Third Party Risk


News Brief

FINRA fines UBS unit $850K for failing to properly monitor customer transactions


UBS Financial Services, a subsidiary of the Swiss banking giant UBS, has been fined $850,000 for failing to properly monitor transactions between its broker-dealers and third parties.



How fintechs can overcome major compliance hurdles in embedded finance

2024-07-01T15:45:00+01:00By Margaret Holmes Tibbets, CW guest columnist

Margaret Holmes Tibbets, chief compliance officer at financial technology company Pipe, explains how firms are facing an existential compliance crisis, and to survive they’ll need to overcome not one but two hurdles.

Financial Crimes 2024 Managing Nonbanks


Banks must bolster awareness of fintech partner risks, experts advise at Fordham


During a panel at Compliance Week’s Financial Crimes and Regulatory Compliance Summit, held June 10-11 in New York, experts discussed nuances in bank-financial technology partnerships, offering best practices for how banks should protect themselves.

North Korea sanctions

News Brief

Mondo TV reaches $538K settlement with OFAC over N. Korea sanctions violations


Italy-based Mondo TV agreed to pay $538,000 to settle charges with the Treasury Department’s Office of Foreign Assets Control over 18 apparent violations of North Korea sanctions regulations.


News Brief

DOE offers supply chain cybersecurity guidance for energy, oil, gas industries


The U.S. Department of Energy released supply chain cybersecurity principles meant to help strengthen key technologies used to manage and operate electricity, oil, and natural gas systems.


News Brief

OFAC sanctions nearly 50 entities for ‘shadow banking’ benefiting Iranian military


The Treasury Department’s Office of Foreign Assets Control sanctioned nearly 50 entities connected with so-called “shadow banking” networks that help Iran’s military evade U.S. sanctions and to sell the country’s oil and petrochemical products.

Child Privacy

News Brief

SpongeBob game developer ordered to pay $500K over CCPA, COPPA violations


Popular children’s mobile game developer Tilting Point Media agreed to pay $500,000 to settle allegations the company illegally collected children’s personal data, a violation under the California Consumer Privacy Act and a federal children’s privacy law.


News Brief

OCC emphasizes compliance’s role in FI’s operational resiliency


Compliance departments at financial institutions must become more involved in ensuring their firm’s operational resiliency to address emerging risks, the Treasury Department’s Office of the Comptroller of the Currency said in its semi-annual risk perspective.



CPE Webcast: Digital Operational Resilience Act: Key provisions and best practices

2024-06-18T14:00:00+01:00Provided by

This presentation will provide an overview of the key provisions of DORA and their implications for Third-Party Risk Management (TPRM) teams, list best practices for DORA preparation and review key considerations for teams looking to implement the DORA framework.

columnist dale


Top-of-mind takeaways from TPRM Summit


Top-of-mind issues addressed at Compliance Week’s Third-Party Risk Management & Oversight Summit, held June 3-4 in Atlanta, included safe deployment of artificial intelligence, assessing vendor viability and sustainability, understanding the role of procurement in risk ranking, the intersection (or lack thereof) between data privacy and cybersecurity, and many others.


News Brief

Washington state importer ordered to hire CCO in response to Lacey Act violations


A Washington state importer has been ordered by the Department of Justice to pay a $360,000 fine and hire a chief compliance officer after imported wood items the company claimed to be from Malaysia were found to be from China.

Financial Crimes 2024 Axelrod


BIS’s Axelrod makes plea to financial services: ‘We want to work with you’


Matthew Axelrod, assistant secretary for export enforcement at the Bureau of Industry and Security, addressed efforts to reach financial services firms, working with the Financial Crimes Enforcement Network, and more during his fireside chat at CW’s Financial Crimes Summit.


News Brief

Additions to UFLPA Entity List signal seafood supply chain risks


The U.S. Department of Homeland Security added three China-based entities across the seafood, aluminum, and footwear industries to the Uyghur Forced Labor Prevention Act Entity List.

Sanctions compliance TPRM


Panelists break down robust sanctions landscape at TPRM Summit


Sanctions compliance officers face myriad challenges as complex geopolitical situations heighten risks worldwide, experts discussed during Compliance Week’s Third-Party Risk Management & Oversight Summit.



Experts: AI risk mitigation second nature for compliance professionals


Compliance has been “sleeping on” artificial intelligence, two panelists discussed at Compliance Week’s Women in Compliance Summit. The profession should be positioned to lead on AI governance at the business level.


