Third Party Risk


2022

NAVEX: Top 10 risk and compliance trends for 2022

2022-01-20T19:15:00+00:00By

Diversity, equity, and inclusion; prioritizing ESG; business continuity; and more highlight the latest edition of NAVEX’s annual list of risk and compliance trends worth monitoring.

Morgan Stanley

Morgan Stanley agrees to $60M settlement over compromised personal data

2022-01-04T20:38:00+00:00By

Morgan Stanley has agreed to establish a $60 million fund to settle a class-action lawsuit filed by nearly a dozen customers regarding personal data that was compromised when the bank decommissioned two wealth management centers.

HandsBuildingBlocks

Survey highlights need for better data integration between risk and compliance

2021-12-20T16:27:00+00:00By

A recent survey from Compliance Week and Riskonnect presents a compelling argument for companies to invest in bridging the gap between risk management and compliance data.

Grindr

Grindr fined $7.2M for GDPR consent violations

2021-12-15T17:40:00+00:00By

The Norwegian Data Protection Authority announced a fine of NOK 65 million (U.S. $7.2 million) against gay dating app Grindr for sharing personal data with third parties without users’ consent.

Privacy data access

NYDFS guidance addresses common MFA problems—and how to fix them

2021-12-08T19:10:00+00:00By

The New York State Department of Financial Services outlined common vulnerabilities in multi-factor authentication and how to address them from a cybersecurity risk management standpoint.

Digital banking

OCC report: Cyberattacks, pandemic among top bank risk areas in 2021

2021-12-08T17:19:00+00:00By

Banks and financial institutions regulated by the OCC faced elevated risks in 2021 from cyberattacks launched on them and their third parties, as well as compliance risks related to the pandemic, according to the agency’s latest report.

Shipping boat

How agile companies succeed in the throes of supply chain woes

2021-11-22T15:26:00+00:00By

In the midst of unimaginable global supply chain chaos, leading companies are adjusting their supply chains in a variety of ways, turning disruption into competitive advantage.

Cybersecurity offices

Rule requires banks report significant ‘computer-security incidents’ within 36 hours

2021-11-19T21:15:00+00:00By

Federal banking regulators issued a rule that requires financial institutions to notify their regulator within 36 hours of a “computer-security incident” that materially affects their operation, ability to deliver services, or the stability of the financial sector.

processunity300x200

CPE Webcast: Third-party risk deep dive: How to calculate inherent risk

2021-11-16T14:00:00+00:00Provided by

When building an efficient vendor risk management program, it is critical to prioritize which vendors present the most risk.

Volkswagen

Volkswagen not resting on laurels post-monitorship

2021-11-12T16:56:00+00:00By

Volkswagen CCO Kurt Michels shared how the company has intensified business partner due diligence in the wake of completing its three-year U.S. monitorship during a fireside chat at CW’s virtual Europe event.

CWE_outsourcing

CWE panel: Risks, rewards of outsourcing compliance

2021-11-11T18:43:00+00:00By

As they look to manage third-party risks, compliance departments are increasing their reliance on outsourcing. Experts at Compliance Week’s virtual Europe event discuss the benefits and risks of enlisting external help.

Honeywell

Honeywell records charge of $160M in FCPA probe

2021-10-25T18:14:00+01:00By

Honeywell International has recorded a charge of $160 million in accrued liability concerning an investigation by U.S. and Brazilian authorities as to whether the company’s use of third parties in Brazil violated the FCPA.

3x2 web graphic

Compliance Week National Conference is going back in person in May

2021-10-25T12:00:00+01:00By

Mark your calendars: Compliance Week’s National Conference in Washington, D.C. will be held in person for the first time in nearly three years from May 16-18, 2022.

United States cyber

How to respond to government’s renewed emphasis on cybersecurity

2021-10-15T20:30:00+01:00By

The Department of Justice’s new Civil Cyber-Fraud Initiative is the latest development to suggest companies’ cybersecurity defenses had better be up to snuff when doing business with the U.S. government or risk enforcement.

Metals

Metals Technology Initiative issues new anti-corruption resources

2021-10-08T15:43:00+01:00By

The Metals Technology Initiative has launched a new website making its guidance on gifts and hospitality and third-party due diligence freely accessible.

Bribery

Report: China, U.S. most confident in combating corruption risks

2021-09-20T16:43:00+01:00By

Risk leaders at companies in China and the United States expressed the highest level of confidence in their approach to mitigating bribery and corruption risk, according to a new global benchmark report from Kroll.

processunity300x200

CPE Webcast: Emerging trends from Deloitte’s global TPRM survey 2021

2021-09-09T11:00:00+01:00Provided by

Join ProcessUnity and Deloitte’s leading third-party risk practitioners as they explore key findings from Deloitte’s 2021 Global TPRM Survey. You will hear what organizations are doing in the wake of last year’s pandemic to make advancements in their approach to third-party risk.

cybergrx300x200

CPE Webcast: Defending yourself from ransomware third-party risks

2021-09-02T14:00:00+01:00Provided by

Ransomware continues to dominate headlines with no sign of slowing down. What started more than 30 years ago has become one of the most prevalent and lucrative cyberattacks that does not discriminate by company size, industry, or geography.

Bank risk

Banking guidance: Six key areas of FinTech due diligence

2021-08-30T16:27:00+01:00By

Three federal banking regulators have released guidance offering tips and suggestions to community banks for conducting due diligence on potential FinTech partners.

FINRA

FINRA notice outlines key areas for supervising third parties

2021-08-17T15:40:00+01:00By

The Financial Industry Regulatory Authority issued a notice on compliance deficiencies arising from firms’ relationships with vendors culled from examination findings.

Investigations

What factors are driving change in your corporate investigations process?

