GRC Report Staff

Pennsylvania State University (Penn State) has agreed to pay $1.25 million to settle allegations of violating the False Claims Act, stemming from its failure to meet contractual cybersecurity requirements between 2018 and 2023. The university allegedly failed to implement cybersecurity controls mandated by the Department of Defense (DoD) and NASA on 15 contracts or subcontracts. These failures included misrepresenting the implementation of specific cybersecurity controls and using a cloud service provider that did not meet DoD’s security standards for handling sensitive defense information.

The Office of the Australian Information Commissioner (OAIC) has released two new guides to help businesses navigate privacy obligations when using artificial intelligence (AI) products. These guides provide clarity on how the Australian Privacy Act 1988 applies to AI, aiming to improve compliance and safeguard privacy as AI technologies become more prevalent in business practices.

The International Chamber of Commerce (ICC) unveiled its new Principles for Sustainable Trade Finance (PSTF) at Sibos 2024 in Beijing in effort to fight against greenwashing in global trade. The framework, developed in collaboration with leading financial institutions and Boston Consulting Group (BCG), addresses the critical challenge of evaluating sustainability in trade finance products.

The U.S. Securities and Exchange Commission (SEC) announced an enforcement action today, imposing penalties totaling $6.985 million on four technology companies for what regulators described as materially misleading disclosures regarding cybersecurity incidents.

The Securities and Exchange Commission (SEC) has taken action against New York-based investment adviser WisdomTree Asset Management Inc. for making false statements and failing to comply with its own investment criteria for ESG-marketed funds. The charges, announced on October 21, 2024, highlight the growing scrutiny of environmental, social, and governance (ESG) investment practices in the financial industry.

Truist Bank has reached a settlement agreement with the United States government, agreeing to pay $9,125,000 to resolve allegations of misconduct in the administration of certain trust accounts. The settlement, announced on Monday, October 21, 2024, addresses claims under the Financial Institutions Reform, Recovery and Enforcement Act of 1989 (FIRREA).

The Securities and Exchange Commission's (SEC) Division of Examinations has released its examination priorities for the 2025 fiscal year. This annual publication aims to inform investors and registrants of potential risk areas that will be a focal point for the Division's oversight and compliance efforts in the coming year.