GWFS Equities will pay $1.5 million as part of a settlement with the SEC for lapses in the filing of suspicious activity reports related to the threat of cyber-breaches.
Former FBI Director James Comey kicked off Compliance Week’s 16th annual National Conference on Tuesday by speaking candidly about a variety of risk and compliance matters, including the importance of a strong ethical culture in the coming post-pandemic “boom times.”
With various levels of defined risk and the potential for steep fines for offenders, the European Commission’s recent proposal to ensure trust in the use of artificial intelligence should receive urgent attention from industries beyond Big Tech.
The hybrid work environment many organizations are expected to utilize as part of the gradual return to the workplace presents numerous cyber-security risks that require proactive attention.
The threat of fines has done more to focus boardroom attention on data privacy and effective cyber-security than any other measure, U.K. Information Commissioner Elizabeth Denham believes.
It isn’t surprising to see Facebook think it doesn’t have an ethical obligation to alert users to its latest data leak, writes Kyle Brasseur, but it is disappointing knowing the company now has a chief compliance officer in place.
The Treasury Department announced sanctions against Russia implemented under an executive order from President Joe Biden in response to the SolarWinds hack and alleged election interference by the country.
Aaron Nicodemus applauds outgoing SEC whistleblower chief Jane Norberg for “revolutionizing” the program and the agency, while Kyle Brasseur laments Facebook’s ethical bungling of its recent data leak.
The Irish Data Protection Commission has launched an inquiry into Facebook over concerns the social media giant may not have properly disclosed the full extent of its recent data leak.
Old personal data of more than 533 million Facebook users was recently made publicly available on a hacker forum. Could the social media giant face a new investigation under the GDPR in response?
The Irish Data Protection Commission has reached out to Facebook seeking to determine whether the social media giant’s weekend data breach should receive scrutiny under the General Data Protection Regulation.
Cyber-breach disclosures in 2020 were down 19 percent from 2019—the first drop in the statistic in five years, according to a new report from Audit Analytics.
Online reservation Website Booking.com has been fined €475,000 (U.S. $557,000) by the Dutch Data Protection Authority for reporting a data breach 22 days later than the 72 hours required under the GDPR.
Aly McDevitt assesses controversial data breach disclosures from U.K. retailer FatFace and technology vendor Ubiquiti in light of a report Congress is considering stricter requirements for reporting data breaches.
Former FBI Director James Comey predicted a “time of extraordinary change” is ahead for the compliance profession in the post-pandemic world during a prerecorded video message at Compliance Week’s Financial Crimes virtual event.
Nathan Anderson, senior director of internal audit at McDonald’s, discusses ways internal audit can better answer management questions about cyber-risks and become a more independent cyber-security testing function overall.
It’s a clean sweep: All five CCOs we spoke with are in favor of U.S. federal data privacy legislation. Read on for the reasoning behind their answers.
The New York State Department of Financial Services fined Residential Mortgage Services $1.5 million for violating New York’s cyber-security regulation.
Five senior compliance practitioners outline their strategies for protecting their firms from data breaches.
Five senior compliance practitioners tell Compliance Week how their organizations are reacting to new cyber-threats introduced by the pandemic.
Five senior compliance practitioners share insights on their roles in implementing and overseeing cyber-security policies and procedures.
LifePoint Health’s VP for Compliance Program Operations/Chief Privacy Officer Ellen Hunt and VP/CISO Andy Heins share how they work ”hand in glove” to protect their company’s data from bad actors.
Threat Intelligence is normally used to enrich the process of security assessment, providing proof on the enforcement of security controls required to be secure and compliant.
As cyber-attacks surge, the need for cyber-insurance is growing more urgent. But it’s critical for companies to first familiarize themselves with how to navigate the labyrinth of cyber-insurance products on the market so that they are properly covered.
Two months after cloud service vendor Accellion first identified one of its legacy products was targeted by a sophisticated cyber-attack, users of the product continue to feel the impact, with grocery chain Kroger the latest to reveal its exposure.
Companies forced to pivot to remote work in a global health crisis spent the bulk of 2020 grappling with heightened cyber-security risks. A year later, compliance practitioners say their companies’ cyber-security postures are better for it—even in the wake of the stunning SolarWinds hack.
