Third Party Risk

onetrust 2022 300x200

CPE Webcast: A shortcut to third-party due diligence fundamentals

2023-03-21T11:00:00+00:00Provided by

Increased regulatory and consumer scrutiny on the integrity of businesses has changed how we operate. Now, the spotlight is turning to third parties and vendors that work on our behalf or as part of our supply chains.


​Fed governor teases new TPRM guidance for banks


The Federal Reserve and other U.S. banking agencies are working to develop joint guidance to clarify regulatory expectations around third-party risk management, according to Fed Governor Michelle Bowman.

SEC office

Investment adviser fined $50K for compliance lapses following founder/CCO’s death


E. Magnus Oppenheim & Co. must pay $50,000 and hire an independent compliance consultant to settle Securities and Exchange Commission charges of failing to implement compliance policies and procedures following the death of its founder and CCO.


Flutter Entertainment to pay $4M for legacy FCPA violations


Ireland-based gaming and sports betting company Flutter Entertainment will pay a $4 million fine to resolve SEC charges payments made to Russian consultants by a company it acquired violated the Foreign Corrupt Practices Act.

Russia_United States

U.S. authorities list red flags for sanction evasion by third parties


The Bureau of Industry and Security, Office of Foreign Assets Control, and Department of Justice issued guidance to highlight common methods bad actors use to evade sanctions and export controls on Russia and how to spot their use.

Energy company

Italian DPA fines Edison Energia $5.2M over GDPR lapses


The Italian data protection authority penalized electric utility company Edison Energia for multiple alleged violations of the General Data Protection Regulation regarding marketing communications and data processing transparency.

Cloud data

Cloud ‘not a silver bullet’ for security


A panel of cyber experts and a chief compliance officer in financial services discussed the business risks, threat vectors, and vendor ‘gotchas’ associated with transitioning to a cloud provider at CW’s virtual Cyber Risk & Data Privacy Summit.

United States cyber

‘This is where we are now’: Cyber environment calls for continuous monitoring


Securing your organization’s private data when vendors have access to it means managing relationships from beginning to end, panelists at CW’s virtual Cyber Risk and Data Privacy Summit agreed.

DNB 300x200

CPE Webcast: Managing third-party risk in 2023: Trends and best practices

2023-02-23T14:00:00+00:00Provided by

In a recent survey by Dun & Bradstreet and Compliance Week, more than half of respondents indicated they had increased vendor/third-party due diligence efforts as a result of global disruption and instability.


Cybersecurity pillars: Prevention, protection, mitigation, governance


The former superintendent of the New York State Department of Financial Services explained how the structure of a cybersecurity program is like a compliance program and can be divided into four buckets during a panel discussion at CW’s Cyber Risk & Data Privacy Summit.


Book review: Why revamping procurement benefits business—and compliance


In “Profit from the Source,” four Boston Consulting Group thought leaders argue why procurement should be shaping corporate strategy, not just supporting it. Author Daniel Weise tells Compliance Week why such a transformation would elevate compliance, too.

Risk reward

Is threat of regulatory censure a risk worth taking?

2023-02-14T21:13:00+00:00By Paul Eccleson, for International Compliance Association

When making anti-regulatory decisions, a board is expressing its real risk appetite. This can be frustrating, even bewildering, for compliance professionals, especially when rules are clear and explicit in their expectations.

Comerica Bank

Comerica pressured over handling of government program fraud claims


Comerica Bank has been battling allegations for years of mishandled fraudulent transactions in violation of U.S. federal banking laws. A series of class-action lawsuits against the bank recently certified by a federal district court judge provide scope into the alleged failings.


Survey: Cybersecurity, regulatory risks lead TPRM priorities in 2023


Respondents to a survey from Compliance Week and Dun & Bradstreet overwhelmingly indicated cybersecurity to be the most important compliance-related area affecting third-party risk management in the new year, though fraud and other risks should still be on their radar.

dnb thumbnail

e-Book: Top TPRM priorities in 2023

2023-02-09T02:52:00+00:00Provided by

Respondents to a survey from Compliance Week and Dun & Bradstreet overwhelmingly indicated cybersecurity to be the most important compliance-related area affecting third-party risk management in the new year, though fraud and other risks should still be on their radar.

Global data

Research project leveraging collaboration to better detect corruption


Integrity Distributed has launched a collaborative research project seeking to develop anti-corruption detection technology that includes academic, technological, and corporate partners.


