GRC Report Staff

Amazon to Pay $2.25 Million FTC Penalty Over Identity Theft Records Failures

Section 609(e) of the Fair Credit Reporting Act requires businesses to provide victims with records of fraudulent transactions so they can piece together what was done with their personal information and begin repairing the damage. According to the Federal Trade Commission, Amazon too often turned that straightforward legal obligation into something far more difficult.

APRA's First System-Wide Stress Test Shows Both Resilience & Emerging Financial Vulnerabilities

For decades, prudential stress testing has largely asked a straightforward question: can an individual institution survive a severe economic shock? The Australian Prudential Regulation Authority decided to ask a more complicated one. What happens when the connections between institutions become part of the crisis itself?

EIOPA Says Insurance Supervisors Are Looking Beyond Compliance as Product Oversight Matures Across Europe

There is a moment in almost every regulatory framework when compliance ceases to be the interesting question. The forms have been completed and the governance structures exist. Policies have been approved, committees have met, and someone can demonstrate that every required process was followed. Yet consumers can still end up with products that were never truly designed for them. Regulation, at its most useful, begins where documentation stops.

Australian Telecom Providers Face New Transparency Requirements on Coverage & Network Outages

New rules introduced by the Australian Communications and Media Authority now require mobile network operators to publish standardized 4G and 5G coverage maps using four common ratings (good, moderate, basic and no coverage) alongside plain-English explanations of what each category actually means. The maps must be refreshed at least every three months, giving Australians a consistent basis for comparing competing networks.

Australia Signals Pragmatic AML Transition, but Expects Steady Progress Toward Compliance

Australia has spent the past several months rewriting the machinery behind its anti-money laundering regime. Now comes the less visible part of the exercise, where the law has already changed but thousands of reporting entities are still bringing their own systems into alignment with it, each carrying the uncomfortable burden of proving that transition itself does not become a source of new risk.

Belgian Regulator Reaches €1 Million Settlement With Banque Degroof Petercam Over MiFID Conduct Failures

Belgium's Financial Services and Markets Authority has reached a €1 million agreed settlement with Banque Degroof Petercam after concluding that the bank breached European conduct rules while administering employee stock-option plans. The regulator found shortcomings in the disclosure of costs, the management of conflicts of interest and the assessment of whether certain investment products were appropriate for employees.

When Trade Changes Suppliers, Third-Party Risk Changes Too

A supplier that looked perfectly sensible in January can become a liability by April without having changed at all. The factory is the same, the quality standards are the same, and the people answering the phone are the same people they were a few months earlier. What changed happened somewhere else, perhaps in a government office thousands of miles away, perhaps in the latest round of trade negotiations, perhaps in a policy announcement that never mentioned the supplier by name. Yet procurement is suddenly looking elsewhere, finance is recalculating costs, and operations is asking how quickly production can move if it has to.