GRC Report Staff

In a modern era marked by rapid technological advancement and global uncertainty, organizations worldwide are grappling with an increasingly complex risk landscape. The Risk in Focus 2025 report, a comprehensive study based on surveys conducted by the Internal Audit Foundation and the European Confederation of Institutes of Internal Auditing (ECIIA), sheds light on the current and future risk priorities of businesses across the globe.

European financial regulators have issued a formal opinion challenging the European Commission's (EC) recent rejection of proposed technical standards under the Digital Operational Resilience Act (DORA). This dispute highlights the complexities in implementing digital resilience measures across the European Union's financial sector.

As 2025 approaches, the Joint Committee of the European Supervisory Authorities (ESAs)—comprising the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA)—is gearing up to tackle the evolving regulatory landscape with renewed vigor. This comes at a time when economic uncertainty, geopolitical tension, and rapid digitalization are challenging the resilience of the EU’s financial systems. The ESAs are poised to address emerging risks and ensure regulatory consistency across sectors, all while steering the EU financial sector through transformative shifts.

The European Securities and Markets Authority (ESMA) released its inaugural consolidated report detailing sanctions and measures imposed by National Competent Authorities (NCAs) across EU Member States in 2023. The report sheds light on the state of regulatory enforcement within the EU financial markets, revealing significant insights into administrative sanctions, their monetary value, and the ongoing pursuit of supervisory convergence.

Poland’s Personal Data Protection Office (UODO) has fined mBank more than €870,000 (4,053,173 PLN) for failing to notify customers affected by a significant data breach. The penalty, while substantial, represents just 0.0024% of the bank’s annual turnover, raising questions about the relative impact of such fines on large financial institutions.

Moog Inc., a New York-based global manufacturer of motion control systems, has agreed to pay $1.7 million to settle charges brought by the Securities and Exchange Commission (SEC) for violations of the Foreign Corrupt Practices Act (FCPA). The charges stem from a bribery scheme involving the company's wholly owned Indian subsidiary, Moog Motion Controls Private Limited.

Citadel Securities LLC, a major market maker headquartered in Miami, Florida, has agreed to pay a $1 million fine to the Financial Industry Regulatory Authority (FINRA) for failing to comply with Consolidated Audit Trail (CAT) reporting requirements. The settlement, announced on [insert date], comes after a FINRA investigation revealed extensive reporting failures spanning over four years.