Risk Management

Digital banking

Fed details Custodia Bank membership rejection over risk deficiencies


The Federal Reserve Board further expounded on the risk management deficiencies it found at Custodia Bank as part of the digital-first bank’s application to become a member of the Federal Reserve System.

Cash App

Report alleges Block’s Cash App facilitates fraud, disregards AML laws


Investment research firm Hindenburg Research accused financial technology payment company Block of facilitating money laundering, fraud, and scams on its platform.

CW2022 Kenneth Polite 2

Polite: Look to ABB case for ‘extraordinary cooperation’ example


Compliance officers seeking clarity on what the Department of Justice means by “extraordinary” cooperation or “immediate” self-disclosure should look to the agency’s case history, said Assistant Attorney General Kenneth Polite Jr. during a speech.

Compliance steps

Best practices to ensure your firm’s compliance resiliency


What is compliance resiliency, and why is it crucial for your organization to have it? Recent enforcement examples demonstrate why mapping out a clear business continuity plan can help thwart a risky management reshuffle.

Bank confusion

Experts: Fraud risks heightened amid banking turmoil


The stunning, rapid collapse of Silicon Valley Bank, fueled in its final days by droves of panicked depositors seeking funds, likely added to the chaos within the bank and ratcheted up the risk of fraud, according to legal experts.

Janet Yellen

Yellen says regs might cover deposits of other struggling banks


Treasury Secretary Janet Yellen said federal regulators are willing to extend the same financial assistance—perhaps even extended deposit insurance—to mid-sized banks struggling to handle the fallout from the failures of Silicon Valley Bank and Signature Bank.


SEC chief accountant eyeing auditor use of network member firms


The Securities and Exchange Commission is paying added scrutiny toward audit firms’ increasing use of network affiliates in their work and the potential for inconsistent quality that comes with such an approach.

onetrust 2022 300x200

CPE Webcast: A shortcut to third-party due diligence fundamentals

2023-03-21T11:00:00+00:00Provided by

Increased regulatory and consumer scrutiny on the integrity of businesses has changed how we operate. Now, the spotlight is turning to third parties and vendors that work on our behalf or as part of our supply chains.

Joe Biden

Biden calls for banking exec clawbacks amid failures


President Joe Biden is calling on Congress to “do more to hold senior bank executives accountable” since the market turmoil that has followed the collapses of Silicon Valley Bank and Signature Bank.

Credit Suisse

‘Crisis of confidence’ leads Credit Suisse to merger with UBS


Credit Suisse will merge with UBS in a move approved by Swiss banking regulators after a proposed cash injection from the Swiss National Bank failed to stabilize Credit Suisse’s rapidly declining finances.

Silicon Valley Bank sign

Where will regulators turn following SVB, Signature Bank failures?


Small and mid-sized banks can expect more regulatory scrutiny in the aftermath of the collapses of Silicon Valley Bank and Signature Bank, according to legal experts. The time to prepare is now.


​Fed governor teases new TPRM guidance for banks


The Federal Reserve and other U.S. banking agencies are working to develop joint guidance to clarify regulatory expectations around third-party risk management, according to Fed Governor Michelle Bowman.


CPE Webcast: WhatsApp and off-channel communications: Lessons for the rest of us

2023-03-16T14:00:00+00:00Provided by Smarsh

The SEC and CFTC spent the latter part of 2022 issuing a series of exceptionally large enforcement actions against financial services firms over unapproved communications tools. Most of these actions stemmed from recordkeeping violations.

DOJ wall

Experts: DOJ clawback pilot to be ‘work in progress’


Businesses and compliance professionals should expect the Department of Justice’s new compensation clawback policies to be applied on a case-by-case basis, with broad discretion, according to legal experts.


CISA pilot program seeks to bolster ransomware preparedness


The Cybersecurity and Infrastructure Security Agency announced a pilot program designed to help critical infrastructure entities vulnerable to cyberattacks mitigate a ransomware incident before it occurs.

EIC cover img

Nomination deadline for 2023 ‘Excellence in Compliance Awards’ extended


The nomination deadline for Compliance Week’s fourth annual “Excellence in Compliance Awards” has been extended and will now close March 31. Finalists are expected to be announced in early April.

