GRC Report Staff

Italy’s privacy regulator has fined Intesa Sanpaolo €31.8 million after concluding that a prolonged, undetected data breach exposed deep flaws in the bank’s internal controls and security oversight. The decision from the Italian Data Protection Authority follows an investigation triggered by the bank’s own breach notification in July 2024. What emerged was not a one-off lapse, but a pattern of unauthorized access stretching over more than two years.

Australia’s overhaul of its anti-money laundering and counter-terrorism financing framework has moved out of consultation mode and into execution, with regulators finalizing the rules that will govern how businesses transition into the new regime.

Poland’s Office of Competition and Consumer Protection has handed down more than $1.88 million (PLN 7,033,289) in fines to companies operating in the renewable energy sector, signaling that the country’s push toward clean energy will not come at the expense of consumer protection.

Italy’s competition regulator has opened two investigations into major players in the cosmetics sector, examining whether marketing practices may have encouraged children and adolescents to use products designed for adults.

The Federal Court has ordered Binance’s Australian derivatives arm to pay a $6.5 million penalty (AUD $10 million) after widespread failures in its client onboarding processes exposed hundreds of retail investors to high-risk crypto products.

Germany’s financial regulator, BaFin, has fined Barclays €1.65 million after identifying repeated failures to meet disclosure requirements designed to keep capital markets transparent.

In their spring 2026 risk update, the Joint Committee of the European Supervisory Authorities (EBA, ESMA, and EIOPA) drew a line between two forces shaping the current environment—geopolitical tensions that refuse to ease, and a private finance market that has grown faster than the visibility around it.