CPE Webcast: A shortcut to third-party due diligence fundamentals
Increased regulatory and consumer scrutiny on the integrity of businesses has changed how we operate. Now, the spotlight is turning to third parties and vendors that work on our behalf or as part of our supply chains.
Fed governor teases new TPRM guidance for banks
The Federal Reserve and other U.S. banking agencies are working to develop joint guidance to clarify regulatory expectations around third-party risk management, according to Fed Governor Michelle Bowman.
Investment adviser fined $50K for compliance lapses following founder/CCO’s death
E. Magnus Oppenheim & Co. must pay $50,000 and hire an independent compliance consultant to settle Securities and Exchange Commission charges of failing to implement compliance policies and procedures following the death of its founder and CCO.
Flutter Entertainment to pay $4M for legacy FCPA violations
Ireland-based gaming and sports betting company Flutter Entertainment will pay a $4 million fine to resolve SEC charges payments made to Russian consultants by a company it acquired violated the Foreign Corrupt Practices Act.
U.S. authorities list red flags for sanction evasion by third parties
The Bureau of Industry and Security, Office of Foreign Assets Control, and Department of Justice issued guidance to highlight common methods bad actors use to evade sanctions and export controls on Russia and how to spot their use.
Italian DPA fines Edison Energia $5.2M over GDPR lapses
The Italian data protection authority penalized electric utility company Edison Energia for multiple alleged violations of the General Data Protection Regulation regarding marketing communications and data processing transparency.
Cloud ‘not a silver bullet’ for security
A panel of cyber experts and a chief compliance officer in financial services discussed the business risks, threat vectors, and vendor ‘gotchas’ associated with transitioning to a cloud provider at CW’s virtual Cyber Risk & Data Privacy Summit.
‘This is where we are now’: Cyber environment calls for continuous monitoring
Securing your organization’s private data when vendors have access to it means managing relationships from beginning to end, panelists at CW’s virtual Cyber Risk and Data Privacy Summit agreed.
CPE Webcast: Managing third-party risk in 2023: Trends and best practices
In a recent survey by Dun & Bradstreet and Compliance Week, more than half of respondents indicated they had increased vendor/third-party due diligence efforts as a result of global disruption and instability.
Cybersecurity pillars: Prevention, protection, mitigation, governance
The former superintendent of the New York State Department of Financial Services explained how the structure of a cybersecurity program is like a compliance program and can be divided into four buckets during a panel discussion at CW’s Cyber Risk & Data Privacy Summit.
Book review: Why revamping procurement benefits business—and compliance
In “Profit from the Source,” four Boston Consulting Group thought leaders argue why procurement should be shaping corporate strategy, not just supporting it. Author Daniel Weise tells Compliance Week why such a transformation would elevate compliance, too.
Is threat of regulatory censure a risk worth taking?
When making anti-regulatory decisions, a board is expressing its real risk appetite. This can be frustrating, even bewildering, for compliance professionals, especially when rules are clear and explicit in their expectations.
Comerica pressured over handling of government program fraud claims
Comerica Bank has been battling allegations for years of mishandled fraudulent transactions in violation of U.S. federal banking laws. A series of class-action lawsuits against the bank recently certified by a federal district court judge provide scope into the alleged failings.
Survey: Cybersecurity, regulatory risks lead TPRM priorities in 2023
Respondents to a survey from Compliance Week and Dun & Bradstreet overwhelmingly indicated cybersecurity to be the most important compliance-related area affecting third-party risk management in the new year, though fraud and other risks should still be on their radar.
e-Book: Top TPRM priorities in 2023
Respondents to a survey from Compliance Week and Dun & Bradstreet overwhelmingly indicated cybersecurity to be the most important compliance-related area affecting third-party risk management in the new year, though fraud and other risks should still be on their radar.
Research project leveraging collaboration to better detect corruption
Integrity Distributed has launched a collaborative research project seeking to develop anti-corruption detection technology that includes academic, technological, and corporate partners.
