GRC Report Staff

The Australian Prudential Regulation Authority (APRA) has released a new set of insights regarding common cyber control weaknesses observed among regulated entities. This guidance is part of APRA’s continued effort to bolster cyber resilience across the financial sector, which includes banks, superannuation funds, and insurance companies. The latest communication builds on APRA’s previous focus on data backup security and highlights critical areas where many institutions fall short.

In a recent address, SEC Chair Gary Gensler highlighted the growing importance of Artificial Intelligence (AI) in the financial industry and the potential conflicts of interest that could arise from its use. Delivered on August 13, 2024, the speech underscores the increasing reliance on AI-powered algorithms by investment firms and the SEC's proactive approach to governing this evolving landscape. As AI becomes more entrenched in finance, the issues Gensler raises are vital for governance, risk management, and compliance (GRC) professionals to consider.

National Public Data (NPD), a Florida-based background check company, has suffered a data breach of staggering proportions. The breach potentially compromises the personal information of 2.9 billion individuals across the United States, United Kingdom, and Canada. This incident, first reported in April 2024, has sent shockwaves through the cybersecurity community, raising critical questions about the resilience of IT systems and the protection of sensitive personal information in the digital age.

The Federal Reserve has launched targeted enforcement actions against financial institutions in Oklahoma and Minnesota. These interventions, far from routine regulatory measures, represent a calculated response to deeply rooted operational deficiencies that threaten the stability of regional banking ecosystems.

In a sweeping regulatory action, the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) have imposed hefty fines totaling hundreds of millions of dollars on dozens of financial institutions for widespread record-keeping and supervision failures related to the use of unapproved communication methods.

The U.S. Department of the Treasury has unveiled a new website dedicated to the enforcement activities of the Committee on Foreign Investment in the United States (CFIUS). This initiative marks a pivotal step in CFIUS’s ongoing efforts to enhance its role as a guardian of national security by providing the public and investors with unprecedented access to information on the committee’s enforcement actions and penalties.

The Financial Conduct Authority (FCA) has levied a fine of £276,100 against Forex TB Limited (FXTB), a Cypriot contract for differences (CFD) firm, for failing to treat customers fairly and providing unauthorized investment advice.