Spotlight
#GRC Bytes
#GRCbytes : European Union (EU)
The first ever comprehensive law on Artificial Intelligence (AI) has been approved by the European Parliament to regulate the use of AI in the European Union.
It introduces a framework for categorizing AI systems with different requirements and obligations based on a "risk-based approach." Some AI systems that carry unacceptable risks are prohibited. A variety of AI systems considered "high-risk," which could significantly affect people's health, safety, or fundamental rights, are authorised but must comply with a set of regulations to enter the EU market. AI systems with limited transparency are subject to requirements regarding information and transparency requirements, while those posing only minimal risks are exempt from further obligations. Additionally, the regulation outlines specific guidelines for general-purpose AI (GPAI) models and imposes stricter measures on GPAI models with high-impact-capabilities that could cause systemic risks or have a significant impact on the EU's internal market.
The regulation will enter into force 20 days after its publication in the Official Journal of the EU and, with certain exceptions, will be fully applicable for 24 months after its entry into force.
See More
#GRCbytes : Canada
Canada passed Modern Slavery Act recently in 2023. The other jurisdictions where such laws are already effective include UK, Australia, State of California, etc. The compliances given under modern slavery laws should form important part of organisations' compliance universe and supply chain risk management programmes. These legislations aim at tackling human trafficking, forced labour, child labour, bonded labour, etc. in supply chains.
Stay tuned @FlaggGRC Ventures LLP for more #GRCbytes.
#GRCbytes : USA - Delaware
It is that time of the year again to take note of the proposed amendments of 2023 to Delaware General Corporation Law (DGCL). Delaware being the most common and popular State of incorporation, DGCL is one of the most relevant laws for USA as well as non-USA companies. It is reviewed every year so that it can address the rapidly changing corporate/business environment.
Stay tuned @FlaggGRC Ventures LLP for more #GRCbytes.
#GRCbytes : EU
EU finally agrees that US ensures sufficient levels of protection for personal data transferred from the EU to US companies. The adequacy decision has been passed by the European Commission on 10 July 2023 concluding safe data flows between companies complying with the new EU-U.S. Data Privacy Framework.
As a result, companies need to take into account the new EU-U.S. Data Privacy Framework to ensure compliance in case of such data flows.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : Sri Lanka
Companies operating in Sri Lanka should take a relook at their ABAC programme in view of the new Anti-Corruption Act passed in the last week. The applicability of this Act extends to employees or directors of private sector entities as well (Section 106).
As part of the regulatory change management process, updation of ABAC policies and holding awareness programmes for stakeholders could be a good start.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : USA and Singapore
Watch out for these additional compliances in case of cybersecurity incidents or online criminal activities.
The U.S. Securities and Exchange Commission has recently adopted new Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure under which Public Companies are required to disclose material cybersecurity incidents within 4 business days of determining such incidents to be material.
Singapore, in the recent past, has also passed the Online Criminal Harms Act which counters online criminal activities and scams and aims at safeguarding users against online harms. Regulators have been empowered to mandate online service providers with some immediate compliance actions in case of even mere suspicion.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : India
The Jan Vishwas (Amendment of Provisions) Bill, 2023, passed by Lok Sabha and Rajya Sabha in the recent past, has multi-fold effects on the Compliance behaviour of India Inc.
The Bill seeks to decriminalise certain offences in more than 180 provisions across 42 Central Acts governed by 19 Ministries/Departments. Some of the important Acts covered by the Bill, from the statutory and regulatory compliance point of view, include Legal Metrology Act, 2009, Information Technology Act, 2000, Air (Prevention and Control of Pollution) Act, 1981, Environment Protection Act, 1986, Boilers Act, 1923, Motor Vehicles Act, 1988, Patents Act, 1970, Trade Marks Act, 1999, Copyright Act, 1957, Food Safety and Standards Act, 2006, etc.
Decriminalisation is proposed to be achieved by removing imprisonment and fine from some provisions, removing imprisonment and retaining fine for some, removing imprisonment and increasing fine for some, converting imprisonment and fine into penalty and by compounding offences for few provisions.
In addition to ease of doing business, businesses will no longer be burdened by irrational fear of imprisonment for minor technical defaults. More importantly, from the perspective of having an effective compliance mechanism, the steps such as pragmatic approach towards compliance and rationalised penalties for offences were long due from the Government.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : India
Finally..! India is just a step away from having its own comprehensive data protection framework. The Digital Personal Data Protection Bill, 2023 has been passed by Rajya Sabha today.
The highlights of the Bill have been the consent mechanism, use of personal data for the legitimate use, security measures to prevent data breaches, and hefty fines laid down in case of non-compliances like never before.
Although the Bill is still being debated and deliberated upon by many industry experts for certain provisions, India surely has achieved an important milestone by creating its own framework of data protection.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : USA
The Equal Employment Opportunity Commission enforced The Pregnant Workers Fairness Act (as part of Title VII of the Civil Rights Act of 1964) in June 2023. The draft of the Regulations to implement the Act has been proposed in the last week for comments.
