GRC Report Staff

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has announced a settlement with Aiotec GmbH, a Berlin-based company involved in sourcing industrial equipment for the energy sector. The company has agreed to pay $14.55 million to settle potential civil liabilities arising from a breach of U.S. sanctions laws under the Iranian Transactions and Sanctions Regulations (ITSR).

The European Data Protection Board (EDPB) has released new guidelines on data transfers to third-country authorities and approved the implementation of a European Data Protection Seal, marking significant steps in clarifying and strengthening data protection under the General Data Protection Regulation (GDPR).

A new survey by PwC reveals that less than half of companies required to report under the EU’s Corporate Sustainability Reporting Directive (CSRD) in 2024 are fully confident in their ability to meet the directive’s ambitious sustainability reporting standards. Despite the widespread recognition of the directive's significance, just 42% of respondents from large companies required to report on sustainability by next year feel fully prepared. For companies due to report the following year, that confidence drops to a mere 14%.

In a bold move to protect consumer privacy, the Federal Trade Commission (FTC) has taken action against three data brokers—Gravy Analytics, Venntel, and Mobilewalla—for unlawfully tracking and selling sensitive consumer location data. The charges stem from allegations that these companies sold location information revealing visits to places like health clinics, places of worship, military installations, and labor union offices, without the consent of those affected.

The European Data Protection Board (EDPB) is calling for more coherence between the General Data Protection Regulation (GDPR) and the increasingly complex web of new digital legislation coming out of the EU. In a statement released after its December 2024 plenary session, the EDPB welcomed the European Commission’s second report on the GDPR’s application and emphasized the importance of aligning digital laws with the GDPR to maintain legal certainty.

Raines & Fischer LLP, once a player in the auditing world, is now out of the game—for good. The Public Company Accounting Oversight Board (PCAOB) has permanently revoked the firm’s registration after uncovering shocking attempts to deceive inspection staff, coupled with a laundry list of other compliance failures. In a disciplinary order announced today, the PCAOB didn’t mince words or actions, hitting the firm and three of its partners with stiff penalties and professional bans.

In a dramatic enforcement move, the Securities and Exchange Commission (SEC) has taken aim at Kiromic BioPharma, Inc., a Houston-based biotech firm, and two of its former top executives, accusing them of keeping investors in the dark about critical FDA setbacks during a $40 million public offering. While the executives face penalties, the company itself avoided a fine, thanks to its efforts to come clean, cooperate, and make things right after the fact.