The hottest Compliance Substack posts right now

And their main takeaways
Category
Top Business Topics

Public Sector Compliance Conundrums

Resilient Cyber 19 implied HN points 23 May 24
🕹 Technology Compliance
  1. Public sector organizations struggle with balancing cybersecurity, innovation, and compliance. They need faster software delivery while keeping systems secure, which is a tricky balance.
  2. Programs like FedRAMP and the Authority to Operate (ATO) process are seen as too complicated and slow, making it hard for the government to adopt new cloud services quickly. This can lead to workarounds that compromise security.
  3. The push for secure software supply and self-attestation aims to improve security but can add more complexity for software suppliers. Striking the right balance between security and accessibility is essential.

What the executive order means for openness in AI

AI Snake Oil 489 implied HN points 31 Oct 23
🕹 Technology Compliance
  1. The executive order on AI strives to address various benefits and risks, impacting openness in the AI landscape.
  2. The EO does not include licensing or liability provisions, which could limit openness in AI development.
  3. The EO emphasizes defense against malicious AI uses, registration and reporting requirements, and transparency audits to ensure security and accountability.

A brief guide to building your first lending product

Rohit’s Newsletter 98 implied HN points 14 Sep 23
💼 Business Compliance
  1. Building financial products like credit cards or loans requires careful consideration of compliance regulations, risk models, operations, and funding models.
  2. Fintech infrastructure products can assist in building credit products, but integration can be complex due to a lack of standard setup.
  3. To effectively build a lending product, break it down into steps like acquisition, underwriting, origination, funding, and servicing.

Frame AI risk using the NIST RMF

Deploy Securely 98 implied HN points 09 Jun 23
🕹 Technology Compliance
  1. The NIST AI Risk Management Framework provides a governance, risk, and compliance framework for artificial intelligence.
  2. The document highlights the challenges in AI risk management, including identifying and cataloging risks, emergent risks, and availability of reliable metrics.
  3. The criteria to evaluate AI systems include validity, safety, security, accountability, transparency, privacy, and fairness in managing harmful bias.

Learning Series #1— A Closer Look at Concordium and Worldcoin

Concordium Monthly Updates 98 implied HN points 15 Sep 23
🕹 Technology Compliance
  1. Concordium emphasizes privacy and compliance through its identity verification process, showcasing a user-centric approach.
  2. Worldcoin aims to revolutionize access to the global economy with a unique digital identification platform but faces challenges with compliance and security.
  3. Concordium's diverse ecosystem facilitates innovation across various sectors, while Worldcoin focuses on Universal Basic Income through the World App.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

A Digital Scouts Honor

Resilient Cyber 19 implied HN points 09 May 24
🕹 Technology Compliance
  1. The Secure-by-Design Pledge encourages software companies to make their products more secure, focusing on goals like using multi-factor authentication and reducing default passwords. This means companies are promising to create safer software for everyone.
  2. The pledge is voluntary, which means companies are not legally required to follow these guidelines. While this relies on their honesty, it raises trust issues since there's no enforced accountability.
  3. Many big names in tech have signed this pledge, which is a positive step. But it's crucial for more non-security-focused companies to join in for real change to happen in improving software security.

Quaint Oak, Hatch Hit With BaaS-Related Enforcement Actions

Fintech Business Weekly 59 implied HN points 01 Jun 25
💰 Finance Compliance
  1. Quaint Oak and Hatch Bank faced enforcement actions related to compliance with anti-money laundering laws. These actions highlight ongoing regulatory scrutiny in the banking and fintech sectors.
  2. The CFPB is supporting a challenge to the open banking rule, which could lead to significant changes in how financial data is shared. This implies that fintech companies may need to brace for new regulatory hurdles.
  3. Recent data shows many households are struggling with financial obligations, like student loans and buy now, pay later payments. This indicates a broader concern about financial stability among everyday consumers.

