Risky Times

September 1, 2023

Sep 04, 2023

Welcome to This Week in GRC, MBK Search's weekly digest of the news and views in governance, risk, and compliance.

The Opening Bell: The Times Are A-Changin'

What happens when a major news organization cuts its GRC program?

That's the question on our minds following news this week that The New York Times had eliminated its 10-strong GRC team.

Amid a turbulent time for journalism, where only 43% of Americans say they trust news media, the need for a GRC team speaks for itself.

Financial calculations aside, we can only speculate that the Times feels that function can be carried out externally or by other departments.

But questions remain. Why this department, and why now? What risks will be missed? And what comes next?

Why the UK & EU have different plans to regulate med-tech AI

The UK government and the European Medicines Agency have both published draft roadmaps to regulate the use of AI in the medical technology industry.

In this edition of The GRC Story, we explore the key similarities and differences in plans, and what they’re hoping to achieve. Read the full article here.

The SEC is warning auditors and corporations alike to improve their risk assessments, particularly around small control failures.
How Risk Managers are responding to Hurricane Idalia.
Why your company’s management model could be a compliance risk factor.
Rick Bookstaber on why the risk of Taiwan being shut down “is the dominant risk right now.”

New data suggests that boardroom focus on cyber defence is waning, despite evidence that attacks are on the rise. Here’s how risk managers can limit exposures and bolster cyber security.

The U.S. will sanction Russian company Intellekt for its alleged support of North Korea’s weapons programs.
The Financial Industry Regulatory Authority plans to deploy innovative contextual analysis to capture the “true intent” behind emojis and slang in text messaging.
Microsoft will unbundle Teams from its software stack to appease the EU’s competition worries.
How a whistleblower was awarded $18m for helping the SEC bring wrongdoers to justice.

Payments company Wise breached the U.K's Russia sanctions regime by allowing a £250 cash withdrawal by a designated person. How did a cash machine transaction land the company in hot water, and what does it say about its compliance management?

What are some of the defining traits of an effective chief audit executive?
PCAOB has imposed sanctions against WarrenAverett over auditor independence violations.
Why audit quality is more complex than one board’s inspection data.

Wolters Kluwer have produced a smart series exploring the make up of high-performing Internal Audit teams. The study has found there are four characteristics "that in combination lead to the highest levels of performance". Well worth reading and sharing within your IA team.

The U.K’s Medicines & Healthcare Product Regulatory Agency has designated three more bodies to certify medical devices in the U.K.
The FDA has released its final draft recommendations for using real-data and evidence in drug development.
The FDA has also issued warning letters to three infant formula manufacturers following recent factory inspections.

As med-tech companies make substantial investments in digital technology, there are important tax implications that should be addressed. The team at EY have put together this report exploring how the medical device sector is impacted by tech, and requiring a closer look at the way tax strategy is structured. Read the full report here.