For most companies, supply chain risk management traditionally focuses on managing physical third-party risks. But what the SolarWinds cyber-attack revealed is the catastrophic havoc fourth and fifth parties can also wreak in the often-ignored cloud supply chain.
Cybersecurity
Posted inInternal Controls
Assessing 2020: Lessons learned for the financial crime landscape
This year has been one most of us would like to forget. As we look toward 2021, nevertheless, it is worth considering lessons learned over the last 12 months and (where possible) drawing on any positives that have come to light regarding the financial crime landscape.
Posted inRisk Management
Cyber-security lessons from the SolarWinds hack
The lessons from the massive SolarWinds hack on where vulnerabilities still lurk in the third-party vendor supply chain cannot be grasped soon enough.
Posted inEurope
Twitter’s tiny $547K GDPR fine leaves many scratching their heads
Ireland’s first major decision against a Big Tech company under the GDPR has stirred controversy as the country’s data regulator hit Twitter with an underwhelming €450,000 (U.S. $547,000) fine for a 2018 data breach.
Posted inEurope
Five challenges for European CCOs heading into 2021
Many of the problems European compliance officers faced in 2020 will remain in place going into the new year, but new risks and new regulations will also present new challenges.
Posted inRisk Management
Preparation, monitoring key to combating third-party cyber-security risk
A spate of recent cyber-security breaches occurring via third parties is a reminder of the importance for companies to stay on top of risk management. Regulators have shown to not take kindly to finger-pointing.
Posted inEurope
Cryptocurrency’s future: What compliance needs to know
Cryptocurrency is complicated, but it’s not going away anytime soon. David Povey of the ICA takes a look at what regulators are trying to do and offers tips on where compliance officers can go to study this complex topic further.
Posted inEurope
Ticketmaster UK fined $1.6M under GDPR for 2018 data breach
The U.K. Information Commissioner’s Office fined Ticketmaster £1.25 million (U.S. $1.6 million) for its failures relating to a 2018 data breach by a third party.
Posted inRisk Management
OCC report: Banks sound, but compliance risks elevated amid pandemic
The U.S. banking industry is stable nearly nine months into the coronavirus pandemic, but the OCC warns of increased risks for banks seeking to comply with the Bank Secrecy Act and consumer protection and fair lending requirements.
Posted inAccounting & Auditing
Audit committee best practices for understanding and acting on cyber-threats
Cyber-security risk oversight is the area with the greatest increase in audit committee disclosures in proxy statements, so you better make sure you’ve got a handle on understanding your responsibilities.
