Politics

FTC intensifies scrutiny on board governance priorities including AI, cybersecurity, and competition

Wednesday, 26 November 2025 9:47AM UTC

The Federal Trade Commission has sharpened its focus on corporate governance, demanding heightened oversight from boards on areas such as data security, competition, emerging technologies, and AI transparency, highlighting the need for proactive leadership and strategic foresight.

Boards of directors are now in sharper focus than ever, facing heightened scrutiny from the Federal Trade Commission (FTC) over governance practices, especially in areas tied to consumer protection, data security, competition, and emerging technologies. In a recent "Clearly Conspicuous" podcast episode, consumer protection attorney Anthony DiResta outlined why the FTC has intensified oversight expectations and what boards must do to both meet regulatory demands and lead with integrity.

The FTC’s governance priorities cluster around four key themes. First, data security, privacy, and cybersecurity oversight remain paramount. The FTC underscores that effective data protection begins at the board level, with directors expected to lead accountability efforts. Boards must understand the sensitive nature of the data their organisations hold, ensure robust written policies are not only implemented but regularly tested, and demand comprehensive risk reporting. This focus is backed by FTC rules such as the Safeguards Rule, which mandates that a qualified individual reports at least annually to the board on information security program effectiveness. Recent policy guidance and regulatory statements emphasise that legal compliance alone is insufficient; boards are urged to adopt tailored, risk-based cybersecurity programmes that evolve with emerging threats, learning from past incidents to fortify defences.

Second, competition concerns, particularly antitrust risks, are receiving renewed attention, especially regarding board composition under Section 8 of the Clayton Act. The FTC and Department of Justice (DOJ) have revived enforcement against interlocking directorates where directors serve on multiple boards of competing companies. Boards are advised to evaluate these appointments carefully, require transparency about overlapping commitments, and monitor investor activism that might intensify competitive conflicts.

Third, boards must move beyond mere policy approval in compliance and risk governance, actively overseeing whether these systems function effectively in practice. Directors should periodically identify principal regulatory and operational risks, demand measurable risk reporting, and ensure clear escalation processes are in place. The FTC’s heightened expectations reflect the critical role of well-resourced, regularly audited compliance programmes that can detect, respond to, and prevent governance lapses.

Finally, the agency is turning a keen eye towards AI, algorithms, and transparency. As automated decision systems proliferate, boards are expected to oversee fairness, mitigate bias, and ensure transparency. This requires not just awareness of how algorithms influence consumer outcomes but also incorporating AI expertise, either internally or through trusted external advisors.

DiResta offers practical steps for boards seeking to meet these challenges. Building regulatory literacy about key consumer protection and competition laws is essential, alongside establishing effective committee structures dedicated to compliance, risk, and governance oversight. Boards must ensure that management teams have adequate resources to implement and test programmes and that oversight actions are carefully documented in meeting minutes. Embedding a culture of ethics and integrity into organisational strategy is equally critical, not only to comply with regulatory demands but to build resilience and stakeholder trust over the long term.

Specific governance risks boards should monitor include competitive overlaps via director interlocks, gaps in data privacy and cybersecurity oversight, superficial compliance testing, unprepared incident response plans, insufficient expertise on emerging risks, weak disclosure systems, vendor oversight deficiencies, cultural compliance gaps, strategic decisions lacking regulatory foresight, and poor documentation of oversight activities.

The FTC’s stance, reinforced by recent agency publications and external legal analyses, leaves no doubt that effective governance is not a passive duty but an active obligation demanding vigilance, accountability, and strategic foresight. Corporate boards that embrace these principles will not only better protect their organisations but will exemplify leadership aligned with both legal mandates and ethical stewardship.

📌 Reference Map:

^[1] (Mondaq) - Entire article
^[2] (FTC Blog) - Paragraphs 2, 4
^[3] (Hinshaw & Culbertson LLP) - Paragraphs 2, 4
^[4] (American Banker) - Paragraph 2
^[5] (ArentFox Schiff) - Paragraph 2
^[6] (Cleary Cybersecurity and Privacy Watch) - Paragraph 2
^[7] (Armstrong Teasdale) - Paragraph 5Boards of directors are facing increased scrutiny from the Federal Trade Commission (FTC) regarding governance practices, particularly in areas related to consumer protection, data security, competition, and emerging technologies. In a recent episode of the podcast "Clearly Conspicuous," consumer protection attorney Anthony DiResta highlighted why the FTC is intensifying oversight expectations and outlined what boards must do to meet these rising standards effectively.

