GRC Report Staff

European insurers are making notable headway in incorporating climate change into their risk frameworks, but hurdles like inconsistent methodologies, patchy data, and short planning horizons still stand in the way of fully embedding climate risks into decision-making. That’s the key takeaway from the European Insurance and Occupational Pensions Authority (EIOPA)’s latest Monitoring Exercise on the Use of Climate Change Scenarios in the ORSA, published alongside a public statement this week.

As Germany scrambles to catch up on implementing the EU’s updated cybersecurity directive, the country’s leading business group is warning lawmakers not to let good intentions get lost in bad bureaucracy.

The Australian Energy Regulator (AER) is keeping consumers front and center in the fight for fairness. In its newly released 2024–25 compliance and enforcement report, the regulator laid out a year’s worth of action designed to hold energy companies accountable and ensure that vulnerable Australians aren’t left in the dark.

A growing number of global companies continue to see sustainability as a pathway to long-term value, not just risk mitigation, according to the 2025 Sustainable Signals: Corporates report from the Morgan Stanley Institute for Sustainable Investing.

‍The Hong Kong Monetary Authority (HKMA) has taken disciplinary action against three banks for failing to meet anti-money laundering and counter-terrorist financing (AML/CFT) requirements, citing serious deficiencies in their transaction monitoring systems and oversight.

A consortium led by Goldman Sachs Alternatives, including Blackstone, has acquired a majority stake in NAVEX, a global provider in ethics, risk, and compliance software, in a deal that demonstrates growing investor appetite for governance, risk, and compliance (GRC) platforms amid increasing regulatory complexity.

Australia’s financial markets watchdog has launched civil proceedings against Fortnum Private Wealth, accusing the advice firm of neglecting basic cybersecurity obligations and exposing thousands of clients to significant data risks, including one breach that allegedly saw sensitive client information surface on the dark web.