EU regulator questions 'culture of compliance' with Digital Markets Act at Apple, Google
The European Commission released its preliminary findings last week regarding Apple and Google not complying with the Digital Markets Act. It issued orders to both companies regarding their business practice and plans to release all of its findings next week.
Ethics & Compliance Summit notebook: When it comes to trust, make sure to verify
The increasing efforts to fight modern slavery across the globe are getting a boost from EU rules that require companies to track and report on the issue. But compliance executives can’t lean on easy databases and automated solutions, experts increasingly say, that supply chain companies may ignore or lie to.
Experts: Companies ‘underestimate risk’ as first provisions of EU AI Act come into force
A European Union-wide ban on AI systems with “unacceptable” risk came into force on Feb. 2 as the first provisions of the EU’s AI Act took effect. Problems persist, however, over what the legislation requires and what corporate practices or uses of data may risk flouting the rules.
‘Abject failure’: U.K. lawmakers sound off on FCA’s failed 'naming and shaming' enforcement
U.K. lawmakers slammed the country’s chief financial regulator’s hopes of “naming and shaming” firms as part of its efforts to beef up enforcement, denting its credibility in the process and questioning the leadership of its chief executive.
PCAOB fines KPMG units $3.4M, PwC Singapore $1.5M for audit, independence violations
Nine affiliates of KPMG agreed to pay a total of nearly $3.4 million for alleged violations of audit and quality control standards, while PwC Singapore will pay $1.5 million to settle separate allegation that the firm manipulated independence compliance reporting.
EU drives ‘omnibus’ of simplifications through landmark sustainability reporting directives
The European Commission has adopted proposals for radical simplifications to the EU’s trailblazing environmental regulations. The commissioners argue that this is a pragmatic response to changing global economics and indicates that they have listened to the concerns of smaller businesses that are struggling to comply with onerous and conflicting rules.
Why are CFOs struggling to stay compliant?
CFOs are tasked with overseeing an organization’s entire financial processes, not least ensuring that financial operations remain compliant with the multitude of global regulations. It’s a heavy burden to carry that might be alleviated slightly with the help of artificial intelligence, writes Markus Hornburg, head of compliance at Basware.
'Measured approach' or light-handed GPDR? Noyb reports only 1.3 percent of EU cases result in fine
When Europe’s strict set of data protection rules came into force nearly seven years ago, privacy campaigners, industry experts, and lawyers all warned that noncompliance could result in eye-watering fines and other costly sanctions, especially for repeated breaches. However, the reality appears to be very different.
U.K. competition and markets regulator wields new power to combat fake online reviews
Fake reviews of products and services are a global phenomenon, but regulators in the U.K. are beginning to use newly expanded powers to protect buyers and honest competitors following a recent crackdown by U.S. authorities.
FCA fines Mako $2.1M for ineffective financial crime monitoring program
Mako Financial Markets Partnership will pay $2.1 million (1.7 million pounds) in penalties to the U.K. Financial Conduct Authority to settle allegations that its financial crime prevention program was ineffective.
U.K. Employment Rights Bill promises to thwart forced labor through new consolidated regulator
For the past decade, the United Kingdom has tried to make companies more directly accountable for forced labor in their supply chains. But lawyers warn that the government’s latest plans to beef up protections against worker violations risk being heavily watered down and poorly policed by regulators.
Experts: U.K. digital market reforms a ‘watershed moment,’ could speed up enforcement
The U.K.’s competition regulator has outlined new plans to regulate Big Tech firms that will enable it to take a much more flexible and proactive approach towards investigations.
EDPB shift forces AI firms to embed procurement, risk management in GDPR considerations
Efforts to clarify the circumstances in which artificial intelligence models may or may not be violating the General Data Protection Regulation could result in yet more confusion for tech firms, companies deploying the technology, and even data protection authorities, according to experts.
Q&A: Hellenic Bank CCO on progress made to fight corruption in Cyprus
Maria Aristidou Demetriou, chief compliance officer at Cyprus-based Hellenic Bank, spoke to Compliance Week about derisking in the Cypriot banking sector since Russian’s invasion of Ukraine and efforts to combat corruption, money laundering, and sanctions evasion.