The FTC’s governance focus revolves around four key themes. First, data security, privacy, and cybersecurity oversight remain a top priority. The FTC emphasises that effective data protection begins with board leadership and accountability. Directors are expected to deeply understand the sensitive data their organisations hold, ensure that comprehensive policies are both implemented and rigorously tested, and demand regular, board-level cybersecurity risk reporting. The agency's Safeguards Rule requires a qualified individual to provide at least annual reports to the board on the effectiveness of information security programmes. Numerous regulatory guidelines reinforce that legal compliance alone is inadequate; instead, tailored, proactive cybersecurity programmes must evolve in response to emerging threats, drawing lessons from prior incidents to strengthen defences.

Second, the FTC and Department of Justice have revived enforcement against interlocking directorates under antitrust laws. Boards must carefully evaluate director appointments to prevent competitive risks posed by overlapping board memberships among competitors. Full disclosure of overlapping commitments is necessary, alongside vigilant monitoring of investor activism that may present competition issues.

Third, boards’ responsibilities for compliance systems and risk governance have expanded significantly. Regulators expect boards to actively oversee, not just approve, whether compliance systems are well-designed, sufficiently staffed, and regularly audited. Directors should identify principal regulatory risks, insist on measurable risk reporting, enforce clear escalation procedures, and ensure thorough documentation of oversight activities.

Fourth, with the growing influence of artificial intelligence and algorithms, the FTC is focusing on fairness, transparency, and mitigation of bias in automated decision-making. Boards need to understand how algorithms impact consumers and incorporate AI expertise internally or through external advisors to maintain appropriate oversight.

For practical governance, DiResta advises boards to build regulatory literacy concerning key statutes, establish effective committees for risk and compliance oversight, allocate sufficient resources, demand evidence of programme testing, and carefully document all oversight actions. Furthermore, embedding ethics into corporate culture is essential, not just for compliance but as a strategic foundation for long-term organisational resilience and stakeholder trust.

Boards should pay particular attention to specific risks such as director interlocks with competitive overlap, inadequate cybersecurity oversight, superficial compliance testing, weak incident response planning, insufficient expertise on emerging risks, inadequate vendor oversight, cultural compliance deficits, strategic decisions made without regulatory insight, and poor documentation of board activities.

This comprehensive focus from the FTC, supported by various legal and regulatory analyses, signals a clear message: governance is an active, ongoing responsibility requiring informed, engaged, and ethical leadership. Boards that embrace these imperatives will enhance their organisation’s integrity, compliance posture, and capacity to manage evolving risks effectively.

📌 Reference Map:

^[1] (Mondaq) - Entire article
^[2] (FTC Blog) - Data security governance paragraphs
^[3] (Hinshaw & Culbertson LLP) - Data security and board engagement
^[4] (American Banker) - Cyber risk oversight and FTC Safeguards Rule
^[5] (ArentFox Schiff) - Board role in data security and incident response
^[6] (Cleary Cybersecurity and Privacy Watch) - Board responsibility in cybersecurity
^[7] (Armstrong Teasdale) - Executive scrutiny and regulatory developments on cybersecurity oversight