GoodRx facing $1.5M fine over improper sharing of health data
GoodRx agreed to pay $1.5 million as part of a settlement reached with the Federal Trade Commission addressing allegations the telemedicine and prescription drug discount provider shared personal health data with third parties for advertising purposes.
e-Book: TPRM: No one-size-fits-all approach
Companies can’t do it all in terms of managing every risk from every possible third party. To begin, they must define their vision and strategy.
CPE Webcast: TPRM - ESG compliance and German Supply Chain Act
Increasing compliance requirements, including from the German Supply Chain Act, pending Securities and Exchange Commission guidelines, and European Union directives, require a programmatic approach to managing third-party and supply chain risk.
Banks fooled in DOJ Russian yacht sanctions evasion case
The Department of Justice’s charges against a U.K. businessman and his Russian partner for evading U.S. sanctions against a Russian oligarch provide insight into how the use of shell companies, third parties, and other methods can thwart the compliance efforts of financial institutions.
Good faith not good enough in navigating global supply chain laws
Differences in the level of duty of vigilance among supply chain legislation in countries including the United States, United Kingdom, and Germany mean best efforts to root out and stop slave labor and other worker exploitation are not enough, according to experts.
Ten things I’d like to see happen in 2023 (2022 in review)
Expect big developments for the compliance profession in 2022 to continue to take center stage in the year ahead, including CCO certifications, climate-related disclosures, and more.
Meta to pay $725M to settle privacy class-action lawsuit
Meta, the parent company of Facebook, agreed to pay $725 million to settle a class-action lawsuit accusing the social media giant of selling data to third parties without users’ consent.
TPRM panel: Underscoring need for first line of defense to own risk
Panelists discussing risk ownership at CW’s virtual TPRM and Oversight Summit share their experiences educating first-line leaders on their roles and responsibilities in the TPRM process.
TPRM due diligence best practices: No one-size-fits-all approach
Panelists at CW’s virtual TPRM and Oversight Summit stressed patience in developing proper risk management and due diligence practices, advising companies to find their “north star.”
CPE Webcast: 10 best practices for streamlining your TPRM workflows
Time is a valuable resource, especially when trying to manage a third-party risk program at scale. Hundreds of third parties to manage, hundreds of assessments to send, thousands of risks to analyze—how do you keep up?
Compliance budgets, staffing brace for impact of recession prep efforts
Respondents to our “Inside the Mind of the CCO” survey whose businesses are anticipating an economic recession note smaller budgets and the delay of new initiatives among efforts already undertaken to cut costs.
TPRM Summit: How to successfully implement data analytics
A panel of experts at CW’s virtual TPRM and Oversight Summit offered a how-to primer on using data analytics to monitor third-party risk while also highlighting some caveats to implementation.
Tricky but doable: Tips for navigating sanctions in third-party relationships
Sanctions concerns don’t need to end all business relationships in high-risk regions. Experts at CW’s virtual TPRM and Oversight Summit share their experiences navigating compliance.
TPRM Summit: Experts discuss FCPA lessons learned from ABB settlement
A panel on regulatory trends at CW’s virtual TPRM and Oversight Summit discussed lessons for compliance departments seeking to learn how to guard themselves against bad actors within their own firms contained in ABB’s recent $327 million bribery settlement.
U.S. law to stop Uyghur forced labor remains compliance challenge
It’s been six months since the Uyghur Forced Labor Prevention Act took effect, and businesses are no clearer today on how to comply with it, those familiar with the law said.
CPE Webcast: Best practices for third-party due diligence for ethics and compliance
Increased regulatory and consumer scrutiny on the integrity of businesses has shined a spotlight on the reputational risks of unethical business practices involving third parties.
March 30 | Third-party due diligence: A practical deep dive
A corporate code of conduct can be internally enforced, but how do you ensure third parties measure up to your values and requirements?