Any commercial organisation employing 15 or more employees comes within the purview of applicability of this Act. While a reasonable exemption of "undue hardship for employers" has been laid down by the Act, the Covered entities are mainly required to provide accommodation to employees for all kinds of pregnancy-related medical conditions.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : Switzerland
With the New Federal Act on Data Protection (nFADP) having come into effect on September 1, 2023, Swiss companies need to review their obligations regarding data protection. That said, if they are already compliant with the EU General Data Protection Regulation (GDPR), they will only need to make minimal changes to their existing mechanisms to comply with the nFADP.
Some major aspects that businesses need to take note of include prompt notification to authorities, the concept of profiling, the inclusion of genetic and biometric data in the definition of sensitive data, the register of processing activities, and the principles of privacy by design and by default, among others.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : Singapore
Monetary Authority of Singapore (MAS) reaffirms the significance of a risk-based approach.
Through a recent Circular addressed to all CEOs of Financial Institutions (FIs) in Singapore, MAS mandates that FIs must consider reputational, legal and operational risks when implementing unilateral sanctions imposed by other jurisdictions. FIs are required to take appropriate measures to manage these risks.
FIs should establish processes to effectively detect and manage sanctions-related risks. MAS expects the boards and senior management of FIs to provide oversight of sanctions-related risks, strengthen their sanction-risk detection capabilities and review their AML/CFT (Anti-Money Laundering/Countering the Financing of Terrorism) frameworks and controls.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : Australia
Australia has recently embraced technological advancements in modernising business communication within companies through a significant amendment to its Corporation Act.
Previously, only specific documents under the Act could be electronically signed or executed. Members of the company, registered scheme, corporate collective investment vehicles (CCIVs) or disclosing entities could choose to receive only meeting related documents in electronic form. Additionally, the consent of directors was a prerequisite for conducting meetings using technology.
The amended Act now extends the scope of electronic signing or execution to cover all documents except those to be submitted to the Australian Securities and Investment Commission (ASIC), the registrar or the takeover panel. Furthermore, the members now have the option to receive any documents in electronic form. The Act no longer necessitates director consent for utilising any reasonable technology to conduct meetings.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : Singapore
Singapore has taken a pioneering step by launching its new Intangible Disclosure Framework for 2023. Its goal is to provide consistent information about the value of intangible assets within enterprises. This Framework will aid stakeholders in making informed assessments of businesses and their prospects in the financial market. Enterprises are obligated to disclose the nature and characteristics of intangible assets, including a brief description and how they were acquired or attained. These disclosures must be included in their annual reports or standalone reports.
The Framework defines intangible asset as "a non-monetary resource that manifests itself by its economic properties, it does not have physical substance but grants rights and/or economic benefits to its owner". It categorizes intangibles into six categories: marketing-related, customer-related, artistic-related, contract-related, technology-related, and human capital-related. This includes patents, brand value, registered designs, and more. The key principles of the Framework are anchored in four pillars (SIMM Pillars): the Strategy pillar, Identification pillar, Measurement pillar, and Management pillar.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : USA
The risk of harassment and discrimination is one of the most challenging issues for companies to combat, despite ongoing governance efforts.
The U.S. Equal Employment Opportunity Commission (EEOC) recently proposed the "Enforcement Guidance on Harassment in the Workplace" to provide clearer enforcement of existing laws and to address changes in laws, including those influenced by the #MeToo movement, online harassment, etc.
The proposed Guidance focuses on three key components of a harassment claim - covered bases and causation, discrimination with respect to a term, condition, or privilege of employment, and liability of employers.
Discrimination and harassment are taking on new forms due to technological and social advancements. Therefore, employers must stay informed about any new regulatory regimes being issued by regulators to effectively address these evolving issues.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : USA - California
It is worth noting the governance aspect of the ESG initiatives taken by various governments, such as the Voluntary Carbon Market Disclosures Act issued by the California government.
Companies offering carbon offsets now face increased compliance scrutiny. Entities involved in marketing or selling voluntary carbon offsets are now mandated to disclose specific project details on their websites. This information encompasses the durability period, accountability, the specific protocols used for estimating emission reductions, any third-party validation of project attributes, and the calculation methods needed for independent verification of emissions, among other requirements.
Entities claiming net zero emissions must also disclose how they determined the accuracy of such claims, including the interim progress made toward these goals.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : India
SEBI has once again emphasized the importance of ease of doing business and encouraged compliance. This was achieved through the revision of the Master Circular pertaining to fundraising by issuing debt securities for large companies (LCs).
Large companies are required to secure a minimum of 25% of their qualified borrowings through the issuance of debt securities. These requirements must be fulfilled over a consecutive three-year period. The revised framework introduces incentives and disincentives while also providing a clearer definition of qualified borrowings. Stock Exchanges have also been required to identify LCs and calculate incentives / disincentives.
