Skip to main content

Spotlight

#GRC Bytes

#GRCbytes : Saudi Arabia

The Ministry of Human Resources and Social Development, Saudi Arabia, has recently notified amendments to the labor laws, in line with Saudi Arabia Vision 2030.

See More

#GRCbytes : Canada

Canada passed Modern Slavery Act recently in 2023. The other jurisdictions where such laws are already effective include UK, Australia, State of California, etc. The compliances given under modern slavery laws should form important part of organisations' compliance universe and supply chain risk management programmes. These legislations aim at tackling human trafficking, forced labour, child labour, bonded labour, etc. in supply chains.

Stay tuned @FlaggGRC Ventures LLP for more #GRCbytes.

#GRCbytes : USA - Delaware

It is that time of the year again to take note of the proposed amendments of 2023 to Delaware General Corporation Law (DGCL). Delaware being the most common and popular State of incorporation, DGCL is one of the most relevant laws for USA as well as non-USA companies. It is reviewed every year so that it can address the rapidly changing corporate/business environment.

Stay tuned @FlaggGRC Ventures LLP for more #GRCbytes.

#GRCbytes : EU

EU finally agrees that US ensures sufficient levels of protection for personal data transferred from the EU to US companies. The adequacy decision has been passed by the European Commission on 10 July 2023 concluding safe data flows between companies complying with the new EU-U.S. Data Privacy Framework.

As a result, companies need to take into account the new EU-U.S. Data Privacy Framework to ensure compliance in case of such data flows.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : Sri Lanka

Companies operating in Sri Lanka should take a relook at their ABAC programme in view of the new Anti-Corruption Act passed in the last week. The applicability of this Act extends to employees or directors of private sector entities as well (Section 106).

As part of the regulatory change management process, updation of ABAC policies and holding awareness programmes for stakeholders could be a good start.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : USA and Singapore

Watch out for these additional compliances in case of cybersecurity incidents or online criminal activities.

The U.S. Securities and Exchange Commission has recently adopted new Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure under which Public Companies are required to disclose material cybersecurity incidents within 4 business days of determining such incidents to be material.

Singapore, in the recent past, has also passed the Online Criminal Harms Act which counters online criminal activities and scams and aims at safeguarding users against online harms. Regulators have been empowered to mandate online service providers with some immediate compliance actions in case of even mere suspicion.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : India

The Jan Vishwas (Amendment of Provisions) Bill, 2023, passed by Lok Sabha and Rajya Sabha in the recent past, has multi-fold effects on the Compliance behaviour of India Inc.

The Bill seeks to decriminalise certain offences in more than 180 provisions across 42 Central Acts governed by 19 Ministries/Departments. Some of the important Acts covered by the Bill, from the statutory and regulatory compliance point of view, include Legal Metrology Act, 2009, Information Technology Act, 2000, Air (Prevention and Control of Pollution) Act, 1981, Environment Protection Act, 1986, Boilers Act, 1923, Motor Vehicles Act, 1988, Patents Act, 1970, Trade Marks Act, 1999, Copyright Act, 1957, Food Safety and Standards Act, 2006, etc.

Decriminalisation is proposed to be achieved by removing imprisonment and fine from some provisions, removing imprisonment and retaining fine for some, removing imprisonment and increasing fine for some, converting imprisonment and fine into penalty and by compounding offences for few provisions.

In addition to ease of doing business, businesses will no longer be burdened by irrational fear of imprisonment for minor technical defaults. More importantly, from the perspective of having an effective compliance mechanism, the steps such as pragmatic approach towards compliance and rationalised penalties for offences were long due from the Government.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : India

Finally..! India is just a step away from having its own comprehensive data protection framework. The Digital Personal Data Protection Bill, 2023 has been passed by Rajya Sabha today.

The highlights of the Bill have been the consent mechanism, use of personal data for the legitimate use, security measures to prevent data breaches, and hefty fines laid down in case of non-compliances like never before.

Although the Bill is still being debated and deliberated upon by many industry experts for certain provisions, India surely has achieved an important milestone by creating its own framework of data protection.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : USA

The Equal Employment Opportunity Commission enforced The Pregnant Workers Fairness Act (as part of Title VII of the Civil Rights Act of 1964) in June 2023. The draft of the Regulations to implement the Act has been proposed in the last week for comments.

Any commercial organisation employing 15 or more employees comes within the purview of applicability of this Act. While a reasonable exemption of "undue hardship for employers" has been laid down by the Act, the Covered entities are mainly required to provide accommodation to employees for all kinds of pregnancy-related medical conditions.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : Switzerland

With the New Federal Act on Data Protection (nFADP) having come into effect on September 1, 2023, Swiss companies need to review their obligations regarding data protection. That said, if they are already compliant with the EU General Data Protection Regulation (GDPR), they will only need to make minimal changes to their existing mechanisms to comply with the nFADP.

Some major aspects that businesses need to take note of include prompt notification to authorities, the concept of profiling, the inclusion of genetic and biometric data in the definition of sensitive data, the register of processing activities, and the principles of privacy by design and by default, among others.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : Singapore

Monetary Authority of Singapore (MAS) reaffirms the significance of a risk-based approach.

Through a recent Circular addressed to all CEOs of Financial Institutions (FIs) in Singapore, MAS mandates that FIs must consider reputational, legal and operational risks when implementing unilateral sanctions imposed by other jurisdictions. FIs are required to take appropriate measures to manage these risks.

FIs should establish processes to effectively detect and manage sanctions-related risks. MAS expects the boards and senior management of FIs to provide oversight of sanctions-related risks, strengthen their sanction-risk detection capabilities and review their AML/CFT (Anti-Money Laundering/Countering the Financing of Terrorism) frameworks and controls.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : Australia

Australia has recently embraced technological advancements in modernising business communication within companies through a significant amendment to its Corporation Act.

Previously, only specific documents under the Act could be electronically signed or executed. Members of the company, registered scheme, corporate collective investment vehicles (CCIVs) or disclosing entities could choose to receive only meeting related documents in electronic form. Additionally, the consent of directors was a prerequisite for conducting meetings using technology.

The amended Act now extends the scope of electronic signing or execution to cover all documents except those to be submitted to the Australian Securities and Investment Commission (ASIC), the registrar or the takeover panel. Furthermore, the members now have the option to receive any documents in electronic form. The Act no longer necessitates director consent for utilising any reasonable technology to conduct meetings.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : Singapore

Singapore has taken a pioneering step by launching its new Intangible Disclosure Framework for 2023. Its goal is to provide consistent information about the value of intangible assets within enterprises. This Framework will aid stakeholders in making informed assessments of businesses and their prospects in the financial market. Enterprises are obligated to disclose the nature and characteristics of intangible assets, including a brief description and how they were acquired or attained. These disclosures must be included in their annual reports or standalone reports.