AI Red Teaming

Rod’s Blog 39 implied HN points 30 Jan 24
🕹 Technology Compliance
  1. AI red teaming is crucial for ensuring AI systems are robust, secure, and aligned with human values and expectations.
  2. AI red teaming helps identify weaknesses and threats that could compromise the performance, functionality, or integrity of AI systems.
  3. AI red teaming aligns with responsible AI principles like fairness, reliability, safety, privacy, inclusiveness, transparency, and accountability.

Little Lamb, who made thee? The Archegos Affair, part 2.

The Jolly Contrarian 119 implied HN points 28 Dec 22
💰 Finance Compliance
  1. Regulatory margin rules can sometimes worsen financial crises by inadvertently enabling risky behaviors such as concentrated fund positions.
  2. In complex organizations, there is a difference between the appearance of good governance and actual effective risk control. Overemphasis on formal structures may lead to overlooking practical risk management.
  3. Organizations should balance formal risk control infrastructure with experienced, nuanced decision-making, rather than relying solely on rigid systems.

My Current Thoughts on Using AI with a Modern SIEM

Rod’s Blog 59 implied HN points 06 Sep 23
🕹 Technology Compliance
  1. As technology advances, organizations need to integrate AI with SIEM to enhance cybersecurity defenses against sophisticated cyber threats.
  2. AI-driven SIEM solutions offer advantages like advanced threat detection, real-time monitoring, automated incident response, and predictive analytics, empowering organizations to stay ahead of cyber threats.
  3. Challenges in AI-driven SIEM include the need for skilled personnel, potential for false positives, and ethical considerations around AI-powered decision-making in cybersecurity.

Binance and the Trojan Horse

False Positive 39 implied HN points 27 Nov 23
💰 Finance Compliance
  1. Nested accounts play a crucial role in facilitating financial crime by providing anonymity and allowing funds to move across borders through complex networks.
  2. Financial institutions and regulators face challenges in monitoring nested accounts and ensuring compliance with anti-money laundering regulations, risking involvement in criminal activities.
  3. Intermediaries like nested accounts in the crypto world increase regulatory control but also create complexities that could make it harder to detect and prevent financial crimes.

The Ways Microsoft Copilot for Security Can Enhance Security Operations with Microsoft Purview

Rod’s Blog 19 implied HN points 08 Feb 24
🕹 Technology Compliance
  1. Microsoft Security Copilot enhances security by seamlessly integrating with Microsoft Purview, simplifying security policies and governance.
  2. The AI capabilities of Microsoft Security Copilot aid in proactive threat detection and response by analyzing data to identify potential risks before they escalate.
  3. Automated compliance and data governance processes are streamlined through the combination of Microsoft Purview's features and Security Copilot's automation, facilitating adherence to regulations.

Concordium and 2021.ai Team Up to Make AI More Trustworthy

Concordium Monthly Updates 39 implied HN points 20 Jul 23
🕹 Technology Compliance
  1. Partnership between Concordium and 2021.ai enhances trust in AI through data validation and audit trails.
  2. Integration of Concordium's blockchain into 2021.ai's platform enables new use cases like ESG Validation and MiCA compliance.
  3. Collaboration aims to promote responsible and ethical use of AI, driving innovation and building trust in the AI industry.

Top questions ahead of Eagle Alpha's Unbound New York Conference

The Data Score 39 implied HN points 05 Jun 23
💼 Business Compliance
  1. Data monetization involves creating revenue streams by refining and selling accumulated data.
  2. Large Language Models (LLMs) are advanced AI models trained on vast amounts of text data for generating human-like responses in various applications.
  3. Alpha generation in finance refers to outperforming the market or generating excess returns in an investment strategy.

Securing Data in an AI-First World with Microsoft Purview

Rod’s Blog 19 implied HN points 06 Feb 24
🕹 Technology Compliance
  1. Microsoft Purview is a top industry solution for managing data estates, offering governance, protection, and management.
  2. The latest enhancements to Microsoft Purview and Microsoft Defender focus on securing data in the context of generative AI, providing visibility, protection, and compliance controls.
  3. Organizations can leverage Microsoft Purview and Microsoft Defender to securely adopt AI, ensuring data protection while harnessing AI's full potential.