2021-08-10T15:00:00+01:00By

A recent survey from Compliance Week and OpenText reveals while investigations and data volumes are on the rise, machine learning combined with external expertise may give companies the upper hand in accelerating response and results.

onetrust 2 300x200

CPE Webcast: Identifying risky vendors: 7 warning signs

2021-07-20T14:00:00+01:00Provided by

For individuals managing third-party risk, there is one primary question that needs answering: Are your vendors safe to do business with? Answering that question is not so straightforward.

processunity300x200

CPE Webcast: The rise of ESG in third-party risk management

2021-07-15T14:00:00+01:00Provided by

ESG and its role in third-party risk management have gained prominence this past year as the awareness for environmental and social issues continue to grow.

Bankatrisk

New bank guidance expands on advice for handling third parties

2021-07-14T20:10:00+01:00By

Three federal banking regulators are seeking public input on the first comprehensive update to risk management guidance for financial institutions entering into business relationships with third parties since 2013.

RisksAhead

Survey: Emerging TPRM trends in anti-corruption

2021-07-07T20:12:00+01:00By

Kroll’s newest anti-corruption benchmarking report highlights current TPRM trends such as evolving challenges with enhanced due diligence, the rise of automation, the growing incorporation of ESG matters into compliance programs today, and more.

Ransomware

TPRM 2021: What to do before, during, and after a ransomware attack

2021-07-07T14:21:00+01:00By

Two risk and compliance practitioners opened their cyber-playbooks at CW’s TPRM virtual event, explaining how to identify and address vulnerabilities, establish transparency with vendors, and strengthen an organization’s incident management program.

Charles Duross

Charles Duross: Tips for managing third-party FCPA risks

2021-06-30T21:00:00+01:00By

Charles Duross, former deputy chief of the DOJ’s Fraud Section, shared tips on how companies can best manage third parties and employees who willfully try to circumvent internal controls during his keynote speech at CW’s virtual TPRM conference.

Linda Tuck Chapman

Pandemic effect on TPRM practices here to stay, expert warns

2021-06-29T17:54:00+01:00By

With many businesses still sorting through the new layers of risk that have emerged over the last 16 months, Linda Tuck Chapman of the Third Party Risk Institute shared her top areas of focus and more at CW’s virtual TPRM event.

Software demo

Software demos: Third-party risk management (TPRM)

2021-06-29T02:53:00+01:00By Compliance Week

In the market for a software solution to help manage your third-party risk? Check out our collection of video demos from nearly a dozen of the top vendors in the space.

McDonalds

Big week for breaches: McDonald’s, Carnival, and more

2021-06-18T19:20:00+01:00By

Multiple high-profile companies—including Carnival, Wegmans, McDonald’s, Volkswagen, and CVS—have confirmed in recent days they were either victims of a data breach or were alerted to a gap in their security controls.

pwc300x200

CPE Webcast: Continuous monitoring — the key to effective TPRM

2021-06-01T14:00:00+01:00Provided by

Third-party risk management has always been a challenging area for risk and compliance professionals, never more so than today. As the global economy rebounds, third-party risk has taken on new dimensions.

cybergrx300x200

CPE Webcast: TPCRM best practices that reduce supply chain risk

2021-05-20T14:00:00+01:00Provided by

Organizations are adopting digital transformation and, as a result, increasing their reliance on third parties faster than they can scale their third-party cyber-risk management programs.

Suez Canal block

Bracing for impact: Supply chain risk management post-Suez Canal blockage

2021-04-27T15:25:00+01:00By

A month has gone by since a 1,300-foot cargo ship ran aground and blocked one of the busiest waterways in the world. For many industries, the ripple effects will continue to batter global supply chains for weeks to come, absent having in place a sound supply chain risk management program.

Suez Canal

Suez Canal blockage serves as reminder for key supply chain risk lessons

2021-03-29T18:55:00+01:00By

The grounding of the Ever Given is the latest unexpected incident to cause severe supply chain disruptions around the world. The lessons learned from others, such as the coronavirus pandemic, are just as relevant, writes Aaron Nicodemus.

processunity300x200

CPE Webcast: Navigating financial regulations for third-party risk management

2021-03-09T14:00:00+00:00Provided by

Today’s financial services industry operates in an environment characterized by significant regulatory scrutiny. To be compliant, organizations must be aware and adhere to regulations, guidelines, and industry standards as it relates to their vendors, suppliers and third parties.

Kroger

Kroger joins victims of Accellion data breach

2021-02-22T19:58:00+00:00By

Two months after cloud service vendor Accellion first identified one of its legacy products was targeted by a sophisticated cyber-attack, users of the product continue to feel the impact, with grocery chain Kroger the latest to reveal its exposure.

world map outsourcing offshoring 2021

Done right, outsourcing compliance can be rewarding

2021-02-18T19:56:00+00:00By

Should you consider outsourcing some of your firm’s compliance functions? Perhaps, even, all of them? The answer is complicated and requires a thorough analysis of the risks and rewards.

cybergrx rethinking cover img

White paper: Rethinking Third-Party Cyber Risk Management

2021-02-10T10:25:00+00:00Provided by

This guide will help you better understand the choices before you, no matter if your organization hasn’t even cracked the seal on third party cyber risk management.

SolarWinds

SolarWinds hack turning into Pandora’s box of cyber-risk

2021-02-02T20:47:00+00:00By

The more we learn about the SolarWinds hack, the more troubled compliance officers should be by the scope and breadth of the risks their companies might have incurred.

Grindr

Norwegian DPA warns Grindr of $11.7M GDPR fine

2021-01-26T20:38:00+00:00By

Norway’s data privacy watchdog issued gay dating app Grindr with a notice of intention to fine it NOK 100 million (U.S. $11.7 million) for sharing personal data with third parties without users’ consent.