Insights

The Justice Department’s $3 billion settlement with TD Bank may have closed one chapter in a decade-long money-laundering saga, but Sen. Elizabeth Warren is far from satisfied with how the story ends. In a fiery letter to Attorney General Merrick Garland, Warren pulled no punches, calling the DOJ’s handling of the case a form of “absurd legal gymnastics” that shields TD’s top executives from facing the music. Her frustration underscores a growing concern in Washington: are these settlements really justice, or just another line item in the cost of doing business?

The February cyberattack on Change Healthcare, now confirmed to have affected a staggering 100 million individuals, is more than a historic breach—it’s a wake-up call for the entire healthcare sector. The U.S. Department of Health and Human Services recently confirmed the scale of this incident, making it one of the most significant exposures of personal health data in U.S. history. The breach shines a harsh light on cybersecurity fundamentals, particularly the overlooked areas of access management, incident response, and third-party risk oversight.

In what might be the hospitality industry's most expensive case of leaving the digital door unlocked, Marriott International and its subsidiary Starwood Hotels are checking out of their security nightmare with a $52 million bill and an FTC-mandated security makeover. The settlement, announced October 9, 2024, addresses three massive data breaches affecting over 344 million guests worldwide.

On October 3, 2024, American Water, the largest regulated water and wastewater utility in the U.S., fell victim to a cybersecurity breach that has since drawn attention to the broader risks facing critical infrastructure sectors. Serving over 14 million individuals across 14 states, American Water’s systems were infiltrated, forcing the company to disconnect key services and pause customer billing as part of their containment strategy.

In a modern era marked by rapid technological advancement and global uncertainty, organizations worldwide are grappling with an increasingly complex risk landscape. The Risk in Focus 2025 report, a comprehensive study based on surveys conducted by the Internal Audit Foundation and the European Confederation of Institutes of Internal Auditing (ECIIA), sheds light on the current and future risk priorities of businesses across the globe.

In recent years, the landscape of regulatory compliance in UK financial services has undergone a significant transformation. As a Governance, Risk, and Compliance (GRC) analyst, I've observed a marked shift in regulatory focus towards non-financial misconduct. This evolving trend presents both challenges and opportunities for firms striving to maintain compliance and uphold their reputations in an increasingly scrutinized environment.

In an unprecedented enforcement action that marks a watershed moment in compliance and regulatory enforcement, TD Bank has pleaded guilty to multiple felonies and agreed to pay $1.8 billion in criminal penalties, with total penalties reaching approximately $3 billion when combined with civil enforcement actions. The resolution represents not only the largest penalty ever imposed under the Bank Secrecy Act but also introduces a novel enforcement approach: the first-ever daily fine against a bank for persistent compliance failures.