The hottest Compliance Substack posts right now

And their main takeaways
Category
Top Business Topics

The NRC's Abuse of PRA

Gordian Knot News 139 implied HN points 27 Feb 25
🇺🇸 U.S. Politics Regulation Government Public Policy Compliance Energy
  1. The NRC claims to calculate the probability of a release using PRA, but this is misleading. They only look at certain paths and ignore many other possible scenarios.
  2. There are countless ways a release could happen, and focusing only on a few higher probability paths does not guarantee safety.
  3. The core issue isn't the method of reliability analysis itself, but how the NRC misuses it in their approach.

Corrected Headlines

Human Capitalist 39 implied HN points 21 Oct 24
💼 Business Corporate culture Workforce Trends Human Resources Compliance Business News
  1. There is more to news stories than just the headlines. It's important to understand the people and events behind the news.
  2. The aim is to uncover significant context around recent corporate changes and workforce trends. This helps readers see the bigger picture.
  3. Readers are encouraged to share interesting headlines or stories that deserve deeper exploration. Engagement with the audience is key.

Resilient Cyber Newsletter #14

Resilient Cyber 59 implied HN points 17 Sep 24
🕹 Technology Cybersecurity Cloud Security AI Security DevOps Compliance
  1. Cyber attacks on U.S. infrastructure have surged by 70%, affecting critical sectors like healthcare and energy. This is causing bigger risks because these sectors are tied to essential services.
  2. Wiz has introduced 'Wiz Code' to improve application security by connecting cloud environments to source code and offering proactive ways to fix security issues in real-time.
  3. There's a growing crisis in the cybersecurity workforce, with many claiming there are numerous jobs available while many professionals feel unprepared for the roles. This highlights the disconnect between job openings and real-world experience.

Artificial Intelligence: European Union AI Act and its implications for finance

The Fintech Blueprint 471 implied HN points 23 Jan 24
💰 Finance Regulation Technology Compliance Financial Institutions AI
  1. The European Union AI Act categorizes AI systems into various risk levels and imposes strict regulations to ensure transparency, safety, and non-discrimination in financial services.
  2. Financial institutions using AI for customer data analysis and fraud detection must comply with the EU AI Act by ensuring accurate, unbiased decisions that are explainable to both customers and regulators.
  3. Complex AI systems like Large Language Models (LLMs) pose challenges in transparency and trust, requiring new methods to interpret decision-making and align with the EU regulations.

Bringing Security Out of the Shadows

Resilient Cyber 99 implied HN points 06 Jun 24
🕹 Technology Cybersecurity AI Software Compliance Risk management
  1. Shadow usage happens when employees use technology without telling the IT or security teams. This is easy to do, especially with things like personal devices and remote work.
  2. Cybersecurity teams often react to problems instead of staying ahead of technology trends. Instead of waiting for issues to arise, they should explore and adapt new technologies early.
  3. Long-lasting issues between security teams and other departments lead to frustration. If security teams work better with others, they can create a smoother, more productive environment.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

Resilient Cyber Newsletter #9

Resilient Cyber 19 implied HN points 13 Aug 24
🕹 Technology Cybersecurity AI Automation Compliance Vulnerability Management
  1. Microsoft is tying employee bonuses to security performance, highlighting the importance of prioritizing security in their culture. This means employees are encouraged to choose security over other goals like speed or profit.
  2. There's growing interest in using AI for cybersecurity tasks, including identifying vulnerabilities and automating processes. This technology could help improve security practices but also presents challenges.
  3. The market for security automation is expected to grow significantly. This means companies are looking for ways to streamline their security processes and keep up with new threats efficiently.

"Troubled" Axiom Bank Retaliated Against AML Whisteblowers, Ex-Staffers Say

Fintech Business Weekly 66 implied HN points 20 Oct 24
💰 Finance Banking Compliance Regulation Fintech Legal
  1. Axiom Bank faced serious allegations of retaliation against former employees who raised concerns about compliance and risk management issues. The complaints suggest that the bank ignored safety regulations and retaliated against those who spoke up.
  2. TomoCredit, facing financial struggles, defaulted on its debts and is being sued for not paying vendors. The company also has legal challenges over misleading practices related to its credit-building products.
  3. Both Axiom Bank and TomoCredit reveal challenges in the fintech sector related to compliance, financial stability, and ethical practices. These cases highlight the risks involved in the rapidly changing financial technology landscape.

