U.S. law to stop Uyghur forced labor remains compliance challenge
It’s been six months since the Uyghur Forced Labor Prevention Act took effect, and businesses are no clearer today on how to comply with it, those familiar with the law said.
Five compliance triumphs from 2022
Positive contributions in the areas of ESG, AI responsibility, and setting standards regarding CCO liability highlight the latest installment of CW’s annual list of laudable ethics and compliance moments.
SEC risk alert notes compliance issues regarding ID theft rule
The Division of Examinations at the Securities and Exchange Commission issued a risk alert detailing recent issues observed by inspectors regarding compliance with the agency’s identity theft red flags rule, Regulation S-ID.
DOJ official hints at policy changes for off-channel communications, clawbacks
The Department of Justice is considering issuing new guidance regarding companies’ record-keeping obligations for employees’ use of personal cell phones to conduct corporate business, as well as executive compensation clawback policies.
CFTC commissioner stresses ‘urgency’ in call for heightened crypto oversight
Christy Goldsmith Romero, a commissioner at the Commodity Futures Trading Commission, is lobbying the regulator to use its existing authority to conduct “heightened supervision” over derivative exchanges to create more oversight in crypto markets.
Experts: AML efforts dealt blow by CJEU beneficial ownership ruling
Determining the true owner of a company might become more difficult after Europe’s top court ruled automatic access to registers of beneficial ownership conflicted with the right to privacy.
Privacy advocate sues Meta over targeted ad GDPR violation claims
A privacy and human rights advocate sued Meta Platforms in the United Kingdom, claiming the social media giant is refusing her request to stop being targeted with advertising based on her use of Facebook.
Ex-BP trader’s failed whistleblower claim to raise U.K. reporting bar?
A U.K. employment tribunal’s ruling that a former BP employee was not entitled to whistleblower protection has shone a spotlight on the legal issues workers must consider ahead of speaking up.
Regulatory independence vital in U.K.’s fight against fraud
To do their jobs properly, regulators must be able to act independently and without government intervention. Rather than seeking to tighten its grip on regulators, the U.K. government should be safeguarding their independence as a matter of urgent priority.
Cybersecurity staffing woes play part in FTC Safeguards Rule delays
The Federal Trade Commission extended the deadline for compliance with certain changes to its Safeguards Rule announced last year, in part because of labor shortages in the cybersecurity market.
Treasury recommends more oversight for bank-fintech relationships
A new Treasury report found as the trend of nonbank fintech companies providing financial services in partnership with regulated entities continues to grow, regulators need to increase oversight of these relationships to curb the risks they pose.
Navigating using NFTs in business applications
Non-fungible tokens can take many forms. There are potential business applications already in use, and many more are being developed as technology evolves.
CPE Webcast: Building a future-proof ESG program
Learn now to maximize efficiency and achieve operational excellence within your ESG program or get your program started with steps you can take today and into the future regardless of your maturity.
FTX collapse should provide momentum to regulate crypto
The collapse and bankruptcy of digital asset exchange FTX offers stark lessons into why rules that apply to traditional investments—overseen by government regulation—ought to apply to digital investments as well.
Australia privacy law proposal sets steep penalty mark for breaches
The Australian government is weighing stringent new privacy reforms that would establish among the steepest penalty regimes in the world—up to AUD$50 million (U.S. $33.5 million)—for serious or repeated breaches.
As new SEC marketing rule takes effect, many questions remain
The 18-month probationary period for the new Securities and Exchange Commission marketing rule for investment advisers has expired and compliance with the rule is now mandatory.
CFPB outlines rule mandating FIs provide customers their data
The Consumer Financial Protection Bureau initiated rulemaking that would require banks and other financial institutions to make a consumer’s personal financial data available to them upon request.
New OCC office to supervise fintechs
The Office of the Comptroller of the Currency will heighten its focus on the financial technology space with the creation of a new department in early 2023.