Today’s breach landscape is unprecedented and complex. Every organization is facing potential enforcement of many interconnected and overlapping laws in multiple jurisdictions.
The Financial Industry Regulatory Authority has published a new report designed to help inform member firms’ compliance programs by providing annual insights from its examinations and risk monitoring programs.
The aftermath of the coronavirus pandemic dominates the top risks that will keep boards of directors and executive management teams on their toes in 2021, a new survey by Protiviti and NC State’s ERM Initiative finds.
CyberGRX and Ponemon Institute surveyed 581 IT security and 302 C-suite executives to determine what impact digital transformation is having on cybersecurity and how prepared organizations are to deal with that impact.
The more we learn about the SolarWinds hack, the more troubled compliance officers should be by the scope and breadth of the risks their companies might have incurred.
Companies must make cyber-security a continuous priority as threats evolve, often more quickly than the technology and regulations to counter them. That’s why the New York Department of Financial Services, under Maria Vullo, developed a policy that should act as a model for organizations.
The financial services industry is a leading target for cyber criminals because there’s more than one way one way to profit from an attack.
What’s most important for compliance officers is to understand the risks breaches and hacks pose to their organizations, not the technical manner of how those breaches occur, according to an expert panel at CW’s virtual Cyber-Risk & Data Privacy Summit.
Experts at CW’s virtual Cyber-Risk and Data Privacy Summit explain the importance for companies to review and enhance their current data security compliance policies and procedures.
The U.S. Department of Health and Human Services’ Office for Civil Rights fined Excellus Health Plan $5.1 million for failures relating to a 2015 data breach that exposed the personal information of 9.3 million individuals.
British Airways faces the largest group claim ever made in U.K. legal history over a 2018 data breach that exposed the financial and personal details of more than 400,000 of its customers.
Anne Neuberger, currently the cyber-security director at the National Security Agency, has been appointed to fill a newly created cyber-security position on President-elect Joe Biden’s National Security Council.
For most companies, supply chain risk management traditionally focuses on managing physical third-party risks. But what the SolarWinds cyber-attack revealed is the catastrophic havoc fourth and fifth parties can also wreak in the often-ignored cloud supply chain.
This year has been one most of us would like to forget. As we look toward 2021, nevertheless, it is worth considering lessons learned over the last 12 months and (where possible) drawing on any positives that have come to light regarding the financial crime landscape.
The lessons from the massive SolarWinds hack on where vulnerabilities still lurk in the third-party vendor supply chain cannot be grasped soon enough.
Ireland’s first major decision against a Big Tech company under the GDPR has stirred controversy as the country’s data regulator hit Twitter with an underwhelming €450,000 (U.S. $547,000) fine for a 2018 data breach.
Many of the problems European compliance officers faced in 2020 will remain in place going into the new year, but new risks and new regulations will also present new challenges.
A spate of recent cyber-security breaches occurring via third parties is a reminder of the importance for companies to stay on top of risk management. Regulators have shown to not take kindly to finger-pointing.
Cryptocurrency is complicated, but it’s not going away anytime soon. David Povey of the ICA takes a look at what regulators are trying to do and offers tips on where compliance officers can go to study this complex topic further.
The U.K. Information Commissioner’s Office fined Ticketmaster £1.25 million (U.S. $1.6 million) for its failures relating to a 2018 data breach by a third party.
The U.S. banking industry is stable nearly nine months into the coronavirus pandemic, but the OCC warns of increased risks for banks seeking to comply with the Bank Secrecy Act and consumer protection and fair lending requirements.
Cyber-security risk oversight is the area with the greatest increase in audit committee disclosures in proxy statements, so you better make sure you’ve got a handle on understanding your responsibilities.
Federal banking regulators have released new operational resiliency guidance aimed to strengthen risk management around technology-based failures, cyber-incidents, pandemic outbreaks, natural disasters, and more.
The Marriott GDPR fine handed down by the U.K. Information Commissioner’s Office is less than 20 percent of the original number the regulator proposed, the second time this month such a drastic reduction has taken place.