Regulatory Policy


U.S. law to stop Uyghur forced labor remains compliance challenge


It’s been six months since the Uyghur Forced Labor Prevention Act took effect, and businesses are no clearer today on how to comply with it, those familiar with the law said.


Five compliance triumphs from 2022


Positive contributions in the areas of ESG, AI responsibility, and setting standards regarding CCO liability highlight the latest installment of CW’s annual list of laudable ethics and compliance moments.


SEC risk alert notes compliance issues regarding ID theft rule


The Division of Examinations at the Securities and Exchange Commission issued a risk alert detailing recent issues observed by inspectors regarding compliance with the agency’s identity theft red flags rule, Regulation S-ID.


DOJ official hints at policy changes for off-channel communications, clawbacks


The Department of Justice is considering issuing new guidance regarding companies’ record-keeping obligations for employees’ use of personal cell phones to conduct corporate business, as well as executive compensation clawback policies.

Crypto collapse

CFTC commissioner stresses ‘urgency’ in call for heightened crypto oversight


Christy Goldsmith Romero, a commissioner at the Commodity Futures Trading Commission, is lobbying the regulator to use its existing authority to conduct “heightened supervision” over derivative exchanges to create more oversight in crypto markets.


Experts: AML efforts dealt blow by CJEU beneficial ownership ruling


Determining the true owner of a company might become more difficult after Europe’s top court ruled automatic access to registers of beneficial ownership conflicted with the right to privacy.

Facebook Ireland

Privacy advocate sues Meta over targeted ad GDPR violation claims


A privacy and human rights advocate sued Meta Platforms in the United Kingdom, claiming the social media giant is refusing her request to stop being targeted with advertising based on her use of Facebook.


Ex-BP trader’s failed whistleblower claim to raise U.K. reporting bar?


A U.K. employment tribunal’s ruling that a former BP employee was not entitled to whistleblower protection has shone a spotlight on the legal issues workers must consider ahead of speaking up.

London dark

Regulatory independence vital in U.K.’s fight against fraud

2022-11-21T17:50:00+00:00By Rachel Adamson, International Compliance Association

To do their jobs properly, regulators must be able to act independently and without government intervention. Rather than seeking to tighten its grip on regulators, the U.K. government should be safeguarding their independence as a matter of urgent priority.


Cybersecurity staffing woes play part in FTC Safeguards Rule delays


The Federal Trade Commission extended the deadline for compliance with certain changes to its Safeguards Rule announced last year, in part because of labor shortages in the cybersecurity market.


Treasury recommends more oversight for bank-fintech relationships


A new Treasury report found as the trend of nonbank fintech companies providing financial services in partnership with regulated entities continues to grow, regulators need to increase oversight of these relationships to curb the risks they pose.


Navigating using NFTs in business applications


Non-fungible tokens can take many forms. There are potential business applications already in use, and many more are being developed as technology evolves.


CPE Webcast: Building a future-proof ESG program

2022-11-16T14:00:00+00:00Provided by

Learn now to maximize efficiency and achieve operational excellence within your ESG program or get your program started with steps you can take today and into the future regardless of your maturity.


FTX collapse should provide momentum to regulate crypto


The collapse and bankruptcy of digital asset exchange FTX offers stark lessons into why rules that apply to traditional investments—overseen by government regulation—ought to apply to digital investments as well.

Australian Parliament

​Australia privacy law proposal sets steep penalty mark for breaches


The Australian government is weighing stringent new privacy reforms that would establish among the steepest penalty regimes in the world—up to AUD$50 million (U.S. $33.5 million)—for serious or repeated breaches.


As new SEC marketing rule takes effect, many questions remain


The 18-month probationary period for the new Securities and Exchange Commission marketing rule for investment advisers has expired and compliance with the rule is now mandatory.

Data money

CFPB outlines rule mandating FIs provide customers their data


The Consumer Financial Protection Bureau initiated rulemaking that would require banks and other financial institutions to make a consumer’s personal financial data available to them upon request.

OCC sign

New OCC office to supervise fintechs


The Office of the Comptroller of the Currency will heighten its focus on the financial technology space with the creation of a new department in early 2023.


