GRC Report Staff

When you think of government contracts, the last thing that might come to mind is a mix-up of payments or a cybersecurity breach, especially when it comes to protecting our nation’s military families. But that’s exactly what’s behind two of the most recent enforcement actions by the Department of Justice (DOJ), resulting in settlements worth more than $40 million. These cases serve as a strong reminder of the serious responsibility companies take on when they sign contracts to serve the public, particularly when it involves taxpayer funds and sensitive data.

The European Supervisory Authorities (ESAs) are paving the way for a stronger oversight framework. Their latest initiative is a clear and deliberate step towards tackling third-party risk, particularly concerning critical ICT service providers, under the EU’s Digital Operational Resilience Act (DORA).

The Financial Conduct Authority (FCA) has handed down a fine of £1,662,700 to Mako Financial Markets Partnership LLP (Mako) for serious lapses in its systems and controls—failings that left it vulnerable to facilitating financial crime. This is the latest in a series of enforcement actions stemming from the FCA’s deep dive into cum-ex trading, a practice that has raised alarms across Europe and beyond.

Cybersecurity is not a new concept for modern organizations. Scheduled password changes, two-factor authentication, and mandatory training sessions are standard practices in most office environments. As computers have become the primary tool for business operations, the data they generate has become one of the most valuable assets across industries.

Barclays has found itself in the midst of an investigation by the U.K.’s Financial Conduct Authority (FCA) over its money-laundering controls. The London-based bank disclosed this news on Thursday in its annual report, confirming its full cooperation with the FCA as the regulator digs deeper into the bank’s handling of financial crime risks.

California State Assembly member, Josh Lowenthal, introduced Assembly Bill (AB) 566 on February 12, 2025, backed by the California Privacy Protection Agency (CPPA). The bill aims to empower Californians with a simple, one-step tool to manage their digital privacy—requiring web browsers and mobile operating systems to provide users with an easy opt-out option for sharing their personal data.

As the global risk landscape continues to shift, businesses must face the reality of whether the traditional approaches to supply chain risk is no longer enough. In its 2025 Supply Chain ESG Risk Outlook, LRQA doesn’t just confirm what we already know about risks—it reveals deeper, sometimes uncomfortable truths that businesses can no longer afford to ignore. This isn’t just another report filled with jargon, it’s a wake-up call that calls for reflection, action, and a recalibration of how we view supply chain resilience in a rapidly changing world.