GRC Report Staff

Poland’s consumer protection authority has fined PKO Bank Polski nearly $19.9 million (PLN 79,291,800) after concluding that the bank used contract language that gave it sweeping control over changes to consumer loan interest rates, with little clarity for borrowers on when or why costs could increase. The nearly $19.9 million (PLN 79,291,800) fine reflects both the duration of the practice and the scale of the bank’s consumer business, according to the regulator.

South Korea’s competition regulator has taken enforcement action against BRKorea Co., finding that the company pushed through nationwide promotional campaigns that required franchisees to share costs without first securing the legally required level of approval.

Europe’s insurance sector is proving resilient in an increasingly unsettled world but the clouds are not lifting. According to the January 2026 Insurance Risk Dashboard published on Thursday by European Insurance and Occupational Pensions Authority, overall risks in the European insurance market remain stable at a medium level, even as persistent geopolitical tensions continue to weigh on the broader economic and market outlook.

The Dubai Financial Services Authority has fined reinsurance broker Ed Broking (MENA) $455,176 after concluding that the firm engaged in misleading and deceptive conduct across a series of reinsurance placements in the Dubai International Financial Centre.

The Dutch Data Protection Authority is sharpening its regulatory focus as it looks ahead to a more complex digital landscape. In its 2026 annual plan, the Authority sets out three priorities that will guide its work through 2028: mass surveillance, artificial intelligence, and digital resilience.

Australia’s Federal Court has ordered Australian Unity Funds Management Limited to pay a civil penalty of $4.95 million (AUD 7.125 million) after finding the firm failed to properly assess whether a retail investment product was suitable for investors, breaching the country’s design and distribution obligations.

Germany’s financial regulator, Federal Financial Supervisory Authority (BaFin), has published new supervisory guidance aimed at helping financial entities manage information and communication technology (ICT) risks arising from the use of artificial intelligence. Released on January 30, 2026, the document focuses squarely on how AI-related risks should be addressed within the framework of the EU’s Digital Operational Resilience Act (DORA).