SEC passes Dodd-Frank executive pay clawback rule


The Securities and Exchange Commission passed a rule to require public companies to recover incentive-based compensation doled out to current and former executives up to three years before issuing an accounting restatement.

Google sign

Google agrees to legal compliance monitor under novel DOJ settlement


Google reached a first-of-its-kind settlement with the Department of Justice requiring the tech giant to hire an outside compliance expert and overhaul its legal compliance process.


CPE Webcast: Why your CPRA compliance strategy is broken and how to fix it

2022-10-25T14:00:00+01:00Provided by

It is critical for organizations to carefully assess their CPRA compliance programs to identify gaps, avoid pitfalls, and minimize risks. Even organizations that have implemented a CCPA compliance program will need to consider enhancements to meet CPRA requirements.


CFPB facing ‘existential threat’ following appeals court funding ruling


An appeals court’s finding the Consumer Financial Protection Bureau’s funding mechanism to be unconstitutional could affect a multitude of lawsuits filed against the agency, according to legal experts.

Board table

Five companies lose board members in DOJ antitrust sweep


Seven members of corporate boards resigned after the Antitrust Division of the Department of Justice flagged their situations as potential violations of the Clayton Act.


CFIUS issues first-ever enforcement and penalty guidelines


The Committee on Foreign Investment in the United States issued its first-ever enforcement and penalty guidelines for entities that violate mitigation agreements with CFIUS or otherwise run afoul of the Defense Production Act of 1950.

Cybersecurity shield

Uber CSO ruling fallout: Individual liability extends to data breach response


The case of the Uber chief security officer found guilty by a jury on two felonies for covering up a data breach and misleading federal regulators opens up another potential individual liability issue executives handling cyber incidents face, according to legal experts.

Employee monitoring

ICO guidance stresses importance of reasoning in employee monitoring


The U.K. Information Commissioner’s Office issued draft guidance to help ensure employers’ monitoring of staff performance does not turn into surveillance or harassment.

Workplace inspection

OSHA widens enforcement scope with severe violator program update


More companies and industries are at risk of falling under the Occupational Safety and Health Administration’s Severe Violator Enforcement Program now that the Labor Department agency has broadly expanded its enforcement scope.


Report: Global anti-bribery enforcement levels hit record low


Only the United States and Switzerland can be considered “active enforcers” in tackling foreign bribery, while countries like the United Kingdom and Israel have taken a step back, according to the latest report from Transparency International.

United States United Kingdom

U.S., U.K. improve anti-corruption coordination with data access agreement


A new agreement will allow law enforcement agencies in the United Kingdom and United States to gain better access to data held by tech and telecommunications firms from the other’s country as part of evidence gathering for complex white-collar crimes.


SEC official advises auditors shift mindset on fraud detection


Paul Munter, acting chief accountant at the Securities and Exchange Commission, issued a statement highlighting auditors’ responsibilities in fighting fraud, including his office’s recent observations of shortcomings in the area.

White House

U.S. includes surveillance concessions in new transatlantic data flow framework


President Joe Biden’s executive order on a data privacy framework aims to provide a workable, legally resilient solution for companies to continue moving and storing the personal data of EU-based citizens to American-based servers without running afoul of the GDPR.


SEC to reopen comment on climate-related disclosure rule, data breach reporting after glitch


The Securities and Exchange Commission will reopen comment periods on 11 rulemaking releases put forward over the past year, including proposals regarding climate-related disclosures and reporting cybersecurity breaches, because of a glitch in its online comment system.


Optus data breach fallout shows widespread impact of cybercrime


Optus isn’t alone in trying to calm public nerves and find out what happened to cause a breach that exposed the records of 9.8 million current and former customers. Australian government agencies are also attempting to fight fires and reassure citizens their personal info is safe.

Crypto coins

FSOC recommends more regulation, oversight of digital assets


A new report by the Financial Stability Oversight Council identified three regulatory gaps in the current oversight of cryptocurrency, stablecoins, and other digital assets and recommended steps Congress and federal regulators should take to close them.


FINRA sets fine ranges for AML failures, removes limits on certain penalties


The Financial Industry Regulatory Authority increased penalties for member violations of securities rules, including removing upper limits on fines for certain instances of misconduct.

