GRC Report Staff

The U.S. Securities and Exchange Commission (SEC) today announced charges against Atom Investors LP, a Texas-based registered investment adviser, for violations of federal securities laws related to recordkeeping. The firm failed to maintain and preserve off-channel communications, a key obligation under the SEC's recordkeeping provisions. Despite the serious nature of these violations, the SEC opted not to impose a civil penalty, citing Atom Investors' self-reporting, substantial cooperation, and prompt efforts to remediate the situation.

The Commodity Futures Trading Commission (CFTC) has imposed a $2 million civil monetary penalty on Piper Sandler Hedging Services LLC for alleged recordkeeping violations, but the decision has ignited a fierce debate within the commission itself. Two commissioners have issued dissenting statements, questioning both the evidence supporting the charges and the CFTC's jurisdiction in the matter.

In an era of increasing regulatory scrutiny, organizations are accelerating their sustainability initiatives, according to a new report from the Capgemini Research Institute. The study, titled "A World in Balance 2024: Accelerating Sustainability Amidst Geopolitical Challenges," reveals a shifting landscape where regulations are becoming the primary driver of corporate environmental strategies, presenting new challenges and opportunities for Governance, Risk, and Compliance (GRC) professionals.

Ancestry and genetics-testing company 23andMe has reached a $30 million settlement agreement in response to a class-action lawsuit stemming from a data breach that occurred last year. The settlement, which is still pending judicial approval, addresses the company's handling of a security incident that impacted millions of users.

The European Union Agency for Cybersecurity (ENISA) has officially launched the 2024 edition of ‘Threathunt 2030,’ a pivotal conference dedicated to anticipating and addressing future cybersecurity threats. Hosted in Athens, this flagship event brings together leading cybersecurity experts, policymakers, and industry stakeholders to explore the evolving landscape of cyber threats and develop strategies to enhance resilience across the EU.

The German Federal Financial Supervisory Authority (BaFin) has issued new guidance notes aimed at helping banks and insurers transition to the requirements set forth by the Digital Operational Resilience Act (DORA). Set to take effect from January 17, 2025, DORA introduces a comprehensive framework for managing ICT risks and third-party risks, marking a significant shift from the existing supervisory frameworks.

The Office of the Comptroller of the Currency (OCC) has revealed its latest enforcement actions, emphasizing the regulator's continued focus on maintaining the integrity and stability of the national banking system. Targeting two major banks and a former bank employee, these actions highlight the OCC's commitment to addressing issues ranging from unsafe banking practices to financial crimes.