This article was originally published in Corporate Compliance Insights, February 2024
Companies may find existing systems need augmenting to meet new rules
Recent amendments to the New York Department of Financial Services 23 NYCRR Part 500, which more than a half-decade ago transformed cybersecurity compliance for thousands of insurance, financial services and healthcare organizations, threaten to shake things up again by adding new requirements. Joseph Shepley of Alvarez & Marsal offers guidance to CISOs at covered organizations.
The New York Department of Financial Services’ 23 NYCRR Part 500 has been a part of the compliance landscape for insurance, financial services and healthcare organizations since 2017. Part 500 has transformed the cybersecurity posture of these covered entities, benefiting consumers, employees and other data subjects whose personal data organizations process.
While all the recent amendments to Part 500 have been the subject of considerable discussion, the changes to Section 500.13 will likely have the biggest weight, governing how covered entities manage (and dispose) of their non-public information (NPI) so they can remain Part 500 compliant.
Click the button below to read the full article and learn more about Part 500 compliance.
Read the Full Article Here
Experts on the Stand: Brazilian Arbitration Between Judicial Tradition and International Practice
April 30, 2026
In this article, Managing Directors Leonardo Florencio and Rodrigo Mattos analyze why expert evidence in Brazilian arbitration often departs from international best practices, how excessive reliance on tribunal-appointed experts increases cost and delay, and what the ICC Brazil Task Force recommends to improve efficiency and credibility.
Content Compliance and Digital Content Diligence (NSFW and Platform Risks)
April 29, 2026
In this article, Managing Director Rahul Gosain and Director Vikesh Bhartee examine why content compliance and digital content diligence have become transaction-critical in digital media investments, how gaps around NSFW content, licensing, and moderation create regulatory and valuation risk, and what investors should assess before those risks surface post-close.
Complex Mass Tort Settlement Administration: Core Principles
April 28, 2026
The first installment in the Complex Mass Tort Settlements Series, this introductory article outlines the core principles behind effective mass tort settlement administration. It explains why these foundational practices remain essential as programs grow more complex and technology‑driven.
Greece: a regulatory compliance and corporate governance checklist for investors and boards in 2026
April 23, 2026
In recent years, Greece has introduced a series of new laws and regulatory amendments that have, collectively, raised the bar for governance maturity in the country. This has been driven both by domestic priorities and by local implementation of stricter EU level directives in areas such as anti-bribery and anti-corruption, anti-money laundering (AML) and sanctions.
