Since the EU’s Digital Operational Resilience Act (DORA) took effect on January 17, 2025, financial entities across Europe have been working to align with its far-reaching operational resilience and ICT security rules. Now, Germany’s Federal Financial Supervisory Authority (BaFin) has stepped in with a tool designed to make one of DORA’s more challenging elements (documentation requirements) easier to grasp.
The Joint Committee on Climate Change (JC3) gathered for its 15th meeting recently, with more voices at the table and a clear determination to accelerate Malaysia’s climate agenda. Co-chaired by Bank Negara Malaysia and the Securities Commission Malaysia, the committee welcomed nine new members, bringing a broader and more diverse representation of the financial sector into the conversation.
The New York State Department of Financial Services (DFS) has reached a $48.5 million settlement with Paxos Trust Company over systemic anti-money laundering (AML) deficiencies and failures to adequately vet its former business partner, Binance. The agreement, announced by Superintendent Adrienne A. Harris on August 7, requires Paxos to pay a $26.5 million penalty to the state and commit an additional $22 million to bolstering its compliance program under a DFS-approved remediation plan.
The European Banking Authority’s (EBA) first-quarter 2025 Risk Dashboard shows the EU/EEA banking sector holding steady on capital and profitability, but with a notable rise in the cost of risk to its highest level in over three years.
The California Privacy Protection Agency (CPPA) has taken the unusual step of going to court to enforce an investigative subpoena against Tractor Supply Company, marking the agency’s first public disclosure of an ongoing investigation and its first judicial action to compel compliance with an investigative request.
The European Banking Authority (EBA) has launched a public consultation on proposed revisions to its Guidelines on internal governance under the Capital Requirements Directive (CRD), reflecting recent legislative changes and evolving supervisory priorities. The consultation, which runs until 5 October 2025, is limited to the proposed amendments and invites feedback from stakeholders across the financial sector.
It all starts with a phone call. Not a suspicious link. Not malware. Just a convincing voice on the other end of the line, claiming to be IT support. Before long, a well-meaning employee is clicking through a Salesforce setup page and, unwittingly, handing over the keys to their company’s data kingdom.