On April 9, the European Commission published two new sets of rules aimed at sharpening transparency and improving how market activity is tracked across the bloc. At the same time, it opened a broader review of the EU Agency for the Cooperation of Energy Regulators, the body tasked with making sense of that data and spotting when something isn’t right.
There’s nothing particularly new about trying to hide ownership on paper. What’s changing, according to the U.S. Treasury’s Office of Foreign Assets Control, is how frequently, and how creatively, it’s being done.
For years, the idea of a FinCEN whistleblower program has existed more in statute than in practice. Now, the Financial Crimes Enforcement Network is taking a step toward changing that.
In this article, Norman Marks explores a familiar but often misunderstood reality for risk and internal audit professionals—risk is everywhere, but not every risk deserves equal attention. Drawing on a reader’s challenge to conventional thinking, Marks examines the limits of risk registers, the pitfalls of overextending audit scope, and why effective risk management ultimately comes down to prioritization, judgment, and better decision-making rather than attempting to catalog or control every possible threat.
In their spring 2026 risk update, the Joint Committee of the European Supervisory Authorities (EBA, ESMA, and EIOPA) drew a line between two forces shaping the current environment—geopolitical tensions that refuse to ease, and a private finance market that has grown faster than the visibility around it.
A surge in energy prices tied to the war in the Middle East is beginning to filter into the Dutch economy, raising inflation and complicating the outlook for growth at a moment when the margin for error is already thin.
Risk hasn’t just increased, it’s become more connected, more dynamic, and harder to contain within traditional GRC models. This report, developed with Harvard Business Review Analytic Services, explores how organizations are responding by rethinking GRC through AI. Not as a layer of automation on top of existing processes, but as a way to fundamentally change how risk is understood and managed.