GRC Report Staff

Sweden to Replace Annual AML Questionnaire With Risk-Based Reporting Framework

Sweden's annual anti-money laundering reporting exercise has long been a familiar ritual. Each year, supervised firms answer the same set of questions, submit them to the Financial Supervisory Authority (FI), and move on. That routine is about to change. Beginning on 1 January 2027, the regulator will replace the existing reporting framework with an entirely new questionnaire that asks firms not simply what they do, but what kinds of risks they carry and how well their controls are built to contain them.

Australia Targets Telecom Scams, Emergency Services in New Enforcement Agenda

Australia's communications regulator has chosen its battles for the coming year, and the list says as much about where consumer harm is emerging as it does about where regulators believe industry performance still falls short. The Australian Communications and Media Authority's compliance and enforcement priorities for 2026–27 place emergency communications, telecommunications scams, consumer protections, and mobile device compliance at the center of its agenda.

FCA Censures CACEIS UK Over WealthTek Failures, Secures £31.7 Million for Clients

Three times, CACEIS UK checked the Financial Services Register. Three times, it was presented with information showing that WealthTek lacked permission to hold certain client assets. Nothing happened that altered the course of the relationship. According to an enforcement action the UK's Financial Conduct Authority published Thursday, concluding that the asset servicing bank failed to respond appropriately to repeated warning signs while acting as WealthTek's sub-custodian.

Greek Privacy Regulator Orders Hotels to Stop Copying Guest IDs & Payment Cards

Hotels have always occupied an awkward place in the privacy conversation. They are, by necessity, temporary custodians of strangers. Every day, people hand over names, identification, payment details, travel plans, and, for a night or a week, a remarkable amount of trust. The transaction has always depended on a simple understanding that you collect what you need, protect it while you have it, and let it go when you no longer do. Somewhere along the way, some establishments decided that making copies of passports, identity cards, and even both sides of customers' credit cards was simply part of doing business.

Italy Fines Deghi €2 Million Over Misleading Countdown Discounts

A clock counting down to the end of a sale carries an implicit promise—buy now or the opportunity disappears. The Italian Competition Authority says Deghi made that promise over and over again without ever intending to keep it. The regulator has fined the Italian home furnishings and e-commerce retailer €2.0 million ($2.3 million) after concluding that the company systematically misled consumers by presenting discounts as fleeting when they were anything but.

Europe Signals Its Cloud Crackdown May Be About to Get Much Bigger

The European Commission has taken a step that would have seemed improbable when the Digital Markets Act first came into force. It has told Amazon and Microsoft that it preliminarily believes their cloud businesses (Amazon Web Services and Microsoft Azure) should be designated as gatekeepers under the DMA, even though neither service meets the law's standard quantitative thresholds.

UK Auditors Face New Controls Disclosure Requirements Under Revised FRC Standards

Auditor's reports have a habit of growing the way old rulebooks do. Every new requirement leaves its mark. Every reform adds another paragraph. Every perceived gap is filled with another disclaimer, another explanation, another carefully calibrated sentence until the document intended to illuminate a company's financial statements begins to obscure them instead. By the time investors reach the end, they often know they have read a great deal without feeling they have learned very much.