CPE Webcast: Slow Vendors, Changing Risks: The Compliance Customization Gap
A recent survey found that 66% of compliance leaders say their training programs are hard to customize quickly, and nearly half (46%) are being asked to cut training time.
CPE Webcast: Taking a data-first, questionnaire-second approach to TPRM
Join us for a live webcast to learn how the newest risk exchange models are eliminating 80 percent of questionnaire requests with data.
May 29 | Creating TPRM Stability in an Unsettled World
Wondering how new approaches to age-old regulations affect ethical business practices across your extended enterprise? What about how tariffs may impact your supply chain integrity, and how to best adapt your organization to accelerated shifts in business practices?
Navigating compliance: A guide for small teams to tackle CMMC
Many small organizations within the Defense Industrial Base are struggling to meet the rigorous requirements validated through the Cybersecurity Maturity Model Certification, writes Thomas Graham, CISO at Redspin. If you haven’t been tracking it closely, CMMC was finalized in October, with an effective date of December 16, 2024.
DOJ fines MORSE Corp $4.6M for lax cyber controls amid crack down on federal contractors
Yet another government contractor has been slapped with a fine by the Department of Justice for applying lax cybersecurity defenses on sensitive government data.
e-Book: Tackling Third Party Risk In A Global World
TPRM has always been a tough subject, requiring regular monitoring and audits to be done right. But until recently, it was something companies chose to do.
When it comes to trust, make sure to verify
The increasing efforts to fight modern slavery across the globe are getting a boost from EU rules that require companies to track and report on the issue. But compliance executives can’t lean on easy databases and automated solutions, experts increasingly say, that supply chain companies may ignore or lie to.
Survey: The State of Third-Party Due Diligence
This is a Compliance Week Survey, sponsored by GAN Integrity. It is completely anonymous and designed to help benchmark the state of third-party due diligence. Results will be shared by Compliance Week and GAN Integrity in the form of a benchmark report.
Experts explain why IIA's new global audit rules will be 'central' to securing high-quality assurance
Compliance teams should expect more support from their organization’s internal audit functions. That is the clear message from the Institute of Internal Auditors, the global body of national affiliated internal audit institutes, which has just put into action its new Global Internal Audit Standards.
Crypto exchange OKX latest target of DOJ, hit with $505M penalty over AML, KYC failures
One of world’s largest cryptocurrency exchanges agreed to pay more than $500 million in penalties and plead guilty to AML and KYC violations, along with failing to register as a money transmitting business with the U.S. Treasury Department, the DOJ said.
Experts: Prepare now with U.K. failure to prevent fraud offense on horizon
Fraud prevention is about to get more complicated with penalties rising sharply for U.K. organizations. Starting Sept. 1, larger businesses will be liable to criminal prosecution if any of their employees–or an agent, subsidiary, or other “associated person”–commits fraud that is intended to benefit the company.
DOJ indicts five in remote IT work scheme to circumvent North Korean sanctions
Five people, including two Americans, allegedly duped U.S. companies into hiring North Koreans for contract IT work, and funneled millions in U.S. dollars to the sanctioned regime, the Department of Justice said.
Experts say DORA compliance not coming easy as more firms pass buck to IT providers
New rules have come into effect across the European Union to promote better cybersecurity and IT resilience across the financial services sector, but experts warn that compliance is likely to be patchy and regulatory enforcement across the bloc perhaps even patchier.
Cannabis company dinged by SEC over ‘round-trip’ transfer to inflate year-end cash
A cannabis company agreed to pay $225,000 to settle allegations that funds were temporarily deposited into its year-end accounts for the sole purpose of inflating year-end cash, the Securities and Exchange Commission said.
Experts unsure of risk appetite as EU beefs up cyber rules for critical infrastructure
New rules on cyber risk management across the EU put execs firmly in the crosshairs for noncompliance and are likely to apply to a wider range of organizations than many business leaders may initially think. However, there are also concerns that the rules may become muddled across the wide bloc.
TPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025
New rules that push IT firms providing “critical” services to the U.K.’s financial sector to share more data about cyberattacks and resiliency measures have been welcomed by industry experts. However, concerns remain over how suppliers will be classified and how key data might be gathered and shared.
Data analytics in compliance: Time to get started, or expand, in 2025
Launching or expanding a corporate data analytics program for compliance can seem like a daunting task, but it is one worth adding to your to-do list in 2025.
