🤷 This Week in GRC: The risks of just Googling it

🤷 This Week in GRC: The risks of just Googling it

Welcome to Issue 72 of This Week in GRC, MBK Search's weekly digest of the news and views in the world of governance, risk, and compliance.


🔔 This Week's Opening Bell

Alas, the Olympics are over, and we won't hear anyone ringing bells inside the Stade de France after every gold medal. But alarm bells down Google way have been ringing persistently since last week's blockbuster antirust decision.

Let's be clear: The decision could change the internet forever.

Let's also be clear: It might also not.

Casey Newton, in his Platformer newsletter, says that a comparable antitrust decision in the European Union in 2018 compelled Google to let users select a different default search engine when setting up a new Android device. However, Google was still permitted to charge other search engines for the privilege of being offered as an alternative. Newton notes that this ruling has had "a negligible effect" on Google's market share in Europe.

For now, Google continues to face a second antitrust case alleging that it engages in monopolistic practices and anticompetitive behavior in the advertising market. The case will be heard in September.


📰 This Week's Issue

🪄 Five areas the Fed wants Bancorp to fix

💵 The latest CCO comp survey

☁️ What's next after the blockbuster Google decision?


📰 This Week's GRC Headlines


Financial Firms Face $475 Million in Fines for Off-Channel Communication Violations

Twenty-six financial institutions, including Truist and TD Bank, have been fined over $475 million for inadequate electronic communications monitoring.

The SEC and CFTC's joint action targets the widespread use of unauthorized messaging platforms like WhatsApp and iMessage, which violate record-keeping obligations and compromise oversight capabilities.

This enforcement action, announced Wednesday, follows previous fines exceeding $1.8 billion levied against major banks' brokerage units. The SEC cited failures in overseeing messaging app usage across all personnel levels and in implementing appropriate governance policies. Ameriprise, Edward D. Jones, and Raymond James & Associates each face $50 million fines, while self-reporting firms like Truist received reduced penalties.

SEC enforcement chief Gurbir Grewal emphasized the critical nature of compliance with books and records for investor protection and market functionality. The CFTC separately fined TD Bank $75 million and Cowen and Co. $3 million for similar infractions, including TD Bank's inadequate monitoring of an internal messaging platform.


CCO Compensation Growth Slows Amid Economic Uncertainty

Chief compliance officers (CCOs) continue to see pay increases, but the pace has slowed across most sectors, according to a BarkerGilmore survey.

In 2024, median compensation for CCOs at public companies rose 7% to $419,000, while nonprofit CCOs saw a 12% increase to $250,000. However, CCOs at private companies experienced a 1% decrease, with median compensation falling to $300,000.

The finance sector was the only industry where CCO salary growth remained steady at 5% year-over-year. Industrial and manufacturing firms saw the most significant slowdown, with salary increases dropping to 2% in 2024 from 7% the previous year. This trend mirrors the ongoing decline in factory output.

BarkerGilmore attributed the overall slowdown in CCO pay growth to tighter hiring budgets, economic and political uncertainty, and the impact of technological automation on staffing needs. Managing Partner John Gilmore noted that the trend aligns with broader executive compensation patterns, emphasizing that significant earnings often come from bonuses and equity awards tied to company performance.

A law degree significantly boosted CCO compensation, particularly at public companies, where CCOs with a JD earned a median of $529,000, compared to $234,000 for those without. Private company CCOs with law degrees earned $61,000 more, while nonprofit CCOs with a JD saw a $92,000 increase.

Despite slower salary growth, most CCOs surveyed showed little interest in seeking higher-paying positions elsewhere. Approximately 65% of CCOs at public companies, 63% at private firms, and 60% at nonprofits reported low or very low interest in a compensation-motivated job search.

The survey, conducted in March 2024, gathered data from 330 compliance leaders in the public, private, and nonprofit sectors. Over half represented companies with more than $1 billion in revenue.


EEA's Climate Risk Report Calls for Risk Manager Action

The European Environment Agency (EEA) has released its first European Climate Risk Assessment (EUCRA), highlighting 36 major climate risks across Europe.

