Insegnamento a.a. 2026-2027

21091 - CORPORATE COMPLIANCE 1 - MODULE 1: REGULATORY COMPLIANCE

Department of Law


Course taught in English
Go to class group/s: 49
GLOBE (9 credits - I sem. - OB  |  GIUR-02/A)
Course Director:
MARIA LILLA' MONTAGNANI

Classes: 49 (I sem.)
Instructors:
Class 49: MARIA LILLA' MONTAGNANI


Mission & Content Summary

MISSION

In contemporary organizations, compliance is increasingly shaped by the interaction between legal obligations, internal governance systems, technological infrastructures and digital risk. Corporate compliance is no longer limited to the prevention of traditional corporate misconduct: it also concerns the way companies collect and use data, deploy digital technologies, manage cybersecurity risks, rely on automated systems and interact with regulators, users, customers and business partners in digital environments. The mission of this course is to introduce students to the concept, functions and tools of corporate compliance, and to examine how these tools operate in the digital economy. The course provides students with the legal and organizational framework needed to assess digital compliance risks and to understand how companies design policies, procedures, controls and accountability mechanisms for technology-driven activities.

CONTENT SUMMARY

  • The concept, functions and evolution of corporate compliance.
  • Compliance as a component of corporate governance, internal control, risk management and organizational accountability.
  • The role of boards, senior management, legal departments, compliance officers, internal audit and external advisors in designing and monitoring compliance systems.
  • The structure of corporate compliance programs: risk assessment, policies, procedures, training, reporting channels, monitoring, investigations and remediation.
  • The emergence of digital compliance as a field of corporate compliance.
  • Data governance, privacy and cybersecurity as core areas of digital compliance.
  • Compliance risks connected to artificial intelligence, automated decision-making, digital platforms, online services and digital supply chains.
  • The relationship between digital compliance, enforcement, corporate liability, reputational risk and organizational culture.
  • Case studies concerning compliance failures, regulatory investigations and the design of internal digital governance systems.

Intended Learning Outcomes (ILO)

KNOWLEDGE AND UNDERSTANDING

At the end of the course student will be able to...
  • Describe the main functions of corporate compliance within modern business organizations.
  • Identify the legal, regulatory and organizational drivers of corporate compliance systems.
  • Explain the relationship between compliance, corporate governance, internal controls and enterprise risk management.
  • Recognize the main actors involved in compliance processes, including corporate bodies, managers, legal departments, compliance officers, internal audit functions and regulators.
  • Illustrate the main features of digital compliance in relation to data governance, cybersecurity, artificial intelligence, digital platforms and technology-driven business models.
  • Explain how digital technologies affect corporate accountability, enforcement risk and organizational decision-making.

APPLYING KNOWLEDGE AND UNDERSTANDING

At the end of the course student will be able to...
  • Analyze compliance risks arising from corporate conduct in digital and technology-driven environments.
  • Assess the adequacy of corporate compliance programs in relation to selected digital risks.
  • Apply compliance tools to practical scenarios involving data, cybersecurity, automated systems, digital services or technology supply chains.
  • Evaluate the legal and organizational implications of digital compliance failures, enforcement actions and internal investigations.
  • Develop reasoned recommendations for improving policies, procedures, controls and accountability mechanisms in digital compliance contexts.
  • Communicate compliance assessments clearly, using appropriate legal, regulatory and professional terminology.

Teaching methods

  • Lectures
  • Practical Exercises
  • Collaborative Works / Assignments

DETAILS

The course combines lectures, guest speaker’s talks, practical exercises and collaborative assignments. Lectures introduce the conceptual, legal and organizational foundations of corporate compliance, with specific attention to the emergence of digital compliance as a field of corporate governance, risk management and regulatory accountability.

Guest speaker’s talks, held in class or remotely, provide students with professional perspectives on compliance practice in digital environments. Speakers may include legal practitioners, compliance officers, privacy and cybersecurity professionals, in-house counsel, consultants, regulators or other experts involved in the design, implementation or assessment of compliance systems.

Practical exercises require students to apply the concepts discussed in class to concrete digital compliance scenarios, such as data governance, cybersecurity incidents, artificial intelligence systems, digital platforms, internal reporting mechanisms, regulatory investigations or compliance failures. These exercises are designed to develop students’ ability to identify risks, assess controls and formulate legally and organizationally sound responses.

Collaborative assignments require students to work in groups on selected case studies or hypothetical scenarios concerning corporate and digital compliance. Through these activities, students develop their ability to analyze compliance problems, compare possible solutions, prepare reasoned recommendations and communicate them using appropriate legal and professional terminology.


Assessment methods

  Continuous assessment Partial exams General exam
  • Written individual exam (traditional/online)
    x
  • Collaborative Works / Assignment (report, exercise, presentation, project work etc.)
x    

ATTENDING STUDENTS

Attending students are assessed through a written exam and a collaborative work.

The written exam consists of open-ended questions and is aimed at assessing students’ acquisition of the main concepts, legal frameworks and organizational tools of corporate compliance and digital compliance. It also verifies their ability to explain the relationship between compliance, corporate governance, risk management, internal controls and regulatory accountability.

The collaborative work requires students to analyze a case study or hypothetical scenario concerning corporate and digital compliance. The assessment of the outcome verifies students’ ability to identify relevant compliance risks, assess the adequacy of organizational controls, and formulate reasoned legal and organizational recommendations. The oral presentation verifies students’ ability to communicate the results of their analysis clearly, concisely and with appropriate professional terminology.

The final grade for attending students is determined as follows: written exam 60%; assessment of the collaborative work outcome 30%; oral presentation of the collaborative work 10%.


NOT ATTENDING STUDENTS

Non-attending students are assessed through a written exam consisting of open-ended questions. The exam is aimed at assessing students’ knowledge and understanding of the course materials and their ability to apply the concepts, legal frameworks and organizational tools of corporate compliance and digital compliance to practical cases or problem questions.

The final grade for non-attending students is based entirely on the written exam.


Teaching materials


ATTENDING AND NOT ATTENDING STUDENTS

Teaching materials will include selected academic articles, book chapters, regulatory materials, case law, enforcement decisions, corporate policies, soft-law instruments, compliance guidelines and other materials made available through Bboard before or during the course. Materials will cover both general corporate compliance frameworks and selected areas of digital compliance, including data governance, cybersecurity, artificial intelligence, digital platforms and technology-related corporate risk. A detailed list of compulsory and recommended readings will be communicated before the beginning of the course.

Last change 03/07/2026 18:23