The Framework defines intangible asset as "a non-monetary resource that manifests itself by its economic properties, it does not have physical substance but grants rights and/or economic benefits to its owner". It categorizes intangibles into six categories: marketing-related, customer-related, artistic-related, contract-related, technology-related, and human capital-related. This includes patents, brand value, registered designs, and more. The key principles of the Framework are anchored in four pillars (SIMM Pillars): the Strategy pillar, Identification pillar, Measurement pillar, and Management pillar.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : USA

The risk of harassment and discrimination is one of the most challenging issues for companies to combat, despite ongoing governance efforts.

The U.S. Equal Employment Opportunity Commission (EEOC) recently proposed the "Enforcement Guidance on Harassment in the Workplace" to provide clearer enforcement of existing laws and to address changes in laws, including those influenced by the #MeToo movement, online harassment, etc.

The proposed Guidance focuses on three key components of a harassment claim - covered bases and causation, discrimination with respect to a term, condition, or privilege of employment, and liability of employers.

Discrimination and harassment are taking on new forms due to technological and social advancements. Therefore, employers must stay informed about any new regulatory regimes being issued by regulators to effectively address these evolving issues.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : USA - California

It is worth noting the governance aspect of the ESG initiatives taken by various governments, such as the Voluntary Carbon Market Disclosures Act issued by the California government.

Companies offering carbon offsets now face increased compliance scrutiny. Entities involved in marketing or selling voluntary carbon offsets are now mandated to disclose specific project details on their websites. This information encompasses the durability period, accountability, the specific protocols used for estimating emission reductions, any third-party validation of project attributes, and the calculation methods needed for independent verification of emissions, among other requirements.

Entities claiming net zero emissions must also disclose how they determined the accuracy of such claims, including the interim progress made toward these goals.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : India

SEBI has once again emphasized the importance of ease of doing business and encouraged compliance. This was achieved through the revision of the Master Circular pertaining to fundraising by issuing debt securities for large companies (LCs).

Large companies are required to secure a minimum of 25% of their qualified borrowings through the issuance of debt securities. These requirements must be fulfilled over a consecutive three-year period. The revised framework introduces incentives and disincentives while also providing a clearer definition of qualified borrowings. Stock Exchanges have also been required to identify LCs and calculate incentives / disincentives.

SEBI has taken these measures in consideration of the current market conditions and with the aim of advancing the corporate bond markets.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : India

The Indian Government has launched two pivotal initiatives, the Green Credit Program and the Ecomark scheme, as part of the broader 'Lifestyle for Environment' (LiFE) movement. These initiatives are designed to motivate corporations and an array of industries to adopt ecologically responsible measures for the protection, preservation, and conservation of the environment.

The Green Credit Program offers incentives to corporations through a market-driven mechanism, generating "green credits" for environmentally beneficial actions. Corporations can accumulate these credits by engaging in various activities such as tree plantation, water management, sustainable agriculture, waste management, air pollution reduction, mangrove conservation and restoration, Ecomark label development, and sustainable building and infrastructure.

Meanwhile, the Ecomark scheme accredits and labels environmentally-friendly household products, ensuring transparency and accuracy. Products that display the Ecomark under this scheme guarantee transparency and provide accurate information about their environmental characteristics while preventing any deceptive or misleading information. The Central Pollution Control Board administers the Ecomark Scheme in partnership with Bureau of Indian Standards (BIS).

Stay tuned @FlaggGRC for more #GRCbytes.

Articles

⚡Incident-Triggered (Ad hoc) Compliances: A Key Component of GRC ⚡ #buildinpublic | flagggrc.tech

See More
avtar

"Quality is not an act, it is a habit"

We believe in making our clients "attentive by default" - we pay close attention to every aspect of our clients’ GRC programmes to ensure that nothing falls through the cracks.

avtar

One of the best examples of tick-the-box compliances is the privacy policy

Reach out to us at FlaggGRC Ventures LLP to find out if your privacy policy is actually effective. Let us help you assess if your policy has you covered in all situations.

avtar

Databases loaded with statutory penalties

Databases loaded with statutory penalties given against each compliance obligation do not adequately assess the potential impact of risk or the potential areas of risk

avtar

Transforming certain aspects of GRC

Transforming certain aspects of GRC through automated workflows is the key to an efficient and effective GRC function. Automation is the way forward, sooner rather than later!

avtar

Already have a compliance tool..

Already have a compliance tool but not getting the required output? or Haven’t been able to imbibe the required compliance culture yet?

avtar

Training and communication programmes!

Training on how to use a compliance tool or discussion of compliance registers with stakeholders have been the conventional idea of 'Compliance trainings'.

avtar

The R of GRC represents Risk.

The R of GRC represents Risk. Risk represents potential consequences of non-compliances. Potential consequences represent priority risk areas. Priority risk areas demand timely remediation or mitigation action. Timely remediation or mitigation is highly achievable through effective automated workflows customised for each area of risk.

avtar

Compliance - Prevention is better than Cure..!

“Good laws have their origins in bad morals” quotes Macrobius, the Roman Writer. In any legal system, may it be Common as has been adopted by India an

avtar

C for Compliance in Japan Inc.

The presence of globalization can be remarkably witnessed in all the Asian countries including Japan. Automobiles and electronic devices have been the

avtar

A Quick Look at Import-Export of Legal Services

What is ‘Legal Services’? As per the Services Export Promotion Council (SEPC): A broad definition of legal services would include advisory and represe

avtar

Google Antitrust Probe in the EU and US

When there is a market, there is competition. In fact, a market is made up of several competing players in the same domain which give/offer a variety

avtar

Regulatory reforms and the challenges on the Compliance front

“Only in growth, reform, and change, paradoxically enough is true security to be found” says an American author...

avtar

Dodd-Frank Section 1502 – Conflict Minerals: Still a great deal of work!

A quick glance at the corporate world ABCs and you will find that most often than not, C stands for Compliance...

GRCCast Episode 01 | Why GRC | GRC Market - Indian and Global Overview

#GRCCast Episode 3 | The Singapore Edition

⚡Incident-Triggered (Ad hoc) Compliances: A Key Component of GRC ⚡ #buildinpublic | flagggrc.tech

GRCCast Episode 5 | The RBI Edition | Compliance Management Solution For Regulated Entities

Risk Severity Dashboard | #buildinpublic | #flagggrc | flagggrc.tech

Timeliness Dashboard | #buildinpublic

Completeness Dashboard | #buildinpublic

AI-Powered Uploader | FlaggGRC

Differentiator #5 | Developer API | FlaggGRC

Differentiator #4 | Spreadsheet less on boarding | FlaggGRC

FlaggGRC | Sign in experience

avtar

All acquired companies and potential M&A targets of US companies, a call for caution or a chance to act?

The US Department of Justice (DOJ) has introduced a policy to incentivize...

