European Commission unveils a simpler, more competitive EU Single Market, but businesses remain skeptical
The EU’s new strategy aims to boost SME growth and cut market barriers, but businesses doubt reforms will happen, and consumer groups fear weaker data protections.
EU, UK agree to reset rules on agrifoods, mergers and carbon trading as part of post-Brexit reset
Four years after Brexit, the U.K. and EU announced a “reset” that will ease barriers to importing and exporting food, drink, and agricultural produce. It may also harmonize rules around carbon emissions trading systems, simplifying compliance for multinational organizations that are large emitters, and enable more young people to gain ...
Communication and relationships is increasingly critical for compliance teams
Compliance is increasingly in the spotlight as companies are tackling everything from artificial intelligence and other new technologies to risk management and mitigation. But it’s soft skills of communication and relationship building that are becoming the most critical tools for success.
ESG goes beyond politics: Vendor management, forced labor, sustainability
ESG is no longer in vogue. But its issues still are.
Trump administration launches pressure campaign against EU Digital Services Act
The Trump administration is preparing to ask the European Union to alter or water down its rules on content moderation on social media, claiming that they hurt the competitiveness of American technology companies.
Q&A: Symphony general counsel Corinna Mitchell on regulators’ push for supply chain resilience
Secure, resilient communications and trading platforms are critical both to financial services firms and to governments that know their economies depend upon them, says Corinna Mitchell, General Counsel at FS digital communications provider Symphony. That’s why her company is investing more in managing rapidly evolving compliance demands from multiple regulators ...
UBS to pay $511 million fine over Credit Suisse tax case, exposing compliance gaps
A significant settlement in a U.S. tax fraud case against Credit Suisse contains numerous compliance lessons related to beneficial ownership and due diligence in mergers and acquisitions.
Delayed UK antitrust case underscores compliance, reputational risks
Antitrust infringement cases in the United Kingdom can run on for years, but there’s a question whether issuing fines that are dwarfed by the revenues of those organisations involved is a worthy deterrent—particularly if they are imposed over a decade after the misconduct ended. It’s also debatable whether the first ...
Our rapidly changing world still needs thoughtful compliance, now more than ever
Sometimes, it feels like the only thing that’s certain is that tomorrow will be different from today. For an industry that’s focused on rules, regulations, and ethics, that lack of consistency can seem overwhelming. That’s why the next few days will matter so much.
EU hits Apple, Meta with antitrust fines weeks after Trump tariffs announced
The European Union issued significant antitrust fines against two tech titans, hitting Apple with 500 million euros (U.S. $570 million) and Facebook owner Meta with 200 million euros (U.S. $228 million). The move sought to undermine key parts of both companies’ businesses less than a month after U.S. President Donald ...
UK’s deregulation drive raises compliance risk, say top lawyers
The United Kingdom’s latest effort to encourage regulators to pare down rules to attract companies and investment as a way to stimulate the economy has received mixed reviews from lawyers.
AI regulation: U.K. sits on regulatory fence between U.S. and E.U.
The U.K. has pressed pause on artificial intelligence regulation as its government comes under twin pressures from those who fear the growing power of unregulated AI and the overriding need to generate growth. The postponement of long-expected legislation means that the U.K. is left sitting on the fence between federal ...
Companies unprepared for European Accessibility Act as June deadline looms
An accessible website should be a basic requirement for businesses, allowing the largest number of people to access a company’s content and services. With technology as an enabler, it also makes good business sense. After all, why would any organization want to hinder customer access? However, many websites are not ...
EU regulator questions 'culture of compliance' with Digital Markets Act at Apple, Google
The European Commission released its preliminary findings last week regarding Apple and Google not complying with the Digital Markets Act. It issued orders to both companies regarding their business practice and plans to release all of its findings next week.
‘Abject failure’: U.K. lawmakers sound off on FCA’s failed 'naming and shaming' enforcement
U.K. lawmakers slammed the country’s chief financial regulator’s hopes of “naming and shaming” firms as part of its efforts to beef up enforcement, denting its credibility in the process and questioning the leadership of its chief executive.
EU drives ‘omnibus’ of simplifications through landmark sustainability reporting directives
The European Commission has adopted proposals for radical simplifications to the EU’s trailblazing environmental regulations. The commissioners argue that this is a pragmatic response to changing global economics and indicates that they have listened to the concerns of smaller businesses that are struggling to comply with onerous and conflicting rules.
Why are CFOs struggling to stay compliant?
CFOs are tasked with overseeing an organization’s entire financial processes, not least ensuring that financial operations remain compliant with the multitude of global regulations. It’s a heavy burden to carry that might be alleviated slightly with the help of artificial intelligence, writes Markus Hornburg, head of compliance at Basware.
