GRC Report Staff

Danske Bank, Denmark's largest bank, has reached a settlement with the French National Financial Prosecutor, agreeing to pay €6.33 million to resolve a money laundering investigation linked to its former Estonia branch. This marks the conclusion of France’s judicial probe into the non-resident portfolio (NRP) at the Estonian branch, a scandal that has haunted the bank since 2007. The French investigation was centered around transactions from 2007 to 2014 involving several thousand non-resident customers, primarily from Russia.

The U.S. Securities and Exchange Commission (SEC) today announced charges against Atom Investors LP, a Texas-based registered investment adviser, for violations of federal securities laws related to recordkeeping. The firm failed to maintain and preserve off-channel communications, a key obligation under the SEC's recordkeeping provisions. Despite the serious nature of these violations, the SEC opted not to impose a civil penalty, citing Atom Investors' self-reporting, substantial cooperation, and prompt efforts to remediate the situation.

The Commodity Futures Trading Commission (CFTC) has imposed a $2 million civil monetary penalty on Piper Sandler Hedging Services LLC for alleged recordkeeping violations, but the decision has ignited a fierce debate within the commission itself. Two commissioners have issued dissenting statements, questioning both the evidence supporting the charges and the CFTC's jurisdiction in the matter.

In an era of increasing regulatory scrutiny, organizations are accelerating their sustainability initiatives, according to a new report from the Capgemini Research Institute. The study, titled "A World in Balance 2024: Accelerating Sustainability Amidst Geopolitical Challenges," reveals a shifting landscape where regulations are becoming the primary driver of corporate environmental strategies, presenting new challenges and opportunities for Governance, Risk, and Compliance (GRC) professionals.

Ancestry and genetics-testing company 23andMe has reached a $30 million settlement agreement in response to a class-action lawsuit stemming from a data breach that occurred last year. The settlement, which is still pending judicial approval, addresses the company's handling of a security incident that impacted millions of users.

The European Union Agency for Cybersecurity (ENISA) has officially launched the 2024 edition of ‘Threathunt 2030,’ a pivotal conference dedicated to anticipating and addressing future cybersecurity threats. Hosted in Athens, this flagship event brings together leading cybersecurity experts, policymakers, and industry stakeholders to explore the evolving landscape of cyber threats and develop strategies to enhance resilience across the EU.

The German Federal Financial Supervisory Authority (BaFin) has issued new guidance notes aimed at helping banks and insurers transition to the requirements set forth by the Digital Operational Resilience Act (DORA). Set to take effect from January 17, 2025, DORA introduces a comprehensive framework for managing ICT risks and third-party risks, marking a significant shift from the existing supervisory frameworks.