GRCCast Episode #4 | The MSME Edition | Compliance Program For MSMEs

#GRCCast Episode 3 | The Singapore Edition

GRCCast Episode 01 | Why GRC | GRC Market - Indian and Global Overview

avtar

Dodd-Frank Section 1502 – Conflict Minerals: Still a great deal of work!

A quick glance at the corporate world ABCs and you will find that most often than not, C stands for Compliance...

avtar

Regulatory reforms and the challenges on the Compliance front

“Only in growth, reform, and change, paradoxically enough is true security to be found” says an American author...

avtar

Google Antitrust Probe in the EU and US

When there is a market, there is competition. In fact, a market is made up of several competing players in the same domain which give/offer a variety

avtar

A Quick Look at Import-Export of Legal Services

What is ‘Legal Services’? As per the Services Export Promotion Council (SEPC): A broad definition of legal services would include advisory and represe

avtar

C for Compliance in Japan Inc.

The presence of globalization can be remarkably witnessed in all the Asian countries including Japan. Automobiles and electronic devices have been the

avtar

Compliance - Prevention is better than Cure..!

“Good laws have their origins in bad morals” quotes Macrobius, the Roman Writer. In any legal system, may it be Common as has been adopted by India an

avtar

The R of GRC represents Risk.

The R of GRC represents Risk. Risk represents potential consequences of non-compliances. Potential consequences represent priority risk areas. Priority risk areas demand timely remediation or mitigation action. Timely remediation or mitigation is highly achievable through effective automated workflows customised for each area of risk.

avtar

Training and communication programmes!

Training on how to use a compliance tool or discussion of compliance registers with stakeholders have been the conventional idea of 'Compliance trainings'.

avtar

Already have a compliance tool..

Already have a compliance tool but not getting the required output? or Haven’t been able to imbibe the required compliance culture yet?

avtar

Transforming certain aspects of GRC

Transforming certain aspects of GRC through automated workflows is the key to an efficient and effective GRC function. Automation is the way forward, sooner rather than later!

avtar

Databases loaded with statutory penalties

Databases loaded with statutory penalties given against each compliance obligation do not adequately assess the potential impact of risk or the potential areas of risk

avtar

One of the best examples of tick-the-box compliances is the privacy policy

Reach out to us at FlaggGRC Ventures LLP to find out if your privacy policy is actually effective. Let us help you assess if your policy has you covered in all situations.

avtar

"Quality is not an act, it is a habit"

We believe in making our clients "attentive by default" - we pay close attention to every aspect of our clients’ GRC programmes to ensure that nothing falls through the cracks.

#GRCbytes : Saudi Arabia

The Ministry of Human Resources and Social Development, Saudi Arabia, has recently notified amendments to the labor laws, in line with Saudi Arabia Vision 2030.

#GRCbytes : USA

The U.S. Federal Trade Commission (FTC) has recently issued a rule addressing deceptive and unfair practices in consumer reviews and testimonials, specifically targeting fake consumer reviews and testimonials, buying of reviews, and similar misleading activities.

#GRCbytes : USA

The U.S. Department of Justice (DOJ) has announced the Corporate Whistleblower Awards Pilot Program, a three-year initiative effective from August 1, 2024, and managed by the Criminal Division’s Money Laundering and Asset Recovery Section.

#GRCbytes : Australia

Right to Disconnect, a significant new provision recently enacted by the Australian Government, is set to reshape workplace dynamics under the Fair Work Act. Originally pioneered in some European countries, this provision will take effect from 26 August 2024 for non-small business employers and from 26 August 2025 for small business employers.

#GRCbytes : Global

The Financial Action Task Force (FATF), the global watchdog, has published a fresh list of jurisdictions under increased monitoring, known as the “grey list,” in relation to money laundering, terrorist financing, and proliferation financing during its June 2024 meeting in Singapore.

#GRCbytes : Luxembourg

Employers in Luxembourg can now leverage the skills of EU Blue Card holders through the newly adopted law on free movement and immigration, which aligns with EU Directive 2021/1883 and sets conditions for the entry and residence of highly qualified third-country nationals for employment.

#GRCbytes : Sweden

Sweden has voted to adopt the European Directives on Corporate Sustainability Reporting Directive into its national law. The Rules proposing the new reporting requirements will enter into force on July 1, 2024.

#GRCbytes : USA

The Promoting Resilient Supply Chains Act of 2023, which requires the Department of Commerce to establish a critical supply chain resiliency and crisis response program (the "Program") within 180 days, has been passed by the U.S. House of Representatives.

#GRCbytes : USA

The U.S. House Committee on Energy and Commerce Subcommittee on Data, Innovation, and Commerce approved the revised draft of the long-awaited comprehensive federal consumer privacy framework, known as the American Privacy Rights Act, 2024 (APRA).

#GRCbytes : USA

The Financial Accounting Standards Board (FASB) has proposed a new rule on Accounting for Environmental Credit Programs, focusing on the recognition, measurement, presentation, and disclosure of environmental credits.

#GRCbytes : India

The Employees' Provident Fund Organisation (EPFO) has introduced significant amendments to penalties under the Employees' Provident Fund (EPF) Scheme, Employees' Deposit Linked Insurance (EDLI) Scheme, and Employee Pension Scheme (EPS).

#GRCbytes : EU

The European Parliament has recently adopted new laws to combat money laundering and terrorist financing. These laws grant journalists, civil society, and authorities direct access to beneficial ownership information across the EU. Financial Intelligence Units (FIUs) will gain expanded powers to detect and suspend suspicious transactions.

Key measures include a EUR 10,000 cash payment limit, enhanced due diligence for top-tier football clubs by 2029, stringent oversight of ultra-rich individuals, and measures to ensure compliance with targeted financial sanctions and avoid sanctions being circumvented.

The new Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) in Frankfurt will ensure strict supervision and compliance. These laws mark a significant step in the EU's fight against dirty money flows, pending formal adoption by the Council.

Source - Original notifications published by the Regulatory Authority.

#GRCbytes : USA

Employers in the United States must maintain a harassment-free workplace according to the newly issued U.S. Equal Employment Opportunity Commission (EEOC) Enforcement Guidance. This involves creating clear anti-harassment policies, providing multiple reporting channels, and explaining the complaint process with anti-retaliation and confidentiality protections. Employers must promptly respond to complaints, conduct thorough investigations, maintain confidentiality, and take corrective actions to prevent further harassment.

Regular training is essential, covering the anti-harassment policy, prohibited conduct, employee rights, and supervisor responsibilities. Training should be clear, tailored to the workplace, and updated regularly. Supervisors must report harassment, and employers must balance anti-harassment efforts with accommodating religious practices.

Source - Original notifications published by the Regulatory Authority.

#GRCbytes : Malaysia

Employers in Malaysia must pay close attention to their workplace health and safety obligations as the Occupational Safety and Health (Amendment) Act, 2022 will take effect from June 1, 2024, significantly updating the Occupational Safety and Health Act, 1994 (OSHA) and extending its reach to all workplaces in Malaysia, with few exceptions.

