It’s been six months since the Uyghur Forced Labor Prevention Act took effect, and businesses are no clearer today on how to comply with it, those familiar with the law said.
Increased regulatory and consumer scrutiny on the integrity of businesses has shined a spotlight on the reputational risks of unethical business practices involving third parties.
The Financial Industry Regulatory Authority announced an examination sweep of retail communications by broker-dealers and their affiliates related to cryptocurrency asset products and services.
A new Treasury report found as the trend of nonbank fintech companies providing financial services in partnership with regulated entities continues to grow, regulators need to increase oversight of these relationships to curb the risks they pose.
Today, it is not enough to focus solely on your organization’s internal risk, as control weaknesses and gaps in the organization’s business partners could ultimately lead to failure.
The results of a recent survey conducted by Compliance Week and Avalara found most businesses consider governmental licenses as part of due diligence efforts during mergers and acquisitions, yet the opportunity for risk management improvements remains.
As your program evolves, the need to simplify the vendor risk assessment process becomes unavoidable. So, what can you do to streamline assessment completion and simplify vendor risk reviews?
French multinational building products company Lafarge pleaded guilty to providing material support and resources to two U.S.-designated foreign terrorist groups in Syria, representing the Department of Justice’s first corporate material support for terrorism prosecution.
Artificial intelligence is no longer the stuff of science fiction. It has already transformed transportation, marketing, and retail, to name a few areas. It is also driving the most meaningful shift third-party risk management has experienced since its inception.
Today’s business threats are evolving, and ESG, resiliency, and cybersecurity are at the forefront. These risks affect businesses of all sizes and make it imperative that organizations update and modernize their third-party risk management programs.
Two experts explained how the C-suite as a whole—not just compliance officers—should be focused on the holistic approach to supply chain risk management during a session at CW’s virtual ESG Summit.
Determining the ultimate beneficial owner of individuals and companies your firm does business with can be a tricky thing. The most efficient investigations require an understanding of your firm’s risk appetite and appropriate technology to automate searches.
A critical component of a third-party risk management strategy is a robust compliance and policy training program that you control.
How can a company prove its compliance bona fides to a regulator, should one ever come knocking on its door? The Home Depot has prepared for such a scenario with detailed guidance pegged to the DOJ’s “Evaluation of Corporate Compliance Programs.”
Chemical company Albemarle Corp. has entered settlement talks with the Securities and Exchange Commission and Department of Justice regarding potential violations of the Foreign Corrupt Practices Act.
There are many organizations that seek to prevent human trafficking, but their work can sometimes seem distant and detached from our roles as compliance professionals. We must consider how to bridge that gap, with a particular focus on supply chains.
The U.K.’s Serious Fraud Office was criticized for its leadership, culture, and conduct in a report examining why the agency botched a key corruption case against Unaoil that has now seen three convictions overturned.
MidFirst Bank will not pay a civil penalty after self-reporting to the Office of Foreign Assets Control apparent violations of weapons of mass destruction proliferator sanctions at the bank.
Nearly every business does due diligence when onboarding and renewing contracts, but many times the work stops well short of a program to efficiently manage strategic third parties, their contributions to business performance, and the risks they could pose to the organization.
Health Insurance Innovations and its former CEO Gavin Stockwell will pay a total of more than $12 million to settle SEC charges of misrepresenting the robustness of the company’s compliance program and misleading investors about customer complaints.
Comment letters in response to the SEC’s climate-related disclosure rule have laid out opponents’ issues with the proposal, while supporters have used the process to buttress the agency’s case for implementing it.
Barclays Capital agreed to pay $2.8 million as part of a settlement with the Financial Industry Regulatory Authority for “failure to comply with customer confirmation and related supervision rules” that led to disclosure lapses.
Sanctions are one of the most important risk factors to consider in any compliance program. No one wants to be found to have business ties to a sanctioned entity given the potential for significant financial penalties and reputational damage.
All companies with a global footprint should be reevaluating their supply chain due diligence and documentation practices to show the absence of forced labor in the wake of the Uyghur Forced Labor Prevention Act taking effect.
The U.K. Financial Conduct Authority fined a unit of insurance broker Jardine Lloyd Thompson Group 7.9 million pounds (U.S. $9.7 million) for failing to control financial crime within its South and Central American subsidiaries.