SEBI has taken these measures in consideration of the current market conditions and with the aim of advancing the corporate bond markets.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : India
The Indian Government has launched two pivotal initiatives, the Green Credit Program and the Ecomark scheme, as part of the broader 'Lifestyle for Environment' (LiFE) movement. These initiatives are designed to motivate corporations and an array of industries to adopt ecologically responsible measures for the protection, preservation, and conservation of the environment.
The Green Credit Program offers incentives to corporations through a market-driven mechanism, generating "green credits" for environmentally beneficial actions. Corporations can accumulate these credits by engaging in various activities such as tree plantation, water management, sustainable agriculture, waste management, air pollution reduction, mangrove conservation and restoration, Ecomark label development, and sustainable building and infrastructure.
Meanwhile, the Ecomark scheme accredits and labels environmentally-friendly household products, ensuring transparency and accuracy. Products that display the Ecomark under this scheme guarantee transparency and provide accurate information about their environmental characteristics while preventing any deceptive or misleading information. The Central Pollution Control Board administers the Ecomark Scheme in partnership with Bureau of Indian Standards (BIS).
Stay tuned @FlaggGRC for more #GRCbytes.
See More
The R of GRC represents Risk.
The R of GRC represents Risk. Risk represents potential consequences of non-compliances. Potential consequences represent priority risk areas. Priority risk areas demand timely remediation or mitigation action. Timely remediation or mitigation is highly achievable through effective automated workflows customised for each area of risk.
The R of GRC represents Risk.
The R of GRC represents Risk. Risk represents potential consequences of non-compliances. Potential consequences represent priority risk areas. Priority risk areas demand timely remediation or mitigation action. Timely remediation or mitigation is highly achievable through effective automated workflows customised for each area of risk.
#GRCbytes : European Union (EU)
The first ever comprehensive law on Artificial Intelligence (AI) has been approved by the European Parliament to regulate the use of AI in the European Union.
It introduces a framework for categorizing AI systems with different requirements and obligations based on a "risk-based approach." Some AI systems that carry unacceptable risks are prohibited. A variety of AI systems considered "high-risk," which could significantly affect people's health, safety, or fundamental rights, are authorised but must comply with a set of regulations to enter the EU market. AI systems with limited transparency are subject to requirements regarding information and transparency requirements, while those posing only minimal risks are exempt from further obligations. Additionally, the regulation outlines specific guidelines for general-purpose AI (GPAI) models and imposes stricter measures on GPAI models with high-impact-capabilities that could cause systemic risks or have a significant impact on the EU's internal market.
The regulation will enter into force 20 days after its publication in the Official Journal of the EU and, with certain exceptions, will be fully applicable for 24 months after its entry into force.
#GRCbytes : Singapore
Training by a competent trainer is a significant component of an effective corporate compliance program. This notion was recently reinforced by the Ministry of Manpower, Singapore through an amendment to the Workplace Safety and Health Act, 2006.
The Workplace Safety and Health (General Provisions) (Amendment) Regulations 2024, effective from 1 March 2024, have introduced two new regulations: Regulation 38A and 38B.
Regulation 38A categorizes industries such as construction, manufacturing, marine, and transport and storage as high-risk industries. Moreover, it mandates that every regulated entity conducting business in Singapore, whether of a general or high-risk nature, must ensure that at least one specified officer has successfully completed a Top Executive Workplace Safety and Health Program offered by a training provider approved by the Commissioner.
A fine not exceeding $20,000 and incremental penalties for continuing offenses have been stipulated as the penalties for any contravention of this compliance upon conviction.
*Source - Original notifications published by the Government.
#GRCbytes : Global
The Financial Action Task Force (FATF), the global watchdog, has published a fresh list of jurisdictions under Increased Monitoring, known as the “grey list,” in relation to money laundering, terrorist financing, and proliferation financing.
The FATF continually identifies and reviews jurisdictions with strategic AML/CFT deficiencies that pose a risk to the international financial system and closely monitors their progress. Jurisdictions under increased monitoring are actively working with the FATF to address strategic deficiencies in their regimes to counter money laundering, terrorist financing, and proliferation financing.
Among the recent updates, the UAE, Uganda, Gibraltar, and Barbados have been removed from the watchlist due to the enhanced effectiveness of their AML/CFT regimes. Conversely, Kenya and Namibia have been newly added to the list. Meanwhile, Croatia, the Democratic Republic of Congo, Nigeria, the Philippines, South Africa, among many others, continue to work on implementing their action plans to address strategic deficiencies.
Companies operating in these jurisdictions must consider the direct or indirect obligations stemming from FATF action plans when developing or upgrading their AML/CFT programs.
*Source - Original notifications published by the FATF.
#GRCbytes : UK
Comply or Explain!
The Financial Reporting Council recently published the 2024 revision of the UK Corporate Governance Code. The Code is applicable to all companies with a premium listing, whether incorporated in the UK or elsewhere.
