Issue 22: How prepared was Maui?

Welcome to This Week in GRC, MBK Search's digest of the news, views, and analysis from the governance, risk, and compliance sectors.

The Opening Bell

One of the biggest questions in the aftermath of the devastating wildfires in Maui is how prepared the island was for fire. Officials have known for almost a decade that the area could protect itself better by managing grasses and vegetation differently. But according to Hawaii fire experts, not much was done.

As reported by NPR , only a "handful" of preventative projects were completed.

"The scope and level and amount that needed to get done was never really reached because we actually really never found funds or capacity to do the full scale of what we would have liked to have done," said Hawaii Wildfire Management Organization's Elizabeth Pickett.

A plan is but an idea unless its stress-tested, enacted, and constantly reviewed. As the past two weeks have shown, failure to do so can have fatal consequences.

People share their work on social media all the time—but there's a no-go area in med-tech: promoting custom devices.

Is it time the FDA clamped down on the way custom-devices are promoted online? We look at the issue in detail in this week's edition of The GRC Story.

• Financial account info, SSNs, and credit card numbers of more than 30,000 Bank of America customers were exposed in a ransomware attack on EY .
• Former Allianz Executive Gregorie Tournant has had his bid to toss fraud charges rejected by a federal judge in New York.
• The UK Government has published an updated version of its risk register .

Operational risk incidents increased by 26% in 2022 , with 76,620 events reported according to ORX.

The rise is due to increased use of AI and digitalization enabling more low-value fraud. But, gross losses decreased to the lowest level since 2017 at €17.8bn, indicating banks are getting better at managing major risks.

• CEOs aren't backing down from ESG commitments , in spite of political backlash.
• The UK's financial regulator has laid out guidance for applying rules for traditional money transfers to those involving crypto.
• Germany has launched an AML review into the finances of Baltic LNG operator Deutsche ReGas

The Fed is proposing big changes to bank capital rules - requiring more cushion against losses. This will likely force many banks, especially regional ones, to raise more capital.

波士顿谘询公司 has published this paper outlining the changes and what the broader implications for the banking industry will be.

• How should internal audit approach the topic of CEO compensation?
• The SEC has fined UK firm Crowe over its audit of music streaming platform Akazoo.
• EY has rejected a proposal from US private equity group TPG to break up the Big Four firm and take a stake in its consulting business.

With the PCAOB and SEC putting audit firms under the microscope , questions are being asked about what Big Four can do to improve regulatory compliance. But will renewed ethics training, data analytics, and internal compliance metrics be enough?

• Integra received a warning letter from the FDA after recalling five years' worth of devices made at a Boston facility.
• The healthcare manufacturing industry in the UK is asking the country's government to clarify its future regulatory position .
• AstraZeneca has been hit with a FDA warning letter over misleading claims about Breztri's efficacy.

The European Medicines Agency (EMA) has published a draft Reflection Paper on the use of AI and machine learning (ML) in the medicinal product lifecycle, and opened a public consultation until the end of the year.

The EMA is pushing for a risk-based approach, emphasising that the use of AI/ML in the lifecycle of medicinal products should always comply with current regulations, ethics, and "due respect for fundamental rights".

The always wise Richard Chambers offers tips and advice on navigating the opening internal audit meeting.

Crypto fanatics have been pining for a Bitcoin exchange-traded fund for a decade now. But with the entrance of BlackRock Inc. into the race, many market watchers are hopeful that one or more?spot-Bitcoin ETFs will finally get the go-ahead.