Epstein Regulation Compliance

The Cosmopolitan Globalist 18 implied HN points 19 Jul 25
🇺🇸 U.S. Politics Compliance
  1. There's a new rule for journalists to focus only on stories about Epstein and ignore many other news topics, which seems silly.
  2. Any newsletters sent out about other topics are on hold until it's okay to share them again.
  3. The writer is jokingly warning readers to keep quiet about any non-compliant newsletters or else there will be consequences.

"Troubled" Axiom Bank Retaliated Against AML Whisteblowers, Ex-Staffers Say

Fintech Business Weekly 66 implied HN points 20 Oct 24
💰 Finance Compliance
  1. Axiom Bank faced serious allegations of retaliation against former employees who raised concerns about compliance and risk management issues. The complaints suggest that the bank ignored safety regulations and retaliated against those who spoke up.
  2. TomoCredit, facing financial struggles, defaulted on its debts and is being sued for not paying vendors. The company also has legal challenges over misleading practices related to its credit-building products.
  3. Both Axiom Bank and TomoCredit reveal challenges in the fintech sector related to compliance, financial stability, and ethical practices. These cases highlight the risks involved in the rapidly changing financial technology landscape.

#27 Episode - Venture Fund Legal Checklist ✅

Law of VC 246 implied HN points 28 Feb 23
💼 Business Compliance
  1. The article provides a basic understanding of key decisions and material terms for forming and closing a venture capital fund.
  2. Forming a traditional VC fund typically involves creating three entities: the General Partner (LLC), the Management Company, and the Venture Fund.
  3. Compliance with key laws such as the Securities Act, Investment Company Act, and Advisers Act is crucial for post-closing obligations in venture fund formation.

Building a Compliance and AppSec Program for a Federal Platform-as-a-Service (PaaS)

Resilient Cyber 59 implied HN points 11 Apr 23
🕹 Technology Compliance
  1. Building a compliance and AppSec program for a federal Platform-as-a-Service is challenging. It's important to understand which security controls can be inherited by development teams.
  2. Scaling the compliance program across multiple teams can lead to unique challenges. It's crucial to onboard each team effectively while minimizing their workload.
  3. Developers need support in balancing security and compliance with their work. Educating auditors about cloud practices is also important for smoother collaboration.

Episode #30 - Survival Guide to New VC Regulations

Law of VC 156 implied HN points 30 Aug 23
💰 Finance Compliance
  1. New SEC rules for VCs have been enacted with compliance required within 18 months.
  2. Estimated annual compliance costs for VCs under the new SEC rules are expected to be significant.
  3. The impact of the new regulations on LPAs and side letter negotiations will require thorough review and potential revisions.

Blue Ridge "Explores Options" For Capital Raise As It Reduces BaaS, Fintech Exposure

Fintech Business Weekly 126 implied HN points 19 Nov 23
💰 Finance Compliance
  1. Blue Ridge Bank is looking to raise capital and reduce its exposure to banking-as-a-service and fintech.
  2. States like California and Wisconsin are regulating earned wage access, which is positive but adds compliance challenges.
  3. Plaid has launched a subsidiary as a consumer reporting agency, moving towards offering cash flow underwriting services.

OMB 22-18 and NIST's SSDF

Resilient Cyber 79 implied HN points 11 Dec 22
🕹 Technology Compliance
  1. Federal agencies must collect self-attestations from software vendors about their secure development practices, following NIST's guidelines.
  2. The NIST Secure Software Development Framework (SSDF) encourages integrating security early in the software development process, rather than addressing it later on.
  3. Industry groups are raising concerns about the requirements for transparency in the software supply chain, which could lead to delays in implementing necessary security measures.

Announcing LASEC: LLM Application Security Executive Certification

PromptArmor Blog 92 implied HN points 20 Mar 24
🕹 Technology Compliance
  1. LASEC is a new certification focused on LLM application security. It aims to educate leaders on current security threats and best practices.
  2. Participants will learn about real-world threats, including a new exploit discovered by PromptArmor. They'll also dive into compliance standards and how to balance security with product development.
  3. The certification program is designed to share knowledge gained from working with top security leaders in Fortune 100 companies, making it a valuable resource for security professionals.