'Measured approach' or light-handed GPDR? Noyb reports only 1.3 percent of EU cases result in fine
When Europe’s strict set of data protection rules came into force nearly seven years ago, privacy campaigners, industry experts, and lawyers all warned that noncompliance could result in eye-watering fines and other costly sanctions, especially for repeated breaches. However, the reality appears to be very different.
U.K. Employment Rights Bill promises to thwart forced labor through new consolidated regulator
For the past decade, the United Kingdom has tried to make companies more directly accountable for forced labor in their supply chains. But lawyers warn that the government’s latest plans to beef up protections against worker violations risk being heavily watered down and poorly policed by regulators.
Experts: U.K. digital market reforms a ‘watershed moment,’ could speed up enforcement
The U.K.’s competition regulator has outlined new plans to regulate Big Tech firms that will enable it to take a much more flexible and proactive approach towards investigations.
FBI, Europol shut down hacking sites selling personal info, tools for cybercriminals
Two massive hacking websites–where criminals sold everything from stolen social security numbers to tools for cybercriminals to gain access to computers–have finally been shut down by an international law enforcement team, the Department of Justice announced.
Q&A: Hellenic Bank CCO on progress made to fight corruption in Cyprus
Maria Aristidou Demetriou, chief compliance officer at Cyprus-based Hellenic Bank, spoke to Compliance Week about derisking in the Cypriot banking sector since Russian’s invasion of Ukraine and efforts to combat corruption, money laundering, and sanctions evasion.
Inside Cyprus’ efforts to stem money laundering and sanctions evasion
Are there success stories in the international fight against money laundering and sanctions evasion? The island nation of Cyprus is making its case.
Experts say DORA compliance not coming easy as more firms pass buck to IT providers
New rules have come into effect across the European Union to promote better cybersecurity and IT resilience across the financial services sector, but experts warn that compliance is likely to be patchy and regulatory enforcement across the bloc perhaps even patchier.
CJEU ruling adds to GDPR liability over unfair competition, AML/CFT
Legal cases and fines for noncompliance with EU’s GDPR could rise sharply after a court found that a breach was a source of unfair competition. The judgment also opens doors to civil cases over companies that ignoring expensive or challenging rules, such as those regarding AML/CFT.
Portuguese bank ousts chief risk officer after ‘suspicious’ transactions uncovered
Portuguese bank Novo Banco, S.A., fired Chief Risk Officer Carlos Jorge Ferreira Brandão “with just cause” after an internal probe discovered “suspicious financial transactions” in his sphere.
Experts unsure of risk appetite as EU beefs up cyber rules for critical infrastructure
New rules on cyber risk management across the EU put execs firmly in the crosshairs for noncompliance and are likely to apply to a wider range of organizations than many business leaders may initially think. However, there are also concerns that the rules may become muddled across the wide bloc.
TPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025
New rules that push IT firms providing “critical” services to the U.K.’s financial sector to share more data about cyberattacks and resiliency measures have been welcomed by industry experts. However, concerns remain over how suppliers will be classified and how key data might be gathered and shared.
EU AI Act next GDPR? Proof in the pudding as boardrooms prioritize data governance
Breaches of the EU’s GDPR can cost companies substantial sums and huge reputational damage. Now some are warning that the implementation of the EU’s AI Act will be just as far-reaching, and could potentially lead to similar numbers of cases.
’Future-proofing’ products for safety next level of regulation under EU GPSR
Any product that uses AI needs to be safety assessed for its entire lifespan under new rules that went into effect recently across the EU. Experts warned companies using AI to tailor products could be classed as “manufacturers” and face the same duty of care as developed.
Overabundance of U.K. AML regulators stretching enforcement resources thin, experts say
The U.K. will struggle to shed its reputation as one of the world’s biggest conduits for dirty money due to a combination of patchy intelligence-sharing and poorly resourced enforcement agencies, experts told Compliance Week.
U.K., EU enforcement regimes set to escalate, but critics question sanctions’ effectiveness
With a new political regime ready to take over in the U.S., the effectiveness of sanctions against malign foreign actors like Russia, North Korea, and Iran have come into question. While the European Union and U.K. have increased sanctions pressure, critics have publicly asked: Is it enough?
Good AI governance starts with proactive, continuous risk assessments
Data governance has become a key concern for companies, especially when the EU AI Act and General Data Protection Regulation have put a premium on handling data responsibly and ensuring that artificial intelligence does not cause harm.
EU Deforestation Directive delayed, experts advise compliance managers to not rest on laurels
If your business uses leather, rubber, wood, beef, palm oil, soy, or paper, then you may need to comply with the EU Deforestation Directive, a new rule intended to ensure that no goods traded in the EU contribute to global deforestation.
