The Department of Justice’s new Civil Cyber-Fraud Initiative is the latest development to suggest companies’ cybersecurity defenses had better be up to snuff when doing business with the U.S. government or risk enforcement.
The Metals Technology Initiative has launched a new website making its guidance on gifts and hospitality and third-party due diligence freely accessible.
Risk leaders at companies in China and the United States expressed the highest level of confidence in their approach to mitigating bribery and corruption risk, according to a new global benchmark report from Kroll.
Join ProcessUnity and Deloitte’s leading third-party risk practitioners as they explore key findings from Deloitte’s 2021 Global TPRM Survey. You will hear what organizations are doing in the wake of last year’s pandemic to make advancements in their approach to third-party risk.
Ransomware continues to dominate headlines with no sign of slowing down. What started more than 30 years ago has become one of the most prevalent and lucrative cyberattacks that does not discriminate by company size, industry, or geography.
Three federal banking regulators have released guidance offering tips and suggestions to community banks for conducting due diligence on potential FinTech partners.
The Financial Industry Regulatory Authority issued a notice on compliance deficiencies arising from firms’ relationships with vendors culled from examination findings.
A recent survey from Compliance Week and OpenText reveals while investigations and data volumes are on the rise, machine learning combined with external expertise may give companies the upper hand in accelerating response and results.
For individuals managing third-party risk, there is one primary question that needs answering: Are your vendors safe to do business with? Answering that question is not so straightforward.
ESG and its role in third-party risk management have gained prominence this past year as the awareness for environmental and social issues continue to grow.
Three federal banking regulators are seeking public input on the first comprehensive update to risk management guidance for financial institutions entering into business relationships with third parties since 2013.
Kroll’s newest anti-corruption benchmarking report highlights current TPRM trends such as evolving challenges with enhanced due diligence, the rise of automation, the growing incorporation of ESG matters into compliance programs today, and more.
Two risk and compliance practitioners opened their cyber-playbooks at CW’s TPRM virtual event, explaining how to identify and address vulnerabilities, establish transparency with vendors, and strengthen an organization’s incident management program.
Charles Duross, former deputy chief of the DOJ’s Fraud Section, shared tips on how companies can best manage third parties and employees who willfully try to circumvent internal controls during his keynote speech at CW’s virtual TPRM conference.
With many businesses still sorting through the new layers of risk that have emerged over the last 16 months, Linda Tuck Chapman of the Third Party Risk Institute shared her top areas of focus and more at CW’s virtual TPRM event.
In the market for a software solution to help manage your third-party risk? Check out our collection of video demos from nearly a dozen of the top vendors in the space.
Multiple high-profile companies—including Carnival, Wegmans, McDonald’s, Volkswagen, and CVS—have confirmed in recent days they were either victims of a data breach or were alerted to a gap in their security controls.
Third-party risk management has always been a challenging area for risk and compliance professionals, never more so than today. As the global economy rebounds, third-party risk has taken on new dimensions.
Organizations are adopting digital transformation and, as a result, increasing their reliance on third parties faster than they can scale their third-party cyber-risk management programs.
A month has gone by since a 1,300-foot cargo ship ran aground and blocked one of the busiest waterways in the world. For many industries, the ripple effects will continue to batter global supply chains for weeks to come, absent having in place a sound supply chain risk management program.
The grounding of the Ever Given is the latest unexpected incident to cause severe supply chain disruptions around the world. The lessons learned from others, such as the coronavirus pandemic, are just as relevant, writes Aaron Nicodemus.
Today’s financial services industry operates in an environment characterized by significant regulatory scrutiny. To be compliant, organizations must be aware and adhere to regulations, guidelines, and industry standards as it relates to their vendors, suppliers and third parties.
Two months after cloud service vendor Accellion first identified one of its legacy products was targeted by a sophisticated cyber-attack, users of the product continue to feel the impact, with grocery chain Kroger the latest to reveal its exposure.
Should you consider outsourcing some of your firm’s compliance functions? Perhaps, even, all of them? The answer is complicated and requires a thorough analysis of the risks and rewards.
This guide will help you better understand the choices before you, no matter if your organization hasn’t even cracked the seal on third party cyber risk management.
The more we learn about the SolarWinds hack, the more troubled compliance officers should be by the scope and breadth of the risks their companies might have incurred.
Norway’s data privacy watchdog issued gay dating app Grindr with a notice of intention to fine it NOK 100 million (U.S. $11.7 million) for sharing personal data with third parties without users’ consent.
Join Deloitte’s leading practitioners in third party risk management for a one-hour webinar as they explore key findings from their fifth annual extended enterprise risk management (EERM) survey.
Deutsche Bank has agreed to pay more than $130 million to resolve charges that it paid bribes to third parties to secure business deals in Asia and the Middle East, in addition to a separate commodities fraud “spoofing” case.
For most companies, supply chain risk management traditionally focuses on managing physical third-party risks. But what the SolarWinds cyber-attack revealed is the catastrophic havoc fourth and fifth parties can also wreak in the often-ignored cloud supply chain.
The lessons from the massive SolarWinds hack on where vulnerabilities still lurk in the third-party vendor supply chain cannot be grasped soon enough.
To say that 2020 was filled with change and challenges would be an understatement. As businesses adjust to new ways of working, many are reassessing the risk profiles of their third parties and re-evaluating their third-party risk management programs as they prepare for the new year.
Join this educational session as we outline best practices for developing and optimizing efficient processes within your third party risk management program.
A spate of recent cyber-security breaches occurring via third parties is a reminder of the importance for companies to stay on top of risk management. Regulators have shown to not take kindly to finger-pointing.
Recent GDPR fines against British Airways, Marriott, and Ticketmaster by the U.K. Information Commissioner’s Office each saw the regulator dismiss claims by the companies that third parties were primarily responsible for the data breaches in question.
Today, many organizations find themselves stretched thin with limited resources and unable to put together a world-class vendor risk management program.
The U.K. Information Commissioner’s Office fined Ticketmaster £1.25 million (U.S. $1.6 million) for its failures relating to a 2018 data breach by a third party.
Federal banking regulators have released new operational resiliency guidance aimed to strengthen risk management around technology-based failures, cyber-incidents, pandemic outbreaks, natural disasters, and more.
Alcoholic beverage maker Beam Suntory agreed to pay $19.6 million to resolve Foreign Corrupt Practices Act charges of improper payments by its Indian subsidiary.
The Office of the Comptroller of the Currency’s finalized “true lender” rule clarifies how banks are responsible for the compliance obligations and actions of their third-party lending partners.
This webinar will discuss how companies are making changes to their onboarding processes and supply chain due diligence and how COVID-19 has shifted priorities and budgets going forward.
Managing third-party risk for your organization is increasingly becoming more urgent with today’s environmental and geopolitical challenges, business continuity issues and regulatory demands.
The U.S. Department of the Treasury’s Office of Foreign Assets Control assessed a $4.1 million fine against Berkshire Hathaway for “egregious” violations of sanctions against Iran committed by a subsidiary in Turkey.