Improve your compliance vocabulary and become the most
well-versed compliance professional you know. Stay up-to-date with
this ever-growing list of governance, risk and compliance terms.
Use the list below to identify and understand the many terms related to governance, risk and compliance, including regulatory definitions and words and phrases about corporate governance and risk mitigation.
Originally developed as the accounting method for the virtual currency Bitcoin, blockchains use what is now known as distributed ledger technology (DLT). This technology creates indelible records that cannot be changed, as the authenticity can be verified by the entire community using the blockchain instead of a single centralized authority.
Harassment is unwelcome conduct that is based on race, color, religion, sex (including pregnancy), national origin, age (40 or older), disability or genetic information. Harassment becomes unlawful where 1) enduring the offensive conduct becomes a condition of continued employment, or 2) the conduct is severe or pervasive enough to create a work environment that a reasonable person would consider intimidating, hostile, or abusive. Anti-discrimination laws also prohibit harassment against individuals in retaliation for filing a discrimination charge, testifying, or participating in any way in an investigation, proceeding, or lawsuit under these laws; or opposing employment practices that they reasonably believe discriminate against individuals, in violation of these laws.
Petty slights, annoyances, and isolated incidents (unless extremely serious) will not rise to the level of illegality. To be unlawful, the conduct must create a work environment that would be intimidating, hostile, or offensive to reasonable people.
Use the list below to identify and understand the many terms related to governance, risk and compliance, including regulatory definitions and words and phrases about corporate governance and risk mitigation.
Audit
An examination performed by an independent third party that verifies the guidelines outlined by a regulatory bodyAttestation
The acknowledgement of understanding and abidance to policies, procedures or trainingBench-marking
Analyzing your data year over year by comparing one's own business processes and performance against the industry standard to reveal compliance program effectiveness and determine needed improvements.Blockchain
A blockchain is a digitized, decentralized, public ledger of all cryptocurrency transactions. Growing as completed blocks, the most recent transactions are recorded and added to the chain in chronological order allowing market participants to track digital currency transactions without central record-keeping. Each node (a computer connected to the network) gets a copy of the blockchain that is downloaded automatically.Originally developed as the accounting method for the virtual currency Bitcoin, blockchains use what is now known as distributed ledger technology (DLT). This technology creates indelible records that cannot be changed, as the authenticity can be verified by the entire community using the blockchain instead of a single centralized authority.
Bribe
An incentive given or offered to a person or organization to encourage that person/organization to take an action that benefits the giverChief Privacy Officer
A chief privacy officer (CPO) is a corporate executive charged with developing and implementing policies designed to protect employee and customer data from unauthorized accessChief Risk Officer
The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings. The position is sometimes called chief risk management officer or simply risk management officerCode of Conduct or Code of Ethics
An organization’s Code of Conduct is its policy of all policies. It’s a central guide and reference for users in support of day-to-day decision making. It is meant to clarify an organization's mission, values and principles, linking them with standards of professional conduct. As a reference, it can be used to locate relevant documents, services and other resources related to ethics within the organization.Compliance
Compliance is either a state of being in accordance with established guidelines or specifications, or the process of becoming soCompliance Audit
A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines. Independent accounting, security or IT consultants evaluate the strength and thoroughness of compliance preparedness. Auditors review security polices, user access controls and risk management procedures over the course of a compliance auditCompliance Burden
Compliance burden, also called regulatory burden, is the administrative cost of a regulation in terms of dollars, time and complexityCompliance Framework
A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with established regulations, specifications or legislationCompliance Risk
Compliance risk is exposure to legal penalties, financial forfeiture and material loss an organization faces when it fails to act in accordance with industry laws and regulations, internal policies or prescribed best practicesCorporate Governance
Corporate governance is a term that refers broadly to the rules, processes or laws by which businesses are operated, regulated and controlled. The term can refer to internal factors defined by the officers, stockholders or constitution of a corporation, as well as to external forces such as consumer groups, clients and government regulationsCyber Security
Cyber security is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.Dodd-Frank Act
