CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: editor@corporatecomplianceinsights.com.
American agencies account for 95% of financial enforcement actions in ’24
US financial regulators dominated global enforcement actions in 2024, accounting for 95% of the $4.6 billion in penalties worldwide, according to new research from Fenergo, a provider of compliance and client management solutions.
The analysis revealed that while global penalties decreased 30% from 2023, penalties specifically targeting banks surged 522% to $3.65 billion. Transaction monitoring violations saw an even steeper rise, with penalties exceeding $3.3 billion — representing a 100% year-over-year increase.
ESG enforcement also intensified, with global ESG-related fines increasing 98% to $37.7 million, while US ESG fines rose 13% to $21.5 million.
“The surge in penalties for AML violations in banking, in the US, and around the world underscores the relentless pace at which financial crime evolves, and the growing expectations placed on financial institutions by regulators,” said Tracy Moore, director of regulatory affairs at Fenergo.
Other key findings:
- Banks faced the heaviest penalties at $3.52 billion, representing 82% of US regulatory fines.
- Digital asset platforms received $756+ million in fines, accounting for 99% of global penalties in this category.
- Broker-dealers incurred over $3 million in fines, making up 85% of global broker-dealer penalties.
- Securities firms faced $6.5 million in penalties, while buy-side firms were fined about $29 million.
The study analyzed global financial institution enforcement actions from January through December 2024.
Cyber incidents remain top global business risk; climate change vaults to near top of list
Cyber incidents remain the leading concern for businesses worldwide in 2025, with 38% of companies identifying cyber attacks and data breaches as their primary risk, according to Allianz Commercial’s annual risk barometer, but climate change is quickly moving up the list.
Business interruption held steady at second place with 31% of responses, while natural catastrophes remained third, according to the global insurance and asset management firm. Climate change made its highest-ever showing in the survey’s 14-year history, rising from seventh to fifth place amid record global temperatures and devastating natural disasters in 2024.
In the US, cyber incidents topped the list, followed by natural catastrophes, which rose one position to second place. Business interruption ranked third, while regulatory changes showed the biggest jump, moving from eighth to fourth place.
“For many companies, cyber risk, exacerbated by rapid development of artificial intelligence, is the big risk overriding everything else,” said Rishi Baviskar, global head of cyber risk consulting at Allianz Commercial.
Other findings:
- More than 60% of respondents cited data breaches as their most feared cyber exposure.
- Supply chain disruptions occur about every 1.4 years with damages reaching up to 10% of product costs.
- Political risks and violence dropped to ninth place globally but rose to seventh among large companies.
- Smaller companies showed increasing concern about climate change and political risks, marking a shift from their typically more localized risk focus.
The survey revealed significant interconnectivity among top risks, with climate change, emerging technology, regulation and geopolitical risks becoming increasingly intertwined.
Nearly half of US workers have seen workplace harassment
Forty-six percent of US employees have witnessed harassment in their workplace over the past five years, while 24% report being direct targets of harassment themselves, according to new research from compliance training provider Traliant.
The study reveals a significant generational divide, with 52% of Gen Z employees reporting they witnessed workplace harassment compared to 33% of Baby Boomers. The findings also expose concerning gaps in reporting mechanisms, as only half of employees said they would report harassment if they had to use their name.
Traliant’s inaugural harassment report, which surveyed more than 2,000 full-time employees across various industries, highlighted particular challenges for women in the workplace — 32% of women expressed dissatisfaction with how their employers handled harassment reports, compared to 20% of men.
“The survey findings present an alarming picture for employers who want to create positive work environments where employees can bring their best selves to work,” said Michael Johnson, chief strategy officer at Traliant.
The research was conducted in October 2024 by independent market research firm Researchscape.
Three-quarters of manufacturers not ready for EU sustainability reporting rules
Seventy-six percent of manufacturers are not meeting new value chain disclosure requirements for sustainability topics under the EU’s Corporate Sustainability Reporting Directive (CSRD), according to new research from supply chain sustainability management firm Assent.
The study of over 150 manufacturers found significant gaps in reporting across ESG topics, despite 99% of companies saying they integrate ESG considerations into business strategy. The findings come as large EU public companies prepare for their first CSRD reports in 2025, with the directive requiring disclosure across 84 topics and 1,000 data points. Large EU companies not publicly listed will need to meet the reporting obligations by 2026, and certain global companies, including some in the US, that have EU subsidiaries meeting size thresholds, have compliance dates in 2026.
Assent’s research revealed critical shortfalls in biodiversity reporting, with only 24% of assessed companies meeting CSRD requirements. Additionally, just 56% disclosed Scope 3 emissions targets, highlighting widespread gaps in supply chain emissions reduction planning.
“Our recent study highlights that manufacturers hold a false sense of security regarding their CSRD readiness,” said Jamie Wallisch, sustainability expert at Assent, which analyzed public sustainability reports across industrial equipment, electronics, medical devices and automotive sectors.
Other key findings:
- Only 49% of companies set targets for water use and marine conservation.
- 57% of companies assessed financial risks related to material ESG topics.
- 58% of companies accounted for community impacts and set related targets.
Email security gaps leave organizations vulnerable
Two-thirds of IT leaders say email security vendors aren’t keeping pace with emerging risks, while 60% of employees admit bypassing security policies, according to new research from communications security provider Zivver.
The report reveals a significant misalignment between security spending and actual risks, with only 24% of IT leaders believing their security investments are well-aligned with threats. While 47% of IT leaders focus on phishing and inbound threats, two-thirds acknowledge that outbound email mistakes cause more substantial data losses.
Zivver’s report, based on surveys of 400 IT decision-makers and 2,000 employees across six countries, found that email remains critical for business operations, with 93% of employees ranking it as important or very important for daily work. However, the findings expose concerning gaps in security practices and compliance.
“Compliance requirements today demand that organisations take a comprehensive view of email security, integrating robust solutions that address both inbound and outbound risks,” said Rick Goud, Zivver’s co-founder and chief information officer.
Other key findings:
- Over 50% of employees report making email-related mistakes every few months.
- Only 34% of email incidents are formally reported to IT teams.
- While 73% of employees know security policies, just 52% follow them.
- 54% of employees are more likely to make mistakes when busy or overwhelmed.
The research covered organizations in the US, UK, Netherlands, France, Germany and Belgium, spanning various sectors including healthcare, government and legal services.