Shein steps up compliance after fines over data and greenwashing

🔔 Top Stories

Shein steps up compliance after fines over data and greenwashing

Shein is reworking its compliance and governance setup after regulatory pushback. The company formed a Business Integrity Group combining compliance, governance, and external affairs. Internal audits are being expanded, and stronger controls rolled out in markets like the U.S., Canada, Brazil, and Mexico. Read more.

U.S. sanctions Turkish, Chinese & Emirati firms over Iran drone support

The U.S. added 29 entities (from China, Turkey, UAE) to its sanctions list for facilitating supply chains for Iranian drone programs. These companies were accused of procuring U.S. electronics used in weaponized drones by Iranian proxies (e.g. Houthis, Hamas). Sanctions include firms that moved U.S.-origin products into Iran, transshipped components, or maintained networks aiding procurement of restricted items. Read more.

Readiness checklist for U.S. federal construction compliance

Federal construction projects funded by the U.S. government must meet strict compliance standards under laws such as Build America, Buy America (BABA) and Davis-Bacon. Many contractors fall short due to missing certifications, weak documentation of material origins, and inconsistent wage compliance across state and federal funding. Other common issues include outdated policies, poor subcontractor oversight, and lack of internal audits. Read more.

🧠 Expert Take

There is the law, there are the facts, and then there’s the application of judgement to what those facts mean in the legal construct. Same exact thing in compliance. There are the regs. There is the activity, you know, going on, there’s maybe not a bright line answer, and that’s when, you know, having help from older folks or people more experienced than you is really what you’re looking for, or at least as experienced as you.  Richard Szuch, attorney and former regulator.

🧰 Compliance Toolkit

Supply Chain Risk Management Tools

Planet Compliance lists key tools for supply chain risk management, especially for those managing digital, environmental, or vendor risks. Exported from their review: JFrog, InsightAppSec, GitLab, CircleCI, CrowdStrike, Docker, Wiz, TrustInSoft, Hdiv Detection (Datadog), Snyk, etc. 

These tools help in:

• Visibility/mapping of supplier relationships

• Vulnerability scanning and software bill-of-materials (SBOM) checks

• Monitoring third-party vendor cybersecurity posture

• Forecasting environmental risks (weather, disruptions)

Tip: selecting tools is not a silver bullet. Combine technology with governance, due diligence, and continuous monitoring

🎟️ Upcoming Event

VantaCon 2025

📍 San Francisco |  Nov 19, 2025 

VantaCon is Vanta’s flagship compliance & security conference. It brings together practitioners, thought leaders, and solution providers from compliance, security, audit, and risk management domains. 

🗳️ Your Compliance Take

Cast your vote and we will share the results in our next edition.

📩 We’ll share the results in Thursday’s issue.

Showcase your brand/product/services in our newsletter and reach over 86,000 industry leaders in compliance! Contact us today to advertise with PlanetCompliance.