The Dodd-Frank Act (fully known as the Dodd-Frank Wall Street Reform and Consumer Protection Act) is a United States federal law that places regulation of the financial industry in the hands of the government. The legislation, enacted in July 2010, aims to prevent another significant financial crisis by creating new financial regulatory processes that enforce transparency and accountability while implementing rules for consumer protectionEthical Dilemmas
Situations that require ethical judgment calls. Often, there is more than one right answer and no win-win solution in which we get everything we wantEthics
The decisions, choices and actions (behaviors) we make that reflect and enact our valuesFCPA
The Foreign Corrupt Practices Act is a federal law enacted in 1977 to prohibit companies from paying bribes to foreign government officials and political figures for the purpose of obtaining business.Fraud
To intentionally lie or cheat to get something to which one is not entitledGeneral Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a legal framework that sets new guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR lays out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation applies to all organizations that deal with EU citizen data, making it a critical regulation for corporate compliance officers at banks, insurers, and other financial organizations. On May 25, 2018 GDPR will come into full-effect across the EU.Governance
The act, process or power of exercising authority or control in an organizational settingGovernance, Risk and Compliance (GRC)
Governance, Risk and Compliance (GRC) is a combined area of focus within an organization that developed because of interdependencies between the three components. GRC software products, available from a number of vendors, typically facilitate compliance with legal requirements, such as those specified in the Sarbanes-Oxley Act (SOX) or occupational health and safety regulations.Gramm-Leach-Bliley Act (GLB)
Federal legislation enacted in the United States to control the ways that financial institutions deal with the private information of individualsHotline
A common reporting system giving anonymous telephone access to employees seeking to report possible instances of wrongdoing.Integrity
Making choices that are consistent with each other and with the stated and operative values one espouses. Striving for ethical congruence in one's decisionsInternal Control
An internal control is a business practice, policy or procedure that is established within an organization to create value or minimize riskNIST (National Institute of Standards and Technology)
A unit of the US Commerce Department that promotes and maintains measurement standards.Ransomware
Ransomware is a type of malware (malicious software) distinct from other malware; its defining characteristic is that it attempts to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware, until a ransom is paid.Regulatory Compliance
Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business. Violations of compliance regulations often result in legal punishment, including federal finesRisk Assessment
Risk assessment is the process of identifying variables that have the potential to negatively impact an organization’s ability to conduct businessRisk Assessment Framework (RAF)
A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructureRisk Exposure
Risk exposure is a quantified loss potential of business. Risk exposure is usually calculated by multiplying the probability of an incident occurring by its potential lossesSarbanes-Oxley Act (SOX)
The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation passed by the U.S. Congress to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise, as well as improve the accuracy of corporate disclosures. The U.S. Securities and Exchange Commission (SEC) administers the act, which sets deadlines for compliance and publishes rules on requirementsTransparency
Transparency, in a business or governance context, is honesty and openness. Transparency and accountability are generally considered the two main pillars of good corporate governanceValues
The core beliefs we hold regarding what is right and fair in terms of our actions and our interactions with others. Another way to characterize values is that they are what an individual believes to be of worth and importance to their lifeValues-centered Code of Ethics
Offers a set of ethical ideals, such as integrity, trust-worthiness and responsibility, which companies want employees to adopt in their work practicesWhistleblower
A whistleblower is a person who voluntarily provides information to the general public, or someone in a position of authority, about dishonest or illegal business activities occurring at an organization. This organization could include a government department, a public company or a private organizationWorkplace Harassment
As defined by the Equal Employment Opportunity Commission (EEOC):Harassment is unwelcome conduct that is based on race, color, religion, sex (including pregnancy), national origin, age (40 or older), disability or genetic information. Harassment becomes unlawful where 1) enduring the offensive conduct becomes a condition of continued employment, or 2) the conduct is severe or pervasive enough to create a work environment that a reasonable person would consider intimidating, hostile, or abusive. Anti-discrimination laws also prohibit harassment against individuals in retaliation for filing a discrimination charge, testifying, or participating in any way in an investigation, proceeding, or lawsuit under these laws; or opposing employment practices that they reasonably believe discriminate against individuals, in violation of these laws.
Petty slights, annoyances, and isolated incidents (unless extremely serious) will not rise to the level of illegality. To be unlawful, the conduct must create a work environment that would be intimidating, hostile, or offensive to reasonable people.
0 Comments