News Brief

Hyundai Motor caught in DOL complaint over child labor


The Department of Labor sued three Alabama businesses, including a Hyundai Motor manufacturing plant, for employing a 13-year-old worker on an auto parts assembly line.

Albemarle 2000x1333


Revamped compliance processes key Albemarle win as Compliance Program of the Year


For successfully navigating thorny compliance issues related to self-disclosed violations of the Foreign Corrupt Practices Act, Albemarle was named Compliance Program of the Year at the 2024 Excellence in Compliance Awards.

Sharon Johnson Heather Sudo 2000x1333


Creative engagement approach drives Compliance Innovators Johnson, Sudo


Through clever rhymes and real-life examples, Sharon Johnson and Heather Sudo of MODE Global have made it their mission to think outside the box when it comes to compliance awareness. Their approach earned them Compliance Innovator(s) of the Year at the 2024 Excellence in Compliance Awards.


News Brief

Lemont National, Comerica Bank unit avoid penalties in separate OCC deals


The Office of the Comptroller of the Currency reached agreements with Lemont National Bank and Comerica Bank & Trust over concerns related to risk governance practices.


News Brief

Senate report cites VW, BMW, JLR for potential forced labor violations


A U.S. Senate report found three European automakers—Volkswagen, BMW, and Jaguar Land Rover—sold cars in the United States with parts sourced from a supplier suspected of using forced labor from China’s Xinjiang region.

U.S. China flags

News Brief

UFLPA Entity List nearly doubles with textile industry sweep


The Department of Homeland Security announced its largest batch of additions to the list of companies blocked under the Uyghur Forced Labor Prevention Act in the form of a sweep of the Chinese textile industry.

New York cyber-security

News Brief

NYDFS offers cyber rule compliance template for small businesses


The New York State Department of Financial Services issued guidance for small businesses attempting to comply with its cybersecurity regulations.



CW2024 panel: TPRM board buy-in earned through impact, activity


Identifying critical measures for third-party risk management has become vitally important as risk professionals face an uphill battle in fighting for resources, experts discussed at Compliance Week’s 2024 National Conference.



Report: Human error driving growing number of data breaches


Verizon’s annual data breach report shows trends in cybersecurity incidents, including more ransomware and extortion attacks last year.


News Brief

CFPB fines Chime $3.25M over account refund delays


The Consumer Financial Protection Bureau ordered Chime Financial to pay $3.25 million in penalties for allegedly delaying consumer refunds past its promised 14-day timeframe.


News Brief

Federal banking regulators issue TPRM guidance for community banks


The Federal Deposit Insurance Corporation, Federal Reserve Board, and Office of the Comptroller of the Currency combined to provide guidance on third-party risk management focused on the unique risks faced by community banks in their third-party relationships.


News Brief

FCC finalizes $196M in fines against telecoms for sharing location data


The Federal Communications Commission fined telecommunications giants T-Mobile, Sprint, AT&T, and Verizon a total of approximately $196 million for allegedly selling customers’ location data to third parties without consent.


News Brief

Williams-Sonoma fined record $3.2M over admitted ‘Made in USA’ order violations


Kitchen and home retail company Williams-Sonoma agreed to pay nearly $3.2 million for failing to comply with a 2020 administrative order by the Federal Trade Commission prohibiting its marketing of imported goods as made in the United States.

EY thumbnail


e-Book: Tips for TPRM, supply chain due diligence

2024-04-26T21:03:00+01:00Provided by

Implementing a risk-based approach to third-party due diligence frees up compliance resources to be deployed efficiently and helps organizations meet the expectations of regulators.

ESG vector


Report: Poor awareness of supply chain disclosure regs leaving firms exposed


Compliance failures in the supply chain are hampering organizations’ efforts to implement environmental, social, and governance initiatives and meet disclosure requirements, according to a new report by U.K. law firm Burges Salmon.

onetrust 2022 300x200


CPE Webcast: Automating third-party management workflows: 5 ways to drive alignment across teams

2024-04-23T14:00:00+01:00Provided by

Is your third-party management process bogged down by manual workflows and misaligned teams? It’s time to say goodbye to inefficiency and hello to streamlined processes (if only it were that simple).

Iran flag

News Brief

OFAC fines SCG Chemicals unit $20M over Iran sanctions violations


A subsidiary of Thailand-based SCG Chemicals Co. agreed to pay a $20 million fine to the Office of Foreign Assets Control over “egregious” violations of sanctions against Iran.

