GRC Report Staff

Starting January 1, 2025, doing business in California gets a little pricier—at least for those caught slipping on privacy compliance. The California Privacy Protection Agency (CPPA) has announced higher fines and updated thresholds under the California Consumer Privacy Act (CCPA). These changes, tied to inflation and the Consumer Price Index (CPI), mark a biannual adjustment aimed at keeping penalties relevant and impactful in an evolving regulatory landscape.

Wells Fargo Clearing Services and LPL Financial have agreed to pay $900,000 each to settle charges with the U.S. Securities and Exchange Commission (SEC). The charges stem from the firms' failure to provide complete and accurate securities trading data, known as blue sheet data, to the SEC, a key component of the agency’s market surveillance.

The Consumer Financial Protection Bureau (CFPB) is making waves with a bold lawsuit against some of the country’s biggest banks—Bank of America, JPMorgan Chase, and Wells Fargo—as well as Early Warning Services, the company behind Zelle. The lawsuit alleges these institutions have turned a blind eye to rampant fraud on the popular peer-to-peer payment platform, which, according to the CFPB, has led to over $870 million in consumer losses since Zelle’s launch in 2017.

The Securities and Exchange Commission (SEC) has charged Louisiana-based utility company Entergy Corporation with internal accounting control failures that distorted its financial records. The company has agreed to pay a $12 million penalty to resolve the matter and adopt new measures to fix the cracks in its system.

In a global health supply chain snafu, Chemonics International Inc. has agreed to fork over $3.1 million to settle allegations it submitted fraudulent claims to the U.S. Agency for International Development (USAID). The international development firm, based in Washington, D.C., found itself in hot water after charges of reckless oversight regarding its subcontractor’s billing practices surfaced.

AAR CORP., a major player in the aerospace industry, has agreed to a $30 million settlement with the U.S. Securities and Exchange Commission (SEC) after facing charges related to bribery schemes in Nepal and South Africa. Joining the company in this settlement is Deepak Sharma, a former executive, who was directly involved in orchestrating these illicit deals.

In a recent decision by the French data protection authority (CNIL), KASPR, a company known for its data scraping practices, has been fined €240,000 for violating the General Data Protection Regulation (GDPR). The fine comes after KASPR’s controversial method of collecting personal contact details from LinkedIn users, even those who had specifically chosen to limit their visibility.