All Third Party Risk articles – Page 13
-
Article
Suez Canal blockage serves as reminder for key supply chain risk lessons
The grounding of the Ever Given is the latest unexpected incident to cause severe supply chain disruptions around the world. The lessons learned from others, such as the coronavirus pandemic, are just as relevant, writes Aaron Nicodemus.
-
Article
Kroger joins victims of Accellion data breach
Two months after cloud service vendor Accellion first identified one of its legacy products was targeted by a sophisticated cyber-attack, users of the product continue to feel the impact, with grocery chain Kroger the latest to reveal its exposure.
-
Article
Done right, outsourcing compliance can be rewarding
Should you consider outsourcing some of your firm’s compliance functions? Perhaps, even, all of them? The answer is complicated and requires a thorough analysis of the risks and rewards.
-
Resource
White paper: Rethinking Third-Party Cyber Risk Management
This guide will help you better understand the choices before you, no matter if your organization hasn’t even cracked the seal on third party cyber risk management.
-
Article
SolarWinds hack turning into Pandora’s box of cyber-risk
The more we learn about the SolarWinds hack, the more troubled compliance officers should be by the scope and breadth of the risks their companies might have incurred.
-
Article
Norwegian DPA warns Grindr of $11.7M GDPR fine
Norway’s data privacy watchdog issued gay dating app Grindr with a notice of intention to fine it NOK 100 million (U.S. $11.7 million) for sharing personal data with third parties without users’ consent.
-
Article
Deutsche Bank to pay $130M to settle bribery, ‘spoofing’ charges
Deutsche Bank has agreed to pay more than $130 million to resolve charges that it paid bribes to third parties to secure business deals in Asia and the Middle East, in addition to a separate commodities fraud “spoofing” case.
-
Article
Learning from SolarWinds: Five steps to fortify your cloud supply chain
For most companies, supply chain risk management traditionally focuses on managing physical third-party risks. But what the SolarWinds cyber-attack revealed is the catastrophic havoc fourth and fifth parties can also wreak in the often-ignored cloud supply chain.
-
Article
Cyber-security lessons from the SolarWinds hack
The lessons from the massive SolarWinds hack on where vulnerabilities still lurk in the third-party vendor supply chain cannot be grasped soon enough.
-
Article
Preparation, monitoring key to combating third-party cyber-security risk
A spate of recent cyber-security breaches occurring via third parties is a reminder of the importance for companies to stay on top of risk management. Regulators have shown to not take kindly to finger-pointing.
-
Article
Trio of U.K. fines expose third-party risks under GDPR
Recent GDPR fines against British Airways, Marriott, and Ticketmaster by the U.K. Information Commissioner’s Office each saw the regulator dismiss claims by the companies that third parties were primarily responsible for the data breaches in question.
-
Article
Ticketmaster UK fined $1.6M under GDPR for 2018 data breach
The U.K. Information Commissioner’s Office fined Ticketmaster £1.25 million (U.S. $1.6 million) for its failures relating to a 2018 data breach by a third party.
-
Article
New bank resiliency guidance tackles cyber-risk, pandemic planning
Federal banking regulators have released new operational resiliency guidance aimed to strengthen risk management around technology-based failures, cyber-incidents, pandemic outbreaks, natural disasters, and more.
-
Article
Bribes, falsified records cost Beam Suntory $19.6M in FCPA settlement
Alcoholic beverage maker Beam Suntory agreed to pay $19.6 million to resolve Foreign Corrupt Practices Act charges of improper payments by its Indian subsidiary.
-
Article
OCC deems ‘true lenders’ responsible for actions of third-party partners
The Office of the Comptroller of the Currency’s finalized “true lender” rule clarifies how banks are responsible for the compliance obligations and actions of their third-party lending partners.
-
Article
Berkshire Hathaway fined $4.1M for Iran sanctions violations
The U.S. Department of the Treasury’s Office of Foreign Assets Control assessed a $4.1 million fine against Berkshire Hathaway for “egregious” violations of sanctions against Iran committed by a subsidiary in Turkey.
-
Article
Best practices for M&A cyber-security due diligence in a virtual world
The slowdown in mergers and acquisitions in the early stages of the coronavirus pandemic in March is waning, and M&A activity is approaching pre-pandemic levels again, with cyber-security risk now the top concern.
-
Article
OCC fines Morgan Stanley $60M for data inventory risk failures
Morgan Stanley has agreed to pay $60 million as part of a settlement with the OCC for failing to adequately protect customer data when the bank decommissioned two U.S.-based wealth management data centers.
-
Resource
e-Book: Mind the Gap — Where Third-Party Risk Management Programs Fall Short
This e-Book from Compliance Week and Aravo reveals the results of the “2020 TPRM Benchmarking Survey.”
-
Article
Carreyrou at TPRM: Theranos warning signs were there, but partners failed to spot them
John Carreyrou explained to third-party risk professionals at CW’s TPRM Virtual Summit that the mistakes made by Theranos’s business partners were entirely preventable—had they done their proper due diligence.