Europe technology

Experts: EU Cyber Resilience Act puts pressure on tech developers, users


The EU’s proposed Cyber Resilience Act primarily puts pressure on tech manufacturers to ensure the cybersecurity of their products, but companies also have a duty of care to use the most secure products available.

Treasury Department

FinCEN finalizes beneficial ownership rule, reporting requirements


The Financial Crimes Enforcement Network finalized its beneficial ownership rule, which will require certain reporting companies to file basic information with the agency about who controls their finances.


Fed recruits 6 large banks for climate scenario analysis pilot


Bank of America, Citigroup, Goldman Sachs, JPMorgan Chase, Morgan Stanley, and Wells Fargo will participate in a pilot climate scenario analysis exercise organized by the Federal Reserve that seeks to enhance climate-related financial risk management efforts in the industry.

Rohit Chopra

U.S. Chamber, bank groups sue CFPB for expanding supervisory remit


A group of banking and business associations sued the Consumer Financial Protection Bureau and Director Rohit Chopra for overstepping their authority when the agency indicated it would begin actively searching for discrimination and disparate impacts during supervisory exams.

Business leaders

HBOS case latest example of U.K. senior exec accountability woes


The Prudential Regulation Authority and Financial Conduct Authority ending their six-year investigations into former senior managers at HBOS without enforcement serves as reminder of the United Kingdom’s checkered history of bringing executives to book.

U.K. Parliament

U.K. bill would empower Companies House as AML regulator


The Economic Crime and Corporate Transparency Bill aims to stem the flow of dirty money coming into the United Kingdom by giving Companies House more power and resources to help combat money laundering.

GHG emissions

ESG experts see shades of conflict minerals for SEC climate disclosure rule


The climate-related disclosure rule proposed by the Securities and Exchange Commission will eventually pass but not before undergoing some changes, practitioners speaking at CW’s virtual ESG Summit predicted.

ask cco 3x2 20225

Ask a CCO: Tech most subject to regulator scrutiny over next 5 years?

2022-09-23T13:00:00+01:00By Compliance Week

Four senior compliance practitioners offer what they believe will be the technology currently on the market that will receive the most attention from regulators over the next five years.

ask cco 3x2 20224

Ask a CCO: Accounting for regulator expectations in using new tech

2022-09-22T13:00:00+01:00By Compliance Week

Regulatory environments are ever evolving; four senior compliance practitioners detail what their respective businesses do to ensure compliance while utilizing new technologies.

Instagram icon

Ireland interpretations of GDPR criticized again in Instagram case


In fining Instagram a record €405 million (U.S. $405 million) for General Data Protection Regulation violations regarding the safeguarding of teenage users’ data, the Irish Data Protection Commission took some heat of its own.


Treasury seeking comment on illicit finance risks posed by digital assets


The Treasury Department is seeking public input on how to address illicit finance and national security risks posed by digital assets, part of a multipronged push by the Biden administration to hold bad actors accountable and identify potential enforcement and regulatory gaps.

Christy Goldsmith Romero

CFTC commissioner calls for agency to require more admissions of guilt


Commissioner Christy Goldsmith Romero would like the Commodity Futures Trading Commission to stop offering no-fault settlements as a matter of routine but instead force more individuals and corporations to accept responsibility for their wrongdoing.

ground labs300x200

CPE Webcast: Data discovery and compliance with data protection legislation

2022-09-20T11:00:00+01:00Provided by

There is an increasing need for effective data discovery in the worldwide push toward data protection and privacy legislation. Data privacy laws have been passed in 71 percent of countries, and a further 9 percent have draft legislation in progress.

Rite Aid

ESG Summit: How Rite Aid is preparing to comply with SEC’s climate disclosure rule


Amanda Patrick, Rite Aid’s director of ESG/corporate sustainability, shared the retail pharmacy chain’s sustainability journey so far and how it is readying to meet the SEC’s potential disclosure mandates during her keynote address at CW’s virtual ESG Summit.

HHS building

Dems seek stronger HIPAA privacy for abortion patients


Democratic senators are urging the Department of Health and Human Services to strengthen federal health privacy protections for abortion patients by updating the HIPAA Privacy Rule.