Third Party Risk


Xinjiang

U.S. law to stop Uyghur forced labor remains compliance challenge

2022-12-07T13:00:00+00:00By

It’s been six months since the Uyghur Forced Labor Prevention Act took effect, and businesses are no clearer today on how to comply with it, those familiar with the law said.

onetrust 2022 300x200

CPE Webcast: Best practices for third-party due diligence for ethics and compliance

2022-12-06T19:57:00+00:00Provided by

Increased regulatory and consumer scrutiny on the integrity of businesses has shined a spotlight on the reputational risks of unethical business practices involving third parties.

Crypto

FINRA to sweep crypto-related communications by broker-dealers

2022-11-18T17:09:00+00:00By

The Financial Industry Regulatory Authority announced an examination sweep of retail communications by broker-dealers and their affiliates related to cryptocurrency asset products and services.

Treasury

Treasury recommends more oversight for bank-fintech relationships

2022-11-16T17:50:00+00:00By

A new Treasury report found as the trend of nonbank fintech companies providing financial services in partnership with regulated entities continues to grow, regulators need to increase oversight of these relationships to curb the risks they pose.

processunity300x200

CPE Webcast: How to transform your program from reactive to predictive

2022-11-08T14:00:00+00:00Provided by

Today, it is not enough to focus solely on your organization’s internal risk, as control weaknesses and gaps in the organization’s business partners could ultimately lead to failure.

Business stamp

Survey: How businesses are confronting governmental licenses in M&As

2022-10-27T17:30:00+01:00By

The results of a recent survey conducted by Compliance Week and Avalara found most businesses consider governmental licenses as part of due diligence efforts during mergers and acquisitions, yet the opportunity for risk management improvements remains.

Onetrust300x200

CPE Webcast: 10 essential steps to streamline vendor risk assessments

2022-10-20T14:00:00+01:00Provided by

As your program evolves, the need to simplify the vendor risk assessment process becomes unavoidable. So, what can you do to streamline assessment completion and simplify vendor risk reviews?

Lafarge

Lafarge to pay $778M for supporting terrorist groups ISIS, ANF in Syria

2022-10-18T20:52:00+01:00By

French multinational building products company Lafarge pleaded guilty to providing material support and resources to two U.S.-designated foreign terrorist groups in Syria, representing the Department of Justice’s first corporate material support for terrorism prosecution.

mirato 300x200

CPE Webcast: AI for TPRM - What you need to know to stay ahead

2022-10-18T11:00:00+01:00Provided by

Artificial intelligence is no longer the stuff of science fiction. It has already transformed transportation, marketing, and retail, to name a few areas. It is also driving the most meaningful shift third-party risk management has experienced since its inception.

processunity300x200

CPE Webcast: How to navigate the third-party risk threat landscape

2022-10-04T14:00:00+01:00Provided by

Today’s business threats are evolving, and ESG, resiliency, and cybersecurity are at the forefront. These risks affect businesses of all sizes and make it imperative that organizations update and modernize their third-party risk management programs.

Supply chain

ESG Summit: Holistic approach to supply chain risk an ‘investment differentiator’

2022-09-22T16:51:00+01:00By

Two experts explained how the C-suite as a whole—not just compliance officers—should be focused on the holistic approach to supply chain risk management during a session at CW’s virtual ESG Summit.

Shadow business

How effective beneficial ownership searches leverage technology

2022-09-16T14:30:00+01:00By

Determining the ultimate beneficial owner of individuals and companies your firm does business with can be a tricky thing. The most efficient investigations require an understanding of your firm’s risk appetite and appropriate technology to automate searches.

SAI 300x200

CPE Webcast: How to move an E&C program from effective to high quality

2022-09-15T14:00:00+01:00Provided by

A critical component of a third-party risk management strategy is a robust compliance and policy training program that you control.

The Home Depot

DOJ-informed compliance guidance helps Home Depot prep for potential scrutiny

2022-08-10T12:00:00+01:00By

How can a company prove its compliance bona fides to a regulator, should one ever come knocking on its door? The Home Depot has prepared for such a scenario with detailed guidance pegged to the DOJ’s “Evaluation of Corporate Compliance Programs.”

Albemarle

Albemarle in settlement talks with SEC, DOJ over FCPA violations

2022-08-05T15:34:00+01:00By

Chemical company Albemarle Corp. has entered settlement talks with the Securities and Exchange Commission and Department of Justice regarding potential violations of the Foreign Corrupt Practices Act.

Human trafficking

How compliance can help prevent human trafficking

2022-08-01T17:49:00+01:00By David Povey, International Compliance Association

There are many organizations that seek to prevent human trafficking, but their work can sometimes seem distant and detached from our roles as compliance professionals. We must consider how to bridge that gap, with a particular focus on supply chains.

London cityscape

SFO accepts ‘sobering’ results of Unaoil, Serco case reviews

2022-07-22T18:08:00+01:00By

The U.K.’s Serious Fraud Office was criticized for its leadership, culture, and conduct in a report examining why the agency botched a key corruption case against Unaoil that has now seen three convictions overturned.