#31 Episode - VC Funds Regulatory Playbook

Law of VC 89 implied HN points 20 Feb 24
💼 Business Compliance
  1. The Carta Policy Team released a comprehensive VC Regulatory Playbook that simplifies the complex SEC rules for emerging fund managers.
  2. The playbook covers crucial topics including the regulation of fundraising, private funds, and fund managers along with an ERA Compliance Checklist.
  3. Fund managers can learn about specific regulations such as the Section 3(c)(1) and 3(c)(7) exemptions, the requirements for venture capital funds, and the importance of filing a Form ADV.

Regulatory Leviathans

Law of VC 111 implied HN points 21 Aug 23
💰 Finance Compliance
  1. The SEC is passing new regulations for private fund advisers, including VC firms, which would be the first significant VC regulations since the 2008 financial crisis.
  2. The most crucial law governing venture capital funds is the Advisers Act, granting the SEC the power to create rules, investigate, and enforce regulations.
  3. The SEC's regulatory priorities include conflicts of interest, fees and expenses calculations, and compliance with marketing rules, all under the Advisers Act.

April Event Round-Up and Public Speaking

Resilient Cyber 39 implied HN points 04 Apr 23
🕹 Technology Compliance
  1. There are several public speaking events related to security and compliance happening in April. These focus on topics like Software as a Service (SaaS) security and building secure programs.
  2. One important event will discuss how to create a compliance program for federal services, emphasizing the balance between development speed and security. This is crucial for companies navigating these challenges.
  3. Another key topic is Software Transparency and how to secure the software supply chain. This issue is becoming more important as many businesses rely on software solutions, and it's something experts are starting to address more.

Dashboard Update: NIST Subcategories, MITRE Subtechniques and Mitigations

The Security Industry 30 implied HN points 20 Nov 24
🕹 Technology Compliance
  1. The platform now includes detailed information on over 9,000 cybersecurity products, helping professionals match their needs with available solutions. Users can see how each product aligns with NIST and MITRE standards.
  2. Customers will soon be able to analyze their entire security stack, finding overlaps and gaps in their cybersecurity coverage. This feature will help them save costs and improve efficiency.
  3. Traditional research firms only cover a small fraction of the cybersecurity industry. By capturing detailed data on all products, this platform aims to provide a more comprehensive view of available options.

The why and how of SaaS Governance

Resilient Cyber 39 implied HN points 06 Feb 23
🕹 Technology Compliance
  1. Organizations need a solid plan to manage the security risks associated with their wide use of Software as a Service (SaaS). This includes knowing what SaaS applications they use and applying security measures.
  2. Many companies focus heavily on securing their infrastructure services like AWS or Azure, but they often overlook the significant risks that come with SaaS applications. This can lead to security breaches.
  3. It's important for businesses to understand the shared responsibility model in cloud security and realize that while SaaS providers handle some security, the ultimate responsibility for data protection still lies with the organization.

Episode 34: Better Built By Burkhard

burkhardstubert 39 implied HN points 16 Jan 23
🕹 Technology Compliance
  1. Combining libraries with incompatible licenses can lead to legal issues, meaning you can’t deploy the software without violating at least one license.
  2. If you use any library under GPL, your whole software must also be GPL, meaning you have to share your source code, which may not be ideal for businesses.
  3. Carefully check which licenses apply to the libraries you use, especially with frameworks like Qt, as some combinations can be illegal or unpredictable.

Security Is Not An Encryption Problem

Security Is 1 HN point 17 Jul 24
🕹 Technology Compliance
  1. Encryption is important, but it's often treated as a checkbox in cloud environments. Many people believe that encryption at rest and in transit fully secures their data, but this isn't always the case.
  2. In cloud settings, especially with services like AWS, anyone with the right permissions can access data regardless of whether it's encrypted at rest. This means encrypting data on the storage level may not offer as much protection as people think.
  3. Instead of focusing heavily on encryption, businesses should prioritize their access controls and permissions. Properly managing who can access what data is often a much more critical aspect of security.

