GRC Report Staff

The Office of the Comptroller of the Currency (OCC) has issued a cease-and-desist order against Bank of America, marking a significant step in the ongoing battle to ensure financial institutions are doing their part to combat money laundering and uphold sanctions regulations. The move comes after the bank was found to be lacking in several areas of its compliance with the Bank Secrecy Act (BSA) and anti-money laundering (AML) requirements.

Healthcare providers across the U.S. have just learned a hard lesson about accountability, with two high-profile cases settling for a combined $25.9 million. The Department of Justice’s latest actions spotlight fraudulent billing practices that took advantage of Medicare, the government program designed to help the nation’s elderly and vulnerable. In one case, a pharmacy found itself caught up in the scam of submitting false claims for COVID-19 tests it never shipped. In the other, a network of cardiology practices saw a significant financial hit after overbilling Medicare for diagnostic drugs, some for over a decade.

Independent Health Association, along with its affiliate Independent Health Corporation, has agreed to pay up to $98 million to settle allegations of defrauding Medicare. The Buffalo-based Medicare Advantage provider is accused of inflating risk scores—a critical metric in determining payments under the Medicare Advantage (MA) program.

The Federal Trade Commission (FTC) announced today that it has issued an order requiring Marriott International, Inc. and Starwood Hotels & Resorts Worldwide LLC, a subsidiary of Marriott, to implement more robust data security programs.

Deutsche Bank Securities Inc., the broker-dealer arm of Deutsche Bank AG, is paying a hefty $4 million civil penalty after the U.S. Securities and Exchange Commission (SEC) found that it repeatedly missed the deadline to file Suspicious Activity Reports (SARs). These reports are crucial tools in the fight against financial crime, and Deutsche Bank’s delay in filing them hindered important investigations into possible illicit activities.

Time is slipping away for proprietary trading firms (PTFs) and other financial institutions preparing to comply with the Digital Operational Resilience Act (DORA). With the January 17, 2025, implementation date looming, the Dutch Authority for the Financial Markets (AFM) has issued a candid report that paints a mixed picture of readiness.

Starting January 1, 2025, doing business in California gets a little pricier—at least for those caught slipping on privacy compliance. The California Privacy Protection Agency (CPPA) has announced higher fines and updated thresholds under the California Consumer Privacy Act (CCPA). These changes, tied to inflation and the Consumer Price Index (CPI), mark a biannual adjustment aimed at keeping penalties relevant and impactful in an evolving regulatory landscape.