GoodRx facing $1.5M fine over improper sharing of health data


GoodRx agreed to pay $1.5 million as part of a settlement reached with the Federal Trade Commission addressing allegations the telemedicine and prescription drug discount provider shared personal health data with third parties for advertising purposes.

pwc thumbnail

e-Book: TPRM: No one-size-fits-all approach

2023-02-01T05:09:00+00:00Provided by

Companies can’t do it all in terms of managing every risk from every possible third party. To begin, they must define their vision and strategy.

aravo 300x200

CPE Webcast: TPRM - ESG compliance and German Supply Chain Act

2023-01-31T14:00:00+00:00Provided by

Increasing compliance requirements, including from the German Supply Chain Act, pending Securities and Exchange Commission guidelines, and European Union directives, require a programmatic approach to managing third-party and supply chain risk.

DOJ building

Banks fooled in DOJ Russian yacht sanctions evasion case


The Department of Justice’s charges against a U.K. businessman and his Russian partner for evading U.S. sanctions against a Russian oligarch provide insight into how the use of shell companies, third parties, and other methods can thwart the compliance efforts of financial institutions.

Forced labor hands

Good faith not good enough in navigating global supply chain laws


Differences in the level of duty of vigilance among supply chain legislation in countries including the United States, United Kingdom, and Germany mean best efforts to root out and stop slave labor and other worker exploitation are not enough, according to experts.


Ten things I’d like to see happen in 2023 (2022 in review)


Expect big developments for the compliance profession in 2022 to continue to take center stage in the year ahead, including CCO certifications, climate-related disclosures, and more.


Meta to pay $725M to settle privacy class-action lawsuit


Meta, the parent company of Facebook, agreed to pay $725 million to settle a class-action lawsuit accusing the social media giant of selling data to third parties without users’ consent.

Business defense

TPRM panel: Underscoring need for first line of defense to own risk


Panelists discussing risk ownership at CW’s virtual TPRM and Oversight Summit share their experiences educating first-line leaders on their roles and responsibilities in the TPRM process.

Information overload

TPRM due diligence best practices: No one-size-fits-all approach


Panelists at CW’s virtual TPRM and Oversight Summit stressed patience in developing proper risk management and due diligence practices, advising companies to find their “north star.”

onetrust 2022 300x200

CPE Webcast: 10 best practices for streamlining your TPRM workflows

2022-12-13T14:00:00+00:00Provided by

Time is a valuable resource, especially when trying to manage a third-party risk program at scale. Hundreds of third parties to manage, hundreds of assessments to send, thousands of risks to analyze—how do you keep up?


Compliance budgets, staffing brace for impact of recession prep efforts


Respondents to our “Inside the Mind of the CCO” survey whose businesses are anticipating an economic recession note smaller budgets and the delay of new initiatives among efforts already undertaken to cut costs.

Data Analytics

TPRM Summit: How to successfully implement data analytics


A panel of experts at CW’s virtual TPRM and Oversight Summit offered a how-to primer on using data analytics to monitor third-party risk while also highlighting some caveats to implementation.

Global trade

Tricky but doable: Tips for navigating sanctions in third-party relationships


Sanctions concerns don’t need to end all business relationships in high-risk regions. Experts at CW’s virtual TPRM and Oversight Summit share their experiences navigating compliance.

ABB building

TPRM Summit: Experts discuss FCPA lessons learned from ABB settlement


A panel on regulatory trends at CW’s virtual TPRM and Oversight Summit discussed lessons for compliance departments seeking to learn how to guard themselves against bad actors within their own firms contained in ABB’s recent $327 million bribery settlement.


U.S. law to stop Uyghur forced labor remains compliance challenge


It’s been six months since the Uyghur Forced Labor Prevention Act took effect, and businesses are no clearer today on how to comply with it, those familiar with the law said.

onetrust 2022 300x200

CPE Webcast: Best practices for third-party due diligence for ethics and compliance

2022-12-06T19:57:00+00:00Provided by

Increased regulatory and consumer scrutiny on the integrity of businesses has shined a spotlight on the reputational risks of unethical business practices involving third parties.

MicrosoftTeams-image (22)

March 30 | Third-party due diligence: A practical deep dive

2022-11-21T18:35:00+00:00Provided by

A corporate code of conduct can be internally enforced, but how do you ensure third parties measure up to your values and requirements?