Key obligations now include ensuring safe plant and work systems, allocating resources for safety, providing necessary information and training, maintaining safe work environments, developing emergency procedures, appointing competent safety and health officers within specific limits, and appointing occupational safety and health coordinators for workplaces with five or more employees, with non-compliance resulting in fines or imprisonment.

Organizations previously exempt from OSHA must now comply with these obligations, and boards and senior management must recognize the increased risk of personal liability and heightened penalties for safety breaches.

Source - Original notifications published by the Regulatory Authority.

#GRCbytes : European Union (EU)

Manufactured chemicals are at the core of numerous consumer products and are indispensable to Europe's vital value chains, encompassing electronics, transportation (including electric vehicle batteries), construction materials, and beyond. Businesses engaged in both manufacturing products within the EU and importing must pay close attention to this update.

The European Commission's recent release of guiding criteria and principles for the essential use concept in EU chemical legislation aims to offer clear guidance for integrating this concept into relevant legislation.

The essential use concept pertains to specific applications of certain chemicals. This concept can be employed in specific EU legislation to ascertain when the use of a highly harmful chemical is indispensable for society. In essence, it determines when such usage is justified - from a societal standpoint - despite the substance's harmful nature.

The Guidance also offers incentives for increased research and innovation into safer and more sustainable alternatives to the most harmful substances. Additionally, it will encourage innovative companies capable of providing acceptable alternatives or consumer products free from toxins.

Source - Original notifications published by the Regulatory Authority.

#GRCbytes : USA

Employers across the globe have long faced significant risks concerning non-compete clauses and their enforcement.

For better or worse, the final decision in this matter has been granted to employers of USA. Recently, the Federal Trade Commission issued the Final Rule, nationally banning noncompetes.

This measure aims to safeguard workers' fundamental freedom to change jobs, spur innovation, bolster competition, and encourage the formation of new businesses. Following the effective date of the Final Rule, existing noncompetes, with few exceptions, will also cease to be enforceable.

Source - Original notifications published by the Government.

#GRCbytes : USA

The Criminal Division of the Department of Justice, USA (DOJ) is breaking new ground with its latest move.

DOJ has initiated a Pilot Program on Voluntary Self-Disclosures for Individuals. Effective from April 15, 2024, the Pilot Program provides that in return for voluntarily disclosing information, fully cooperating with authorities, and fulfilling any applicable obligations such as victim compensation, restitution, forfeiture, or disgorgement, including returning any ill-gotten gains, the Criminal Division will consider entering into a non-prosecution agreement (NPA) provided certain specified conditions are met.

According to the Program Policy, granting an NPA to individuals who report misconduct to law enforcement in the context of corporate and white-collar criminal offenses can serve as a significant incentive for companies to establish compliance programs that promote robust internal reporting mechanisms, facilitate the prevention, detection, and remediation of misconduct before it occurs or escalates, and enable companies to promptly report any misconduct.

Source - Original notifications published by the Government.

#GRCbytes : USA

The Department of Labor, USA, has issued a long-awaited Final Rule that updates and revises the regulations under the Fair Labor Standards Act, governing exemptions from minimum wage and overtime pay requirements for executive, administrative, professional, outside sales, and computer employees.

This Final Rule, effective July 1, 2024, amends regulations established under section 13(a)(1) of the Fair Labor Standards Act concerning the exemption for executive, administrative, and professional (EAP) employees. Notably, it increases the standard salary level and the total annual compensation threshold for highly compensated employees. Furthermore, the Rule introduces a mechanism to promptly and efficiently update these earnings thresholds based on current earnings data.

Sections 541.600(a)(2) and 541.601(a)(2) become applicable starting January 1, 2025.

Source - Original notifications published by the Government.

#GRCbytes : USA

USA employers with 15 or more employees need to pay attention to this important update.

The Equal Employment Opportunity Commission (EEOC) has issued the Final Rule and interpretive guidance to implement the Pregnant Workers Fairness Act (PWFA). This Final Rule will be published on April 19th in the Federal Register and will take effect 60 days after the date of publication.

Under the PWFA, these employers are required to provide reasonable accommodations for known limitations related to pregnancy, childbirth, or related medical conditions of qualified employees, unless they can demonstrate undue hardship in implementing such provisions. Additionally, the PWFA safeguards pregnant workers from denial of employment opportunities, retaliation, coercion, and other forms of discrimination.

Source - Original notifications published by the Government.

#GRCbytes : Australia

Bribery and corruption pose significant risks, especially when certain jurisdictions extend the scope of their bribery regulations to hold corporations accountable for failing to prevent bribery.

Australia recently enacted the Crimes Legislation Amendment (Combatting Foreign Bribery) Act, 2024, amending laws related to foreign bribery. The Act considers various acts of failing to prevent bribery of a foreign public official as offenses.

The Act emphasises the importance of having a well-designed corporate compliance program by providing an exception for corporates that have "adequate procedures" in place to prevent such acts by their associates.

Source - Original notifications published by the Government.

#GRCbytes : UAE - Dubai

Dubai has recently joined the league of cities that are taking significant steps to protect the environment and promote eco-friendly practices by implementing a ban on single-use products.

The Executive Council Resolution, which was recently passed, encompasses both single-use disposable products and recycled ones, regardless of their material composition, with certain exceptions outlined in the Resolution. This ban applies to sellers and consumers across the Emirate of Dubai, including private development zones and free zones like the Dubai International Financial Centre.

Under this Resolution, violators will face a fine of AED200. If the same violation occurs within one year from the date of the previous offence, the penalty will double, with a maximum not exceeding AED2,000 when doubled. The Resolution will come into effect on 1 January 2024.

Source - Original notifications published by the Government.

#GRCbytes : UK

The employers in the United Kingdom are required to pay attention to their legal obligations arising from the Equality Act of 2010, which have been extended to include menopause symptoms experienced by women employees. The Equality and Human Rights Commission of the United Kingdom has issued Guidance for employers regarding menopause in the workplace.

The Equality Act of 2010 protects workers from discrimination, harassment, and victimization based on characteristics such as disability, age, and sex. If the symptoms associated with menopause significantly and persistently impact a woman's ability to carry out daily activities, they may be classified as a disability. In such cases, employers are legally obligated to make reasonable adjustments to accommodate these symptoms.

Additionally, employers must refrain from any form of direct or indirect discrimination based on disability, as well as avoid subjecting women to discrimination arising from their disability. Women experiencing menopause symptoms are also protected from direct and indirect discrimination, harassment, and victimization based on age and sex.

Source - Original notifications published by the Government.

#GRCbytes : European Union (EU)

The first ever comprehensive law on Artificial Intelligence (AI) has been approved by the European Parliament to regulate the use of AI in the European Union.

