Insights

Imagine this: a critical government agency, armed with some of the most robust cyber defenses money can buy, finds itself outflanked—not through the front gates, but by a side door left ajar by a trusted partner. This isn’t the plot of a Hollywood thriller; it’s the reality facing the U.S. Treasury Department after Chinese state-sponsored hackers breached its defenses by exploiting a vulnerability in third-party software.

Turn back the clock to the 2010s, and you’ll witness the origins of a compliance revolution. Cloud companies faced a rising tide of regulations like HIPAA and PCI DSS. High-profile breaches—such as the 2013 Target data breach—shattered consumer trust, prompting regulators to crack down on data handlers and processors. Compliance became the bulwark against lawsuits and reputational damage. Cloud providers like AWS and Azure raced to offer robust security and compliance tools, emphasizing shared responsibility between provider and client. By the early 2020s, compliance had cemented its place as the cornerstone of operational security and customer confidence.

Sustainability reporting has evolved from a nice-to-have to a must-do. For years, it’s been voluntary—a chance to show off green credentials. But now? Regulators and investors are upping the ante. KPMG’s 13th Survey of Sustainability Reporting couldn’t have landed at a better time. With mandatory reporting on the horizon for many countries, the survey offers a fascinating look at how global companies are preparing for this seismic shift—or not.

In a damning chapter in the annals of corporate malfeasance to date, McKinsey & Company—the vaunted consulting powerhouse—has agreed to pay $650 million to resolve U.S. Department of Justice (DOJ) investigations into its role in fueling the opioid epidemic. With this settlement, McKinsey becomes the first consulting firm to face criminal charges for advising a client, Purdue Pharma L.P., on activities that significantly contributed to a public health catastrophe of staggering proportions.

The Basel Committee on Banking Supervision has officially closed the book on a 25-year-old rulebook, unveiling final guidelines for counterparty credit risk (CCR) management that aim to address vulnerabilities exposed in recent financial turmoil. Announced on December 11, 2024, these guidelines target the persistent weaknesses in CCR, particularly in dealings with non-bank financial intermediaries (NBFIs), which have recently made headlines for all the wrong reasons.

Mark Twain famously said, “You’re never wrong for doing the right thing.” While Twain wasn’t contemplating Environmental, Social, and Governance (ESG) principles, his words resonate powerfully in a world where corporate behavior is under an unrelenting microscope. ESG is no longer a "nice-to-have." It’s a guiding ethos that challenges businesses to reconcile profitability with purpose—and to do so transparently, accountably, and authentically.

In an era where personal information flows through countless digital channels, the Consumer Financial Protection Bureau (CFPB) has proposed a sweeping rule to rein in the burgeoning data broker industry. This initiative seeks to impose stricter accountability under the Fair Credit Reporting Act (FCRA), ensuring that consumer data is shared only for legitimate purposes and safeguarding sensitive information like Social Security numbers and income data from misuse.