The report identifies key risks in five areas: ecosystems, food, health, infrastructure, and the economy. More than half of these risks require immediate action, with eight deemed particularly urgent. These include protecting ecosystems, safeguarding people from extreme heat, and defending infrastructure from floods and wildfires.

It stresses the need for rapid CO2 emission reductions and accelerated implementation of European adaptation policies. It also highlights the importance of clear risk ownership, collaboration among European Institutions, and engagement at local and regional levels to coordinate and execute action plans.

The European Commission responded to the EUCRA by outlining four key areas for future EU policy on climate adaptation:

  • Improved risk governance
  • Better tools for risk owners
  • Harnessing structural policies
  • Creating the right conditions for financing climate resilience

The recommendations will guide EU policy from 2024 to 2029.


🔥 This Week's GRC Hot Takes

Hot takes and analysis from those on the shop floor

1) An interesting crop of suggestions put forward to improve the stability of the U.S. financial system.

2) What’s Gen Z’s take on risk management? The Risk Management Society profiled 20 recipients of its annual scholarship to find out what’s top of book for young adults.

3) This is one to keep in your bookmarks: MIT researchers have published a comprehensive AI risk database.


📺 This Week's GRC Podcast

Google lost its first antitrust case, so what happens next?

The implications of last week’s mammoth Google antitrust decision will be felt in GRC circles for some time. The team at The Verge delivered this comprehensive primer on the decision and what comes next.

Listen to the episode here


✍️ What MBK Search is Talking About


5 risk areas the Fed wants Bancorp to fix

The U.S. crypto industry continues to face regulatory scrutiny, with the Federal Reserve taking action against Customers Bancorp earlier this month. Here are five key points from the Fed's order:

Bancorp and Bank Boards Must Bolster Oversight

The Federal Reserve has given Customers Bancorp and Customers Bank 60 days to submit plans for enhanced board oversight. These plans must explain how the boards maintain control over major operations and follow regulations. The bank's plan must also address resource allocation for BSA/AML compliance, including staffing levels.

Organization-Wide Risk Management Practices Face Scrutiny

Bancorp must present a detailed plan to improve its risk management practices for digital assets. This plan must outline new policies and procedures, measures to secure appropriate expertise, and methods for quick risk identification and reporting. The Federal Reserve says it expects an effective risk assessment system and strong controls for dollar token activities.

BSA/AML Compliance Program Requires Significant Updates

The bank needs to submit a revised BSA/AML compliance program. This program must include strong internal controls and a thorough risk assessment of all products and services. The Federal Reserve emphasized needing a qualified compliance officer to manage the program and a system to track and escalate compliance issues. This revision addresses the complexities of BSA/AML compliance in the digital asset space.

Customer Due Diligence Procedures Fall Short

Customer control is also high on the list of changes. The new program must ensure comprehensive collection and analysis of customer information, including identity verification and business activity documentation. The bank must also develop a plan to address existing customer due diligence deficiencies and implement a focused assessment of its customer base.

Suspicious Activity Monitoring Deemed Inadequate

The agreement calls for a revised suspicious activity monitoring program that establishes monitoring rules and improves investigation criteria. The Federal Reserve has also ordered an independent review of the bank's transaction monitoring from March to August 2023, focusing on high-risk customers and transactions.


The UK’s Financial Conduct Authority (FCA) has released a consultation paper outlining proposed rules for the new public offer platform (POP) regime.

This framework aims to facilitate companies raising more than £5 million through public offers of securities outside regulated markets. The move is part of broader reforms to the UK’s capital markets, designed to streamline fundraising processes while maintaining robust investor protections.

MBK Search looks at what’s in the proposed changes:

Read more here


🧑💼This Week's Hottest GRC Jobs

Make your next career step with MBK Search


Infrastructure & Connectivity Associate — London, UK

A leading trading platform, seeks an individual to support their client network connectivity and trading infrastructure

Our client, a leading insurer, is looking for a Director of Medical Claim Services.

Our client, a leading healthcare management consulting firm, is seeking Senior Managers for multiple offices.

Explore all jobs here


At MBK Search, we find world-class talent so you can build champion GRC teams. Let's start building today. Click here to apply for the latest GRC roles.

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics