NAVEX: Top 10 risk and compliance trends for 2022
Diversity, equity, and inclusion; prioritizing ESG; business continuity; and more highlight the latest edition of NAVEX’s annual list of risk and compliance trends worth monitoring.
Accellion to pay $8.1M in proposed data breach settlement
The Accellion data breach that last year affected a variety of private- and public-sector organizations and compromised the personal data of millions of individuals could be resolved in an $8.1 million class-action settlement.
DiMauro: Seven compliance areas to watch in 2022
If 2021 was about transition under the Biden administration, 2022 is looking as if it will be a year of action. CW Director of Compliance Programs & Training Julie DiMauro shares her list of key areas she expects to receive enhanced scrutiny in the year ahead.
Nikola to pay $125M to settle SEC fraud charges
Electric semitruck startup Nikola agreed to pay $125 million to settle charges brought by the SEC for defrauding investors by misleading them about its products, technical advancements, and commercial prospects.
SEC, CFTC fine JPMorgan Chase $200M for recordkeeping violations
JPMorgan Chase will pay $200 million in fines to settle charges brought by two federal regulators regarding the bank’s failure to maintain records of communications on securities, commodities, and swaps business matters made on bank employees’ personal devices.
CCO Q&A: How Prime Trust is managing compliance in evolving crypto space
Compliance Week discusses with Nirvana Patel, chief compliance officer and BSA officer at Prime Trust, the unique challenges of practicing compliance in the cryptocurrency industry and his thoughts on the regulatory landscape moving forward.
Risk and compliance considerations for fintech startups and their bank relationships
Fintech startups are typically free to enjoy rapid growth without the burden of strict regulatory oversight. But as scrutiny over the industry grows, so does the urgency for fintechs to get their compliance house in order.
Societe Generale CEO to assume oversight of risk and compliance
The CEO of Société Générale will assume direct supervision of the risk and compliance control functions at the French multinational investment bank following the completion of remediation programs in line with two U.S. deferred prosecution agreements.
Clearview AI facing $22.6M fine over U.K. privacy violations
The U.K. Information Commissioner’s Office has warned Clearview AI it could face a £17 million (U.S. $22.6 million) fine over its use of people’s data to power its facial recognition software.
CPE Webcast: Communications intelligence: Shifting mindset to business transformation
The significant transformation of hybrid work has forced a lot of chief compliance officers to start to think about ways they can better manage their digital communication tools and channels.
CWE panel: GDPR ‘the start of a culture of data protection’
Belgian Data Protection Authority head David Stevens and Member of European Parliament Axel Voss discussed ways the General Data Protection Regulation could be improved for the future during a keynote at CW’s virtual Europe event.
CPE Webcast: Data awareness to data intelligence: Leveraging the power of automation
The increasing number and complexity of privacy laws and continued emergence of compliant data use as a competitive differentiator have been the driving force for organizations to shift focus from tick-the-box compliance exercises to automated privacy solutions.
Options Technology appoints chief risk officer
Managed trading infrastructure provider Options Technology announced the appointment of Marlena Efstratopoulou as chief risk officer.
SEC investor advocate: ‘Gamification’ exposes holes in Reg BI
SEC Investor Advocate Rick Fleming said online platforms designed to make stock trading more easily accessible and exciting “expose what may be a significant flaw in Reg BI” regarding unsolicited transactions.
CPE Webcast: Technology best practices to future-proof your regulatory compliance strategy
Organizations are facing both increased regulation and increased volumes of organizational data, making it ever more challenging to ensure they can stay compliant as new regulations take effect.
CPE Webcast: The compliance officer’s guide to cloud adoption
Many companies are accelerating their digital transformation strategies and adoption of cloud computing, decommissioning data centers, and legacy applications. CCOs need to understand the implications for regulatory compliance obligations.
KPIs and collaboration: How Vivint, Agilent handle data collection
Compliance leaders from Vivint and Agilent Technologies shared how they are successfully integrating data intelligence into their organization’s operations at a recent Diligent virtual summit.
OCC raps MUFG Union Bank for risk management deficiencies
MUFG Union Bank, which has entered into agreement to be acquired by U.S. Bank, received a cease-and-desist order from the OCC for “unsafe or unsound practices regarding technology and operational risk management.”
With approach to Coinbase, SEC shows its hand on cryptocurrency
By reacting to Coinbase’s now-scrapped Lend program proposal with a Wells Notice, the SEC sent a message that cryptocurrency companies should not expect the agency to bend to their will.
CPE Webcast: Business spend monitoring: Do trends speak louder than machine learning and AI?
As parts of the world economy open up and overall business spend is on track to go back to pre-COVID-19 levels, organizations are more vulnerable to fraud, corruption, and regulatory violations.
SEC seeking info on risks, rewards of digital engagement practices
The SEC launched its first foray against risks posed by stock trading platforms like Robinhood with a request for information about how digital engagement practices affect the investment strategies of retail investors.
Weathering the storm: Why FinTech compliance failures persist
Experts weigh in with their thoughts on why FinTechs and cryptocurrency firms continue to have a bad reputation in terms of compliance.
Hamburg DPA warns Zoom incompatible with GDPR
The Hamburg data protection authority has warned local government departments to stop using Zoom because it believes the videoconferencing app is not compliant with the General Data Protection Regulation.
CPE Webcast: Automation in compliance training: How to start and where it can take you
Technology is changing every aspect of life and automation is reducing the effort required for even the most complex of business processes.
