This isn’t just a European story. GDPR caught global businesses off guard. This is for everyone. The directive is already in force. And like GDPR before it, the organisations caught off guard won’t be the ones who didn’t know about it. They’ll be the ones who assumed it didn’t apply to them.
Third Party Risk
Posted inThird Party Risk
U.K. financial firms urged to prepare for operational and third-party incident reporting changes
Financial services firms in the U.K. must prepare now for new reporting rules aimed to promote operational resilience in the face of increasing global threats.
Posted inThird Party Risk
The Safe Bridge to the Americas: How data technology protects American companies
The government procurement market in Latin America represents a multi-billion dollar opportunity for American corporations, especially in the information technology, infrastructure, and medical equipment sectors.
Posted inOpinion
Iran blockade: 5 top tips for compliance officers
The continuing United States and Israel-led campaign against Iran and the blockade of the Strait of Hormuz have created numerous difficulties for companies both directly and indirectly. Experts set out the top five key issues that compliance officers face due to the ongoing situation in Iran:
Posted inOpinion
The third party you forgot to vet: AI tools and the TPRM blind spot in manufacturing
AI tools are arriving through the back door of enterprise software — no contract, no due diligence, no TPRM trigger — and most manufacturing compliance functions have no idea they are already inside.
Posted inAnti-Bribery
How to establish an anti-corruption and anti-bribery compliance program
The U.K. unveiled a new Anti-Corruption Strategy in December 2025, just as the EU unveiled its first Anti-Corruption Directive. Both jurisdictions have signalled that they are keen to push back on rising risks of corruption. But many organizations have no formal anti-corruption measures. Where should compliance start?
Posted inBest Practices
A framework for human-accountable automation in vendor oversight
Artificial Intelligence is accelerating the oversight of third parties, allowing for faster workflows, more consistency and more scalable decision-making. It may also help reinforce ethical standards by making certain checks more systematic.
Posted inTechnology
The third party you forgot to vet: AI tools and the TPRM blind spot in manufacturing
AI tools are arriving through the back door of enterprise software — no contract, no due diligence, no TPRM trigger — and most manufacturing compliance functions have no idea they are already inside, writes Lydia Montalbano.
Provided by
The State of Third-Party Risk Assessments 2026: Benchmarking the Maturity Gap
In this Compliance Week webinar, we’ll explore the most compelling findings from the report, based on independent global research conducted in collaboration with the Ponemon Institute and informed by responses from more than 1,400 third-party risk leaders and practitioners.
Posted inThird Party Risk
Hidden supply-web risks in MSPs and MSSP contracts
Governance failures embedded in standard agreements are amplifying organizations’ exposure to cyber incidents by failing to account for modern supply-chain realities, where third- and fourth-party vendors, cloud platforms, subcontractors create a cascading risk far beyond the contracting entity.
