There’s nothing particularly new about trying to hide ownership on paper. What’s changing, according to the U.S. Treasury’s Office of Foreign Assets Control, is how frequently, and how creatively, it’s being done.
For years, the idea of a FinCEN whistleblower program has existed more in statute than in practice. Now, the Financial Crimes Enforcement Network is taking a step toward changing that.
In this article, Norman Marks explores a familiar but often misunderstood reality for risk and internal audit professionals—risk is everywhere, but not every risk deserves equal attention. Drawing on a reader’s challenge to conventional thinking, Marks examines the limits of risk registers, the pitfalls of overextending audit scope, and why effective risk management ultimately comes down to prioritization, judgment, and better decision-making rather than attempting to catalog or control every possible threat.
In their spring 2026 risk update, the Joint Committee of the European Supervisory Authorities (EBA, ESMA, and EIOPA) drew a line between two forces shaping the current environment—geopolitical tensions that refuse to ease, and a private finance market that has grown faster than the visibility around it.
A surge in energy prices tied to the war in the Middle East is beginning to filter into the Dutch economy, raising inflation and complicating the outlook for growth at a moment when the margin for error is already thin.
Risk hasn’t just increased, it’s become more connected, more dynamic, and harder to contain within traditional GRC models. This report, developed with Harvard Business Review Analytic Services, explores how organizations are responding by rethinking GRC through AI. Not as a layer of automation on top of existing processes, but as a way to fundamentally change how risk is understood and managed.
In recent years, we’ve seen multiple cases when governance gaps that were created during digital transformation resulted in regulatory enforcement. In 2020, the U.S. Office of the Comptroller of the Currency fined Capital One $80 million for failures to establish effective risk assessment before migrating significant IT operations to the cloud and to remediate quickly afterward. In 2022, U.K. regulators fined TSB Bank £48.65 million after a disruption caused by company’s core-platform migration that exposed weaknesses in risk management and governance.