GRC Report Staff

The European Data Protection Board (EDPB) released its first inaugural report today on the EU-U.S. Data Privacy Framework (DPF), following a year-long assessment. The report addresses the Framework's effectiveness in safeguarding EU citizens' data when transferred to the United States. Additionally, the EDPB issued a statement on recommendations concerning law enforcement’s access to personal data, stressing the need for privacy protections.

JP Morgan is once again in the regulatory spotlight. The SEC today announced a significant enforcement action against two JP Morgan affiliates, resulting in a $151 million settlement over a range of practices the SEC says fell short of investor protection standards. J.P. Morgan Securities LLC (JPMS) and J.P. Morgan Investment Management Inc. (JPMIM) now face the consequences of alleged breaches that range from misleading disclosures to pushing costly financial products without adequate disclosures about their conflicts of interest.

The U.S. Department of Homeland Security (DHS) has announced the addition of several textile companies from the People’s Republic of China (PRC) to the Uyghur Forced Labor Prevention Act (UFLPA) Entity List. This action, effective November 1, 2024, will prevent goods from 78 PRC-based companies from entering the United States, reinforcing the U.S. commitment to fighting forced labor and the atrocities against Uyghurs and other ethnic minorities in the Xinjiang Uyghur Autonomous Region (XUAR).

The Consumer Financial Protection Bureau (CFPB) has put Meta Platforms, Inc. on notice. The federal agency is considering legal action against the social media giant over allegations that it improperly obtained consumers’ financial data from third parties and funneled that information into its highly profitable targeted advertising operations.

The European Banking Authority (EBA) has just dropped a comprehensive look into how financial firms are handling Principal Adverse Impact (PAI) disclosures under the Sustainable Finance Disclosure Regulation (SFDR). This 2024 report shows progress on some fronts but also highlights areas where firms are falling short on compliance and best practices. For risk and compliance pros, this report sheds light on what firms are up against in meeting sustainability reporting standards and offers practical insights into how compliance frameworks are shifting to keep up with rising regulatory demands.

The Federal Communications Commission (FCC) has joined forces with the California Privacy Protection Agency (CPPA) through a newly announced Memorandum of Understanding (MOU). This partnership signals a renewed commitment to protecting individuals' data as digital threats become increasingly sophisticated. With the CPPA’s exclusive focus on privacy and the FCC’s broad regulatory powers, both agencies are set to enhance their collaborative efforts to ensure consumers are informed and safeguarded in today’s complex digital landscape.

As the call for transparency in environmental, social, and governance (ESG) practices intensifies, a recent survey by Ernst & Young (EY) uncovers a troubling reality: both investors and finance leaders are increasingly skeptical about the credibility of nonfinancial reporting. This growing skepticism, exacerbated by perceptions of greenwashing and inconsistent data, highlights the critical role that ESG and governance, risk, and compliance (GRC) professionals must play in elevating reporting standards.