SEC office

Investment adviser fined $50K for compliance lapses following founder/CCO’s death


E. Magnus Oppenheim & Co. must pay $50,000 and hire an independent compliance consultant to settle Securities and Exchange Commission charges of failing to implement compliance policies and procedures following the death of its founder and CCO.

Credit Suisse sign

Credit Suisse discloses ICFR ‘not effective’ in 2022


Credit Suisse Group disclosed in its annual report its internal control over financial reporting was “not effective” for the fiscal year ending December 2022.


CPE Webcast: Understanding and managing psychosocial risk within your workforce

2023-03-14T14:00:00+00:00Provided by Avetta

This presentation will show professionals how to integrate the socially transformative elements of psychological safety within our work systems while finding a unique opportunity to advance the benefits of reducing risk and error in the workplace alongside greater business outcomes.

Silicon Valley Bank2

Regulators on damage control following SVB, Signature Bank failures


The White House, Department of the Treasury, and other federal banking regulators swung into action over the weekend to prevent the failure of two banks with $264 billion in combined deposits from turning into a full-blown economic crisis.


Silicon Valley Bank risk chief gap glaring post-collapse


For eight months last year, Silicon Valley Bank went without an established chief risk officer. The ramifications of that decision are hard to ignore in the wake of the bank’s hasteful failure.

Coal mining

DOJ declines to prosecute Corsa Coal in FCPA case


Corsa Coal Corp. was notified by the Department of Justice it won’t face prosecution for alleged bribes employees paid to Egypt’s Al Nasr Company for Coke and Chemicals to secure coal supply contracts.

Silicon Valley Bank

Silicon Valley Bank closed by banking regs after historic collapse


In the largest U.S. bank failure since 2008, Silicon Valley Bank was closed and its approximately $175 billion in deposits placed under control of the Federal Deposit Insurance Corporation.


SEC orders Blackbaud to pay $3M for misleading ransomware disclosures


Software company Blackbaud agreed to pay $3 million to the Securities and Exchange Commission to settle claims it violated securities law by failing to disclose the true scope of a ransomware attack that affected 13,000 users.


​Experts: Delaware court McDonald’s ruling lowers bar on officer liability


The fiduciary duty of oversight that historically has applied only to directors “applies equally to officers,” including CCOs, the Delaware Court of Chancery explicitly held in its ruling regarding former McDonald’s Chief People Officer David Fairhurst.


Ten things I’m excited for at CW National 2023


Ten weeks before Compliance Week National 2023 kicks off May 15 at the JW Marriott in Washington, D.C, CW Editor in Chief Kyle Brasseur shares what he’s looking forward to most at the annual event.

Virgin Media

U.K. push for GDPR reprimand transparency draws mixed reviews


The U.K. Information Commissioner’s Office began publishing the details of cases where organizations breached the General Data Protection Regulation but were not fined. Legal experts share their take on the initiative.


Flutter Entertainment to pay $4M for legacy FCPA violations


Ireland-based gaming and sports betting company Flutter Entertainment will pay a $4 million fine to resolve SEC charges payments made to Russian consultants by a company it acquired violated the Foreign Corrupt Practices Act.

Google HQ

​Google, Uber CCOs share approaches to data analytics


The chief compliance officers of Google and Uber offer insight into how their data analytics compliance programs have evolved amid enhanced scrutiny on use of technology from the Department of Justice.

Russia_United States

U.S. authorities list red flags for sanction evasion by third parties


The Bureau of Industry and Security, Office of Foreign Assets Control, and Department of Justice issued guidance to highlight common methods bad actors use to evade sanctions and export controls on Russia and how to spot their use.

EU US privacy

Privacy Shield replacement on track, though hurdles remain


The agreement on a new framework for transatlantic data flows between the United States and European Union could be finalized this year. Whether it can stand legal scrutiny is the real question.


DOJ to implement new clawback, compensation policies for corporate settlements


Corporate resolutions involving the Department of Justice’s Criminal Division will now include a requirement the resolving company develop compliance-promoting criteria within its compensation and bonus system, according to Deputy Attorney General Lisa Monaco.

Energy company

Italian DPA fines Edison Energia $5.2M over GDPR lapses


The Italian data protection authority penalized electric utility company Edison Energia for multiple alleged violations of the General Data Protection Regulation regarding marketing communications and data processing transparency.