Instead of outlining a rigid set of rules, the Code provides flexibility through 'comply or explain' reporting against the Provisions. The Code acknowledges that an alternative to complying with a Provision may be beneficial or necessary for a company in specific circumstances based on a variety of factors, including the company's size, complexity, geography, and ownership structure.
The 2024 Code will apply to financial years starting on or after 1 January 2025, with the exception of provision 29, which will come into effect for financial years beginning on or after 1 January 2026.
The Code is structured into five sections : Board Leadership and Company Purpose; Division of Responsibilities; Composition, Succession and Evaluation; Audit, Risk and Internal Control; and Remuneration.
*Source - Original notifications published by the Government.
#GRCbytes : India
The Ministry of Steel has issued the Steel and Steel Products (Quality Control) Order, 2024, superseding the Quality Control Order of 2020 in several regards.
The new Order requires goods and articles to be accompanied by a test certificate for specified goods and articles with each consignment, along with the test certificate bearing the Standard Mark of input material issued by BIS certified manufacturers. Furthermore, the Order specifies products that must be made from tin plate and tin free steel as input materials, which should bear the Standard Mark and be accompanied by a test certificate.
Importantly, the Order does not apply to steel and steel products manufactured domestically for export, provided they adhere to any other specifications required by foreign buyers.
*Source - Original notifications published by the Government.
#GRCbytes : UK
Employers should take heed of the latest amendments outlined in the Statutory Paternity Pay (Amendment) Regulations 2024, which modify the Statutory Paternity Pay and Statutory Adoption Pay (General) Regulations 2002, along with several related Regulations.
These amendments entail alterations to the notice and evidence requirements, the 'qualifying period' during which statutory paternity pay claims are applicable, and the existing limitation allowing statutory paternity pay to be claimed only in a single block of either one or two weeks. The amendments became effective on March 8, 2024.
*Source - Original notifications published by the Government.
#GRCbytes : India
Good governance, robust risk management, sound compliance culture, and protection of customers' interest were stated as of paramount importance for the safety and stability of the financial system and individual institutions in the First Monetary Policy Statement of 2024 published by the Reserve Bank of India (RBI) today. The Governor's statement emphasises that RBI expects all regulated entities to accord the highest priority to these functions.
In addition, the RBI responded to questions about the recent Paytm crisis, categorising it as a compliance issue rather than a regulatory deficiency. RBI also announced the issuance of FAQs regarding Paytm payments bank.
#GRCbytes : USA
Wage transparency laws have been rapidly adopted by several States in the USA over the past couple of years. As of now, California, Colorado, Connecticut, Hawaii, Illinois, Maryland, Nevada, New York, Rhode Island, Washington, and the District of Columbia have passed such laws, each with various effective dates. Many other States have introduced and are contemplating enactments to this effect.
These mandates require employers to disclose salary information, either as a range or hourly wage rate, in job postings for open positions. In certain States, employers must also provide a general description of all benefits that will be offered. Civil actions and fines have been specified for non-compliance with these provisions.
*Source - Original notifications published by the Government.
#GRCbytes : India
Technological Advancements in Compliance Processes - A Recent Notification from the Reserve Bank of India (RBI)!
The RBI has recently emphasised the crucial role of technology in enhancing the internal compliance monitoring function. Recognising the need for comprehensive, integrated, enterprise-wide, and workflow-based solutions/tools, the RBI has advised Scheduled Commercial Banks (excluding Regional Rural Banks), Small Finance Banks, Payments Banks, Primary (Urban) Co-operative Banks (Tier III and IV), Upper- and Middle-Layer Non-Banking Financial Companies (including Housing Finance Companies), Credit Information Companies, and All India Financial Institutions (EXIM Bank, NABARD, NaBFID, NHB, and SIDBI) to implement such new systems by 30th June 2024.
This Notification, coupled with the specified deadline, underscores the urgency for these institutions to shift towards embracing technology to streamline and enhance the effectiveness of compliance processes.
*Source - Original notifications published by the Government.
#GRCbytes : India
The Interim Budget 2024-25 encompasses the below key aspects in the context of GRC:
1. The current tax rates and duties, whether direct, indirect, or on imports, remain unchanged. Tax benefits for start-ups and investments by sovereign wealth or pension funds will continue. Additionally, tax exemptions for specific income of some IFSC units have been extended until March 31, 2025.
2. A fund of Rs. 1 Lakh crore will be established, providing a 50-year interest-free loan to the private sector. This initiative aims to enhance research and innovation in emerging areas.
3. Focusing on promoting investment, India has seen a significant increase in FDI from 2014 to 2023. To sustain foreign investment, the country is actively negotiating bilateral investment treaties with international partners, aligning with the principle of 'first develop India'.
4. Under the 'Amrit Kaal' strategy, the government will implement economic policies and provide timely and adequate finances, relevant technologies, and proper training to MSMEs. The goal is to facilitate their growth and global competitiveness. The financial sector will also be strengthened in terms of size, capacity, skills, and regulatory framework to meet investment needs.
