Materiality, Scope 3 emissions elicit debate in SEC climate rule comments
Comment letters in response to the SEC’s climate-related disclosure rule have laid out opponents’ issues with the proposal, while supporters have used the process to buttress the agency’s case for implementing it.
FINRA fines Barclays $2.8M over supervision, disclosure lapses
Barclays Capital agreed to pay $2.8 million as part of a settlement with the Financial Industry Regulatory Authority for “failure to comply with customer confirmation and related supervision rules” that led to disclosure lapses.
CPE Webcast: Managing challenges of sanctions screening in your third-party risk program
Sanctions are one of the most important risk factors to consider in any compliance program. No one wants to be found to have business ties to a sanctioned entity given the potential for significant financial penalties and reputational damage.
Uyghur Forced Labor Prevention Act should prompt due diligence reassessment
All companies with a global footprint should be reevaluating their supply chain due diligence and documentation practices to show the absence of forced labor in the wake of the Uyghur Forced Labor Prevention Act taking effect.
Survey: Tell us about your M&A compliance
Take part in this 3-minute survey to help benchmark your mergers and acquisitions pain points against those of your peers. One lucky respondent will win a $200 Amazon gift card for completing the survey.
FCA fines JLT Specialty $9.7M for financial crime control lapses
The U.K. Financial Conduct Authority fined a unit of insurance broker Jardine Lloyd Thompson Group 7.9 million pounds (U.S. $9.7 million) for failing to control financial crime within its South and Central American subsidiaries.
‘Have contingency plans’: TPRM expert on confronting Russia risk exposure
Melanie Gallagher, head of third-party risk management at financial software company Intuit, offered best practices for navigating sanctions compliance risks at CW’s TPRM Summit in Chicago.
Five prevailing themes from TPRM Summit
Editor In Chief Kyle Brasseur recaps popular points of discussion across Compliance Week’s two-day Third-Party Risk Management Summit held in Chicago.
Strain in your supply chain no excuse for compliance shortcuts
With the Russia-Ukraine war’s ever-expanding sanctions landscape, supply chain strain and risk of enforcement are sharply increasing. Speakers at a recent event hosted by Drexel University’s Kline School of Law offered best practices.
July 21 | Getting started with third-party risk management
Nearly every business does due diligence when onboarding and renewing contracts, but many times the work stops well short of a program to efficiently manage strategic third parties, their contributions to business performance, and the risks they could pose to the organization.
Primer: Third-Party Risk Management & Oversight Summit
Editor In Chief Kyle Brasseur previews Compliance Week’s Third-Party Risk Management Summit, a two-day conference solely dedicated to the sharing of knowledge and experience within TPRM.
Best practices, common pitfalls in working in high-risk countries
A panel of compliance professionals discussed the increasingly relevant topic of working in high-risk countries, sharing their experiences and lessons learned at Compliance Week’s National Conference in Washington, D.C.
Ten highlights from Compliance Week 2022
Editor In Chief Kyle Brasseur recaps the moments that stood out to him most from Compliance Week’s first in-person event since 2019.
Expert: Combating modern slavery starts with understanding the issue
Matthew Friedman, an expert on international human trafficking with more than 30 years of experience, discussed the importance of companies addressing modern slavery in their supply chains as part of a virtual fireside chat on the human factor of ESG at Compliance Week’s National Conference.
Whistleblower to OCC: USAA had 400,000 undisclosed Military Lending Act violations
USAA Bank engaged in an estimated 400,000 violations of the Military Lending Act, a former director of compliance within the bank reported to the Office of the Comptroller of the Currency in documents seen by Compliance Week.
A look inside USAA’s ‘catastrophically mismanaged’ compliance culture
In exclusive interviews with Compliance Week, former USAA insiders describe a risk and compliance culture in which numerous individuals either were given the axe or quit because the problems were so endemic.