MidFirst Bank

MidFirst Bank avoids penalty in OFAC resolution

2022-07-22T16:39:00+01:00By

MidFirst Bank will not pay a civil penalty after self-reporting to the Office of Foreign Assets Control apparent violations of weapons of mass destruction proliferator sanctions at the bank.

archer300x200

CPE Webcast: Getting started with third-party risk management

2022-07-21T14:00:00+01:00Provided by

Nearly every business does due diligence when onboarding and renewing contracts, but many times the work stops well short of a program to efficiently manage strategic third parties, their contributions to business performance, and the risks they could pose to the organization.

SECBooks

Health Insurance Innovations, ex-CEO to pay $12M to settle fraud charges

2022-07-20T20:04:00+01:00By

Health Insurance Innovations and its former CEO Gavin Stockwell will pay a total of more than $12 million to settle SEC charges of misrepresenting the robustness of the company’s compliance program and misleading investors about customer complaints.

Business argument

Materiality, Scope 3 emissions elicit debate in SEC climate rule comments

2022-07-06T13:40:00+01:00By

Comment letters in response to the SEC’s climate-related disclosure rule have laid out opponents’ issues with the proposal, while supporters have used the process to buttress the agency’s case for implementing it.

Barclays

FINRA fines Barclays $2.8M over supervision, disclosure lapses

2022-07-01T16:36:00+01:00By

Barclays Capital agreed to pay $2.8 million as part of a settlement with the Financial Industry Regulatory Authority for “failure to comply with customer confirmation and related supervision rules” that led to disclosure lapses.

control risks 300x200

CPE Webcast: Managing challenges of sanctions screening in your third-party risk program

2022-06-30T14:00:00+01:00Provided by Control Risks

Sanctions are one of the most important risk factors to consider in any compliance program. No one wants to be found to have business ties to a sanctioned entity given the potential for significant financial penalties and reputational damage.

China flags

Uyghur Forced Labor Prevention Act should prompt due diligence reassessment

2022-06-30T12:15:00+01:00By

All companies with a global footprint should be reevaluating their supply chain due diligence and documentation practices to show the absence of forced labor in the wake of the Uyghur Forced Labor Prevention Act taking effect.

JLT UK

FCA fines JLT Specialty $9.7M for financial crime control lapses

2022-06-22T20:41:00+01:00By

The U.K. Financial Conduct Authority fined a unit of insurance broker Jardine Lloyd Thompson Group 7.9 million pounds (U.S. $9.7 million) for failing to control financial crime within its South and Central American subsidiaries.

Russia economy

‘Have contingency plans’: TPRM expert on confronting Russia risk exposure

2022-06-21T12:31:00+01:00By

Melanie Gallagher, head of third-party risk management at financial software company Intuit, offered best practices for navigating sanctions compliance risks at CW’s TPRM Summit in Chicago.

TPRM2022 Linda Tuck Chapman

Five prevailing themes from TPRM Summit

2022-06-17T21:56:00+01:00By

Editor In Chief Kyle Brasseur recaps popular points of discussion across Compliance Week’s two-day Third-Party Risk Management Summit held in Chicago.

Supply chain

Strain in your supply chain no excuse for compliance shortcuts

2022-06-16T11:23:00+01:00By

With the Russia-Ukraine war’s ever-expanding sanctions landscape, supply chain strain and risk of enforcement are sharply increasing. Speakers at a recent event hosted by Drexel University’s Kline School of Law offered best practices.

TPRM2022 room

Primer: Third-Party Risk Management & Oversight Summit

2022-06-13T11:00:00+01:00By

Editor In Chief Kyle Brasseur previews Compliance Week’s Third-Party Risk Management Summit, a two-day conference solely dedicated to the sharing of knowledge and experience within TPRM.

Global business

Best practices, common pitfalls in working in high-risk countries

2022-05-25T13:50:00+01:00By

A panel of compliance professionals discussed the increasingly relevant topic of working in high-risk countries, sharing their experiences and lessons learned at Compliance Week’s National Conference in Washington, D.C.

Brasseur_opinion

Ten highlights from Compliance Week 2022

2022-05-23T11:30:00+01:00By

Editor In Chief Kyle Brasseur recaps the moments that stood out to him most from Compliance Week’s first in-person event since 2019.

CW2022 Matthew Friedman

Expert: Combating modern slavery starts with understanding the issue

2022-05-18T15:13:00+01:00By

Matthew Friedman, an expert on international human trafficking with more than 30 years of experience, discussed the importance of companies addressing modern slavery in their supply chains as part of a virtual fireside chat on the human factor of ESG at Compliance Week’s National Conference.

dec13

Dec. 13 | 10 best practices for streamlining your TPRM workflows

2022-05-08T18:51:00+01:00Provided by

Time is a valuable resource, especially when trying to manage a third-party risk program at scale. Hundreds of third parties to manage, hundreds of assessments to send, thousands of risks to analyze—how do you keep up?

USAA

Whistleblower to OCC: USAA had 400,000 undisclosed Military Lending Act violations

2022-05-06T15:00:00+01:00By

USAA Bank engaged in an estimated 400,000 violations of the Military Lending Act, a former director of compliance within the bank reported to the Office of the Comptroller of the Currency in documents seen by Compliance Week.