It introduces a framework for categorizing AI systems with different requirements and obligations based on a "risk-based approach." Some AI systems that carry unacceptable risks are prohibited. A variety of AI systems considered "high-risk," which could significantly affect people's health, safety, or fundamental rights, are authorised but must comply with a set of regulations to enter the EU market. AI systems with limited transparency are subject to requirements regarding information and transparency requirements, while those posing only minimal risks are exempt from further obligations. Additionally, the regulation outlines specific guidelines for general-purpose AI (GPAI) models and imposes stricter measures on GPAI models with high-impact-capabilities that could cause systemic risks or have a significant impact on the EU's internal market.

The regulation will enter into force 20 days after its publication in the Official Journal of the EU and, with certain exceptions, will be fully applicable for 24 months after its entry into force.

#GRCbytes : Singapore

Training by a competent trainer is a significant component of an effective corporate compliance program. This notion was recently reinforced by the Ministry of Manpower, Singapore through an amendment to the Workplace Safety and Health Act, 2006.

The Workplace Safety and Health (General Provisions) (Amendment) Regulations 2024, effective from 1 March 2024, have introduced two new regulations: Regulation 38A and 38B.

Regulation 38A categorizes industries such as construction, manufacturing, marine, and transport and storage as high-risk industries. Moreover, it mandates that every regulated entity conducting business in Singapore, whether of a general or high-risk nature, must ensure that at least one specified officer has successfully completed a Top Executive Workplace Safety and Health Program offered by a training provider approved by the Commissioner.

A fine not exceeding $20,000 and incremental penalties for continuing offenses have been stipulated as the penalties for any contravention of this compliance upon conviction.

*Source - Original notifications published by the Government.

#GRCbytes : Global

The Financial Action Task Force (FATF), the global watchdog, has published a fresh list of jurisdictions under Increased Monitoring, known as the “grey list,” in relation to money laundering, terrorist financing, and proliferation financing.

The FATF continually identifies and reviews jurisdictions with strategic AML/CFT deficiencies that pose a risk to the international financial system and closely monitors their progress. Jurisdictions under increased monitoring are actively working with the FATF to address strategic deficiencies in their regimes to counter money laundering, terrorist financing, and proliferation financing.

Among the recent updates, the UAE, Uganda, Gibraltar, and Barbados have been removed from the watchlist due to the enhanced effectiveness of their AML/CFT regimes. Conversely, Kenya and Namibia have been newly added to the list. Meanwhile, Croatia, the Democratic Republic of Congo, Nigeria, the Philippines, South Africa, among many others, continue to work on implementing their action plans to address strategic deficiencies.

Companies operating in these jurisdictions must consider the direct or indirect obligations stemming from FATF action plans when developing or upgrading their AML/CFT programs.

*Source - Original notifications published by the FATF.

#GRCbytes : UK

Comply or Explain!

The Financial Reporting Council recently published the 2024 revision of the UK Corporate Governance Code. The Code is applicable to all companies with a premium listing, whether incorporated in the UK or elsewhere.

Instead of outlining a rigid set of rules, the Code provides flexibility through 'comply or explain' reporting against the Provisions. The Code acknowledges that an alternative to complying with a Provision may be beneficial or necessary for a company in specific circumstances based on a variety of factors, including the company's size, complexity, geography, and ownership structure.

The 2024 Code will apply to financial years starting on or after 1 January 2025, with the exception of provision 29, which will come into effect for financial years beginning on or after 1 January 2026.

The Code is structured into five sections : Board Leadership and Company Purpose; Division of Responsibilities; Composition, Succession and Evaluation; Audit, Risk and Internal Control; and Remuneration.

*Source - Original notifications published by the Government.

#GRCbytes : India

The Ministry of Steel has issued the Steel and Steel Products (Quality Control) Order, 2024, superseding the Quality Control Order of 2020 in several regards.

The new Order requires goods and articles to be accompanied by a test certificate for specified goods and articles with each consignment, along with the test certificate bearing the Standard Mark of input material issued by BIS certified manufacturers. Furthermore, the Order specifies products that must be made from tin plate and tin free steel as input materials, which should bear the Standard Mark and be accompanied by a test certificate.

Importantly, the Order does not apply to steel and steel products manufactured domestically for export, provided they adhere to any other specifications required by foreign buyers.

*Source - Original notifications published by the Government.

#GRCbytes : UK

Employers should take heed of the latest amendments outlined in the Statutory Paternity Pay (Amendment) Regulations 2024, which modify the Statutory Paternity Pay and Statutory Adoption Pay (General) Regulations 2002, along with several related Regulations.

These amendments entail alterations to the notice and evidence requirements, the 'qualifying period' during which statutory paternity pay claims are applicable, and the existing limitation allowing statutory paternity pay to be claimed only in a single block of either one or two weeks. The amendments became effective on March 8, 2024.

*Source - Original notifications published by the Government.

#GRCbytes : India

Good governance, robust risk management, sound compliance culture, and protection of customers' interest were stated as of paramount importance for the safety and stability of the financial system and individual institutions in the First Monetary Policy Statement of 2024 published by the Reserve Bank of India (RBI) today. The Governor's statement emphasises that RBI expects all regulated entities to accord the highest priority to these functions.

In addition, the RBI responded to questions about the recent Paytm crisis, categorising it as a compliance issue rather than a regulatory deficiency. RBI also announced the issuance of FAQs regarding Paytm payments bank.

#GRCbytes : USA

Wage transparency laws have been rapidly adopted by several States in the USA over the past couple of years. As of now, California, Colorado, Connecticut, Hawaii, Illinois, Maryland, Nevada, New York, Rhode Island, Washington, and the District of Columbia have passed such laws, each with various effective dates. Many other States have introduced and are contemplating enactments to this effect.

These mandates require employers to disclose salary information, either as a range or hourly wage rate, in job postings for open positions. In certain States, employers must also provide a general description of all benefits that will be offered. Civil actions and fines have been specified for non-compliance with these provisions.

*Source - Original notifications published by the Government.

#GRCbytes : India

Technological Advancements in Compliance Processes - A Recent Notification from the Reserve Bank of India (RBI)!

The RBI has recently emphasised the crucial role of technology in enhancing the internal compliance monitoring function. Recognising the need for comprehensive, integrated, enterprise-wide, and workflow-based solutions/tools, the RBI has advised Scheduled Commercial Banks (excluding Regional Rural Banks), Small Finance Banks, Payments Banks, Primary (Urban) Co-operative Banks (Tier III and IV), Upper- and Middle-Layer Non-Banking Financial Companies (including Housing Finance Companies), Credit Information Companies, and All India Financial Institutions (EXIM Bank, NABARD, NaBFID, NHB, and SIDBI) to implement such new systems by 30th June 2024.

This Notification, coupled with the specified deadline, underscores the urgency for these institutions to shift towards embracing technology to streamline and enhance the effectiveness of compliance processes.

*Source - Original notifications published by the Government.

