This compliance intelligence digest highlights critical updates, including Varengold Bank’s AML failures and the FCA’s consultation on UK motor finance. We also cover a 10-year insider data breach at Harris Health, along with active exploitation of vulnerabilities in Oracle E-Business Suite and Fortra’s GoAnywhere. Stay informed on key regulatory changes and emerging cyber threats impacting compliance.
Top 5 Critical Compliance Alerts
- Varengold Bank’s AML failures: A cautionary tale for Europe’s financial sector: Germany’s financial regulator BaFin fined Varengold Bank AG €3.3 million for AML control weaknesses stemming from systemic governance failures. Read more
- FCA Starts Consultation on UK Motor Finance Consumer Redress Scheme: The FCA published a consultation paper on an industry-wide scheme to compensate motor finance customers who were treated unfairly between 2007 and 2024. Read more
- Harris Health Notifies Patients About 10-Year Insider Data Breach: Harris Health in Texas notified over 5,000 patients about a potential data breach where electronic health records may have been compromised. Read more
- Cl0p Mass Exploiting Zero-day Vulnerability in Oracle E-Business Suite: A zero-day vulnerability in Oracle E-Business Suite is under active exploitation by the Cl0p ransomware group. Read more
- Critical GoAnywhere Vulnerability Exploited in Medusa Ransomware Attacks: A critical vulnerability in Fortra’s GoAnywhere MFT secure web-based file transfer tool is being actively exploited in Medusa ransomware attacks. Read more
Regulatory Updates
- Vietnam: Releasing draft AI Law for comprehensive AI governance framework: Vietnam’s draft AI Law aims to establish a comprehensive AI governance framework by January 2026, introducing phased implementation, risk-based classification, and strict penalties for violations. Read more
- Brazil: Data Protection Authority becomes a regulatory agency and assumes new responsibilities for the digital protection of children and adolescents: The Brazilian Data Protection Authority (ANPD) now oversees digital protections for children and adolescents, including enforcing court orders and setting security standards. Read more
- United States: White House publishes plan for the taxation of cryptocurrencies and other digital assets: The US Administration’s Working Group on Digital Asset Markets published recommendations for revising legislation and IRS guidance regarding cryptocurrency taxation. Read more
- Ukraine: Approval of Defence City regime for arms manufacturers including tax and customs incentives: Ukraine’s Defence City regime offers tax, customs, and regulatory incentives to defence-related enterprises, effective from October 2025. Read more
Policy & Governance Updates
- Why Are Your Policies Yelling at Me? It’s Time to Rethink Tone in Rules. — Policy-writing expert Lewis Eisen examines how corporate policies are often worded more harshly than laws governing serious crimes, undermining positive relationships and cooperative workplaces. Read more
- Why Letting Go of Control Can Strengthen Your E&C Program: Smart governance builds processes that feel natural; bureaucracy multiplies steps until employees seek workarounds. Read more
- Colombia adopts the first certifiable international standard for AI systems: ISO/IEC 42001:2023: Organizations in Colombia can now adopt ISO/IEC 42001:2023, becoming among the first in Latin America with a certifiable standard for responsible AI management. Read more
Audit & Monitoring Tools
- Types of Penetration Tests: A Look at Different Pentest Techniques & Tools: A blog post discussing penetration testing techniques and tools, including their relation to SOC 2 requirements and comparison to vulnerability assessments. Read more
- Incident Response Management Best Practices for Financial Services Compliance Executives — No content available. Read more
Third-Party Risk & Due Diligence
- Calling All Influencers: Spear-Phishers Dangle Tesla, Red Bull Jobs: Cyberattackers are using impersonation campaigns aimed at stealing résumés from social media pros. Read more
Compliance Frameworks
- 2025 Asia-Pacific Community Meeting Agenda Highlights: The 2025 PCI SSC Asia-Pacific Community Meeting will take place in Bangkok, Thailand on 5-6 November. Read more