Survey: Organizations broadly adopting AI, with varied governance
The majority of businesses are using AI and doing so without governance–a compliance gap that poses extreme risks, a new survey by Compliance Week and GAN Integrity found. A webinar will discuss why it is crucial to have AI governance, how to implement it, and what strategies to strengthen programs.
German firm Aiotec to pay $14.5M to settle Iran sanctions violation
German petrochemical parts supplier Aiotec agreed to pay $14.5 million to settle allegations that it engaged in a four-year conspiracy to dismantle and ship a plastics manufacturing plant owned by a U.S. company to Iran, in violation of U.S. sanctions.
Top ethics and compliance failures of 2024
The biggest Compliance Fails of 2024 show the real-world consequences of noncompliance for the companies that faltered, but also for their customers and their employees.
FINRA fines Morgan Stanley $1M for alleged documentation failures
The Financial Industry Regulatory Authority fined broker-dealer Morgan Stanley $1 million over alleged documentation failures related to risk management controls and supervisory procedures involving violations of the Market Access Rule.
Meta discloses potential CFPB lawsuit following probe into advertising, disclosure practices
Meta disclosed in a public filing that an investigation by the Consumer Financial Protection Bureau related to financial product advertising on platforms Instagram and WhatsApp may lead to a lawsuit.
WisdomTree pays $4M SEC fine for including fossil fuel, tobacco securities in ESG funds
Fund management company WisdomTree will pay $4 million to settle allegations by the Securities and Exchange Commission that it improperly invested in fossil fuel and tobacco companies in environmental, social and governance (ESG) funds despite promising to avoid them.
Keys to a successful GenAI use policy: Clear roles, training, vendor management
For all the hype surrounding generative artificial intelligence, the technology has been met with a healthy skepticism in the compliance community. Compliance practitioners want to know: Is it safe? Can it be deployed ethically? Are the risks greater than the rewards? And what should an AI acceptable use policy contain?
Raytheon parent RTX settles false claims, defective pricing, Qatar FCPA violations for $950M
The other shoe finally dropped for Raytheon and parent company RTX, as two U.S. regulators announced nearly $1 billion in penalties to settle defective pricing in defense contracts, false claims related to inflated prices on government contracts, and bribes paid to government officials in Qatar that violated the FCPA.
DOJ orders Wynn Las Vegas to forfeit $130M over BSA/AML violations
Wynn Las Vegas agreed to forfeit $130 million to settle a range of criminal allegations, including allegedly helping foreign customers hide money transfers and shielding patrons from Bank Secrecy Act and anti-money laundering rules, the Department of Justice said.
Bank of America unit reaches $3M settlement with FINRA over surveillance lapses
A subsidiary of Bank of America agreed to pay $3 million and take remedial measures to resolve allegations that its surveillance system didn’t detect manipulative trading, the Financial Industry Regulatory Authority said.
Nordea Bank to pay $35M to resolve NYDFS probe into AML shortcomings
Finland-based Nordea Bank will pay $35 million to resolve an investigation by the New York Department of Financial Services into “significant compliance failures” in its anti-money laundering and Bank Secrecy Act program.
CPE Webcast: Third party due diligence: A practical deep dive
A corporate code of conduct can be internally enforced, but how do you ensure third parties measure up to your values and requirements?
How are you keeping up? The adoption of AI in compliance
Artificial intelligence is rapidly transforming the business landscape, and this is especially true for anyone working in compliance. But while AI offers immense potential to streamline processes, enhance decision-making, and mitigate risks, it also introduces a new set of challenges that compliance professionals must navigate.
U.K. forced labor ruling raises bar for supply chain monitoring
Companies will need to tighten up how they monitor their supply chains after a recent U.K. ruling determined that corporates could be open to money laundering charges if they fail to act in cases where they believe there is a risk of forced labor.
ICO proposes $7.8M fine against NHS contractor in warning to IT providers
The U.K. Information Commissioner’s Office proposed a 6.1 million pound (U.S. $7.8 million) fine against Advanced Computer Software Group, an IT contractor for the National Health Service that allegedly failed to secure the data of 83,000 people after a cyberattack.
LexisNexis survey: Compliance costs soared for U.K. banks in 2023
Nearly all but a tiny minority of financial institutions saw their costs of financial crime compliance rise in 2023, a survey by LexisNexis and Oxford Economics found.