#GRCbytes : India

The Interim Budget 2024-25 encompasses the below key aspects in the context of GRC:

1. The current tax rates and duties, whether direct, indirect, or on imports, remain unchanged. Tax benefits for start-ups and investments by sovereign wealth or pension funds will continue. Additionally, tax exemptions for specific income of some IFSC units have been extended until March 31, 2025.

2. A fund of Rs. 1 Lakh crore will be established, providing a 50-year interest-free loan to the private sector. This initiative aims to enhance research and innovation in emerging areas.

3. Focusing on promoting investment, India has seen a significant increase in FDI from 2014 to 2023. To sustain foreign investment, the country is actively negotiating bilateral investment treaties with international partners, aligning with the principle of 'first develop India'.

4. Under the 'Amrit Kaal' strategy, the government will implement economic policies and provide timely and adequate finances, relevant technologies, and proper training to MSMEs. The goal is to facilitate their growth and global competitiveness. The financial sector will also be strengthened in terms of size, capacity, skills, and regulatory framework to meet investment needs.

5. By 2030, a coal gasification and liquefaction capacity of 100 MT will be established, aiming to reduce the reliance on imports of natural gas, methanol, and ammonia. This move contributes to the promotion of green energy.

6. To support environmentally friendly development, a new program for bio-manufacturing and bio-foundry will be introduced. This initiative aims to offer sustainable alternatives like biodegradable polymers, bio-plastics, bio-pharmaceuticals, and bio-agri-inputs to shift from the current consumption-focused manufacturing approach to one grounded in regenerative principles.

7. The Muft Bijli scheme is anticipated to create entrepreneurship opportunities for numerous vendors involved in supply and installation. Additionally, it will generate employment opportunities for young individuals possessing technical skills in manufacturing, installation, and maintenance.

Source - Original notifications published by the Government.

#GRCbytes : India

The RBI has recognised the need for an effective regulatory approach to strike a balance between harnessing the creative potential of FinTechs and minimising risks to the financial system, as demonstrated by the issuance of the Draft Framework for Self-Regulatory Organisation(s) in the FinTech Sector.

This Framework explains the important characteristics and operations of the FinTech SRO, covering general requirements, membership criteria, key management personnel (KMPs), functions, responsibilities, and more.

The anticipated attributes of the SRO-FT include being development-oriented and representative. Furthermore, it is expected to maintain independence from members' influences, serve as a legitimate arbiter of disputes, act as a repository of information, and foster member adherence to regulatory priorities.

*Source - Original notifications published by the Government.

#GRCbytes : USA

Employers can now rely on the Department of Labor's (DOL) recent clarification to distinguish between workers classified as employees or independent contractors under the Fair Labor Standards Act (FLSA).

The DOL has released the Final Rule on Independent Contractors, set to take effect on March 11, 2024, thereby rescinding the 2021 version of the Rule. This definitive guideline aims to safeguard individuals from potential misclassification issues between employees and independent contractors, as such misclassifications may deprive employees of essential protections and rights under the FLSA.

*Source - Original notifications published by the Government.

#GRCbytes : India

The Good Manufacturing Practices (GMPs) in relation to pharmaceutical products have now evolved into "Good Manufacturing Practices and Requirements of Premises, Plant, and Equipment for Pharmaceutical Products”.

A significant amendment has been issued by the Ministry of Health and Family Welfare in the Drugs and Cosmetics Rules, 1945 Schedule M, addressing the GMPs. This update incorporates essential provisions related to pharmaceutical quality systems, quality risk management, qualification and validation programs, etc. making it comprehensive on a global scale.

The implementation timelines have been categorized based on the size of manufacturers, with Small and Medium Manufacturers (Turnover ≤ 250 crores) given 12 months and Large Manufacturers (Turnover greater then 250 crores) provided with a 6-month timeframe.

*Source - Original notifications published by the Government.Source - Original notifications published by the Government.

#GRCbytes : China

It's time for companies operating in China to reassess their compliance risk impact based on the latest amendment.

Stay tuned @FlaggGRC for more #GRCbytes.

The Standing Committee of the National People's Congress recently passed the 12th amendment, amending the Criminal Law of China and introducing harsher penalties for the offence of bribery. Penalties such as short-term detention, fines, concurrent fines, imprisonment for up to 3, 7 and 10 years have been stipulated for various scenarios of bribery offences. These provisions apply not only to the directors or managers of state-owned companies or enterprises but also to those of other companies or enterprises.

The amendment is set to take effect on March 1, 2024.

*Source - Original notifications published by the Government.

#GRCbytes : UK

Noteworthy Decision by the UK Supreme Court: rejecting patent applications designating artificial intelligence (AI) machine as the inventor. The applications pertained to two potentially patentable inventions: one related to a Food Container and the other to Devices and Methods for Attracting Enhanced Attention, both filed under the UK’s Patents Act, 1977 (the Act).

The Supreme Court reaffirmed that the inventor must be a person, emphasizing that AI machines lack paternity rights as per Section 13(1) of the Act. The Court, citing that 'the statute provides no other mechanism for addressing the non-compliance' rejected both applications.

While the necessity to amend IP legal regimes to adapt to AI is one aspect, AI's entitlement to IP rights may pose a challenge to its legal standing.

*Source - Original publication source of the Decision.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : India

Recently passed by Lok Sabha, the Telecommunications Bill, 2023 aims to replace the Indian Telegraph Act, 1885, and the Indian Wireless Telegraphy Act, 1933.

It necessitates Central Government approval for telecommunications operations and equipment possession. Spectrum allocation, except for specific cases, will occur through auctions. The Bill permits telecommunication interception for security, public order, or crime prevention, with provisions for telecom service suspension. It introduces a right-of-way mechanism for infrastructure installation and includes user protection measures, such as consent for specified messages and a do-not-disturb register.

*Source - Original notifications published by the Government.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : The Philippines

Organizations falling under the purview of personal data controllers in the Philippines are required to take into account the recently issued Circular by the National Privacy Commission (NPC) when interpreting the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations (IRR).

Consent, being one of the pivotal aspects in personal data privacy regimes, has been further explained by the NPC. The Circular provides guidance on what constitutes valid consent, outlining the proper methods for obtaining and managing consent in compliance with the DPA and IRR.

Source - Original notifications published by the Government.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : India

All E-commerce platforms, advertisers and sellers must take note of the new Guidelines for Prevention and Regulation of Dark Patterns, 2023.

The Consumer Protection Authority has outlined 13 specific illustrations of dark pattern practices, including false urgency, basket sneaking, confirm shaming, forced action, subscription trap, interface interference, bait and switch, drip pricing, disguised advertisement, nagging, trick question, SaaS billing, and rogue malware. These illustrations are provided for guidance purposes.

This move is aimed at curtailing manipulative practices in digital commerce, offering clarity to stakeholders, and a more ethical and consumer-friendly online marketplace.

*Source - Original notifications published by the Government.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : USA - New York City

Employers are strongly advised to revisit and enhance their anti-discrimination policies to align with this recent regulatory change.