FINRA to sweep crypto-related communications by broker-dealers


The Financial Industry Regulatory Authority announced an examination sweep of retail communications by broker-dealers and their affiliates related to cryptocurrency asset products and services.


Treasury recommends more oversight for bank-fintech relationships


A new Treasury report found as the trend of nonbank fintech companies providing financial services in partnership with regulated entities continues to grow, regulators need to increase oversight of these relationships to curb the risks they pose.


CPE Webcast: How to transform your program from reactive to predictive

2022-11-08T14:00:00+00:00Provided by

Today, it is not enough to focus solely on your organization’s internal risk, as control weaknesses and gaps in the organization’s business partners could ultimately lead to failure.

Business stamp

Survey: How businesses are confronting governmental licenses in M&As


The results of a recent survey conducted by Compliance Week and Avalara found most businesses consider governmental licenses as part of due diligence efforts during mergers and acquisitions, yet the opportunity for risk management improvements remains.


CPE Webcast: 10 essential steps to streamline vendor risk assessments

2022-10-20T14:00:00+01:00Provided by

As your program evolves, the need to simplify the vendor risk assessment process becomes unavoidable. So, what can you do to streamline assessment completion and simplify vendor risk reviews?


Lafarge to pay $778M for supporting terrorist groups ISIS, ANF in Syria


French multinational building products company Lafarge pleaded guilty to providing material support and resources to two U.S.-designated foreign terrorist groups in Syria, representing the Department of Justice’s first corporate material support for terrorism prosecution.

mirato 300x200

CPE Webcast: AI for TPRM - What you need to know to stay ahead

2022-10-18T11:00:00+01:00Provided by

Artificial intelligence is no longer the stuff of science fiction. It has already transformed transportation, marketing, and retail, to name a few areas. It is also driving the most meaningful shift third-party risk management has experienced since its inception.


CPE Webcast: How to navigate the third-party risk threat landscape

2022-10-04T14:00:00+01:00Provided by

Today’s business threats are evolving, and ESG, resiliency, and cybersecurity are at the forefront. These risks affect businesses of all sizes and make it imperative that organizations update and modernize their third-party risk management programs.

Supply chain

ESG Summit: Holistic approach to supply chain risk an ‘investment differentiator’


Two experts explained how the C-suite as a whole—not just compliance officers—should be focused on the holistic approach to supply chain risk management during a session at CW’s virtual ESG Summit.

Shadow business

How effective beneficial ownership searches leverage technology


Determining the ultimate beneficial owner of individuals and companies your firm does business with can be a tricky thing. The most efficient investigations require an understanding of your firm’s risk appetite and appropriate technology to automate searches.

SAI 300x200

CPE Webcast: How to move an E&C program from effective to high quality

2022-09-15T14:00:00+01:00Provided by

A critical component of a third-party risk management strategy is a robust compliance and policy training program that you control.

The Home Depot

DOJ-informed compliance guidance helps Home Depot prep for potential scrutiny


How can a company prove its compliance bona fides to a regulator, should one ever come knocking on its door? The Home Depot has prepared for such a scenario with detailed guidance pegged to the DOJ’s “Evaluation of Corporate Compliance Programs.”


Albemarle in settlement talks with SEC, DOJ over FCPA violations


Chemical company Albemarle Corp. has entered settlement talks with the Securities and Exchange Commission and Department of Justice regarding potential violations of the Foreign Corrupt Practices Act.

Human trafficking

How compliance can help prevent human trafficking

2022-08-01T17:49:00+01:00By David Povey, International Compliance Association

There are many organizations that seek to prevent human trafficking, but their work can sometimes seem distant and detached from our roles as compliance professionals. We must consider how to bridge that gap, with a particular focus on supply chains.

London cityscape

SFO accepts ‘sobering’ results of Unaoil, Serco case reviews


The U.K.’s Serious Fraud Office was criticized for its leadership, culture, and conduct in a report examining why the agency botched a key corruption case against Unaoil that has now seen three convictions overturned.

MidFirst Bank

MidFirst Bank avoids penalty in OFAC resolution


MidFirst Bank will not pay a civil penalty after self-reporting to the Office of Foreign Assets Control apparent violations of weapons of mass destruction proliferator sanctions at the bank.


CPE Webcast: Getting started with third-party risk management

2022-07-21T14:00:00+01:00Provided by

Nearly every business does due diligence when onboarding and renewing contracts, but many times the work stops well short of a program to efficiently manage strategic third parties, their contributions to business performance, and the risks they could pose to the organization.