud-based programs comes with challenges related to security and compliance. This article explores the advantages and differences of cloud-based programs compared to traditional software. It highlights the benefits of using AI in cloud-based programs to improve governance and compliance by streamlining processes and automating tasks. AI can enhance energy efficiency in cloud-based programs and significantly contribute to cost savings. However, it also introduces potential security risks and the need for robust security solutions to protect data in cloud-based eHealth systems. The article emphasizes best practices for ensuring security in cloud-based programs, such as role-based access, encryption, and data monitoring. It discusses the potential risks of using AI for security and the importance of developing governance practices specific to AI applications. Moreover, it explores the benefits of AI for compliance and governance in cloud-based programs, such as risk management, scalability, and improved efficiency. The article underscores the long-term benefits of using AI in compliance and governance, including the enhancement of corporate governance and expertise in AI risks over time. In conclusion, cloud-based programs coupled with AI present opportunities to revolutionize various industries by providing cost-effective, scalable, and secure solutions for compliance and governance needs. However, adopting AI in these programs requires careful consideration of security measures and adherence to specific AI governance practices to ensure the responsible and beneficial deployment of AI technologies.

Elizabeth Pollman

DOI: https://doi.org/10.2139/ssrn.3479723

2019-01-01

SSRN Electronic Journal

Abstract:In 2019, the CEO and chairperson of BlackRock, the world’s largest asset manager, called for corporate leaders to embrace corporate purpose and create value for stakeholders, and 181 CEOs of the Business Roundtable committed to lead their companies for the benefit of all stakeholders—customers, employees, suppliers, communities, and shareholders. The idea that corporations should engage in socially responsible business practices (“CSR”) or initiatives relating to environmental, social, and governance matters (“ESG”) is gaining prominence, but remains highly contested. Deeper examination reveals that these terms—CSR and ESG—each lack a singular meaning. From aligning shareholder and stakeholder interests for shared value and risk management, to going beyond compliance and profit-maximizing strategies, there is no consensus on what socially-responsible activity entails and the rationale for its pursuit.This chapter aims to illuminate the landscape of CSR, ESG, and their connection to compliance. Varying usage and mixed empirical research reveals that CSR and ESG lack a clearly defined connection to compliance. This indeterminacy extends to (1) whether CSR and ESG are correlated with or refer to greater levels of legal compliance, as well as (2) what it means for a corporation to “comply” with CSR or ESG goals in light of the proliferation of standards and metrics pertaining to sustainability and social impact. Exploring these topics through the U.S. perspective reflects that the business world is in a state of flux regarding how companies take account of their impact on stakeholders and the environment, and laws are evolving on issues such as sustainability disclosures that could help us better understand existing practices.