Texas State Capitol

Anti-ESG fervor catching fire with Republican lawmakers


The blowback against environmental, social, and governance initiatives in investments and corporate strategies is quickly building momentum in conservative politics, with nearly two dozen states proposing bills that limit ESG investments.

ask cco 3x2 20234

Ask a CCO: Most difficult element of data privacy compliance

2023-03-02T14:00:00+00:00By Compliance Week

Four senior compliance practitioners offer their take on the elements of data privacy compliance businesses can expect to be most difficult to confront.

Credit Suisse

FINMA: Credit Suisse ‘seriously breached’ duty regarding Greensill


Poor risk management by Credit Suisse’s asset management company kept the bank mostly unaware of the risky nature of lending procedures used by Lex Greensill that would lead to the collapse of Greensill Capital, according to Switzerland’s Financial Market Supervisory Authority.

ask cco 3x2 20233

Ask a CCO: Company investment in data privacy efforts

2023-03-01T14:00:00+00:00By Compliance Week

Four senior compliance practitioners discuss how their respective companies invest in compliance with varying data privacy requirements.

FTC seal

FTC attorney warns of scrutiny toward AI claims in marketing


The Federal Trade Commission is keeping close watch on companies that use the term “artificial intelligence” when marketing their products.

ask cco 3x2 20232

Ask a CCO: Roles in data privacy compliance efforts

2023-02-28T14:00:00+00:00By Compliance Week

Four senior compliance practitioners share their roles in ensuring data privacy compliance at their respective companies and the other departments that support their efforts.


CPE Webcast: Accelerating your sustainability journey through robust supplier engagement

2023-02-28T11:00:00+00:00Provided by

As conversations around climate change and inequality intensify around the globe, businesses face increased scrutiny and pressure from regulators, investors, and customers to ESG goals across the value chain—including third parties.

South Africa flag

South Africa, Nigeria added to FATF’s AML/CFT watchlist


The Financial Action Task Force placed Nigeria and South Africa on its list of countries requiring increased monitoring because of deficiencies in their regimes to counter money laundering, terrorist financing, and proliferation financing.

ask cco 3x2 2023

Ask a CCO: Plan for complying with varied U.S. privacy laws

2023-02-27T14:00:00+00:00By Compliance Week

Four senior compliance practitioners detail steps their respective companies are taking to confront the expanding U.S. data privacy legislation landscape.

U.S. privacy

Best practices for navigating changing U.S. data privacy landscape


With five new or amended state laws set to hit the books in 2023, companies would be wise to ensure their data privacy compliance house is in order—and start preparing for the next wave of legislation.

Cloud data

Cloud ‘not a silver bullet’ for security


A panel of cyber experts and a chief compliance officer in financial services discussed the business risks, threat vectors, and vendor ‘gotchas’ associated with transitioning to a cloud provider at CW’s virtual Cyber Risk & Data Privacy Summit.

United States cyber

‘This is where we are now’: Cyber environment calls for continuous monitoring


Securing your organization’s private data when vendors have access to it means managing relationships from beginning to end, panelists at CW’s virtual Cyber Risk and Data Privacy Summit agreed.

Russia sanctions

OFAC imposes new sanctions to mark anniversary of Russia’s Ukraine invasion


The Office of Foreign Assets Control unveiled a slew of new sanctions against financial services firms and individuals that either support Russia’s war effort or have been judged to be undermining existing U.S. sanctions.


HHS proposal aims to ‘shine a light’ on nursing home ownership


It is still too early in the rulemaking process to know what will be included in the Biden administration’s final rule on transparency of nursing home ownership, but there are some steps facilities can take to prepare, according to experts.


Lessons in cybersecurity: Control the breach narrative


Recent botched data breach responses at Activision Blizzard and GoDaddy prompt timely consideration of communication best practices shared by cybersecurity experts at CW’s virtual Cyber Risk & Data Privacy Summit.


ChatGPT comes with compliance caveats, experts warn


There are downsides to every new technology, and artificial intelligence and machine learning are no exception. Experts discussed the importance for compliance professionals to understand the risks of such tools at CW’s virtual Cyber Risk & Data Privacy Summit.

DNB 300x200

CPE Webcast: Managing third-party risk in 2023: Trends and best practices

2023-02-23T14:00:00+00:00Provided by

In a recent survey by Dun & Bradstreet and Compliance Week, more than half of respondents indicated they had increased vendor/third-party due diligence efforts as a result of global disruption and instability.