5. By 2030, a coal gasification and liquefaction capacity of 100 MT will be established, aiming to reduce the reliance on imports of natural gas, methanol, and ammonia. This move contributes to the promotion of green energy.
6. To support environmentally friendly development, a new program for bio-manufacturing and bio-foundry will be introduced. This initiative aims to offer sustainable alternatives like biodegradable polymers, bio-plastics, bio-pharmaceuticals, and bio-agri-inputs to shift from the current consumption-focused manufacturing approach to one grounded in regenerative principles.
7. The Muft Bijli scheme is anticipated to create entrepreneurship opportunities for numerous vendors involved in supply and installation. Additionally, it will generate employment opportunities for young individuals possessing technical skills in manufacturing, installation, and maintenance.
Source - Original notifications published by the Government.
#GRCbytes : India
The RBI has recognised the need for an effective regulatory approach to strike a balance between harnessing the creative potential of FinTechs and minimising risks to the financial system, as demonstrated by the issuance of the Draft Framework for Self-Regulatory Organisation(s) in the FinTech Sector.
This Framework explains the important characteristics and operations of the FinTech SRO, covering general requirements, membership criteria, key management personnel (KMPs), functions, responsibilities, and more.
The anticipated attributes of the SRO-FT include being development-oriented and representative. Furthermore, it is expected to maintain independence from members' influences, serve as a legitimate arbiter of disputes, act as a repository of information, and foster member adherence to regulatory priorities.
*Source - Original notifications published by the Government.
#GRCbytes : USA
Employers can now rely on the Department of Labor's (DOL) recent clarification to distinguish between workers classified as employees or independent contractors under the Fair Labor Standards Act (FLSA).
The DOL has released the Final Rule on Independent Contractors, set to take effect on March 11, 2024, thereby rescinding the 2021 version of the Rule. This definitive guideline aims to safeguard individuals from potential misclassification issues between employees and independent contractors, as such misclassifications may deprive employees of essential protections and rights under the FLSA.
*Source - Original notifications published by the Government.
#GRCbytes : India
The Good Manufacturing Practices (GMPs) in relation to pharmaceutical products have now evolved into "Good Manufacturing Practices and Requirements of Premises, Plant, and Equipment for Pharmaceutical Products”.
A significant amendment has been issued by the Ministry of Health and Family Welfare in the Drugs and Cosmetics Rules, 1945 Schedule M, addressing the GMPs. This update incorporates essential provisions related to pharmaceutical quality systems, quality risk management, qualification and validation programs, etc. making it comprehensive on a global scale.
The implementation timelines have been categorized based on the size of manufacturers, with Small and Medium Manufacturers (Turnover ≤ 250 crores) given 12 months and Large Manufacturers (Turnover greater then 250 crores) provided with a 6-month timeframe.
*Source - Original notifications published by the Government.Source - Original notifications published by the Government.
#GRCbytes : China
It's time for companies operating in China to reassess their compliance risk impact based on the latest amendment.
Stay tuned @FlaggGRC for more #GRCbytes.
The Standing Committee of the National People's Congress recently passed the 12th amendment, amending the Criminal Law of China and introducing harsher penalties for the offence of bribery. Penalties such as short-term detention, fines, concurrent fines, imprisonment for up to 3, 7 and 10 years have been stipulated for various scenarios of bribery offences. These provisions apply not only to the directors or managers of state-owned companies or enterprises but also to those of other companies or enterprises.
The amendment is set to take effect on March 1, 2024.
*Source - Original notifications published by the Government.
#GRCbytes : UK
Noteworthy Decision by the UK Supreme Court: rejecting patent applications designating artificial intelligence (AI) machine as the inventor. The applications pertained to two potentially patentable inventions: one related to a Food Container and the other to Devices and Methods for Attracting Enhanced Attention, both filed under the UK’s Patents Act, 1977 (the Act).
The Supreme Court reaffirmed that the inventor must be a person, emphasizing that AI machines lack paternity rights as per Section 13(1) of the Act. The Court, citing that 'the statute provides no other mechanism for addressing the non-compliance' rejected both applications.
While the necessity to amend IP legal regimes to adapt to AI is one aspect, AI's entitlement to IP rights may pose a challenge to its legal standing.
*Source - Original publication source of the Decision.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : India
Recently passed by Lok Sabha, the Telecommunications Bill, 2023 aims to replace the Indian Telegraph Act, 1885, and the Indian Wireless Telegraphy Act, 1933.
It necessitates Central Government approval for telecommunications operations and equipment possession. Spectrum allocation, except for specific cases, will occur through auctions. The Bill permits telecommunication interception for security, public order, or crime prevention, with provisions for telecom service suspension. It introduces a right-of-way mechanism for infrastructure installation and includes user protection measures, such as consent for specified messages and a do-not-disturb register.
*Source - Original notifications published by the Government.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : The Philippines
Organizations falling under the purview of personal data controllers in the Philippines are required to take into account the recently issued Circular by the National Privacy Commission (NPC) when interpreting the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations (IRR).