Experts say DORA compliance not coming easy as more firms pass buck to IT providers
New rules have come into effect across the European Union to promote better cybersecurity and IT resilience across the financial services sector, but experts warn that compliance is likely to be patchy and regulatory enforcement across the bloc perhaps even patchier.
CJEU ruling adds to GDPR liability over unfair competition, AML/CFT
Legal cases and fines for noncompliance with EU’s GDPR could rise sharply after a court found that a breach was a source of unfair competition. The judgment also opens doors to civil cases over companies that ignoring expensive or challenging rules, such as those regarding AML/CFT.
Portuguese bank ousts chief risk officer after ‘suspicious’ transactions uncovered
Portuguese bank Novo Banco, S.A., fired Chief Risk Officer Carlos Jorge Ferreira Brandão “with just cause” after an internal probe discovered “suspicious financial transactions” in his sphere.
Experts unsure of risk appetite as EU beefs up cyber rules for critical infrastructure
New rules on cyber risk management across the EU put execs firmly in the crosshairs for noncompliance and are likely to apply to a wider range of organizations than many business leaders may initially think. However, there are also concerns that the rules may become muddled across the wide bloc.
TPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025
New rules that push IT firms providing “critical” services to the U.K.’s financial sector to share more data about cyberattacks and resiliency measures have been welcomed by industry experts. However, concerns remain over how suppliers will be classified and how key data might be gathered and shared.
Top 5 risks for 2025: U.S. uncertainty, global trade war, digital attacks
A prominent risk management firm has issued its predictions for the top five risks for business in 2025, along with guidance for how organizations should prepare and respond.
Eaton names general counsel
Intelligent power management company Eaton announced that Lucy Clark Dougherty has been named general counsel, effective Jan. 27.
Trane Technologies adds sustainability chief
Trane Technologies, a global climate innovator, announced the appointment of Mauro Atalla as chief technology and sustainability officer, effective Jan. 5.
Orion Corporation announces GC
Pharmaceutical firm Orion Corporation announced that Mikko Kemppainen has been appointed as general counsel and secretary to the board of directors of Orion Corporation, and a member of the executive management board of the Orion Group, effective June 1.
Five more compliance triumphs of 2024
Whether you’re a multinational telecommunications company looking to certify your anti-corruption program post-settlement, or a biochemical company victimized by a “rogue” employee, seeing the light at the end of the enforcement tunnel isn’t always easy.
EU AI Act next GDPR? Proof in the pudding as boardrooms prioritize data governance
Breaches of the EU’s GDPR can cost companies substantial sums and huge reputational damage. Now some are warning that the implementation of the EU’s AI Act will be just as far-reaching, and could potentially lead to similar numbers of cases.
’Future-proofing’ products for safety next level of regulation under EU GPSR
Any product that uses AI needs to be safety assessed for its entire lifespan under new rules that went into effect recently across the EU. Experts warned companies using AI to tailor products could be classed as “manufacturers” and face the same duty of care as developed.
Deutsche Bank names CRO
Deutsche Bank appointed Marcus Chromik as chief risk officer, effective May 20.
Overabundance of U.K. AML regulators stretching enforcement resources thin, experts say
The U.K. will struggle to shed its reputation as one of the world’s biggest conduits for dirty money due to a combination of patchy intelligence-sharing and poorly resourced enforcement agencies, experts told Compliance Week.
Riksbank announces GC
Riksbank has appointed Annica Sandberg as its new general counsel, effective Jan. 7.
U.K., EU enforcement regimes set to escalate, but critics question sanctions’ effectiveness
With a new political regime ready to take over in the U.S., the effectiveness of sanctions against malign foreign actors like Russia, North Korea, and Iran have come into question. While the European Union and U.K. have increased sanctions pressure, critics have publicly asked: Is it enough?
German firm Aiotec to pay $14.5M to settle Iran sanctions violation
German petrochemical parts supplier Aiotec agreed to pay $14.5 million to settle allegations that it engaged in a four-year conspiracy to dismantle and ship a plastics manufacturing plant owned by a U.S. company to Iran, in violation of U.S. sanctions.
Banco BPM appoints CRO
Banco BPM appointed Edoardo Faletti as the new head of the risk management function (risk manager) as well as chief risk officer.
French defense contractor Thales Group under investigation for bribery in Asia
French defense and aviation contractor Thales Group is under investigation by authorities in the U.K. and France for allegedly participating in bribery and corruption.
