Skip to main content
Jul 06, 2023

The week in GRC: Cyber-security experts sought as board members and AI law goes into effect in NYC

This week’s governance, compliance and risk-management stories from around the web

The Wall Street Journal (paywall) reported that companies are trying to demonstrate their commitment to minority employees’ success without being seen as limiting opportunities for others, with human resources (HR) leaders caught in the middle. The US Supreme Court’s removal of affirmative action from college admissions is set to change the pipeline of diverse graduates companies can hire and likely opens challenges to hiring and promotion practices, legal experts say. For managers, the challenge is to fairly assess a job candidate’s skills or an employee’s readiness for promotion at a time when workplace diversity measures already face questions from both supporters and skeptics.

Diversity and HR executives say they are hearing from employees discouraged about what they view as lost momentum in advancing people of color and underrepresented minorities after George Floyd’s murder led to greater national attention to race and inequity. Leaders say they are also facing quiet, but no less insistent, pushback from some workers with combative questions about diversity initiatives in surveys and company town halls.


– According to the Financial Times (paywall), the former finance chief of Carillion has been barred from holding corporate directorships for more than a decade. Zafar Khan, who served as Carillion’s finance director before its collapse in early 2018, has been disqualified from working as a director of a UK company for 11 years by the government’s Insolvency Service. Khan had provided ‘false and misleading financial information’ in 2016, including reporting a pre-tax profit of £146.7 mn ($186.3 mn), the government agency said. Carillion should have reported an adjusted year-end loss of at least £61.7 mn.

Khan said: ‘I took on the post of finance director of Carillion in January 2017 and I stepped down only eight months later. Six years after I stepped down, and five years after the insolvency of Carillion, the regulatory proceedings against me and other directors continue and I have decided, in the interests of my family and finally to draw a line under this process, that I will provide an undertaking not to act [as] a director. I want to emphasize that, when I took on the role, I was aware that the group faced significant commercial challenges and I devoted all my energies to overcoming these challenges. I believe I acted at all times in the best interests of the company. I regret that I was not able to make a big enough difference in the short time I was in post.’

Proceedings against a number of other former Carillion directors are continuing.


– According to CNBC, the need for strong cyber-security programs at companies is being reflected in moves to add security executives to boards. ‘The trend is for [chief information security officers (CISOs)] to be elevated to the board of directors,’ said Chris Steffen, research director at Enterprise Management Associates. ‘It is no longer acceptable for the security role to be subordinate to other technology priorities the company might have.’ As risk and regulatory compliance become more visible in an organization, many of the initiatives and controls will be security related, Steffen added. ‘Addressing those controls usually falls to the CISO,’ he said.

With security incidents ‘a part of nearly every evening news cycle, the board of directors needs to demonstrate that [it is] taking those considerations seriously and addressing them,’ Steffen said. ‘For many organizations, one of the easiest and most effective ways of doing this is to elevate the CISO to a position of responsibility and authority on the board.’

Businesses are becoming more aware of cyber-risk as a component of business risk ‘and need CISOs to be part of board-level governance conversations,’ said Nick Kakolowski, research director at IANS Research.



– A new law that went into effect on Wednesday in New York City is the first in the US to regulate the use of automation and artificial intelligence (AI) in hiring decisions, the WSJ reported. The law requires employers that use certain kinds of software to assist with hiring and promotion decisions – such as chatbot interviewing tools and resumé scanners that look for keyword matches – to audit those tools each year for potential race and gender bias, and then publish the results on their websites.

Although the law is designed to root out indications of potential discrimination in employment decisions, ‘it’s really not an anti-bias law. It’s a public disclosure law,’ said Erin Connell, partner with Orrick Herrington and Sutcliffe. Legislators and industry groups are watching New York City as a test case for future technology regulation, she added.

Under the new law, companies will audit any software that plays an important role in their hiring and promotion decisions and will publish so-called ‘adverse impact ratios’, which show whether a procedure has a disparate impact on a particular race or gender.


– According to CNN, a small but growing number of tech companies have cited AI as a reason for laying off workers and rethinking new hires in recent months. In doing so, Silicon Valley may not only be leading the charge in developing AI but also offering an early sign of how companies may adapt to those tools. Rather than render entire skillsets obsolete overnight, as some might fear, the more immediate impact of a new batch of AI tools appears to be forcing companies to shift resources to better take advantage of the technology – and placing a premium on workers with AI expertise.


– The WSJ reported that Nick Ephgrave, a former assistant commissioner for London’s Metropolitan Police Service, will begin an initial five-year term as director of the UK’s Serious Fraud Office (SFO) in late September. Ephgrave, the SFO’s first non-lawyer director, will succeed Lisa Osofsky. At the time of her appointment in 2018, Osofsky, a dual US-UK citizen, had served as a US federal prosecutor and deputy general counsel for the Federal Bureau of Investigation, and held jobs at Goldman Sachs and two risk consultancies.

Unlike the US Department of Justice, the SFO includes both investigators and prosecutors under one roof, an organizational structure designed to help the agency handle complex crimes that need legal input throughout the course of an investigation. In addition to his time at the Metropolitan Police Service, Ephgrave served in senior roles on the Surrey police force and the UK’s National Police Chiefs’ Council.

 

Ben Maiden

Ben Maiden is the editor-at-large of Governance Intelligence, an IR Media publication, having joined the company in December 2016. He is based in New York. Ben was previously managing editor of Compliance Reporter, covering regulatory and compliance...