GRC Report Staff

A surprising amount of operational resilience comes down to keeping lists. Not the glamorous kind, or dashboards, AI copilots, or threat intelligence feeds. Just knowing what systems exist, where they are, who owns them, what depends on them, and what happens when they fail. The consultation, launched Tuesday by the Monetary Authority of Singapore (MAS), is proposing a substantial expansion of its Technology Risk Management Notices. The consultation, open through July 31, touches nearly every stage of the technology lifecycle, from asset inventories and risk assessments to system monitoring, backup strategies, incident response, and outage reporting.

A Florida-based commercial lender has agreed to pay a $4 million penalty and provide refunds to California borrowers after state regulators found the company engaged in lending activities without the required license, according to an enforcement action announced Monday by the California Department of Financial Protection and Innovation (DFPI).

Broadway Electric and Cornerstone Contracting, two New York-based government contractors, along with its CEO and President, have agreed to pay $21.3 million to resolve allegations that they used service-disabled veteran-owned small businesses and other qualifying firms as vehicles to secure federal contracts that otherwise would have been out of reach.

A decade-long practice involving insulin prescriptions has led CVS Pharmacy to agree to pay $36.5 million to resolve allegations that it improperly billed Medicaid programs across the United States for more insulin than patients were prescribed.

South Korea’s privacy regulator has opened an investigation into streaming platform TVING after the company disclosed a data breach involving unauthorized access to a database containing user personal information.

The UK's Financial Reporting Council has opened an investigation into the statutory audit conducted by PricewaterhouseCoopers of WH Smith's consolidated financial statements for the financial year ended August 31, 2024.

Oxford University recently disclosed that CareerConnect's third-party provider, GTI, informed Oxford on May 28 that an unauthorized party had gained access to the platform. According to the notice, the attacker was able to obtain users' first names, last names, and email addresses. For users who do not access the platform through Single Sign-On, encrypted passwords were also exposed.