GRC Report Staff

In its Supervisory Priorities for 2026, the Malta Financial Services Authority outlines a roadmap that leans heavily into financial crime compliance and consumer protection, while continuing to track digital transformation and cross-border risks. The document reflects a regulator balancing two pressures at once: keeping pace with sweeping EU reforms and reinforcing domestic standards across a diverse financial services landscape.

Poland’s data protection authority has fined DPD Polska more than $2.75 million (over PLN 11 million) after finding serious failures in how the courier company structured its relationships with external carriers and authorized staff to handle personal data.

Sweden’s financial watchdog is preparing for a larger role in the age of AI. In its formal response to the government inquiry Adaptations to the AI Regulation, Finansinspektionen (FI) showed clear support for taking on responsibility as the market surveillance authority for the financial sector under the EU AI Act. It also backed proposals that would give it a defined role in innovation-promoting measures, including AI regulatory sandboxes.

New figures released by Australian Securities and Investments Commission show that between July and December 2025, the watchdog secured $230.9 million (AUD $349.8 million) in court-ordered civil penalties, the highest six-month total in its history. Over the same period, its actions set in motion $385.1 million (AUD $583 million) in refunds, remediation payments, and investor returns.

Spain’s competition authority is once again turning its attention to Apple and Amazon, and this time not for the original conduct that led to a €194 million fine, but for what it says was a failure to stop it quickly enough.

Ofcom has announced it has fined adult content provider 8579 LLC a total of £1.4 million for failing to put age checks in place, as required under the Online Safety Act.

The European Banking Authority on Monday released its follow-up to a 2022 peer review examining how national supervisors assess ICT risk under the Supervisory Review and Evaluation Process, or SREP.