Third Party Risk


News Brief

New DHS strategy sets textiles up for added UFLPA scrutiny


The Department of Homeland Security announced a new strategy set to help close a loophole that allows certain textile-related shipments from China to enter the United States without scrutiny under the Uyghur Forced Labor Prevention Act.

CW2024 leadership panel


CW2024 leadership panel on navigating scrutiny, prep for more change


The global political landscape should be high on the risk radar of compliance officers in 2024, according to compliance leaders speaking at Compliance Week’s 2024 National Conference, along with increased regulatory scrutiny toward forced labor, ESG, and M&A.

CW2024 McBride


Ex-Albemarle CCO shares drivers behind data analytics success at CW2024


Former Albemarle CCO Andrew McBride explained at Compliance Week’s 2024 National Conference how he led the company’s compliance department to remediate the issues that led to apparent FCPA violations and how the team used data analytics to assess risks and implement compliance solutions.


News Brief

AT&T: Data leak exposed info of 73M customers onto dark web


AT&T said personal account data on approximately 73 million current and former customers was released on the dark web two weeks ago but has not yet identified when and where the breach occurred.

China flags


CBP stats show persistent problem areas under UFLPA

2024-04-01T13:33:00+01:00By and

It’s been nearly two years since the Uyghur Forced Labor Prevention Act took effect, and as enforcement statistics and recent reports demonstrate, many businesses are still not adequately vetting their supply chains.

certa 300x200


CPE webcast: Rapid expansion of global forced labor regulations

2024-03-28T14:00:00+00:00Provided by

Join us as we dive into the best practices for performing due diligence across your entire supply chain—from the sourcing of raw materials to the delivery of finished goods—to become (and stay) compliant with this ever-evolving landscape.

Department of Labor

News Brief

DOL orders Tuff Torq to pay $1.8M over child labor violations


The Department of Labor ordered Tennessee-based Tuff Torq Corp. to pay nearly $1.8 million over alleged child labor violations.

Whistleblower vector


NAVEX whistleblower report finds third parties lead on business integrity


A new report on corporate whistleblowing and hotline trends in 2023 found reporting volume at an all-time high, with key disparities uncovered between reports filed by third parties and those filed by employees.


News Brief

Adani Group on defense over reports of FCPA probe


Indian conglomerate Adani Group said it is aware of an investigation by the U.S. Department of Justice into bribery allegations against a “third party” but denied a relationship with it.

Supply chain


Policy changes underscore need for enhanced child labor due diligence

2024-03-18T13:20:00+00:00By and

Rooting out potential child or forced labor violations in your company’s supply chain can have benefits beyond protecting reputation and being ethically sound. The process can also help your firm comply with pending child labor laws in other jurisdictions.



The auditor’s role in supply chain due diligence


Although compliance should be the company’s primary responsibility, auditors have become the last line of defense and are getting pressured and blamed for supply chain issues, including instances of child labor. Is this expected to become the normal for the profession?

OCC sign


U.S. banking regs mulling enhanced operational resiliency frameworks


Acting Comptroller of the Currency Michael Hsu said federal banking agencies are considering enhancements to their operational resiliency requirements for member banks.

Department of Labor


DOL seeking more authority in crackdown on child labor violations


The Department of Labor has stepped up its enforcement of child labor law amid a concerning rise in child labor exploitation, yet the agency acknowledges its resources are not great enough to be a significant deterrent for such misconduct.

Child labor


Child labor violations are on the rise in U.S. Are they in your supply chain?


The compliance community has not been spending time addressing a problem mistakenly thought to be a rarity: The proliferation of child labor violations occurring in the United States.

European Commission

News Brief

EU to ban sale of products made with forced labor


The European Union announced an agreement to ban products made with forced labor, a decision that will oblige organizations to track and declare more information about their supply chains for goods entering EU markets.



CPE Webcast: Applying traditional TPRM security and data privacy practices in the digital space

2024-03-05T14:00:00+00:00Provided by

This webinar explores the compliance challenges posed by evolving privacy regulations and the recent explosion of class-action litigation arising from third-party advertising technology on websites.

Metropolitan Commercial Bank

News Brief

Metropolitan Commercial Bank adds risk chief, AML officer


Metropolitan Commercial Bank announced the appointments of a chief risk officer and Bank Secrecy Act/anti-money laundering officer to bolster its reporting lines following a $30 million enforcement action from federal and state authorities last year.

