TPRM 2021: What to do before, during, and after a ransomware attack
Two risk and compliance practitioners opened their cyber-playbooks at CW’s TPRM virtual event, explaining how to identify and address vulnerabilities, establish transparency with vendors, and strengthen an organization’s incident management program.
Assessing yet another ransomware attack on critical supplier (JBS)
Meatpacker JBS USA has become the latest critical infrastructure company to be targeted by a ransomware attack, which temporarily halted its global operations. The attack brings with it implications for the food and agriculture industries.
New NIST revisions expand scope of cyber supply chain risk management guidance
The National Institute of Standards and Technology is seeking comment on a revised version of its cyber supply chain risk management guidance that is intended for a broader audience of public and private companies.
CPE Webcast: TPCRM best practices that reduce supply chain risk
Organizations are adopting digital transformation and, as a result, increasing their reliance on third parties faster than they can scale their third-party cyber-risk management programs.
German supply chain draft legislation expected to have far-reaching effect
Companies of a certain size with ties to Germany must soon establish robust due diligence procedures to prevent human rights and environmental abuses both within the course of their own business activities and within their global supply chains.
Guiding FedEx through pandemic, Justin Ross named CCO of the Year
Companies across the globe faced a true test of competency this past year. FedEx passed the challenge with flying colors under the oversight of Justin Ross, CW’s CCO of the Year at the 2021 Excellence in Compliance Awards.
CPE Webcast: Responsible sourcing: Mitigate ESG risks in your supply chain
As customer expectations for transparency and ethical approach to business soar, companies that aren’t addressing the environmental, social and governance (ESG) impact of their organizations will get left behind. And that applies to who they work with too.
Bracing for impact: Supply chain risk management post-Suez Canal blockage
A month has gone by since a 1,300-foot cargo ship ran aground and blocked one of the busiest waterways in the world. For many industries, the ripple effects will continue to batter global supply chains for weeks to come, absent having in place a sound supply chain risk management program.
USTR threatens tariffs on 6 trade partners in response to digital taxes
The United States Trade Representative is seeking public comment on the potential implementation of tariffs of up to 25 percent on a long list of goods by six U.S. trading partners, including the United Kingdom.
Suez Canal blockage serves as reminder for key supply chain risk lessons
The grounding of the Ever Given is the latest unexpected incident to cause severe supply chain disruptions around the world. The lessons learned from others, such as the coronavirus pandemic, are just as relevant, writes Aaron Nicodemus.
Northern Ireland turns up heat on modern slavery transparency
Northern Ireland Justice Minister Naomi Long has launched two consultation documents on measures to eradicate modern slavery from the supply chains of public- and commercial-sector organizations.
SolarWinds hack turning into Pandora’s box of cyber-risk
The more we learn about the SolarWinds hack, the more troubled compliance officers should be by the scope and breadth of the risks their companies might have incurred.
Learning from SolarWinds: Five steps to fortify your cloud supply chain
For most companies, supply chain risk management traditionally focuses on managing physical third-party risks. But what the SolarWinds cyber-attack revealed is the catastrophic havoc fourth and fifth parties can also wreak in the often-ignored cloud supply chain.
Assessing 2020: Lessons learned for the financial crime landscape
This year has been one most of us would like to forget. As we look toward 2021, nevertheless, it is worth considering lessons learned over the last 12 months and (where possible) drawing on any positives that have come to light regarding the financial crime landscape.
Compliance called out in Walmart opioid lawsuit
The Department of Justice alleged many failures by Walmart’s compliance program in its 160-page lawsuit accusing the retailer of playing an active role in fueling the opioid epidemic.
Brockmeyer at TPRM: Regulator expectations for monitoring third parties
Former chief of the SEC’s FCPA Unit Kara Brockmeyer shared what regulators are looking for when they assess a company’s relationship with its third parties at Compliance Week’s TPRM Virtual Summit on Thursday.
CPE Webcast: Expert content + third-party risk = enhanced vendor due diligence
Maintaining the status quo with your vendor risk management program is no longer acceptable in today’s ever-changing marketplace as supply chains can drastically change overnight.
Mondelēz International latest to enhance tracing of palm oil sourcing
Mondelēz International has become among the latest consumer goods companies to tighten its sourcing requirements for palm oil, improving its traceability of suppliers. But recent analysis also finds the industry has a long way to go in its progress.
Best practices KYC: What to do when your client is in the headlines
How do we, as AML professionals, assess negative media alerts? It should start with a conversation with the client relationship manager, but it shouldn’t end there, writes Martin Woods.
CPE Webcast: Future-proof your global supply chain with data & analytics
The COVID-19 pandemic has certainly changed the landscape of global risk, and many organizations are quickly adapting their third-party risk management processes as a result.