European Court of Human Rights


ECHR ruling opens door to climate change litigation on basis of human rights


By holding the Swiss government accountable for failing to do more to limit climate change, a ruling by the European Court of Human Rights might have significant implications for legislators and organizations in other countries across the European Union.


News Brief

New DHS strategy sets textiles up for added UFLPA scrutiny


The Department of Homeland Security announced a new strategy set to help close a loophole that allows certain textile-related shipments from China to enter the United States without scrutiny under the Uyghur Forced Labor Prevention Act.

CW2024 leadership panel


CW2024 leadership panel on navigating scrutiny, prep for more change


The global political landscape should be high on the risk radar of compliance officers in 2024, according to compliance leaders speaking at Compliance Week’s 2024 National Conference, along with increased regulatory scrutiny toward forced labor, ESG, and M&A.

CW2024 McBride


Ex-Albemarle CCO shares drivers behind data analytics success at CW2024


Former Albemarle CCO Andrew McBride explained at Compliance Week’s 2024 National Conference how he led the company’s compliance department to remediate the issues that led to apparent FCPA violations and how the team used data analytics to assess risks and implement compliance solutions.


News Brief

AT&T: Data leak exposed info of 73M customers onto dark web


AT&T said personal account data on approximately 73 million current and former customers was released on the dark web two weeks ago but has not yet identified when and where the breach occurred.

China flags


CBP stats show persistent problem areas under UFLPA

2024-04-01T13:33:00+01:00By and

It’s been nearly two years since the Uyghur Forced Labor Prevention Act took effect, and as enforcement statistics and recent reports demonstrate, many businesses are still not adequately vetting their supply chains.

certa 300x200


CPE webcast: Rapid expansion of global forced labor regulations

2024-03-28T14:00:00+00:00Provided by

Join us as we dive into the best practices for performing due diligence across your entire supply chain—from the sourcing of raw materials to the delivery of finished goods—to become (and stay) compliant with this ever-evolving landscape.

Department of Labor

News Brief

DOL orders Tuff Torq to pay $1.8M over child labor violations


The Department of Labor ordered Tennessee-based Tuff Torq Corp. to pay nearly $1.8 million over alleged child labor violations.

Whistleblower vector


NAVEX whistleblower report finds third parties lead on business integrity


A new report on corporate whistleblowing and hotline trends in 2023 found reporting volume at an all-time high, with key disparities uncovered between reports filed by third parties and those filed by employees.


News Brief

Adani Group on defense over reports of FCPA probe


Indian conglomerate Adani Group said it is aware of an investigation by the U.S. Department of Justice into bribery allegations against a “third party” but denied a relationship with it.

Supply chain


Policy changes underscore need for enhanced child labor due diligence

2024-03-18T13:20:00+00:00By and

Rooting out potential child or forced labor violations in your company’s supply chain can have benefits beyond protecting reputation and being ethically sound. The process can also help your firm comply with pending child labor laws in other jurisdictions.



The auditor’s role in supply chain due diligence


Although compliance should be the company’s primary responsibility, auditors have become the last line of defense and are getting pressured and blamed for supply chain issues, including instances of child labor. Is this expected to become the normal for the profession?

OCC sign


U.S. banking regs mulling enhanced operational resiliency frameworks


Acting Comptroller of the Currency Michael Hsu said federal banking agencies are considering enhancements to their operational resiliency requirements for member banks.

Department of Labor


DOL seeking more authority in crackdown on child labor violations


The Department of Labor has stepped up its enforcement of child labor law amid a concerning rise in child labor exploitation, yet the agency acknowledges its resources are not great enough to be a significant deterrent for such misconduct.

Child labor


Child labor violations are on the rise in U.S. Are they in your supply chain?


The compliance community has not been spending time addressing a problem mistakenly thought to be a rarity: The proliferation of child labor violations occurring in the United States.

European Commission

News Brief

EU to ban sale of products made with forced labor


The European Union announced an agreement to ban products made with forced labor, a decision that will oblige organizations to track and declare more information about their supply chains for goods entering EU markets.



CPE Webcast: Applying traditional TPRM security and data privacy practices in the digital space

2024-03-05T14:00:00+00:00Provided by

This webinar explores the compliance challenges posed by evolving privacy regulations and the recent explosion of class-action litigation arising from third-party advertising technology on websites.

Metropolitan Commercial Bank

News Brief

Metropolitan Commercial Bank adds risk chief, AML officer


Metropolitan Commercial Bank announced the appointments of a chief risk officer and Bank Secrecy Act/anti-money laundering officer to bolster its reporting lines following a $30 million enforcement action from federal and state authorities last year.