GRC Report Staff

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued a hefty penalty of $215,988,868 against GVA Capital, a San Francisco-based venture capital firm. The firm is being held accountable for knowingly managing investments linked to Suleiman Kerimov, a Russian oligarch already under sanctions, and for failing to respond properly to an OFAC subpoena. This is a case that underscores the immense risks involved when gatekeepers like venture capital firms fail to uphold sanctions compliance.

Four individuals, including a U.S. government official and three business executives, have admitted their roles in a decade-long bribery and fraud scheme that cost American taxpayers more than $550 million. The guilty pleas mark the end of an extensive investigation into corruption within the U.S. Agency for International Development (USAID), where bribery was used to bypass the fair contracting process, all in the name of personal gain.

The European Securities and Markets Authority (ESMA) is stepping up to ensure that third-party risks don’t get overlooked in the growing complexity of EU securities markets. As more companies turn to third parties for critical functions, ESMA’s new guidelines aim to help supervisors across the EU keep pace with these shifts and ensure a more secure, compliant, and resilient market.

The Basel Committee on Banking Supervision has introduced a new voluntary framework designed to guide the disclosure of such risks by banks worldwide. This framework, which offers flexibility in its implementation, aims to enhance transparency around the potential financial impact of climate change on the banking sector.

The Norwegian Data Protection Authority’s (DPA) has uncovered troubling breaches of personal data laws across six websites. These sites, all of which shared personal data without proper consent, are now facing the consequences of their actions. The DPA’s findings reveal that in some cases, sensitive personal information, including that of vulnerable children, was sent to third parties without users’ knowledge, a clear violation of GDPR.

The Public Company Accounting Oversight Board (PCAOB) took a strong stand today, holding Heaton & Co. and one of its partners, Kristofer Heaton, accountable for a series of significant violations. These lapses, which spanned audit documentation, quality control, and engagement reviews, have led to penalties, a firm registration revocation, and a professional ban for Heaton.

The wave of ESG reporting triggered by the EU’s Corporate Sustainability Reporting Directive (CSRD) is sweeping across Europe, with Denmark leading the charge. But while Danish companies are ahead of the curve, a new analysis reveals that achieving full compliance remains an ambitious and complex goal, even for the early movers.