Business ethics


Best practices for determining need for a human rights policy


Does your business need a human rights policy? An increasing number of organizations believe they do, according to research firm Gartner.



April 23 | Automating third-party management workflows: 5 ways to drive alignment across teams

2024-02-23T16:33:00+00:00Provided by

Is your third-party management process bogged down by manual workflows and misaligned teams? It’s time to say goodbye to inefficiency and hello to streamlined processes (if only it were that simple).

James Levey 3x2


Q&A: ManpowerGroup compliance director on CSRD prep efforts


James Levey, compliance director at global recruitment agency ManpowerGroup, discusses with Compliance Week his focus on preparing the group’s European operations to gather the data required for compliance with the EU’s Corporate Sustainability Reporting Directive.



CPE Webcast: TPRM: Time to change how you approach vendor assessments

2024-02-08T14:00:00+00:00Provided by

Forward-thinking third-party risk management teams are changing the way they approach vendor assessments.

Google HQ

News Brief

Alphabet to pay shareholders $350M over Google+ privacy lapses


Alphabet, the parent company of technology giant Google, agreed to pay $350 million in a preliminary settlement with shareholders over alleged data privacy violations and materially false and misleading statements linked to now-defunct social media site Google+.



U.K. Post Office scandal sparks contractor accountability debate


The recent furor in the United Kingdom over the Post Office’s wrongful prosecutions of sub-postmasters for alleged fraud has put the government’s relationship with private contractors under the spotlight and raised questions about how companies could be held more accountable in future.



FCPA violations in China: Lessons learned from 2023 cases


Enforcement actions regarding alleged violations of the Foreign Corrupt Practices Act at 3M, Albemarle, Clear Channel Outdoor, and Royal Philips each had China touchpoints. Experts assess third-party risk management lessons learned from each case.

Screenshot 2024-01-24 112203


White paper: Quantify Third-Party Financial Risk to Efficiently Address Threats

2024-01-23T16:05:00+00:00Provided by

Financial risk is one of the third-party risk management (TPRM) domains most likely to directly harm your organization.


News Brief

NYDFS proposes AI use guidance for insurers


The New York State Department of Financial Services issued for public comment guidance for insurers operating in the state regarding their use of artificial intelligence systems and other predictive technologies.

Business data


Lessons from Albemarle, ABB: How data-driven compliance can help your firm


Andrew McBride, chief risk officer of Albemarle Corp., and Tapan Debnath, head of integrity, regulatory affairs and data privacy at ABB, discussed how and why their respective organizations use data analytics to conduct business as part of a recent webcast.

Fraud victim

News Brief

FinCEN analysis: Most common identity-related suspicious activities


Fraud remains the leading form of identity-related suspicious activity cited in Bank Secrecy Act reports by a large margin, while technologies enable greater overall risks around exploitation, according to new research from the Financial Crimes Enforcement Network.



Ten things I’d like to see happen in 2024


Election years in the United States, United Kingdom, and at European Parliament, along with ongoing geopolitical tensions, make 2024 difficult to predict—aside from the expectation compliance officers will be busy.



June 18 | Digital Operational Resilience Act: Key provisions and best practices

2024-01-01T20:39:00+00:00Provided by

This presentation will provide an overview of the key provisions of DORA and their implications for Third-Party Risk Management (TPRM) teams, list best practices for DORA preparation and review key considerations for teams looking to implement the DORA framework.

Brazil oil

News Brief

Freepoint Commodities to pay $99M in Brazil bribery FCPA case


Freepoint Commodities agreed to pay nearly $99 million to settle allegations by the Department of Justice that it paid bribes to Brazilian government officials in return for business from state-owned oil company Petrobras.

Shipping boat

News Brief

U.S. agencies issue ‘know your cargo’ transport compliance note


Five agencies of the U.S. government combined to issue best practices guidance for entities in the maritime and other transportation industries to help reduce risk of sanctions and export control violations and evasion efforts.

Data on computer


Efficiency, consistency among goals of modernized TPRM program


Managing directors at KPMG share how firms are making strides in building robust third-party risk management programs for the future.

OCC sign

News Brief

OCC offers compliance guidance to banks on ‘buy now, pay later’ loans


New guidance from the Office of the Comptroller of the Currency advises banks to tailor their risk management strategies and lending oversight for “buy now, pay later” plans.

