These are some of the compliance-related stories that caught my attention this week.
The Board Member’s Oversight of AI Risk – Moving from Middle to Modern English
By Sean Dowd, Rich Kando, and Chris Crovatto, AlixPartners LLP
Harvard Law School Forum on Corporate Governance
Risk assessments take on many forms, but there are three critical components of a risk assessment that, when consistently applied, help to compartmentalize a company’s often highly complex risk environment and measure progress. A risk assessment requires (1) the identification of the inherent risks present within a company’s operations, in this case a company’s GenAI program and its use case, (2) the effectiveness of a company’s existing safeguards in addressing those inherent risks, and (3) the remaining residual risks after the application of those safeguards.
PCAOB Adopts New Quality Control and Auditor Responsibility Standards
by David Lynn
The Corporate Counsel .net
On Monday, the PCAOB adopted two new standards. First, the PCAOB adopted a new audit quality control standard, replacing the existing AICPA standard that pre-dated the creation of the PCAOB. The new standard requires all PCAOB registered firms to identify their specific risks and design a quality control system that includes policies and procedures to address those risks.
How Bank Regulation and Supervision Can Weaken Financial Stability
By Hamid Mehran and Chester Spatt
The CLS Blue Sky Blog
We argue that bank regulation and supervision interfere with pricing risk by creating opacity. Given that market disclosures enhance the efforts of supervisors, and vice versa, more disclosure could enhance financial stability (see Spatt, 2010)[1]. In addition, we believe that disclosure would provide information on the competence and performance of regulators and supervisors (reducing adverse selection about regulators) and increase their incentives (reducing moral hazard). This would make capital markets more effective in addressing future banking problems and reducing reliance on bank regulators who have arguably failed the public. We question the value of withholding vast amounts of banks’ privileged information and argue that, although this unique regulatory practice has a long history, it is not ethical in the context of fair treatment of investors in public entities. Indeed, firms are required under the securities laws to disclose material nonpublic information, at least when they raise capital.
CFPB Survives Another Attack
Consumer Financial Protection Bureau v. Community Financial Services Association of America, Limited __ US ___ (2023)
The Bureau’s funding statute satisfies the requirements of the Appropriations Clause. The statute authorizes the Bureau to draw public funds from a particular source—“the combined earnings of the Federal Reserve System”— in an amount not exceeding an inflationadjusted cap. 12 U. S. C. §§5497(a)(1), (2)(A)–(B). And, it specifies the objects for which the Bureau can use those funds—to “pay the expenses of the Bureau in carrying out its duties and responsibilities.” §5497(c)(1). The Bureau’s funding mechanism also fits comfortably within the historical appropriations practice described above. P. 15– 16.