Consent, being one of the pivotal aspects in personal data privacy regimes, has been further explained by the NPC. The Circular provides guidance on what constitutes valid consent, outlining the proper methods for obtaining and managing consent in compliance with the DPA and IRR.
Source - Original notifications published by the Government.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : India
All E-commerce platforms, advertisers and sellers must take note of the new Guidelines for Prevention and Regulation of Dark Patterns, 2023.
The Consumer Protection Authority has outlined 13 specific illustrations of dark pattern practices, including false urgency, basket sneaking, confirm shaming, forced action, subscription trap, interface interference, bait and switch, drip pricing, disguised advertisement, nagging, trick question, SaaS billing, and rogue malware. These illustrations are provided for guidance purposes.
This move is aimed at curtailing manipulative practices in digital commerce, offering clarity to stakeholders, and a more ethical and consumer-friendly online marketplace.
*Source - Original notifications published by the Government.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : USA - New York City
Employers are strongly advised to revisit and enhance their anti-discrimination policies to align with this recent regulatory change.
New York City’s Local Law 61 of 2023 is now in effect, prohibiting discrimination in employment based on a person’s height and weight. This anti-discrimination law aims to ensure equal access to opportunities in employment regardless of an individual’s height and weight, or the combination of both, referred to as “body size”.
The prohibition also extends to other areas such as housing and public accommodations.
Source - Original notifications published by the Government.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : USA - California
It's crucial for employers to pay attention to the notable changes in California's Employment Law. The Governor of California has recently made significant decisions by approving and vetoing key employment law bills. The approved bills will become enforceable laws in 2024.
Several important bills have been given the green light. They address issues such as increase in paid sick leave, re-hiring rights for laid-off workers, leave for reproductive loss, noncompete agreements, mechanisms to prevent violence, employee's history of marijuana use, retaliations, increasing the minimum wage for healthcare workers, among others.
*Source - California Bill Tracker
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : Global
Foreseen as a looming concern, copyright infringement is gaining attention. The accountability for AI tool outcomes remains unclear, posing the pivotal question of responsibility on users or developers.
OpenAI recently announced the Copyright Shield to proactively address potential legal claims related to copyright infringement. Some authors have initiated legal actions, alleging unauthorized use of their work in training advanced AI models. Considering the need to protect users, this Copyright Shield specifically covers generally available features of the enterprise-level AI model and its developer platform.
*Source - OpenAIResearch
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : UK
The UK's Economic Crime and Corporate Transparency Act 2023 (ECCTA) received royal assent on October 26, 2023, marking a significant amendment to the existing Companies Act of 2006. This legislative change aims to address and mitigate the challenges faced in the UK in combating fraud and money laundering.
ECCTA enhances UK Company House registers by mandating document submission through authorized individuals, ensuring accuracy, and empowering the registrar to remove false information. Entities must follow Secretary of State guidelines to prevent fraud, with non-compliance risking criminal liability.
The ECCTA in the UK serves as a positive global model, showcasing stringent reforms and governance in the fight against money laundering, fraud, and corruption.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : Canada
The Canadian Government has proposed the addition of new regulatory requirements to the Occupational Health and Safety Regulations. These Regulations aim to safeguard and protect the health and safety of employees by limiting their exposure to hazardous substances.
The earlier regulation was considered outdated and contained language that was unclear, which had unintended consequences on vital health and safety safeguards for employees. This noticeable shortcoming necessitated a thorough revision of the regulations. The proposed enhancements mark a significant advancement by introducing new requirements related to the management of nanomaterials, addressing thermal stress, non-solar UV radiation, and harmonizing the radon requirement. Moreover, these revisions will provide a framework for addressing situations in which exposure threshold limits had not yet been established. Additionally, they encompass the updating of references to incorporated standards, the harmonization of record-keeping requirements, and the clarification of air-sampling criteria.
The implementation of these new Regulations is expected to greatly reduce the workplace risks that employees face in their work environments.
*Source - Original notification of amendment published by Canada Gazette.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : India
India welcomed a significant development for public companies by allowing them to directly issue specified types of securities on foreign stock exchanges. The Ministry of Corporate Affairs (MCA) notified this change under Section 23 of the Companies Act, 2013, on October 30, 2023.
Previously, Indian companies were exclusively allowed to list their shares on the US stock exchange through American Depository Receipts (ADR) and in any other foreign countries by issuing Global Depository Receipts (GDR). As part of this process, companies were previously required to designate a depository bank, but this requirement will no longer apply. Direct listing of securities on foreign stock exchanges will now entail lower costs and a simpler, more streamlined process, ultimately resulting in faster listing of securities.
While the specific details regarding the conditions and requirements for the direct listing of shares have not yet been revealed, this significant development is expected to bring several advantages to companies. It will grant them access to global markets, potentially result in improved valuation, and make them more appealing to investors worldwide.
