#compliance
12 stories taggedcompliance.

Farage's £5m Crypto Gift Was Flagged to the UK's National Crime Agency Over Money-Laundering Fears
Bankers who processed the payment raised a formal suspicion report. Now the Reform UK leader faces scrutiny from two directions at once.

Seven Cyber Risk Assessment Mistakes That Give Security Leaders False Confidence
Experts say many organisations tick boxes, skip awkward corners of their networks, and confuse passing an audit with being secure. Here is what actually goes wrong.

CIOs Are Running AI Governance Without a Playbook — and the Clock Is Running
Boards want AI returns. Employees want access. Compliance teams want guardrails. The CIO is stuck in the middle of all three.

Compliance Theatre Has a Reckoning Coming. FedRAMP 20x Is the Opening Act.
Most SOC 2 and ISO 27001 reports audit a curated version of history, not operational reality. A federal cloud-security overhaul is forcing the question nobody wanted to answer: does passing audits actually mean anything?

PCI DSS 4.0.1 Drags Checkout Scripts Into Scope, and Most Merchants Aren't Ready
Independent QSA assessment puts Reflectiz against the new client-side rules. The verdict: the script soup running on your payment page is now an auditable surface.

Old Risk Frameworks Can't Handle AI. Here Are the New Ones That Try.
From ISO 42001 to NIST's AI RMF and ENISA's layered playbook, a clutch of frameworks is competing to define how organizations govern AI risk — each targeting a different gap.

Voluntary AI Security Rules: The Industry Already Knows What That Means
Trump's AI cybersecurity executive order drew polite applause from vendors and quiet skepticism from practitioners. The gap between those two reactions is where the real story lives.

The vCISO Tool Is Dead. MSPs Now Need a Security Growth Platform.
What started as assessment-and-report software has to grow up — or get replaced by something that actually runs a security practice.

Shadow AI Is Now a Compliance Problem, Not Just an IT One
Employees are running unsanctioned AI assistants by the handful. Regulators are starting to ask who approved them, and under which control framework.

AI Governance Is Broken Because It Still Lives Outside the Pipeline
Building compliance as a post-ship review layer made sense for static software. For AI systems that mutate overnight, it is organizational negligence dressed up as process.

AI Agent Identities Are Redrawing Enterprise IAM Budgets
New Omdia research finds that the rapid spread of AI agent deployments is forcing organisations to treat non-human identities as a distinct governance category, with budget implications that traditional identity and access management frameworks were not designed to absorb.

Agentic AI Quietly Rewrites the NDR Pitch, But Procurement Rules Have Not Caught Up
Network detection vendors say autonomous triage is thinning the alert queue. Buyers are now asking what regulators will let those agents actually do.