SN thumbnail_


e-Book: Goals of a modernized TPRM program

2023-12-05T19:00:00+00:00Provided by

Companies have shown a willingness to invest in technology to enhance their third-party risk management efforts. But that doesn’t mean new opportunities don’t remain.

Digital data


Survey: Companies bullish on new tech amid enhanced sanctions scrutiny


Emerging technologies like automation and generative AI are on the radar as difference-makers for businesses serious about keeping pace with increasing regulatory scrutiny toward third-party due diligence and sanctions compliance, a survey conducted by Compliance Week and Certa found.

PwC 300x200 USE THIS


CPE Webcast: Better risk assessments: Practical, data-driven assessments made simple

2023-11-28T14:00:00+00:00Provided by

Today’s risk assessments require improved quantitative, data-driven analysis, including interpreting inherent risk data in a meaningful way. Organizations are looking for risk assessments to be actionable, easier to execute, and defensible.

onetrust 2022 300x200


CPE Webcast: Elevating third-party safety: The art of TPRM and TPDD integration

2023-11-16T11:00:00+00:00Provided by

This webinar will address the unique competencies of third-party risk and due diligence programs and examine when and how to align them to maximize the effectiveness of each.



A job never done: Tips for TPRM integration


Taking risk mitigation further and understanding your third parties and their risks can create value for your organization, practitioners discussed as part of a panel at CW’s virtual TPRM and Oversight Summit.

riskonnect 300x200


CPE Webcast: How to strengthen your TPRM to be more resilient

2023-11-14T14:00:00+00:00Provided by

In this session, experts from Riskonnect and Deloitte will explore why it is important for organizations to align strategies, processes, and practices related to business resilience with the risks posed by third-party vendors and partners.

Due diligence


TPRM Summit: How to operate a risk-based due diligence program


A panel of experts broke down the nuts and bolts of integrating a risk-ranking strategy and tailored approach to third-party due diligence at CW’s virtual TPRM and Oversight Summit.

China scrutiny


Due diligence in China: Mitigating arrest, detention risks


Lack of transparency around how to remain within the legal bounds of China’s national security laws has heightened companies’ concerns regarding performing on-site due diligence in the country.



CPE Webcast: Beyond the questionnaire: Tips to modernize your TPRM program

2023-11-02T14:00:00+00:00Provided by

Join ProcessUnity for a discussion on how forward-thinking TPRM teams are incorporating new relationships, technologies, and techniques to mature their risk-reduction capabilities.

CWE 2023 Supply Chain


Supply chain due diligence must go beyond self-assessments


So many companies rely on suppliers to self-certify they comply with buyers’ codes of business conduct that the practice is “almost useless,” a panel of experts discussed at Compliance Week’s Europe conference in London.

onetrust 2022 300x200


CPE Webcast: Best practices for third-party due diligence for ethics & compliance

2023-10-31T14:00:00+00:00Provided by

Increased regulatory and consumer scrutiny on the integrity of businesses has shined a spotlight on the reputational risks of unethical business practices involving third parties.



Survey: Risk chiefs feeling pressure from growing compliance mandates


Mounting compliance requirements and technological innovations have chief risk officers facing more complex risk environments, according to a KPMG survey.

Metropolitan Commercial Bank

News Brief

Metropolitan Commercial Bank fined $30M for third-party oversight failings


New York-based Metropolitan Commercial Bank was assessed nearly $30 million in penalties by federal and state banking regulators for failing to properly oversee a third-party program manager whose prepaid cards were a popular target of fraud during the Covid-19 pandemic.

Darren Bradshaw, Chief Audit and Compliance Officer, Stellantis


Digital Transformation of Compliance podcast: Stellantis CCO Darren Bradshaw


In this episode of the Digital Transformation of Compliance podcast series, Darren Bradshaw, chief audit and compliance officer at Stellantis, shares how the automaker has digitized and automated parts of its compliance function.

onetrust 2022 300x200


CPE Webcast: TPRM privacy compliance: 10 best practices when working with third parties

2023-10-17T14:00:00+01:00Provided by

Businesses are facing an increasing amount of pressure to protect their customers’ data and demonstrate privacy compliance. At the same time, for most modern organizations, more data is flowing to third parties than ever before.


News Brief

TransUnion settles with CFPB, FTC over tenant screening accuracy


Credit reporting agency TransUnion agreed to pay $23 million total across settlements with the Consumer Financial Protection Bureau and Federal Trade Commission for alleged tenant screening and security freeze deficiencies.