*Source - Original notifications published by the Government.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : India
The Indian Government has launched two pivotal initiatives, the Green Credit Program and the Ecomark scheme, as part of the broader 'Lifestyle for Environment' (LiFE) movement. These initiatives are designed to motivate corporations and an array of industries to adopt ecologically responsible measures for the protection, preservation, and conservation of the environment.
The Green Credit Program offers incentives to corporations through a market-driven mechanism, generating "green credits" for environmentally beneficial actions. Corporations can accumulate these credits by engaging in various activities such as tree plantation, water management, sustainable agriculture, waste management, air pollution reduction, mangrove conservation and restoration, Ecomark label development, and sustainable building and infrastructure.
Meanwhile, the Ecomark scheme accredits and labels environmentally-friendly household products, ensuring transparency and accuracy. Products that display the Ecomark under this scheme guarantee transparency and provide accurate information about their environmental characteristics while preventing any deceptive or misleading information. The Central Pollution Control Board administers the Ecomark Scheme in partnership with Bureau of Indian Standards (BIS).
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : India
SEBI has once again emphasized the importance of ease of doing business and encouraged compliance. This was achieved through the revision of the Master Circular pertaining to fundraising by issuing debt securities for large companies (LCs).
Large companies are required to secure a minimum of 25% of their qualified borrowings through the issuance of debt securities. These requirements must be fulfilled over a consecutive three-year period. The revised framework introduces incentives and disincentives while also providing a clearer definition of qualified borrowings. Stock Exchanges have also been required to identify LCs and calculate incentives / disincentives.
SEBI has taken these measures in consideration of the current market conditions and with the aim of advancing the corporate bond markets.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : USA - California
It is worth noting the governance aspect of the ESG initiatives taken by various governments, such as the Voluntary Carbon Market Disclosures Act issued by the California government.
Companies offering carbon offsets now face increased compliance scrutiny. Entities involved in marketing or selling voluntary carbon offsets are now mandated to disclose specific project details on their websites. This information encompasses the durability period, accountability, the specific protocols used for estimating emission reductions, any third-party validation of project attributes, and the calculation methods needed for independent verification of emissions, among other requirements.
Entities claiming net zero emissions must also disclose how they determined the accuracy of such claims, including the interim progress made toward these goals.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : USA
The risk of harassment and discrimination is one of the most challenging issues for companies to combat, despite ongoing governance efforts.
The U.S. Equal Employment Opportunity Commission (EEOC) recently proposed the "Enforcement Guidance on Harassment in the Workplace" to provide clearer enforcement of existing laws and to address changes in laws, including those influenced by the #MeToo movement, online harassment, etc.
The proposed Guidance focuses on three key components of a harassment claim - covered bases and causation, discrimination with respect to a term, condition, or privilege of employment, and liability of employers.
Discrimination and harassment are taking on new forms due to technological and social advancements. Therefore, employers must stay informed about any new regulatory regimes being issued by regulators to effectively address these evolving issues.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : Singapore
Singapore has taken a pioneering step by launching its new Intangible Disclosure Framework for 2023. Its goal is to provide consistent information about the value of intangible assets within enterprises. This Framework will aid stakeholders in making informed assessments of businesses and their prospects in the financial market. Enterprises are obligated to disclose the nature and characteristics of intangible assets, including a brief description and how they were acquired or attained. These disclosures must be included in their annual reports or standalone reports.
The Framework defines intangible asset as "a non-monetary resource that manifests itself by its economic properties, it does not have physical substance but grants rights and/or economic benefits to its owner". It categorizes intangibles into six categories: marketing-related, customer-related, artistic-related, contract-related, technology-related, and human capital-related. This includes patents, brand value, registered designs, and more. The key principles of the Framework are anchored in four pillars (SIMM Pillars): the Strategy pillar, Identification pillar, Measurement pillar, and Management pillar.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : Australia
Australia has recently embraced technological advancements in modernising business communication within companies through a significant amendment to its Corporation Act.
Previously, only specific documents under the Act could be electronically signed or executed. Members of the company, registered scheme, corporate collective investment vehicles (CCIVs) or disclosing entities could choose to receive only meeting related documents in electronic form. Additionally, the consent of directors was a prerequisite for conducting meetings using technology.
The amended Act now extends the scope of electronic signing or execution to cover all documents except those to be submitted to the Australian Securities and Investment Commission (ASIC), the registrar or the takeover panel. Furthermore, the members now have the option to receive any documents in electronic form. The Act no longer necessitates director consent for utilising any reasonable technology to conduct meetings.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : Singapore
Monetary Authority of Singapore (MAS) reaffirms the significance of a risk-based approach.
Through a recent Circular addressed to all CEOs of Financial Institutions (FIs) in Singapore, MAS mandates that FIs must consider reputational, legal and operational risks when implementing unilateral sanctions imposed by other jurisdictions. FIs are required to take appropriate measures to manage these risks.