Employee monitoring proving hot target for GDPR enforcement
Recent fines in Italy against two food delivery companies for violating the privacy of their drivers should act as a warning that employee surveillance can prove to be a major breach of the General Data Protection Regulation.
What factors are driving change in your corporate investigations process?
A recent survey from Compliance Week and OpenText reveals while investigations and data volumes are on the rise, machine learning combined with external expertise may give companies the upper hand in accelerating response and results.
ICA roundtable: Are companies ready to trust AI?
A recent roundtable on managing resources while confronting regulatory change looked at the importance of balancing machine learning and artificial intelligence with human intelligence and intervention.
Italian DPA fines Deliveroo $3M for worker privacy violations
Italy’s data protection authority Garante fined U.K.-based food delivery company Deliveroo €2.5 million (U.S. $3 million) under the GDPR for violating the privacy rights of its Italian drivers.
The debate over AI: Regulate the tech or its use?
Recent comments by Facebook’s top executive in charge of developing AI reignite the debate over whether regulators should be more focused on reining in the technology itself or just the way it is used.
Italian DPA cites biased tech in $3.1M GDPR fine
Italy’s data protection authority fined food delivery company Foodinho €2.6 million (U.S. $3.1 million) because the app at the core of its business model allegedly discriminated against employees.
How Uber toes the line between compliance and innovation
At CW’s TPRM virtual event, Dianna Jones, director of legal compliance at Uber, shared how the company seeks to build compliance into new initiatives without stifling innovation.
FinCEN eyes no-action letters as aid for FinTech rollouts
The Financial Crimes Enforcement Network will launch rulemaking for a no-action letter process that would give financial institutions another way to enter dialogue with the regulator about innovative and newly emerging technologies.
e-Book: The current state of global privacy regulation
Will states be able to move forward with their own privacy laws? A provision in a recent bill passed in Florida may be a stumbling block.
Want to wring out fraud? Automate your accounting processes
What allows bad actors to perpetuate accounting fraud? In many cases, it’s bad processes and controls. Consider introducing automation to help your company more successfully detect and prevent bad actors.
Software demos: Third-party risk management (TPRM)
In the market for a software solution to help manage your third-party risk? Check out our collection of video demos from nearly a dozen of the top vendors in the space.
Embrace of RegTech driving financial services transformation
Large global financial institutions are utilizing advanced technologies like never before to help manage their regulatory compliance needs, driving major efficiencies within compliance, risk, and internal audit functions in the process.
New tech, legal precedent forcing GDPR to evolve
Companies’ priorities regarding compliance with the GDPR are likely to become more focused because of a mixture of recent legal decisions and efforts by the European Commission to keep privacy rules in sync with changes in technology.
JBS USA confirms $11M ransom payment to hackers
Meatpacker JBS USA announced it paid the equivalent of $11 million in ransom in response to a May cyber-attack that impacted its operations in North America and Australia.
SEC probing GameStop, others over ‘meme stocks’ craze
Video game retailer GameStop, whose market volatility earlier this year led the so-called “meme stocks” craze, disclosed it is cooperating with an investigation launched by the Securities and Exchange Commission.
Assessing yet another ransomware attack on critical supplier (JBS)
Meatpacker JBS USA has become the latest critical infrastructure company to be targeted by a ransomware attack, which temporarily halted its global operations. The attack brings with it implications for the food and agriculture industries.
Colonial Pipeline fallout: Thwarting ransomware attacks requires collective defense
President Biden’s executive order on cyber-security largely applies to federal agencies. But its core message—that the public and private sectors must collectively defend against increasingly malicious ransomware attacks—should not be lost on companies.
Three years of GDPR: Many milestones, but calls for change increase
Despite its achievements, the General Data Protection Regulation’s flaws have become evident. Some are already questioning whether the regulation—and the way it is regulated—are fit for purpose and whether the law needs to be changed.
Survey: Data access further complicated by emerging privacy laws
A recent survey of 100 executives from Fortune 500 companies found more than half are struggling to balance easy access to company data with privacy and security compliance under laws like the GDPR and CCPA.
Survey: Audit still facing hurdles with next-gen tech
Many senior audit leaders and their teams are still in the early stages of, or have not yet begun, implementing next-generation tools and strategies into their internal audits, according to a new survey.
New NIST revisions expand scope of cyber supply chain risk management guidance
The National Institute of Standards and Technology is seeking comment on a revised version of its cyber supply chain risk management guidance that is intended for a broader audience of public and private companies.
White paper: Innovative Compliance: How AI Helps Meet the Challenge of Environmental Regulations
Every organization around the world has two things in common. First, they must follow the regulatory guidelines that govern their EHS operations. Second, those regulatory guidelines are becoming more numerous and challenging every year.
Curiosity is important for compliance professionals
Rapid developments in technology and an uncertain future underscore the need for compliance professionals to embrace curiosity both personally and professionally in order to protect their firms from risk.
Updated DOJ guidance stresses need for data in compliance training
An expert panel at CW’s 2021 National Conference discussed the importance for companies to embrace behavioral analytics in their training programs to align with updates to the DOJ’s “Evaluation of Corporate Compliance Programs” guidance.
What you need to know about proposed EU rules for trustworthy AI
With various levels of defined risk and the potential for steep fines for offenders, the European Commission’s recent proposal to ensure trust in the use of artificial intelligence should receive urgent attention from industries beyond Big Tech.
Regulators want answers from financial services on AI/ML tools
The financial services industry is at the cutting edge of the utilization of artificial intelligence and machine learning tools. Regulators have recently requested to understand how these technologies are being used—or misused.