Regulatory Update: Recent Developments Impacting DeFi

DeFi Education 779 implied HN points 19 Apr 23
🔮 Crypto Regulation Compliance Exchanges Market Trends Risk Assessment
  1. Recent SEC actions indicate a tough regulation for crypto exchanges in the US. Companies like Coinbase and Bittrex are facing serious legal challenges for not complying with registration rules.
  2. John Reed Stark, a former SEC official, predicts that many crypto exchanges may need to shut down or change how they operate in the US.
  3. Regulations are becoming a big deal in the crypto industry, and companies will have to work hard to comply with new rules to stay in business.

Banking-as-a-Service: Wrapped

Fintech Business Weekly 475 implied HN points 31 Dec 23
💰 Finance Fintech Compliance
  1. The banking-as-a-service industry faced challenges in 2023, such as issues with compliance and partnerships.
  2. There was increased regulatory scrutiny on BaaS entities, with concerns around misleading claims and high interest rates.
  3. Multiple BaaS-related scandals and legal actions occurred throughout the year, impacting various companies in the industry.

Block AI tools from scraping your site in 3 minutes

Deploy Securely 216 implied HN points 10 Jan 24
🕹 Technology AI Tools Web scraping Artificial Intelligence Cybersecurity Compliance
  1. Block major generative AI tools from scraping your website by adding specific directives to your robots.txt file.
  2. Consider modifying your site's terms and conditions to prevent undesired activities like scraping by AI tools.
  3. Blocking AI tools may impact your search and social media rankings, so find a balance between cybersecurity and potential repercussions.

Security Is A Useless Controls Problem

Security Is 59 implied HN points 29 May 24
🕹 Technology Cybersecurity Information Security Compliance Risk management
  1. Many security controls are useless, wasting resources and time. It's crucial to understand why you're implementing a control to avoid just following the crowd.
  2. If you can't explain why a security control is needed in a simple way, it's likely not very useful. Good controls should have clear reasons behind them.
  3. Wasting time on unnecessary controls can harm everyone in the industry. Focus on meaningful security measures to make better use of limited resources.

Dashboard Update: NIST Subcategories, MITRE Subtechniques and Mitigations

The Security Industry 30 implied HN points 20 Nov 24
🕹 Technology Cybersecurity Software Data Research Compliance
  1. The platform now includes detailed information on over 9,000 cybersecurity products, helping professionals match their needs with available solutions. Users can see how each product aligns with NIST and MITRE standards.
  2. Customers will soon be able to analyze their entire security stack, finding overlaps and gaps in their cybersecurity coverage. This feature will help them save costs and improve efficiency.
  3. Traditional research firms only cover a small fraction of the cybersecurity industry. By capturing detailed data on all products, this platform aims to provide a more comprehensive view of available options.

What the executive order means for openness in AI

AI Snake Oil 489 implied HN points 31 Oct 23
🕹 Technology AI Policy Compliance Research
  1. The executive order on AI strives to address various benefits and risks, impacting openness in the AI landscape.
  2. The EO does not include licensing or liability provisions, which could limit openness in AI development.
  3. The EO emphasizes defense against malicious AI uses, registration and reporting requirements, and transparency audits to ensure security and accountability.

A Look at the UK's National Cyber Security Centre's Vulnerability Management Guidance

Resilient Cyber 119 implied HN points 25 Feb 24
🕹 Technology Cybersecurity Vulnerability Management Risk Assessment Software updates Compliance
  1. Organizations should have a clear policy to automatically apply software updates. This helps close the gap between when vulnerabilities are identified and when they are fixed, making it harder for bad actors to exploit them.
  2. Knowing what assets you own and who is responsible for them is crucial. Without this information, vulnerabilities could go unaddressed, leading to increased security risks.
  3. The business should take ownership of the risks related to vulnerabilities, not just the security team. It’s important for leadership to understand and document the decisions regarding risks associated with remediation.