Melanie Gallagher, head of third-party risk management at financial software company Intuit, offered best practices for navigating sanctions compliance risks at CW’s TPRM Summit in Chicago.
Editor In Chief Kyle Brasseur recaps popular points of discussion across Compliance Week’s two-day Third-Party Risk Management Summit held in Chicago.
With the Russia-Ukraine war’s ever-expanding sanctions landscape, supply chain strain and risk of enforcement are sharply increasing. Speakers at a recent event hosted by Drexel University’s Kline School of Law offered best practices.
Editor In Chief Kyle Brasseur previews Compliance Week’s Third-Party Risk Management Summit, a two-day conference solely dedicated to the sharing of knowledge and experience within TPRM.
A panel of compliance professionals discussed the increasingly relevant topic of working in high-risk countries, sharing their experiences and lessons learned at Compliance Week’s National Conference in Washington, D.C.
Editor In Chief Kyle Brasseur recaps the moments that stood out to him most from Compliance Week’s first in-person event since 2019.
Matthew Friedman, an expert on international human trafficking with more than 30 years of experience, discussed the importance of companies addressing modern slavery in their supply chains as part of a virtual fireside chat on the human factor of ESG at Compliance Week’s National Conference.
Time is a valuable resource, especially when trying to manage a third-party risk program at scale. Hundreds of third parties to manage, hundreds of assessments to send, thousands of risks to analyze—how do you keep up?
USAA Bank engaged in an estimated 400,000 violations of the Military Lending Act, a former director of compliance within the bank reported to the Office of the Comptroller of the Currency in documents seen by Compliance Week.
In exclusive interviews with Compliance Week, former USAA insiders describe a risk and compliance culture in which numerous individuals either were given the axe or quit because the problems were so endemic.
Senior executives at USAA ignored warnings from compliance staff and consultants for years regarding violations of U.S. federal banking laws and hid from regulators the scope of the company’s illegal practices, a former USAA director of compliance turned whistleblower told Compliance Week.
Learn how to build a third-party risk management program with cybersecurity risk at the forefront.
As sanctions against Russia continue to come down from the United States, European Union, and other countries, companies must ensure they have the means to comply instantly—even if ceasing business dents their financials and puts them at legal risk for breaching contract.
Jake Plenderleith of the International Compliance Association answers selected questions from attendees of a recent ICA webinar on Russian sanctions intended to help provide clarity on what firms can do to protect themselves from exposure.
The Securities and Exchange Commission’s proposed climate-related disclosure rule would force companies that have been reluctant to initiate a self-examination of their environmental impact to do so, posthaste. Experts weigh in on where to start.
The consent order issued by the Office of the Comptroller of the Currency against USAA Bank imparts lessons for compliance officers in the financial services industry on how—and how not—to maintain a Bank Secrecy Act/anti-money laundering compliance program.
To help sort through the gray area of evolving sanctions and export control restrictions against Russia, chief compliance officers should consider a handful of key best practices.
USAA Federal Savings Bank must pay $140 million as part of consent orders reached with the Financial Crimes Enforcement Network and Office of the Comptroller of the Currency for its failures maintaining its Bank Secrecy Act/anti-money laundering compliance program.
A keynote with two SEC commissioners; interactive sessions on global sanctions, ESG, and ethical leadership; and a new conference location and format highlight Dave Lefort’s list of reasons to be excited for CW’s first in-person event in nearly three years.
Join ProcessUnity for a one-hour webcast and discover best practices and the newest techniques for appropriately scoping pre- and post-contract due diligence assessments.
A continuous monitoring cybersecurity strategy for third-party risks goes a long way toward proactively identifying external vulnerabilities. At CW’s virtual Cyber Risk & Data Privacy Summit, a panel of experts shared leading practices.
The opening session of Compliance Week’s virtual Cyber Risk & Data Privacy Summit addressed the challenges of using technology to monitor employees while considering regulatory and ethical risks.
Marie-Christine Vittet, vice president of compliance at hospitality chain Accor, shares with Compliance Week the company’s journey toward a global data privacy compliance program.
A recent decision by the Austrian Data Protection Authority against food retailer REWE International underlines the fact parent companies are ultimately responsible for how their subsidiaries manage people’s data, even if the offshoot entity operates separately.
Diversity, equity, and inclusion; prioritizing ESG; business continuity; and more highlight the latest edition of NAVEX’s annual list of risk and compliance trends worth monitoring.