SEC passes Dodd-Frank executive pay clawback rule
The Securities and Exchange Commission passed a rule to require public companies to recover incentive-based compensation doled out to current and former executives up to three years before issuing an accounting restatement.
Google agrees to legal compliance monitor under novel DOJ settlement
Google reached a first-of-its-kind settlement with the Department of Justice requiring the tech giant to hire an outside compliance expert and overhaul its legal compliance process.
CPE Webcast: Why your CPRA compliance strategy is broken and how to fix it
It is critical for organizations to carefully assess their CPRA compliance programs to identify gaps, avoid pitfalls, and minimize risks. Even organizations that have implemented a CCPA compliance program will need to consider enhancements to meet CPRA requirements.
CFPB facing ‘existential threat’ following appeals court funding ruling
An appeals court’s finding the Consumer Financial Protection Bureau’s funding mechanism to be unconstitutional could affect a multitude of lawsuits filed against the agency, according to legal experts.
Five companies lose board members in DOJ antitrust sweep
Seven members of corporate boards resigned after the Antitrust Division of the Department of Justice flagged their situations as potential violations of the Clayton Act.
CFIUS issues first-ever enforcement and penalty guidelines
The Committee on Foreign Investment in the United States issued its first-ever enforcement and penalty guidelines for entities that violate mitigation agreements with CFIUS or otherwise run afoul of the Defense Production Act of 1950.
Uber CSO ruling fallout: Individual liability extends to data breach response
The case of the Uber chief security officer found guilty by a jury on two felonies for covering up a data breach and misleading federal regulators opens up another potential individual liability issue executives handling cyber incidents face, according to legal experts.
ICO guidance stresses importance of reasoning in employee monitoring
The U.K. Information Commissioner’s Office issued draft guidance to help ensure employers’ monitoring of staff performance does not turn into surveillance or harassment.
OSHA widens enforcement scope with severe violator program update
More companies and industries are at risk of falling under the Occupational Safety and Health Administration’s Severe Violator Enforcement Program now that the Labor Department agency has broadly expanded its enforcement scope.
Report: Global anti-bribery enforcement levels hit record low
Only the United States and Switzerland can be considered “active enforcers” in tackling foreign bribery, while countries like the United Kingdom and Israel have taken a step back, according to the latest report from Transparency International.
U.S., U.K. improve anti-corruption coordination with data access agreement
A new agreement will allow law enforcement agencies in the United Kingdom and United States to gain better access to data held by tech and telecommunications firms from the other’s country as part of evidence gathering for complex white-collar crimes.
SEC official advises auditors shift mindset on fraud detection
Paul Munter, acting chief accountant at the Securities and Exchange Commission, issued a statement highlighting auditors’ responsibilities in fighting fraud, including his office’s recent observations of shortcomings in the area.
U.S. includes surveillance concessions in new transatlantic data flow framework
President Joe Biden’s executive order on a data privacy framework aims to provide a workable, legally resilient solution for companies to continue moving and storing the personal data of EU-based citizens to American-based servers without running afoul of the GDPR.
SEC to reopen comment on climate-related disclosure rule, data breach reporting after glitch
The Securities and Exchange Commission will reopen comment periods on 11 rulemaking releases put forward over the past year, including proposals regarding climate-related disclosures and reporting cybersecurity breaches, because of a glitch in its online comment system.
Optus data breach fallout shows widespread impact of cybercrime
Optus isn’t alone in trying to calm public nerves and find out what happened to cause a breach that exposed the records of 9.8 million current and former customers. Australian government agencies are also attempting to fight fires and reassure citizens their personal info is safe.
FSOC recommends more regulation, oversight of digital assets
A new report by the Financial Stability Oversight Council identified three regulatory gaps in the current oversight of cryptocurrency, stablecoins, and other digital assets and recommended steps Congress and federal regulators should take to close them.