IMPORTANT: Tornado Cash Added To US Sanctions - $437 Million Blocked

DeFi Education 919 implied HN points 08 Aug 22
🔮 Crypto Blockchain Regulation Sanctions DeFi Compliance
  1. Tornado Cash has been added to the U.S. sanctions list, meaning it is illegal for U.S. citizens to engage with it in any way. This includes financial transactions or even visiting its website.
  2. Any assets held in Tornado Cash since the addition to the sanctions are considered 'tainted' and cannot be redeemed. This puts liquidity providers at risk of losing money.
  3. There are legal risks for U.S.-based Ethereum miners and exchanges that deal with Tornado Cash transactions, leading to increased compliance costs and possible changes in business operations.

What does it mean to be "Enterprise Ready"

Brick by Brick 18 implied HN points 18 Nov 24
💼 Business Startups Enterprise Sales Product Development Compliance
  1. Startups need to adapt their processes to meet strict enterprise requirements, especially in compliance and security. This means being ready for audits and ensuring data protection.
  2. Creating a product that fits into the enterprise ecosystem is key. This includes having integrations, customization options, and strong reporting tools that enterprises expect.
  3. When selling to enterprises, startups must change their approach, focusing on value rather than just features. They should also prepare for complex pricing and long contracting processes.

OWASP LLM AI Cybersecurity & Governance Checklist

Resilient Cyber 79 implied HN points 06 Mar 24
🕹 Technology AI Cybersecurity Governance Compliance Risk management
  1. Organizations need to understand the unique risks of using Large Language Models (LLMs) and Generative AI, and they should create clear strategies for managing these risks.
  2. Having an AI asset inventory is crucial so that companies know what AI tools they are using and who is responsible for them.
  3. Safety training for employees on AI tools can help prevent misuse and create a culture of transparency within the organization.

You Will Comply and You'll be Happy

Anxiety Addiction & Ascension 138 implied HN points 05 Dec 23
🎭️ Culture Gender Workplace Compliance Feminism Masculinity
  1. Annual compliance training can be tedious but necessary to adhere to workplace rules and ideologies
  2. New compliance modules focusing on topics like sexual harassment may have controversial or biased content
  3. Increased push for women and underrepresented groups in leadership roles in corporations may be linked to workplace dynamics and the evolving corporate agenda

Fearing the sheriff more than the bandits

Deploy Securely 157 implied HN points 21 Jul 23
🕹 Technology Cybersecurity Compliance Risk management Government Regulation Data Protection
  1. The fear of repercussions from authorities like prosecutors and regulatory agencies is often greater than that from hackers.
  2. Cybersecurity professionals and their teams face severe consequences for non-compliance, even if the breach was not entirely their fault.
  3. A flawed liability regime and focus on performative compliance rather than actual security measures contribute to the prioritization of checking boxes over protecting data.

How to define risk appetite and tolerance

Deploy Securely 157 implied HN points 12 Jul 23
🕹 Technology Cybersecurity Risk management Compliance Business impact
  1. Risk appetite is the baseline level of cybersecurity risk an organization is willing to accept.
  2. Risk appetite should be defined in fungible units like dollars or engineer-hours, not security-specific terms.
  3. Risk tolerance is the speed at which an organization must address risk above the established appetite to avoid compliance issues.

6 March is DMA-Day

Platform Papers 59 implied HN points 05 Mar 24
🕹 Technology Regulation Big Tech Compliance Market Impact Digital Platforms
  1. The Digital Markets Act (DMA) will enforce new rules on major digital platforms starting March 6, 2024, aiming to make markets fairer and more contestable for platforms like Apple, Google, Meta, TikTok, Amazon, and others.
  2. The DMA introduces obligations for gatekeepers to open up ecosystems, ensure fairness for business users, and promote transparency by submitting compliance plans publicly.
  3. The enforcement of DMA rules faces challenges from wealthy companies like Apple resisting compliance and the European Commission needing to balance limited resources with rigorous enforcement, highlighting the need for immediate action and collaboration with national agencies.