New York City’s Local Law 61 of 2023 is now in effect, prohibiting discrimination in employment based on a person’s height and weight. This anti-discrimination law aims to ensure equal access to opportunities in employment regardless of an individual’s height and weight, or the combination of both, referred to as “body size”.

The prohibition also extends to other areas such as housing and public accommodations.

Source - Original notifications published by the Government.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : USA - California

It's crucial for employers to pay attention to the notable changes in California's Employment Law. The Governor of California has recently made significant decisions by approving and vetoing key employment law bills. The approved bills will become enforceable laws in 2024.

Several important bills have been given the green light. They address issues such as increase in paid sick leave, re-hiring rights for laid-off workers, leave for reproductive loss, noncompete agreements, mechanisms to prevent violence, employee's history of marijuana use, retaliations, increasing the minimum wage for healthcare workers, among others.

*Source - California Bill Tracker

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : Global

Foreseen as a looming concern, copyright infringement is gaining attention. The accountability for AI tool outcomes remains unclear, posing the pivotal question of responsibility on users or developers.

OpenAI recently announced the Copyright Shield to proactively address potential legal claims related to copyright infringement. Some authors have initiated legal actions, alleging unauthorized use of their work in training advanced AI models. Considering the need to protect users, this Copyright Shield specifically covers generally available features of the enterprise-level AI model and its developer platform.

*Source - OpenAIResearch

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : UK

The UK's Economic Crime and Corporate Transparency Act 2023 (ECCTA) received royal assent on October 26, 2023, marking a significant amendment to the existing Companies Act of 2006. This legislative change aims to address and mitigate the challenges faced in the UK in combating fraud and money laundering.

ECCTA enhances UK Company House registers by mandating document submission through authorized individuals, ensuring accuracy, and empowering the registrar to remove false information. Entities must follow Secretary of State guidelines to prevent fraud, with non-compliance risking criminal liability.

The ECCTA in the UK serves as a positive global model, showcasing stringent reforms and governance in the fight against money laundering, fraud, and corruption.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : Canada

The Canadian Government has proposed the addition of new regulatory requirements to the Occupational Health and Safety Regulations. These Regulations aim to safeguard and protect the health and safety of employees by limiting their exposure to hazardous substances.

The earlier regulation was considered outdated and contained language that was unclear, which had unintended consequences on vital health and safety safeguards for employees. This noticeable shortcoming necessitated a thorough revision of the regulations. The proposed enhancements mark a significant advancement by introducing new requirements related to the management of nanomaterials, addressing thermal stress, non-solar UV radiation, and harmonizing the radon requirement. Moreover, these revisions will provide a framework for addressing situations in which exposure threshold limits had not yet been established. Additionally, they encompass the updating of references to incorporated standards, the harmonization of record-keeping requirements, and the clarification of air-sampling criteria.

The implementation of these new Regulations is expected to greatly reduce the workplace risks that employees face in their work environments.

*Source - Original notification of amendment published by Canada Gazette.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : India

India welcomed a significant development for public companies by allowing them to directly issue specified types of securities on foreign stock exchanges. The Ministry of Corporate Affairs (MCA) notified this change under Section 23 of the Companies Act, 2013, on October 30, 2023.

Previously, Indian companies were exclusively allowed to list their shares on the US stock exchange through American Depository Receipts (ADR) and in any other foreign countries by issuing Global Depository Receipts (GDR). As part of this process, companies were previously required to designate a depository bank, but this requirement will no longer apply. Direct listing of securities on foreign stock exchanges will now entail lower costs and a simpler, more streamlined process, ultimately resulting in faster listing of securities.

While the specific details regarding the conditions and requirements for the direct listing of shares have not yet been revealed, this significant development is expected to bring several advantages to companies. It will grant them access to global markets, potentially result in improved valuation, and make them more appealing to investors worldwide.

*Source - Original notifications published by the Government.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : India

The Indian Government has launched two pivotal initiatives, the Green Credit Program and the Ecomark scheme, as part of the broader 'Lifestyle for Environment' (LiFE) movement. These initiatives are designed to motivate corporations and an array of industries to adopt ecologically responsible measures for the protection, preservation, and conservation of the environment.

The Green Credit Program offers incentives to corporations through a market-driven mechanism, generating "green credits" for environmentally beneficial actions. Corporations can accumulate these credits by engaging in various activities such as tree plantation, water management, sustainable agriculture, waste management, air pollution reduction, mangrove conservation and restoration, Ecomark label development, and sustainable building and infrastructure.

Meanwhile, the Ecomark scheme accredits and labels environmentally-friendly household products, ensuring transparency and accuracy. Products that display the Ecomark under this scheme guarantee transparency and provide accurate information about their environmental characteristics while preventing any deceptive or misleading information. The Central Pollution Control Board administers the Ecomark Scheme in partnership with Bureau of Indian Standards (BIS).

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : India

SEBI has once again emphasized the importance of ease of doing business and encouraged compliance. This was achieved through the revision of the Master Circular pertaining to fundraising by issuing debt securities for large companies (LCs).

Large companies are required to secure a minimum of 25% of their qualified borrowings through the issuance of debt securities. These requirements must be fulfilled over a consecutive three-year period. The revised framework introduces incentives and disincentives while also providing a clearer definition of qualified borrowings. Stock Exchanges have also been required to identify LCs and calculate incentives / disincentives.

SEBI has taken these measures in consideration of the current market conditions and with the aim of advancing the corporate bond markets.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : USA - California

It is worth noting the governance aspect of the ESG initiatives taken by various governments, such as the Voluntary Carbon Market Disclosures Act issued by the California government.

Companies offering carbon offsets now face increased compliance scrutiny. Entities involved in marketing or selling voluntary carbon offsets are now mandated to disclose specific project details on their websites. This information encompasses the durability period, accountability, the specific protocols used for estimating emission reductions, any third-party validation of project attributes, and the calculation methods needed for independent verification of emissions, among other requirements.

Entities claiming net zero emissions must also disclose how they determined the accuracy of such claims, including the interim progress made toward these goals.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : USA

The risk of harassment and discrimination is one of the most challenging issues for companies to combat, despite ongoing governance efforts.

The U.S. Equal Employment Opportunity Commission (EEOC) recently proposed the "Enforcement Guidance on Harassment in the Workplace" to provide clearer enforcement of existing laws and to address changes in laws, including those influenced by the #MeToo movement, online harassment, etc.

The proposed Guidance focuses on three key components of a harassment claim - covered bases and causation, discrimination with respect to a term, condition, or privilege of employment, and liability of employers.

Discrimination and harassment are taking on new forms due to technological and social advancements. Therefore, employers must stay informed about any new regulatory regimes being issued by regulators to effectively address these evolving issues.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : Singapore

Singapore has taken a pioneering step by launching its new Intangible Disclosure Framework for 2023. Its goal is to provide consistent information about the value of intangible assets within enterprises. This Framework will aid stakeholders in making informed assessments of businesses and their prospects in the financial market. Enterprises are obligated to disclose the nature and characteristics of intangible assets, including a brief description and how they were acquired or attained. These disclosures must be included in their annual reports or standalone reports.