🔐 TPM Microguide: Lessons On Running Effective AI Projects + Project Plan Template

Building Rome(s) 5 implied HN points 03 Aug 25
🕹 Technology Compliance
  1. Beta and pilot testing are crucial for AI projects. They help find issues that regular testing might miss and provide early feedback from users.
  2. It's better to launch AI features gradually rather than all at once. Starting small and monitoring the results can help avoid bigger problems later on.
  3. Involve privacy and legal teams from the beginning. Early discussions about data practices can prevent delays and help build trustworthy AI products.

Why You Should Join The Artificial Intelligence Underwriting Company

Why You Should Join 2 implied HN points 10 Nov 25
🕹 Technology Compliance
  1. AI systems need to earn trust to become widely adopted. This is because their unpredictable behavior can lead to serious problems, like giving bad advice or leaking sensitive information.
  2. The Artificial Intelligence Underwriting Company (AIUC) is creating standards and insurance for AI to help companies feel more secure when using these technologies. They offer a certification that includes audits and liability coverage.
  3. As businesses face more risks with AI, having a trust framework like AIUC's is essential. This helps streamline the adoption process by showing that safety and compliance are taken seriously.

Introducing ControlAI's App

Lukasz’s Substack 3 HN points 17 Apr 24
🕹 Technology Compliance
  1. ControlAI's platform offers a solution for AI safety and compliance, simplifying the complex process for users.
  2. Users can use the platform to create an inventory of AI assets, understand regulations like ISO Norms and GDPR, and track progress towards compliance.
  3. The platform also enables users to deploy defenses, showcase AI safety solutions, and collaborate with the AI community to enhance safety measures.

What does it mean to be "Enterprise Ready"

Brick by Brick 18 implied HN points 18 Nov 24
💼 Business Compliance
  1. Startups need to adapt their processes to meet strict enterprise requirements, especially in compliance and security. This means being ready for audits and ensuring data protection.
  2. Creating a product that fits into the enterprise ecosystem is key. This includes having integrations, customization options, and strong reporting tools that enterprises expect.
  3. When selling to enterprises, startups must change their approach, focusing on value rather than just features. They should also prepare for complex pricing and long contracting processes.

Ethical firms are more likely to merge

Klement on Investing 1 implied HN point 01 Dec 25
💰 Finance Compliance
  1. Firms that merge tend to have fewer ethical complaints because buyers avoid targets with poor records and targets resist buyers with bad ethics.
  2. After a merger reported ethics violations fall by about 17–22%, largely because combined firms disproportionately lay off employees with past complaints.
  3. Unethical employees often get rehired elsewhere, especially at larger firms, so misconduct persists and the industry gradually splits into high-integrity and low-integrity firms.

Trust Through Transparency

Resilient Cyber 19 implied HN points 23 Jan 23
🕹 Technology Compliance
  1. People are demanding more transparency in digital systems. This means consumers want to know what software they are using and how it is made.
  2. There's a strong push for companies to adopt Zero Trust, meaning no one gets automatic access. Every access request needs to be verified.
  3. Privacy regulations are changing, with more laws being introduced to protect personal data. Companies need to be clear about how they collect and use consumer information.

Issue #101: Capital One To Buy Discover For $35.3b, Monzo Eyes £4b Valuation, And FairMoney In Talks To Buy Umba

Fintech Radar 6 implied HN points 28 Feb 24
💼 Business Compliance
  1. Capital One's acquisition of Discover for $35.3 billion aims to boost competitiveness in the payments network but may face regulatory challenges due to concerns about bank consolidation.
  2. Monzo's potential £4 billion valuation in a funding round signifies ongoing investor interest in neobanks adapting to profitability and growth in the consumer fintech market.
  3. FairMoney's talks to buy Umba in a $20 million deal show a trend of consolidation in fintech markets like Africa, where companies navigate challenges to serve a growing demand for digital financial services.