Not all BOM's are Created Equal

Resilient Cyber 119 implied HN points 07 Nov 23
🕹 Technology Cybersecurity Software Compliance Supply Chain Open Source
  1. Not all software bills of materials (SBOMs) are the same, and they are important for software supply chain security. They help provide transparency about the components within software.
  2. The BOM Maturity Model can help evaluate how complete and useful a BOM is. It measures difficulty in obtaining data and assesses how well the BOM meets certain standards.
  3. As the industry works towards better SBOMs, tools and resources like the OWASP guides are crucial. They aim to improve understanding and detail in software management, similar to standards in food or pharmaceuticals.

Announcing LASEC: LLM Application Security Executive Certification

PromptArmor Blog 100 implied HN points 20 Mar 24
🕹 Technology Cybersecurity Artificial Intelligence Education Compliance Threat intelligence
  1. LASEC is a new certification focused on LLM application security. It aims to educate leaders on current security threats and best practices.
  2. Participants will learn about real-world threats, including a new exploit discovered by PromptArmor. They'll also dive into compliance standards and how to balance security with product development.
  3. The certification program is designed to share knowledge gained from working with top security leaders in Fortune 100 companies, making it a valuable resource for security professionals.

Public Sector Compliance Conundrums

Resilient Cyber 19 implied HN points 23 May 24
🕹 Technology Cybersecurity Compliance Software Development Cloud Services Innovation
  1. Public sector organizations struggle with balancing cybersecurity, innovation, and compliance. They need faster software delivery while keeping systems secure, which is a tricky balance.
  2. Programs like FedRAMP and the Authority to Operate (ATO) process are seen as too complicated and slow, making it hard for the government to adopt new cloud services quickly. This can lead to workarounds that compromise security.
  3. The push for secure software supply and self-attestation aims to improve security but can add more complexity for software suppliers. Striking the right balance between security and accessibility is essential.

A brief guide to building your first lending product

Rohit’s Newsletter 98 implied HN points 14 Sep 23
💼 Business Fintech Startup Lending Compliance Regulations
  1. Building financial products like credit cards or loans requires careful consideration of compliance regulations, risk models, operations, and funding models.
  2. Fintech infrastructure products can assist in building credit products, but integration can be complex due to a lack of standard setup.
  3. To effectively build a lending product, break it down into steps like acquisition, underwriting, origination, funding, and servicing.

Frame AI risk using the NIST RMF

Deploy Securely 98 implied HN points 09 Jun 23
🕹 Technology AI Risk management Security Governance Compliance
  1. The NIST AI Risk Management Framework provides a governance, risk, and compliance framework for artificial intelligence.
  2. The document highlights the challenges in AI risk management, including identifying and cataloging risks, emergent risks, and availability of reliable metrics.
  3. The criteria to evaluate AI systems include validity, safety, security, accountability, transparency, privacy, and fairness in managing harmful bias.

Learning Series #1— A Closer Look at Concordium and Worldcoin

Concordium Monthly Updates 98 implied HN points 15 Sep 23
🕹 Technology Blockchain Identity Cryptocurrency Privacy Compliance
  1. Concordium emphasizes privacy and compliance through its identity verification process, showcasing a user-centric approach.
  2. Worldcoin aims to revolutionize access to the global economy with a unique digital identification platform but faces challenges with compliance and security.
  3. Concordium's diverse ecosystem facilitates innovation across various sectors, while Worldcoin focuses on Universal Basic Income through the World App.

A Digital Scouts Honor

Resilient Cyber 19 implied HN points 09 May 24
🕹 Technology Cybersecurity Software Risk management Compliance Vulnerability Management
  1. The Secure-by-Design Pledge encourages software companies to make their products more secure, focusing on goals like using multi-factor authentication and reducing default passwords. This means companies are promising to create safer software for everyone.
  2. The pledge is voluntary, which means companies are not legally required to follow these guidelines. While this relies on their honesty, it raises trust issues since there's no enforced accountability.
  3. Many big names in tech have signed this pledge, which is a positive step. But it's crucial for more non-security-focused companies to join in for real change to happen in improving software security.