USAA building

A look inside USAA’s ‘catastrophically mismanaged’ compliance culture

2022-05-06T15:00:00+01:00By

In exclusive interviews with Compliance Week, former USAA insiders describe a risk and compliance culture in which numerous individuals either were given the axe or quit because the problems were so endemic.

USAA Bank

​Whistleblower: USAA ‘actively lying to regulators for years’ regarding violations of law

2022-05-06T15:00:00+01:00By

Senior executives at USAA ignored warnings from compliance staff and consultants for years regarding violations of U.S. federal banking laws and hid from regulators the scope of the company’s illegal practices, a former USAA director of compliance turned whistleblower told Compliance Week.

15019_processunity300x200_662860

CPE Webcast: Cybersecurity and third-party risk: Third-party threat hunting

2022-05-03T14:00:00+01:00Provided by

Learn how to build a third-party risk management program with cybersecurity risk at the forefront.

Abandoned Russian McDonalds

Experts assess risks to weigh as companies confront exit from Russia

2022-04-25T17:23:00+01:00By

As sanctions against Russia continue to come down from the United States, European Union, and other countries, companies must ensure they have the means to comply instantly—even if ceasing business dents their financials and puts them at legal risk for breaching contract.

Sanctions

ICA Insight: Russia sanctions frequently asked questions

2022-04-13T17:58:00+01:00By Jake Plenderleith, International Compliance Association

Jake Plenderleith of the International Compliance Association answers selected questions from attendees of a recent ICA webinar on Russian sanctions intended to help provide clarity on what firms can do to protect themselves from exposure.

Sustainability metrics

How to prepare for SEC’s climate-related disclosure rule

2022-03-23T22:07:00+00:00By

The Securities and Exchange Commission’s proposed climate-related disclosure rule would force companies that have been reluctant to initiate a self-examination of their environmental impact to do so, posthaste. Experts weigh in on where to start.

USAA

Compliance implications of USAA order addressing AML lapses

2022-03-22T16:59:00+00:00By

The consent order issued by the Office of the Comptroller of the Currency against USAA Bank imparts lessons for compliance officers in the financial services industry on how—and how not—to maintain a Bank Secrecy Act/anti-money laundering compliance program.

Russia sanctions

Advice for navigating ‘fast and furious’ Russian sanctions landscape

2022-03-18T17:04:00+00:00By

To help sort through the gray area of evolving sanctions and export control restrictions against Russia, chief compliance officers should consider a handful of key best practices.

USAA

USAA fined $140M for AML compliance failures

2022-03-18T11:30:00+00:00By

USAA Federal Savings Bank must pay $140 million as part of consent orders reached with the Financial Crimes Enforcement Network and Office of the Comptroller of the Currency for its failures maintaining its Bank Secrecy Act/anti-money laundering compliance program.

Allison Herren Lee and Hester Peirce

Top 10 reasons to attend Compliance Week 2022

2022-03-09T18:12:00+00:00By

A keynote with two SEC commissioners; interactive sessions on global sanctions, ESG, and ethical leadership; and a new conference location and format highlight Dave Lefort’s list of reasons to be excited for CW’s first in-person event in nearly three years.

processunity300x200

CPE Webcast: Vendor due diligence: Best practices for scoping assessments

2022-03-01T14:00:00+00:00Provided by

Join ProcessUnity for a one-hour webcast and discover best practices and the newest techniques for appropriately scoping pre- and post-contract due diligence assessments.

EyeOnDataPrivacy

Third-party cybersecurity monitoring: Tips for keeping vendors honest

2022-02-18T17:33:00+00:00By

A continuous monitoring cybersecurity strategy for third-party risks goes a long way toward proactively identifying external vulnerabilities. At CW’s virtual Cyber Risk & Data Privacy Summit, a panel of experts shared leading practices.

Cyber Risk employee monitoring

​Transparency key to navigating modern employee monitoring risk landscape

2022-02-15T17:26:00+00:00By

The opening session of Compliance Week’s virtual Cyber Risk & Data Privacy Summit addressed the challenges of using technology to monitor employees while considering regulatory and ethical risks.

Accor

How Accor manages global data privacy compliance

2022-02-09T13:37:00+00:00By

Marie-Christine Vittet, vice president of compliance at hospitality chain Accor, shares with Compliance Week the company’s journey toward a global data privacy compliance program.

Supermarket

REWE International $9M GDPR fine a lesson in managing subsidiary risk

2022-01-25T19:24:00+00:00By

A recent decision by the Austrian Data Protection Authority against food retailer REWE International underlines the fact parent companies are ultimately responsible for how their subsidiaries manage people’s data, even if the offshoot entity operates separately.

2022

NAVEX: Top 10 risk and compliance trends for 2022

2022-01-20T19:15:00+00:00By

Diversity, equity, and inclusion; prioritizing ESG; business continuity; and more highlight the latest edition of NAVEX’s annual list of risk and compliance trends worth monitoring.