The Framework defines intangible asset as "a non-monetary resource that manifests itself by its economic properties, it does not have physical substance but grants rights and/or economic benefits to its owner". It categorizes intangibles into six categories: marketing-related, customer-related, artistic-related, contract-related, technology-related, and human capital-related. This includes patents, brand value, registered designs, and more. The key principles of the Framework are anchored in four pillars (SIMM Pillars): the Strategy pillar, Identification pillar, Measurement pillar, and Management pillar.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : Australia

Australia has recently embraced technological advancements in modernising business communication within companies through a significant amendment to its Corporation Act.

Previously, only specific documents under the Act could be electronically signed or executed. Members of the company, registered scheme, corporate collective investment vehicles (CCIVs) or disclosing entities could choose to receive only meeting related documents in electronic form. Additionally, the consent of directors was a prerequisite for conducting meetings using technology.

The amended Act now extends the scope of electronic signing or execution to cover all documents except those to be submitted to the Australian Securities and Investment Commission (ASIC), the registrar or the takeover panel. Furthermore, the members now have the option to receive any documents in electronic form. The Act no longer necessitates director consent for utilising any reasonable technology to conduct meetings.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : Singapore

Monetary Authority of Singapore (MAS) reaffirms the significance of a risk-based approach.

Through a recent Circular addressed to all CEOs of Financial Institutions (FIs) in Singapore, MAS mandates that FIs must consider reputational, legal and operational risks when implementing unilateral sanctions imposed by other jurisdictions. FIs are required to take appropriate measures to manage these risks.

FIs should establish processes to effectively detect and manage sanctions-related risks. MAS expects the boards and senior management of FIs to provide oversight of sanctions-related risks, strengthen their sanction-risk detection capabilities and review their AML/CFT (Anti-Money Laundering/Countering the Financing of Terrorism) frameworks and controls.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : Switzerland

With the New Federal Act on Data Protection (nFADP) having come into effect on September 1, 2023, Swiss companies need to review their obligations regarding data protection. That said, if they are already compliant with the EU General Data Protection Regulation (GDPR), they will only need to make minimal changes to their existing mechanisms to comply with the nFADP.

Some major aspects that businesses need to take note of include prompt notification to authorities, the concept of profiling, the inclusion of genetic and biometric data in the definition of sensitive data, the register of processing activities, and the principles of privacy by design and by default, among others.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : USA

The Equal Employment Opportunity Commission enforced The Pregnant Workers Fairness Act (as part of Title VII of the Civil Rights Act of 1964) in June 2023. The draft of the Regulations to implement the Act has been proposed in the last week for comments.

Any commercial organisation employing 15 or more employees comes within the purview of applicability of this Act. While a reasonable exemption of "undue hardship for employers" has been laid down by the Act, the Covered entities are mainly required to provide accommodation to employees for all kinds of pregnancy-related medical conditions.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : India

Finally..! India is just a step away from having its own comprehensive data protection framework. The Digital Personal Data Protection Bill, 2023 has been passed by Rajya Sabha today.

The highlights of the Bill have been the consent mechanism, use of personal data for the legitimate use, security measures to prevent data breaches, and hefty fines laid down in case of non-compliances like never before.

Although the Bill is still being debated and deliberated upon by many industry experts for certain provisions, India surely has achieved an important milestone by creating its own framework of data protection.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : India

The Jan Vishwas (Amendment of Provisions) Bill, 2023, passed by Lok Sabha and Rajya Sabha in the recent past, has multi-fold effects on the Compliance behaviour of India Inc.

The Bill seeks to decriminalise certain offences in more than 180 provisions across 42 Central Acts governed by 19 Ministries/Departments. Some of the important Acts covered by the Bill, from the statutory and regulatory compliance point of view, include Legal Metrology Act, 2009, Information Technology Act, 2000, Air (Prevention and Control of Pollution) Act, 1981, Environment Protection Act, 1986, Boilers Act, 1923, Motor Vehicles Act, 1988, Patents Act, 1970, Trade Marks Act, 1999, Copyright Act, 1957, Food Safety and Standards Act, 2006, etc.

Decriminalisation is proposed to be achieved by removing imprisonment and fine from some provisions, removing imprisonment and retaining fine for some, removing imprisonment and increasing fine for some, converting imprisonment and fine into penalty and by compounding offences for few provisions.

In addition to ease of doing business, businesses will no longer be burdened by irrational fear of imprisonment for minor technical defaults. More importantly, from the perspective of having an effective compliance mechanism, the steps such as pragmatic approach towards compliance and rationalised penalties for offences were long due from the Government.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : USA and Singapore

Watch out for these additional compliances in case of cybersecurity incidents or online criminal activities.

The U.S. Securities and Exchange Commission has recently adopted new Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure under which Public Companies are required to disclose material cybersecurity incidents within 4 business days of determining such incidents to be material.

Singapore, in the recent past, has also passed the Online Criminal Harms Act which counters online criminal activities and scams and aims at safeguarding users against online harms. Regulators have been empowered to mandate online service providers with some immediate compliance actions in case of even mere suspicion.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : Sri Lanka

Companies operating in Sri Lanka should take a relook at their ABAC programme in view of the new Anti-Corruption Act passed in the last week. The applicability of this Act extends to employees or directors of private sector entities as well (Section 106).

As part of the regulatory change management process, updation of ABAC policies and holding awareness programmes for stakeholders could be a good start.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : EU

EU finally agrees that US ensures sufficient levels of protection for personal data transferred from the EU to US companies. The adequacy decision has been passed by the European Commission on 10 July 2023 concluding safe data flows between companies complying with the new EU-U.S. Data Privacy Framework.

As a result, companies need to take into account the new EU-U.S. Data Privacy Framework to ensure compliance in case of such data flows.

Stay tuned @FlaggGRC for more #GRCbytes.

#GRCbytes : USA - Delaware

It is that time of the year again to take note of the proposed amendments of 2023 to Delaware General Corporation Law (DGCL). Delaware being the most common and popular State of incorporation, DGCL is one of the most relevant laws for USA as well as non-USA companies. It is reviewed every year so that it can address the rapidly changing corporate/business environment.

Stay tuned @FlaggGRC Ventures LLP for more #GRCbytes.

#GRCbytes : Canada

Canada passed Modern Slavery Act recently in 2023. The other jurisdictions where such laws are already effective include UK, Australia, State of California, etc. The compliances given under modern slavery laws should form important part of organisations' compliance universe and supply chain risk management programmes. These legislations aim at tackling human trafficking, forced labour, child labour, bonded labour, etc. in supply chains.

Stay tuned @FlaggGRC Ventures LLP for more #GRCbytes.