#31 Episode - VC Funds Regulatory Playbook

Law of VC 89 implied HN points 20 Feb 24
💼 Business Regulations Venture Capital Compliance Funds
  1. The Carta Policy Team released a comprehensive VC Regulatory Playbook that simplifies the complex SEC rules for emerging fund managers.
  2. The playbook covers crucial topics including the regulation of fundraising, private funds, and fund managers along with an ERA Compliance Checklist.
  3. Fund managers can learn about specific regulations such as the Section 3(c)(1) and 3(c)(7) exemptions, the requirements for venture capital funds, and the importance of filing a Form ADV.

Blue Ridge "Explores Options" For Capital Raise As It Reduces BaaS, Fintech Exposure

Fintech Business Weekly 126 implied HN points 19 Nov 23
💰 Finance Banking Regulation Lending Payments Compliance
  1. Blue Ridge Bank is looking to raise capital and reduce its exposure to banking-as-a-service and fintech.
  2. States like California and Wisconsin are regulating earned wage access, which is positive but adds compliance challenges.
  3. Plaid has launched a subsidiary as a consumer reporting agency, moving towards offering cash flow underwriting services.

More than half of River Murray boaties break the rules, crackdown suggests

Murray Bridge News 39 implied HN points 05 Feb 24
📰 News Safety Compliance Regulations Australia
  1. More than half of River Murray boat users broke rules during an Australia Day long weekend blitz by Marine Safety SA.
  2. Violations included speeding, not carrying safety gear, getting too close to swimmers, and boating without a license.
  3. Marine Safety SA stopped and warned/fined roughly 800 boats across River Murray during the weekend.

AI Red Teaming

Rod’s Blog 39 implied HN points 30 Jan 24
🕹 Technology AI Security Ethics Framework Compliance
  1. AI red teaming is crucial for ensuring AI systems are robust, secure, and aligned with human values and expectations.
  2. AI red teaming helps identify weaknesses and threats that could compromise the performance, functionality, or integrity of AI systems.
  3. AI red teaming aligns with responsible AI principles like fairness, reliability, safety, privacy, inclusiveness, transparency, and accountability.

#27 Episode - Venture Fund Legal Checklist ✅

Law of VC 246 implied HN points 28 Feb 23
💼 Business Venture Capital Legal Compliance Tax
  1. The article provides a basic understanding of key decisions and material terms for forming and closing a venture capital fund.
  2. Forming a traditional VC fund typically involves creating three entities: the General Partner (LLC), the Management Company, and the Venture Fund.
  3. Compliance with key laws such as the Securities Act, Investment Company Act, and Advisers Act is crucial for post-closing obligations in venture fund formation.

Little Lamb, who made thee? The Archegos Affair, part 2.

The Jolly Contrarian 119 implied HN points 28 Dec 22
💰 Finance Risk management Regulation Compliance
  1. Regulatory margin rules can sometimes worsen financial crises by inadvertently enabling risky behaviors such as concentrated fund positions.
  2. In complex organizations, there is a difference between the appearance of good governance and actual effective risk control. Overemphasis on formal structures may lead to overlooking practical risk management.
  3. Organizations should balance formal risk control infrastructure with experienced, nuanced decision-making, rather than relying solely on rigid systems.

My Current Thoughts on Using AI with a Modern SIEM

Rod’s Blog 59 implied HN points 06 Sep 23
🕹 Technology Cybersecurity Artificial Intelligence Innovation Challenges Compliance
  1. As technology advances, organizations need to integrate AI with SIEM to enhance cybersecurity defenses against sophisticated cyber threats.
  2. AI-driven SIEM solutions offer advantages like advanced threat detection, real-time monitoring, automated incident response, and predictive analytics, empowering organizations to stay ahead of cyber threats.
  3. Challenges in AI-driven SIEM include the need for skilled personnel, potential for false positives, and ethical considerations around AI-powered decision-making in cybersecurity.