Spanish telecomm Telefónica S.A. fined $85M over bribes to government officials in Venezuela
A subsidiary of Spanish telecommunications provider Telefónica S.A. will pay $85.2 million to settle a charge that it violated the Foreign Corrupt Practices Act when it paid bribes to Venezuelan officials to gain preferential access to a currency auction.
Meta-backed EU appeals body facing conflicts of interest concerns
Ireland’s cozy relationship with big business and Big Tech has once again come under scrutiny after the country’s media regulator allowed a $15 million one-off funding payment from Meta’s Oversight Board Trust to help launch the newly formed Appeal Centre Europe.
Irish DPC fines LinkedIn $335M over GDPR violations related to targeted advertising
The Irish Data Protection Commission fined Microsoft-owned LinkedIn 310 million euros (U.S. $335 million) over violations of the European Union’s General Data Protection Regulation related to the social media company’s data processing and targeted advertising.
EU businesses will soon have to report on supply chains and sustainability. Not all are ready
Supply chains are about to become the next big thing in sustainability compliance. However, many organizations still lack the data and assurance capabilities to track sustainability and human rights activities across their extended supply chains – which is required by the EU’s CS3D. Many others that fall out of scope ...
Pace of innovation will make EU AI Act hard to enforce, experts say
Concerns about how robustly European member states may enforce the EU AI Act, which took effect on Aug. 1, are divided between if regulators will take a “light touch” approach or a sledgehammer for noncompliance. One thing’s for sure, the pace of AI innovation will make enforcement very difficult.
Photo gallery: Compliance Week Europe 2024
Compliance Week Europe, held Oct. 15-16 in Amsterdam in partnership with our sister organization the Internation Compliance Association, gathered more than 200 GRC professionals across industries. Check out some of the sights from the event.
What’s your risk appetite? EU firms grapple with ‘ridiculously complex’ ESG reporting rules
Discussions on the increasingly complex ESG rules in the EU were the crux of some conversations at Compliance Week Europe, a two-day conference in Amsterdam Oct. 15-16. The event brought together Compliance Week and its sister organization, the International Compliance Association, and more than 200 GRC professionals across industries.
Companies are slowing AI launches in Europe, some say European Union regulations are why
The European Union’s Digital Markets Act is forcing many Big Tech companies to postpone the launch of artificial intelligence-powered features, like Apple Intelligence, over user privacy and data security concerns.
AI misuse could lead to sanctions from multiple regulators, experts warn
The proliferation of AI, as well as the promised business cases promoting its use, has led companies around the world to quickly invest in the technology. Executives hope these AI tools will improve efficiencies, reduce costs, and help them stay competitive. But it could lead to just the opposite.
Barclays is axing its bonus caps. Is it also ditching good governance?
Four years post-Brexit, London-based Barclays became the first British bank to scrap bonus caps for its traders that were meant to curb excessive risk-taking with client cash, improve corporate governance, and restore faith in an industry most working people still hold responsible for 15 years of economic misery.
FTC sounds alarm on business practices turning into ‘vast surveillance’
The Federal Trade Commission took aim at the business models of some of the world’s largest companies, publishing a years-long study that decried technologies that have created “vast surveillance” networks that expose people to “a host of harms” and violate children’s privacy laws.
An Amsterdam discussion on increased role of CCOs
Compliance Week and its sister organization the International Compliance Association will bring together more than 200 GRC professionals for Compliance Week Europe Oct. 15-16 in Amsterdam to discuss how they’re making sense of the constantly changing regulatory landscape.
All hands on deck needed to get ESG disclosures right, report finds
Multiple emerging environmental, social, and governance and disclosure standards pose legal and operational risks to many companies, but also opportunities to improve reporting and get ahead of requirements, a new report found.
DORA set to enhance cyber resilience requirements for EU financial firms
The European Union’s Digital Operational Resilience Act, which is set to take effect next year, will require financial services firms to implement stronger measures to protect not only themselves from disruption caused by cyberattacks but also the sector as a whole.
Lithuanian DPA orders Vinted to pay $2.6M over GDPR violations
The data protection authority of Lithuania levied a fine of 2.4 million euros (U.S. $2.6 million) against Vinted UAB, an online clothing trading and exchange platform, for alleged violations of the European Union’s General Data Protection Regulation.
European Commission informs X it may be in breach of Digital Services Act
The European Commission informed X, formerly Twitter, that it may be the first company found to be in violation of the European Union’s Digital Services Act in areas “linked to dark patterns, advertising transparency, and data access for researchers.”