GRC Report Staff

Supply chains have become a high-stakes frontier in the world of cybersecurity. BlueVoyant’s State of Supply Chain Defense report for 2024 reveals that companies are no longer just talking about third-party cyber risk—they’re taking action. Across industries from healthcare to finance, leaders are focusing on practical, proactive ways to defend against the rising tide of supply chain threats.

Morgan Stanley recently took another compliance hit, adding to its ongoing tangle with regulators. In a Letter of Acceptance, Waiver, and Consent (AWC) submitted to FINRA, Morgan Stanley agreed to a settlement for alleged rule violations related to market access controls—an agreement that, if accepted, would shield the firm from future actions tied to the same issues. This latest chapter is part of an ongoing saga involving market access rule violations, with Morgan Stanley previously settling similar allegations just a few years ago.

The European Data Protection Board (EDPB) released its first inaugural report today on the EU-U.S. Data Privacy Framework (DPF), following a year-long assessment. The report addresses the Framework's effectiveness in safeguarding EU citizens' data when transferred to the United States. Additionally, the EDPB issued a statement on recommendations concerning law enforcement’s access to personal data, stressing the need for privacy protections.

JP Morgan is once again in the regulatory spotlight. The SEC today announced a significant enforcement action against two JP Morgan affiliates, resulting in a $151 million settlement over a range of practices the SEC says fell short of investor protection standards. J.P. Morgan Securities LLC (JPMS) and J.P. Morgan Investment Management Inc. (JPMIM) now face the consequences of alleged breaches that range from misleading disclosures to pushing costly financial products without adequate disclosures about their conflicts of interest.

The U.S. Department of Homeland Security (DHS) has announced the addition of several textile companies from the People’s Republic of China (PRC) to the Uyghur Forced Labor Prevention Act (UFLPA) Entity List. This action, effective November 1, 2024, will prevent goods from 78 PRC-based companies from entering the United States, reinforcing the U.S. commitment to fighting forced labor and the atrocities against Uyghurs and other ethnic minorities in the Xinjiang Uyghur Autonomous Region (XUAR).

The Consumer Financial Protection Bureau (CFPB) has put Meta Platforms, Inc. on notice. The federal agency is considering legal action against the social media giant over allegations that it improperly obtained consumers’ financial data from third parties and funneled that information into its highly profitable targeted advertising operations.

The European Banking Authority (EBA) has just dropped a comprehensive look into how financial firms are handling Principal Adverse Impact (PAI) disclosures under the Sustainable Finance Disclosure Regulation (SFDR). This 2024 report shows progress on some fronts but also highlights areas where firms are falling short on compliance and best practices. For risk and compliance pros, this report sheds light on what firms are up against in meeting sustainability reporting standards and offers practical insights into how compliance frameworks are shifting to keep up with rising regulatory demands.