FINRA sets fine ranges for AML failures, removes limits on certain penalties
The Financial Industry Regulatory Authority increased penalties for member violations of securities rules, including removing upper limits on fines for certain instances of misconduct.
Experts: EU Cyber Resilience Act puts pressure on tech developers, users
The EU’s proposed Cyber Resilience Act primarily puts pressure on tech manufacturers to ensure the cybersecurity of their products, but companies also have a duty of care to use the most secure products available.
FinCEN finalizes beneficial ownership rule, reporting requirements
The Financial Crimes Enforcement Network finalized its beneficial ownership rule, which will require certain reporting companies to file basic information with the agency about who controls their finances.
Fed recruits 6 large banks for climate scenario analysis pilot
Bank of America, Citigroup, Goldman Sachs, JPMorgan Chase, Morgan Stanley, and Wells Fargo will participate in a pilot climate scenario analysis exercise organized by the Federal Reserve that seeks to enhance climate-related financial risk management efforts in the industry.
U.S. Chamber, bank groups sue CFPB for expanding supervisory remit
A group of banking and business associations sued the Consumer Financial Protection Bureau and Director Rohit Chopra for overstepping their authority when the agency indicated it would begin actively searching for discrimination and disparate impacts during supervisory exams.
HBOS case latest example of U.K. senior exec accountability woes
The Prudential Regulation Authority and Financial Conduct Authority ending their six-year investigations into former senior managers at HBOS without enforcement serves as reminder of the United Kingdom’s checkered history of bringing executives to book.
U.K. bill would empower Companies House as AML regulator
The Economic Crime and Corporate Transparency Bill aims to stem the flow of dirty money coming into the United Kingdom by giving Companies House more power and resources to help combat money laundering.
ESG experts see shades of conflict minerals for SEC climate disclosure rule
The climate-related disclosure rule proposed by the Securities and Exchange Commission will eventually pass but not before undergoing some changes, practitioners speaking at CW’s virtual ESG Summit predicted.
Ask a CCO: Tech most subject to regulator scrutiny over next 5 years?
Four senior compliance practitioners offer what they believe will be the technology currently on the market that will receive the most attention from regulators over the next five years.
Ask a CCO: Accounting for regulator expectations in using new tech
Regulatory environments are ever evolving; four senior compliance practitioners detail what their respective businesses do to ensure compliance while utilizing new technologies.
Ireland interpretations of GDPR criticized again in Instagram case
In fining Instagram a record €405 million (U.S. $405 million) for General Data Protection Regulation violations regarding the safeguarding of teenage users’ data, the Irish Data Protection Commission took some heat of its own.
Treasury seeking comment on illicit finance risks posed by digital assets
The Treasury Department is seeking public input on how to address illicit finance and national security risks posed by digital assets, part of a multipronged push by the Biden administration to hold bad actors accountable and identify potential enforcement and regulatory gaps.
CFTC commissioner calls for agency to require more admissions of guilt
Commissioner Christy Goldsmith Romero would like the Commodity Futures Trading Commission to stop offering no-fault settlements as a matter of routine but instead force more individuals and corporations to accept responsibility for their wrongdoing.
CPE Webcast: Data discovery and compliance with data protection legislation
There is an increasing need for effective data discovery in the worldwide push toward data protection and privacy legislation. Data privacy laws have been passed in 71 percent of countries, and a further 9 percent have draft legislation in progress.
ESG Summit: How Rite Aid is preparing to comply with SEC’s climate disclosure rule
Amanda Patrick, Rite Aid’s director of ESG/corporate sustainability, shared the retail pharmacy chain’s sustainability journey so far and how it is readying to meet the SEC’s potential disclosure mandates during her keynote address at CW’s virtual ESG Summit.
Dems seek stronger HIPAA privacy for abortion patients
Democratic senators are urging the Department of Health and Human Services to strengthen federal health privacy protections for abortion patients by updating the HIPAA Privacy Rule.