GRC Report Staff

Canadian Securities Regulators Tells Registered Firms to Strengthen Cybersecurity After Review Finds Gaps

The Canadian Securities Administrators did not set out to measure how many firms had suffered cyber incidents. Instead, it examined something more revealing: whether the safeguards meant to prevent those incidents were keeping pace with the way financial firms now operate.

Redi-Bag Agrees to $7.3 Million Settlement Over Alleged Customs Duty Evasion

The Department of Justice announced Wednesday that New York Packaging, which does business as Redi-Bag, and its chief executive, have agreed to resolve allegations that they falsely declared the country of origin of imported polyethylene retail carrier bags, allowing the company to avoid antidumping duties owed to the United States.

Norway Warns Financial Institutions Face More Complex Risks Despite Stable Operations

Norway's financial sector entered 2026 from a position most regulators would envy. Payment services remained stable throughout the previous year, operational disruptions stayed broadly in line with recent experience, and none of the ICT incidents reported in 2025 threatened financial stability. That stability, however, is not what concerns the Norwegian Financial Supervisory Authority.

EDPB Draws Sharper Lines Around Anonymous Data & AI Web Scraping

The European Data Protection Board is attempting to answer some of the questions that have lingered around the GDPR almost since the regulation took effect. When is data truly anonymous? What obligations apply when developers scrape the web to train generative AI? And how should organizations think about personal data on blockchain networks?

Singapore Pushes Deeper Into Climate Finance as Global Transition Grows More Uncertain

There is an understated honesty in the way the Monetary Authority of Singapore begins its latest sustainability report. Before it speaks of new guidance, larger investment pools or cleaner buildings, it acknowledges something that has become increasingly difficult for policymakers to ignore: the climate transition has become harder, not easier. Geopolitical tensions have reordered priorities. Funding is less certain. Energy security has reclaimed a place near the top of government agendas. Yet the physical risks associated with a warming planet have shown little interest in waiting for political consensus to return.

EU Cybersecurity Survey Finds SMEs Aware of Cyber Resilience Act but Ill-Prepared for Its Demands

Nearly two-thirds of the small and medium-sized businesses surveyed by the European Union’s cybersecurity agency had heard of the Cyber Resilience Act. Knowing that a law exists, however, is not the same as knowing what to do about it.

CCV Fined €2.65 Million Over Transaction Monitoring Failures

The Dutch central bank has fined payment institution CCV Netherlands €2.65 million after finding that deficiencies in its transaction monitoring system persisted for more than two years, leaving thousands of merchant profiles improperly processed and potentially suspicious activity inadequately examined. De Nederlandsche Bank announced the penalty Monday, saying CCV failed to adequately and continuously monitor transactions as required under the Netherlands’ Anti-Money Laundering and Anti-Terrorist Financing Act, known by its Dutch abbreviation, Wwft.