GRC Report Staff

Four individuals, including a U.S. government official and three business executives, have admitted their roles in a decade-long bribery and fraud scheme that cost American taxpayers more than $550 million. The guilty pleas mark the end of an extensive investigation into corruption within the U.S. Agency for International Development (USAID), where bribery was used to bypass the fair contracting process, all in the name of personal gain.

The European Securities and Markets Authority (ESMA) is stepping up to ensure that third-party risks don’t get overlooked in the growing complexity of EU securities markets. As more companies turn to third parties for critical functions, ESMA’s new guidelines aim to help supervisors across the EU keep pace with these shifts and ensure a more secure, compliant, and resilient market.

The Basel Committee on Banking Supervision has introduced a new voluntary framework designed to guide the disclosure of such risks by banks worldwide. This framework, which offers flexibility in its implementation, aims to enhance transparency around the potential financial impact of climate change on the banking sector.

The Norwegian Data Protection Authority’s (DPA) has uncovered troubling breaches of personal data laws across six websites. These sites, all of which shared personal data without proper consent, are now facing the consequences of their actions. The DPA’s findings reveal that in some cases, sensitive personal information, including that of vulnerable children, was sent to third parties without users’ knowledge, a clear violation of GDPR.

The Public Company Accounting Oversight Board (PCAOB) took a strong stand today, holding Heaton & Co. and one of its partners, Kristofer Heaton, accountable for a series of significant violations. These lapses, which spanned audit documentation, quality control, and engagement reviews, have led to penalties, a firm registration revocation, and a professional ban for Heaton.

The wave of ESG reporting triggered by the EU’s Corporate Sustainability Reporting Directive (CSRD) is sweeping across Europe, with Denmark leading the charge. But while Danish companies are ahead of the curve, a new analysis reveals that achieving full compliance remains an ambitious and complex goal, even for the early movers.

Governance, Risk, and Compliance (GRC) is often seen as a necessary but burdensome overhead, essential for meeting regulatory demands but rarely viewed as a driver of business value. But what if that perception is holding your organization back? In a new guide titled From Overhead to Advantage: Reframing GRC Investment, we explore how GRC can shift from a passive function into a proactive strategic asset that not only ensures compliance but also accelerates growth and strengthens business resilience.