GRC Report Staff

In a year shaped by war, elections, cyber threats, and the steady march of artificial intelligence, the European Insurance and Occupational Pensions Authority (EIOPA) didn’t just keep pace but it stayed focused. Its newly released 2024 Annual Report tells the story of a regulator under pressure, facing a storm of digital, political, and economic disruption, yet managing to deliver across a wide policy front.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued a hefty penalty of $215,988,868 against GVA Capital, a San Francisco-based venture capital firm. The firm is being held accountable for knowingly managing investments linked to Suleiman Kerimov, a Russian oligarch already under sanctions, and for failing to respond properly to an OFAC subpoena. This is a case that underscores the immense risks involved when gatekeepers like venture capital firms fail to uphold sanctions compliance.

Four individuals, including a U.S. government official and three business executives, have admitted their roles in a decade-long bribery and fraud scheme that cost American taxpayers more than $550 million. The guilty pleas mark the end of an extensive investigation into corruption within the U.S. Agency for International Development (USAID), where bribery was used to bypass the fair contracting process, all in the name of personal gain.

The European Securities and Markets Authority (ESMA) is stepping up to ensure that third-party risks don’t get overlooked in the growing complexity of EU securities markets. As more companies turn to third parties for critical functions, ESMA’s new guidelines aim to help supervisors across the EU keep pace with these shifts and ensure a more secure, compliant, and resilient market.

The Basel Committee on Banking Supervision has introduced a new voluntary framework designed to guide the disclosure of such risks by banks worldwide. This framework, which offers flexibility in its implementation, aims to enhance transparency around the potential financial impact of climate change on the banking sector.

The Norwegian Data Protection Authority’s (DPA) has uncovered troubling breaches of personal data laws across six websites. These sites, all of which shared personal data without proper consent, are now facing the consequences of their actions. The DPA’s findings reveal that in some cases, sensitive personal information, including that of vulnerable children, was sent to third parties without users’ knowledge, a clear violation of GDPR.

The Public Company Accounting Oversight Board (PCAOB) took a strong stand today, holding Heaton & Co. and one of its partners, Kristofer Heaton, accountable for a series of significant violations. These lapses, which spanned audit documentation, quality control, and engagement reviews, have led to penalties, a firm registration revocation, and a professional ban for Heaton.