21091 - CORPORATE COMPLIANCE 1 - MODULE 1: REGULATORY COMPLIANCE
Department of Law
Course taught in English
MARIA LILLA' MONTAGNANI
Mission & Content Summary
MISSION
CONTENT SUMMARY
- The concept, functions and evolution of corporate compliance.
- Compliance as a component of corporate governance, internal control, risk management and organizational accountability.
- The role of boards, senior management, legal departments, compliance officers, internal audit and external advisors in designing and monitoring compliance systems.
- The structure of corporate compliance programs: risk assessment, policies, procedures, training, reporting channels, monitoring, investigations and remediation.
- The emergence of digital compliance as a field of corporate compliance.
- Data governance, privacy and cybersecurity as core areas of digital compliance.
- Compliance risks connected to artificial intelligence, automated decision-making, digital platforms, online services and digital supply chains.
- The relationship between digital compliance, enforcement, corporate liability, reputational risk and organizational culture.
- Case studies concerning compliance failures, regulatory investigations and the design of internal digital governance systems.
Intended Learning Outcomes (ILO)
KNOWLEDGE AND UNDERSTANDING
- Describe the main functions of corporate compliance within modern business organizations.
- Identify the legal, regulatory and organizational drivers of corporate compliance systems.
- Explain the relationship between compliance, corporate governance, internal controls and enterprise risk management.
- Recognize the main actors involved in compliance processes, including corporate bodies, managers, legal departments, compliance officers, internal audit functions and regulators.
- Illustrate the main features of digital compliance in relation to data governance, cybersecurity, artificial intelligence, digital platforms and technology-driven business models.
- Explain how digital technologies affect corporate accountability, enforcement risk and organizational decision-making.
APPLYING KNOWLEDGE AND UNDERSTANDING
- Analyze compliance risks arising from corporate conduct in digital and technology-driven environments.
- Assess the adequacy of corporate compliance programs in relation to selected digital risks.
- Apply compliance tools to practical scenarios involving data, cybersecurity, automated systems, digital services or technology supply chains.
- Evaluate the legal and organizational implications of digital compliance failures, enforcement actions and internal investigations.
- Develop reasoned recommendations for improving policies, procedures, controls and accountability mechanisms in digital compliance contexts.
- Communicate compliance assessments clearly, using appropriate legal, regulatory and professional terminology.
Teaching methods
- Lectures
- Practical Exercises
- Collaborative Works / Assignments
DETAILS
The course combines lectures, guest speaker’s talks, practical exercises and collaborative assignments. Lectures introduce the conceptual, legal and organizational foundations of corporate compliance, with specific attention to the emergence of digital compliance as a field of corporate governance, risk management and regulatory accountability.
Guest speaker’s talks, held in class or remotely, provide students with professional perspectives on compliance practice in digital environments. Speakers may include legal practitioners, compliance officers, privacy and cybersecurity professionals, in-house counsel, consultants, regulators or other experts involved in the design, implementation or assessment of compliance systems.
Practical exercises require students to apply the concepts discussed in class to concrete digital compliance scenarios, such as data governance, cybersecurity incidents, artificial intelligence systems, digital platforms, internal reporting mechanisms, regulatory investigations or compliance failures. These exercises are designed to develop students’ ability to identify risks, assess controls and formulate legally and organizationally sound responses.
Collaborative assignments require students to work in groups on selected case studies or hypothetical scenarios concerning corporate and digital compliance. Through these activities, students develop their ability to analyze compliance problems, compare possible solutions, prepare reasoned recommendations and communicate them using appropriate legal and professional terminology.
Assessment methods
| Continuous assessment | Partial exams | General exam | |
|---|---|---|---|
|
x | ||
|
x |
ATTENDING STUDENTS
Attending students are assessed through a written exam and a collaborative work.
The written exam consists of open-ended questions and is aimed at assessing students’ acquisition of the main concepts, legal frameworks and organizational tools of corporate compliance and digital compliance. It also verifies their ability to explain the relationship between compliance, corporate governance, risk management, internal controls and regulatory accountability.
The collaborative work requires students to analyze a case study or hypothetical scenario concerning corporate and digital compliance. The assessment of the outcome verifies students’ ability to identify relevant compliance risks, assess the adequacy of organizational controls, and formulate reasoned legal and organizational recommendations. The oral presentation verifies students’ ability to communicate the results of their analysis clearly, concisely and with appropriate professional terminology.
The final grade for attending students is determined as follows: written exam 60%; assessment of the collaborative work outcome 30%; oral presentation of the collaborative work 10%.
NOT ATTENDING STUDENTS
Non-attending students are assessed through a written exam consisting of open-ended questions. The exam is aimed at assessing students’ knowledge and understanding of the course materials and their ability to apply the concepts, legal frameworks and organizational tools of corporate compliance and digital compliance to practical cases or problem questions.
The final grade for non-attending students is based entirely on the written exam.
Teaching materials
ATTENDING AND NOT ATTENDING STUDENTS
Teaching materials will include selected academic articles, book chapters, regulatory materials, case law, enforcement decisions, corporate policies, soft-law instruments, compliance guidelines and other materials made available through Bboard before or during the course. Materials will cover both general corporate compliance frameworks and selected areas of digital compliance, including data governance, cybersecurity, artificial intelligence, digital platforms and technology-related corporate risk. A detailed list of compulsory and recommended readings will be communicated before the beginning of the course.