FIs should establish processes to effectively detect and manage sanctions-related risks. MAS expects the boards and senior management of FIs to provide oversight of sanctions-related risks, strengthen their sanction-risk detection capabilities and review their AML/CFT (Anti-Money Laundering/Countering the Financing of Terrorism) frameworks and controls.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : Switzerland
With the New Federal Act on Data Protection (nFADP) having come into effect on September 1, 2023, Swiss companies need to review their obligations regarding data protection. That said, if they are already compliant with the EU General Data Protection Regulation (GDPR), they will only need to make minimal changes to their existing mechanisms to comply with the nFADP.
Some major aspects that businesses need to take note of include prompt notification to authorities, the concept of profiling, the inclusion of genetic and biometric data in the definition of sensitive data, the register of processing activities, and the principles of privacy by design and by default, among others.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : USA
The Equal Employment Opportunity Commission enforced The Pregnant Workers Fairness Act (as part of Title VII of the Civil Rights Act of 1964) in June 2023. The draft of the Regulations to implement the Act has been proposed in the last week for comments.
Any commercial organisation employing 15 or more employees comes within the purview of applicability of this Act. While a reasonable exemption of "undue hardship for employers" has been laid down by the Act, the Covered entities are mainly required to provide accommodation to employees for all kinds of pregnancy-related medical conditions.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : India
Finally..! India is just a step away from having its own comprehensive data protection framework. The Digital Personal Data Protection Bill, 2023 has been passed by Rajya Sabha today.
The highlights of the Bill have been the consent mechanism, use of personal data for the legitimate use, security measures to prevent data breaches, and hefty fines laid down in case of non-compliances like never before.
Although the Bill is still being debated and deliberated upon by many industry experts for certain provisions, India surely has achieved an important milestone by creating its own framework of data protection.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : India
The Jan Vishwas (Amendment of Provisions) Bill, 2023, passed by Lok Sabha and Rajya Sabha in the recent past, has multi-fold effects on the Compliance behaviour of India Inc.
The Bill seeks to decriminalise certain offences in more than 180 provisions across 42 Central Acts governed by 19 Ministries/Departments. Some of the important Acts covered by the Bill, from the statutory and regulatory compliance point of view, include Legal Metrology Act, 2009, Information Technology Act, 2000, Air (Prevention and Control of Pollution) Act, 1981, Environment Protection Act, 1986, Boilers Act, 1923, Motor Vehicles Act, 1988, Patents Act, 1970, Trade Marks Act, 1999, Copyright Act, 1957, Food Safety and Standards Act, 2006, etc.
Decriminalisation is proposed to be achieved by removing imprisonment and fine from some provisions, removing imprisonment and retaining fine for some, removing imprisonment and increasing fine for some, converting imprisonment and fine into penalty and by compounding offences for few provisions.
In addition to ease of doing business, businesses will no longer be burdened by irrational fear of imprisonment for minor technical defaults. More importantly, from the perspective of having an effective compliance mechanism, the steps such as pragmatic approach towards compliance and rationalised penalties for offences were long due from the Government.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : USA and Singapore
Watch out for these additional compliances in case of cybersecurity incidents or online criminal activities.
The U.S. Securities and Exchange Commission has recently adopted new Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure under which Public Companies are required to disclose material cybersecurity incidents within 4 business days of determining such incidents to be material.
Singapore, in the recent past, has also passed the Online Criminal Harms Act which counters online criminal activities and scams and aims at safeguarding users against online harms. Regulators have been empowered to mandate online service providers with some immediate compliance actions in case of even mere suspicion.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : Sri Lanka
Companies operating in Sri Lanka should take a relook at their ABAC programme in view of the new Anti-Corruption Act passed in the last week. The applicability of this Act extends to employees or directors of private sector entities as well (Section 106).
As part of the regulatory change management process, updation of ABAC policies and holding awareness programmes for stakeholders could be a good start.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : EU
EU finally agrees that US ensures sufficient levels of protection for personal data transferred from the EU to US companies. The adequacy decision has been passed by the European Commission on 10 July 2023 concluding safe data flows between companies complying with the new EU-U.S. Data Privacy Framework.
As a result, companies need to take into account the new EU-U.S. Data Privacy Framework to ensure compliance in case of such data flows.
Stay tuned @FlaggGRC for more #GRCbytes.
#GRCbytes : USA - Delaware
It is that time of the year again to take note of the proposed amendments of 2023 to Delaware General Corporation Law (DGCL). Delaware being the most common and popular State of incorporation, DGCL is one of the most relevant laws for USA as well as non-USA companies. It is reviewed every year so that it can address the rapidly changing corporate/business environment.
Stay tuned @FlaggGRC Ventures LLP for more #GRCbytes.
#GRCbytes : Canada
Canada passed Modern Slavery Act recently in 2023. The other jurisdictions where such laws are already effective include UK, Australia, State of California, etc. The compliances given under modern slavery laws should form important part of organisations' compliance universe and supply chain risk management programmes. These legislations aim at tackling human trafficking, forced labour, child labour, bonded labour, etc. in supply chains.
Stay tuned @FlaggGRC Ventures LLP for more #GRCbytes.