Regulatory Fines Continue to Grow
Since the turn of the century, various corporate breaches, accounting fraud, and privacy violations have generated a long list of new regulations, including Sarbanes-Oxley (SOX), PCI-DSS, HIPAA, JSOX, UK SOX, GDPR, NERC-CIP, FedRAMP, and others. In 2002, following corporate fraud scandals at Enron, SOX regulations targeted information technology general controls (ITGCs) specifically aimed at access. These regulatory initiatives place the onus on organizations to proactively comply. Violating any of these regulations is costly, and there is a solid track record of enforcement. Here are some recent data points to consider:
- In 2020 alone, banks were fined $14.2 Billion for non-compliance, with the United States accounting for 78% of issued fines.
- In August 2020, consumer credit reporting agency Equifax paid $575 Million in penalties and settlement costs for poor data security.
- JP Morgan was fined $125 Million in 2021 for failing to implement compliance controls.