Source: Noah Wire Services

More on this

https://www.mondaq.com/unitedstates/dodd-frank-consumer-protection-act/1709400/podcast-the-ftcs-interest-in-governance-matters-board-oversight-compliance-and-awareness - Please view link - unable to able to access data
https://www.ftc.gov/business-guidance/blog/2021/04/corporate-boards-dont-underestimate-your-role-data-security-oversight - In April 2021, the Federal Trade Commission (FTC) highlighted the critical role of corporate boards in overseeing data security. The FTC emphasized that data security begins at the board level, urging directors to prioritize data protection, understand cybersecurity risks, and ensure robust incident response plans. The guidance also cautioned against equating legal compliance with effective security, advocating for tailored security programs that address unique company challenges. Additionally, the FTC recommended that boards learn from past incidents to enhance future security measures.
https://www.hinshawlaw.com/en/insights/privacy-cyber-and-ai-decoded-alert/ftc-lessons-learned-corporate-board-oversight - In May 2021, Hinshaw & Culbertson LLP discussed the FTC's emphasis on corporate board involvement in data security. The article outlined the FTC's recommendations for directors, including making data security a priority, understanding company-specific cybersecurity risks, avoiding a 'check the box' compliance approach, preparing for potential security incidents, and learning from past mistakes. The piece underscored the importance of boards actively engaging in cybersecurity governance to protect consumer and employee data effectively.
https://www.americanbanker.com/news/no-longer-optional-cyber-risk-oversight-for-boards - An article from American Banker highlighted the increasing necessity for corporate boards to oversee cyber risk. It noted that the FTC has consistently stated that data security begins with the board, not the IT department. The piece emphasized that boards should set high expectations and build teams, potentially through subcommittees, to address cyber risks. It also mentioned recent amendments to the FTC's Safeguards Rule, requiring qualified individuals to report specific, written, annual information to the board regarding cybersecurity.
https://www.afslaw.com/perspectives/alerts/privacy-report-corporate-boards-dont-underestimate-your-role-data-security - ArentFox Schiff's Privacy Report emphasized the FTC's focus on corporate board involvement in data security. The report outlined five key recommendations for boards: making data security a priority, understanding cybersecurity risks, not confusing legal compliance with security, implementing robust incident response plans, and learning from past mistakes. It highlighted the FTC's view that boards play a crucial role in ensuring the protection of consumer and employee data.
https://www.clearycyberwatch.com/2021/04/ftc-to-corporate-boards-mind-your-data-security/ - Cleary Cybersecurity and Privacy Watch discussed the FTC's reminder to corporate boards about their responsibility in overseeing data security. The article emphasized that the FTC aims to elevate data security considerations to the C-Suite and Board level. It provided guidance for directors, including making data security a priority, understanding cybersecurity risks, not confusing legal compliance with effective cybersecurity, and preparing for potential security incidents.
https://www.armstrongteasdale.com/thought-leadership/recent-federal-state-actions-signal-increased-scrutiny-for-executives-on-cybersecurity-compliance/ - Armstrong Teasdale highlighted recent federal and state actions indicating increased scrutiny for executives on cybersecurity compliance. The article noted that the FTC is focusing on the requirement for board members to be personally involved in a company's cybersecurity posture. It also mentioned proposed amendments to the New York Department of Financial Services' Cybersecurity Regulations, emphasizing board oversight of cybersecurity programs.

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 10

Notes: The narrative is based on a recent podcast episode from November 19, 2025, indicating high freshness. The podcast is available on multiple platforms, including SoundCloud and Apple Podcasts. ([soundcloud.com](https://soundcloud.com/hklaw/the-ftcs-interest-in-governance-matters-board-oversight-compliance-and-awareness?utm_source=openai))

Quotes check

Score: 10

Notes: The direct quotes from the podcast are unique to this episode, with no earlier matches found online, suggesting original content.

Source reliability

Score: 10

Notes: The narrative originates from Holland & Knight, a reputable law firm, and features consumer protection attorney Anthony DiResta, indicating high source reliability. ([hklaw.com](https://www.hklaw.com/en/insights/media-entities/2025/11/podcast-the-ftcs-interest-in-governance-matters?utm_source=openai))

Plausability check

Score: 10

Notes: The claims align with the Federal Trade Commission's known focus areas, including data security, antitrust, compliance, and AI oversight, and are consistent with recent regulatory trends.

Overall assessment

Verdict (FAIL, OPEN, PASS): PASS

Confidence (LOW, MEDIUM, HIGH): HIGH

Summary: The narrative is fresh, original, and originates from a reliable source. The claims are plausible and align with current regulatory trends, indicating a high level of confidence in its accuracy.

FTC
board governance
regulatory compliance