DORA set to enhance cyber resilience requirements for EU financial firms
The European Union’s Digital Operational Resilience Act, which is set to take effect next year, will require financial services firms to implement stronger measures to protect not only themselves from disruption caused by cyberattacks but also the sector as a whole.
Banking regs issue guidance on risks posed by bank-fintech relationships
Three federal banking regulators issued guidance on the risks posed by the use of third-party financial technology firms to deliver bank deposit products and services to customers.
DOJ orders Admera Health to pay $5.5M to settle kickback allegations
Admera Health agreed to pay more than $5.5 million to resolve allegations first brought by two whistleblowers that it paid kickbacks to third-party contractors, the Department of Justice said.
Risk visibility striking fear in companies onboarding new customers
A lack of risk visibility is causing companies to reject customers–and potentially lose money–over fears they might be in danger of violating rules around anti-money laundering and sanctions regulations.
FTC wants answers from Mastercard, JPMorgan, others on use of AI to collect data
Eight large companies, including Mastercard and JPMorgan Chase, have been ordered by the Federal Trade Commission to provide detailed reports about their possibly secret use of artificial intelligence to track customers and use the information to set prices.
Green Dot fined $44M by Fed over compliance deficiencies, deceptive practices
The Federal Reserve Board of Governors fined financial technology and bank holding company Green Dot $44 million for numerous unfair and deceptive practices and a deficient consumer compliance risk management program.
FINRA fines UBS unit $850K for failing to properly monitor customer transactions
UBS Financial Services, a subsidiary of the Swiss banking giant UBS, has been fined $850,000 for failing to properly monitor transactions between its broker-dealers and third parties.
How fintechs can overcome major compliance hurdles in embedded finance
Margaret Holmes Tibbets, chief compliance officer at financial technology company Pipe, explains how firms are facing an existential compliance crisis, and to survive they’ll need to overcome not one but two hurdles.
Banks must bolster awareness of fintech partner risks, experts advise at Fordham
During a panel at Compliance Week’s Financial Crimes and Regulatory Compliance Summit, held June 10-11 in New York, experts discussed nuances in bank-financial technology partnerships, offering best practices for how banks should protect themselves.
Mondo TV reaches $538K settlement with OFAC over N. Korea sanctions violations
Italy-based Mondo TV agreed to pay $538,000 to settle charges with the Treasury Department’s Office of Foreign Assets Control over 18 apparent violations of North Korea sanctions regulations.
DOE offers supply chain cybersecurity guidance for energy, oil, gas industries
The U.S. Department of Energy released supply chain cybersecurity principles meant to help strengthen key technologies used to manage and operate electricity, oil, and natural gas systems.
OFAC sanctions nearly 50 entities for ‘shadow banking’ benefiting Iranian military
The Treasury Department’s Office of Foreign Assets Control sanctioned nearly 50 entities connected with so-called “shadow banking” networks that help Iran’s military evade U.S. sanctions and to sell the country’s oil and petrochemical products.
SpongeBob game developer ordered to pay $500K over CCPA, COPPA violations
Popular children’s mobile game developer Tilting Point Media agreed to pay $500,000 to settle allegations the company illegally collected children’s personal data, a violation under the California Consumer Privacy Act and a federal children’s privacy law.
OCC emphasizes compliance’s role in FI’s operational resiliency
Compliance departments at financial institutions must become more involved in ensuring their firm’s operational resiliency to address emerging risks, the Treasury Department’s Office of the Comptroller of the Currency said in its semi-annual risk perspective.
CPE Webcast: Digital Operational Resilience Act: Key provisions and best practices
This presentation will provide an overview of the key provisions of DORA and their implications for Third-Party Risk Management (TPRM) teams, list best practices for DORA preparation and review key considerations for teams looking to implement the DORA framework.
Top-of-mind takeaways from TPRM Summit
Top-of-mind issues addressed at Compliance Week’s Third-Party Risk Management & Oversight Summit, held June 3-4 in Atlanta, included safe deployment of artificial intelligence, assessing vendor viability and sustainability, understanding the role of procurement in risk ranking, the intersection (or lack thereof) between data privacy and cybersecurity, and many others.
Washington state importer ordered to hire CCO in response to Lacey Act violations
A Washington state importer has been ordered by the Department of Justice to pay a $360,000 fine and hire a chief compliance officer after imported wood items the company claimed to be from Malaysia were found to be from China.