2025 Supervisors Symposium

M.L.S. in Cybersecurity, Risk & Governance Master the Law. Mitigate the Risk. Lead in Cybersecurity.

DoJ: ECCP AI Guidance  Evaluation of Corporate Compliance Programs (ECCP) provides guidance on the factors federal prosecutors may consider in evaluating a corporate compliance program and a company’s controls.  Although designed as a reference for prosecutors, companies have looked to the ECCP to understand the DOJ’s thinking on what makes an effective compliance program. Updated September 2024, addressing, among other things, risks associated with new and emerging technologies. Key “Themes”  Compliance program autonomy and resources  Access to data  Compliance program evaluation, testing, and improvement  Risks of AI and Emerging Technologies  Focus on AI  Identifying and Mitigating Technology Risks

 Controls and Governance  Understanding Technology  Use of Data and Data Analytics  Third-party management

 Reporting and Anti-Retaliation  Heightened Expectations on Lessons Learned  Continuous Monitoring

FFIEC

31

MLS in Cybersecurity, Risk & Governance :

M.L.S. in Cybersecurity, Risk & Governance Master the Law. Mitigate the Risk. Lead in Cybersecurity.

AI Governance – In Summary

 Align to Business Strategy  New AI risks/ New Controls  Dedicated focus and oversight  Architecture - AI Risks  Adopt regulatory frameworks  Establish internal AI policies  Enhanced Security

 Ethical Standards  Develop Your Strategy  Reliability  Transparency  Reliability  Consumer Protection

 Train employees (safe & secure AI)  Compliance should be top of mind  Build security/privacy at every stage

 Focused Policies  Incident Response  Proceed with caution

FFIEC

32

MLS in Cybersecurity, Risk & Governance :