GRC Report Staff

The winds of 2025 are carrying more than just a chill for Germany's financial sector—they're bringing storm clouds of risk. Climate change, geopolitical tensions, and a sluggish economy are converging to create what the Federal Financial Supervisory Authority (BaFin) calls a “highly challenging” environment. In its Risks in Focus 2025 report, released today, BaFin lays out the threats with an unflinching eye, urging financial institutions to prepare for the unpredictable.

AI has captivated industries, governments, and innovators alike, with its potential to unlock medical breakthroughs, transform public services, and drive economic growth. Yet, alongside the buzz, myths and misconceptions about how AI interacts with data protection laws continue to circulate, muddying the waters for businesses, developers, and individuals.

Today, two heavyweights in the world of professional standards, the International Auditing and Assurance Standards Board (IAASB) and the International Ethics Standards Board for Accountants (IESBA), rolled out a game-changer for sustainability reporting and assurance. The duo announced the launch of two new standards—IAASB’s ISSA 5000 and IESBA’s IESSA—aimed squarely at making sustainability reporting more trustworthy, ethical, and transparent.

In an effort to tighten up Belgium’s defenses against money laundering and terrorism financing, the Financial Services and Markets Authority (FSMA) recently conducted comprehensive inspections of eight currency exchange offices. The goal was to assess how well these businesses are adhering to the country’s robust anti-money laundering (AML) and counter-terrorism financing (CFT) regulations. And what the FSMA found wasn’t just a few minor lapses—it uncovered systemic weaknesses that pose significant compliance risks.

In the ever-evolving chess game of cybersecurity, it seems PayPal just lost a knight—or maybe even its queen. The New York State Department of Financial Services (NYDFS) has handed the global financial technology giant a $2 million fine for exposing sensitive customer data, including Social Security Numbers (SSNs), through what regulators describe as glaring cybersecurity lapses.

Transparency isn’t just a buzzword in the biotech world—it’s the lifeblood of investor trust. And when it’s absent, as French biotech firm Pharnext discovered, the consequences can be costly.

UnitedHealth has recently confirmed that the February 2024 ransomware attack on its subsidiary, Change Healthcare, compromised the sensitive personal and medical information of approximately 190 million individuals—nearly double the initial estimates. This breach now ranks as the largest medical data breach in U.S. history.