FINRA to sweep crypto-related communications by broker-dealers
The Financial Industry Regulatory Authority announced an examination sweep of retail communications by broker-dealers and their affiliates related to cryptocurrency asset products and services.
Treasury recommends more oversight for bank-fintech relationships
A new Treasury report found as the trend of nonbank fintech companies providing financial services in partnership with regulated entities continues to grow, regulators need to increase oversight of these relationships to curb the risks they pose.
CPE Webcast: How to transform your program from reactive to predictive
Today, it is not enough to focus solely on your organization’s internal risk, as control weaknesses and gaps in the organization’s business partners could ultimately lead to failure.
Survey: How businesses are confronting governmental licenses in M&As
The results of a recent survey conducted by Compliance Week and Avalara found most businesses consider governmental licenses as part of due diligence efforts during mergers and acquisitions, yet the opportunity for risk management improvements remains.
CPE Webcast: 10 essential steps to streamline vendor risk assessments
As your program evolves, the need to simplify the vendor risk assessment process becomes unavoidable. So, what can you do to streamline assessment completion and simplify vendor risk reviews?
Lafarge to pay $778M for supporting terrorist groups ISIS, ANF in Syria
French multinational building products company Lafarge pleaded guilty to providing material support and resources to two U.S.-designated foreign terrorist groups in Syria, representing the Department of Justice’s first corporate material support for terrorism prosecution.
CPE Webcast: AI for TPRM - What you need to know to stay ahead
Artificial intelligence is no longer the stuff of science fiction. It has already transformed transportation, marketing, and retail, to name a few areas. It is also driving the most meaningful shift third-party risk management has experienced since its inception.
CPE Webcast: How to navigate the third-party risk threat landscape
Today’s business threats are evolving, and ESG, resiliency, and cybersecurity are at the forefront. These risks affect businesses of all sizes and make it imperative that organizations update and modernize their third-party risk management programs.
ESG Summit: Holistic approach to supply chain risk an ‘investment differentiator’
Two experts explained how the C-suite as a whole—not just compliance officers—should be focused on the holistic approach to supply chain risk management during a session at CW’s virtual ESG Summit.
How effective beneficial ownership searches leverage technology
Determining the ultimate beneficial owner of individuals and companies your firm does business with can be a tricky thing. The most efficient investigations require an understanding of your firm’s risk appetite and appropriate technology to automate searches.
CPE Webcast: How to move an E&C program from effective to high quality
A critical component of a third-party risk management strategy is a robust compliance and policy training program that you control.
DOJ-informed compliance guidance helps Home Depot prep for potential scrutiny
How can a company prove its compliance bona fides to a regulator, should one ever come knocking on its door? The Home Depot has prepared for such a scenario with detailed guidance pegged to the DOJ’s “Evaluation of Corporate Compliance Programs.”
Albemarle in settlement talks with SEC, DOJ over FCPA violations
Chemical company Albemarle Corp. has entered settlement talks with the Securities and Exchange Commission and Department of Justice regarding potential violations of the Foreign Corrupt Practices Act.
How compliance can help prevent human trafficking
There are many organizations that seek to prevent human trafficking, but their work can sometimes seem distant and detached from our roles as compliance professionals. We must consider how to bridge that gap, with a particular focus on supply chains.
SFO accepts ‘sobering’ results of Unaoil, Serco case reviews
The U.K.’s Serious Fraud Office was criticized for its leadership, culture, and conduct in a report examining why the agency botched a key corruption case against Unaoil that has now seen three convictions overturned.
MidFirst Bank avoids penalty in OFAC resolution
MidFirst Bank will not pay a civil penalty after self-reporting to the Office of Foreign Assets Control apparent violations of weapons of mass destruction proliferator sanctions at the bank.
CPE Webcast: Getting started with third-party risk management
Nearly every business does due diligence when onboarding and renewing contracts, but many times the work stops well short of a program to efficiently manage strategic third parties, their contributions to business performance, and the risks they could pose to the organization.