Samuel Rasmussen

The European Union has recently unveiled the AI Act, published on July 12, 2024, and set to gradually come into force from August 1, 2024. This landmark legislation, working in tandem with the existing General Data Protection Regulation (GDPR), establishes a comprehensive framework for the development, deployment, and use of artificial intelligence across the EU. As stakeholders grapple with the implications of this new regulatory landscape, the French data protection authority, CNIL, has stepped forward with guidance to illuminate the complex interplay between these two pivotal regulations.

In today's rapidly evolving business environment, the development of a mature risk and resiliency strategy has transitioned from being an optional consideration to an indispensable necessity for organizational survival and success. This strategic imperative hinges on several critical elements: a profound comprehension of existing and potential threats, a comprehensive understanding of internal operational dynamics, and the adept utilization of state-of-the-art risk intelligence tools.

On April 7, 2024, U.S. Senator Maria Cantwell (D-WA), Chair of the Senate Committee on Commerce, Science and Transportation, and U.S. Representative Cathy McMorris Rodgers (R-WA), Chair of the House Committee on Energy and Commerce, released a discussion draft of the American Privacy Rights Act (APRA). This bipartisan, bicameral draft legislation seeks to unify the fragmented landscape of sectoral-based and state-specific data privacy laws in the United States.

The Financial Industry Regulatory Authority (FINRA) has announced a significant penalty against SoFi Securities LLC, amounting to $1.1 million, for multiple violations related to its customer identification and identity theft prevention programs. SoFi Securities, headquartered in San Francisco, California, and a member of FINRA since 2011, was found to have inadequately established and maintained protocols for its cash management brokerage account, SoFi Money, resulting in vulnerabilities to fraudulent activities.

In a resounding validation of the burgeoning importance of governance, risk management, and compliance (GRC) technology, Corlytics has secured a substantial investment from Verdane, marking what could very well be a pivotal moment in the evolution of the GRC industry. This strategic partnership serves as a bellwether for the remarkable growth trajectory and importance of the broader GRC and RegTech sectors.

European Parliament Member Axel Voss (EPP, DE) has taken to LinkedIn to circulate the revised version of the CSDDD, ahead of its imminent presentation to the EU Parliament for approval.