Good AI governance starts with proactive, continuous risk assessments
Data governance has become a key concern for companies, especially when the EU AI Act and General Data Protection Regulation have put a premium on handling data responsibly and ensuring that artificial intelligence does not cause harm.
European Commission accuses Meta of anticompetive practices, issues $841M fine
Meta, the parent company of Facebook, has been fined nearly 798 million euros (U.S. $841 million) by the European Commission to resolve the agency’s long-running investigation into alleged “abusive practices” by Facebook Marketplace.
EU Deforestation Directive delayed, experts advise compliance managers to not rest on laurels
If your business uses leather, rubber, wood, beef, palm oil, soy, or paper, then you may need to comply with the EU Deforestation Directive, a new rule intended to ensure that no goods traded in the EU contribute to global deforestation.
Allegion names general counsel
Global security products and solutions provider Allegion reappointed Jeff Braun as senior vice president, general counsel and corporate secretary.
Meta discloses potential CFPB lawsuit following probe into advertising, disclosure practices
Meta disclosed in a public filing that an investigation by the Consumer Financial Protection Bureau related to financial product advertising on platforms Instagram and WhatsApp may lead to a lawsuit.
Meta-backed EU appeals body facing conflicts of interest concerns
Ireland’s cozy relationship with big business and Big Tech has once again come under scrutiny after the country’s media regulator allowed a $15 million one-off funding payment from Meta’s Oversight Board Trust to help launch the newly formed Appeal Centre Europe.
U.K. Employment Rights Bill triggers debate over flexibility vs. exploitation
Contract workers’ rights are in the spotlight in the U.K. and some EU countries as governments seek to end exploitative practices by eliminating zero-hours contracts, much to the chagrin of some business leaders.
Irish DPC fines LinkedIn $335M over GDPR violations related to targeted advertising
The Irish Data Protection Commission fined Microsoft-owned LinkedIn 310 million euros (U.S. $335 million) over violations of the European Union’s General Data Protection Regulation related to the social media company’s data processing and targeted advertising.
AI & Compliance Summit: Regs discuss artificial intelligence guardrails for financial services
Artificial intelligence is an exciting, new technology and it is well-regulated by old laws and rules already on the books, financial regulators said at Compliance Week’s AI & Compliance Summit at Boston University.
EU businesses will soon have to report on supply chains and sustainability. Not all are ready
Supply chains are about to become the next big thing in sustainability compliance. However, many organizations still lack the data and assurance capabilities to track sustainability and human rights activities across their extended supply chains – which is required by the EU’s CS3D. Many others that fall out of scope ...
Pace of innovation will make EU AI Act hard to enforce, experts say
Concerns about how robustly European member states may enforce the EU AI Act, which took effect on Aug. 1, are divided between if regulators will take a “light touch” approach or a sledgehammer for noncompliance. One thing’s for sure, the pace of AI innovation will make enforcement very difficult.
Photo gallery: Compliance Week Europe 2024
Compliance Week Europe, held Oct. 15-16 in Amsterdam in partnership with our sister organization the Internation Compliance Association, gathered more than 200 GRC professionals across industries. Check out some of the sights from the event.
Control and delete: How regulators can shutdown companies’ AI investments
Companies are increasingly putting their faith in AI to realize the kind of business benefits that the technology seems to promise, but they are also opening themselves up to new and potentially crippling sanctions if they are unable to answer questions that surround how AI operates.
AI & Compliance Summit notebook: ‘Think big. Start small. Scale fast.’
When starting artificial intelligence efforts for companies large or small, one approach compliance practitioners said they’ve found works best is to start with a specific use case.
Companies are slowing AI launches in Europe, some say European Union regulations are why
The European Union’s Digital Markets Act is forcing many Big Tech companies to postpone the launch of artificial intelligence-powered features, like Apple Intelligence, over user privacy and data security concerns.
Oculis announces chief legal officer
Biopharmaceutical company Oculis Holding AG announced the appointment of Daniel Char to the role of chief legal officer.
New U.K. enforcement body piles pressure on sanctions evaders
Global sanctions rules are increasing rapidly, as are tools to detect and punish those who break them. In response, the U.K. government is creating a new Office of Trade Sanctions Implementation to investigate and penalize those who break sanctions rules.