Whistleblower: USAA ‘actively lying to regulators for years’ regarding violations of law
Senior executives at USAA ignored warnings from compliance staff and consultants for years regarding violations of U.S. federal banking laws and hid from regulators the scope of the company’s illegal practices, a former USAA director of compliance turned whistleblower told Compliance Week.
CPE Webcast: Cybersecurity and third-party risk: Third-party threat hunting
Learn how to build a third-party risk management program with cybersecurity risk at the forefront.
Experts assess risks to weigh as companies confront exit from Russia
As sanctions against Russia continue to come down from the United States, European Union, and other countries, companies must ensure they have the means to comply instantly—even if ceasing business dents their financials and puts them at legal risk for breaching contract.
ICA Insight: Russia sanctions frequently asked questions
Jake Plenderleith of the International Compliance Association answers selected questions from attendees of a recent ICA webinar on Russian sanctions intended to help provide clarity on what firms can do to protect themselves from exposure.
How to prepare for SEC’s climate-related disclosure rule
The Securities and Exchange Commission’s proposed climate-related disclosure rule would force companies that have been reluctant to initiate a self-examination of their environmental impact to do so, posthaste. Experts weigh in on where to start.
Compliance implications of USAA order addressing AML lapses
The consent order issued by the Office of the Comptroller of the Currency against USAA Bank imparts lessons for compliance officers in the financial services industry on how—and how not—to maintain a Bank Secrecy Act/anti-money laundering compliance program.
Advice for navigating ‘fast and furious’ Russian sanctions landscape
To help sort through the gray area of evolving sanctions and export control restrictions against Russia, chief compliance officers should consider a handful of key best practices.
USAA fined $140M for AML compliance failures
USAA Federal Savings Bank must pay $140 million as part of consent orders reached with the Financial Crimes Enforcement Network and Office of the Comptroller of the Currency for its failures maintaining its Bank Secrecy Act/anti-money laundering compliance program.
Top 10 reasons to attend Compliance Week 2022
A keynote with two SEC commissioners; interactive sessions on global sanctions, ESG, and ethical leadership; and a new conference location and format highlight Dave Lefort’s list of reasons to be excited for CW’s first in-person event in nearly three years.
CPE Webcast: Vendor due diligence: Best practices for scoping assessments
Join ProcessUnity for a one-hour webcast and discover best practices and the newest techniques for appropriately scoping pre- and post-contract due diligence assessments.
Third-party cybersecurity monitoring: Tips for keeping vendors honest
A continuous monitoring cybersecurity strategy for third-party risks goes a long way toward proactively identifying external vulnerabilities. At CW’s virtual Cyber Risk & Data Privacy Summit, a panel of experts shared leading practices.
Transparency key to navigating modern employee monitoring risk landscape
The opening session of Compliance Week’s virtual Cyber Risk & Data Privacy Summit addressed the challenges of using technology to monitor employees while considering regulatory and ethical risks.
How Accor manages global data privacy compliance
Marie-Christine Vittet, vice president of compliance at hospitality chain Accor, shares with Compliance Week the company’s journey toward a global data privacy compliance program.
REWE International $9M GDPR fine a lesson in managing subsidiary risk
A recent decision by the Austrian Data Protection Authority against food retailer REWE International underlines the fact parent companies are ultimately responsible for how their subsidiaries manage people’s data, even if the offshoot entity operates separately.
NAVEX: Top 10 risk and compliance trends for 2022
Diversity, equity, and inclusion; prioritizing ESG; business continuity; and more highlight the latest edition of NAVEX’s annual list of risk and compliance trends worth monitoring.
Morgan Stanley agrees to $60M settlement over compromised personal data
Morgan Stanley has agreed to establish a $60 million fund to settle a class-action lawsuit filed by nearly a dozen customers regarding personal data that was compromised when the bank decommissioned two wealth management centers.
Survey highlights need for better data integration between risk and compliance
A recent survey from Compliance Week and Riskonnect presents a compelling argument for companies to invest in bridging the gap between risk management and compliance data.
Grindr fined $7.2M for GDPR consent violations
The Norwegian Data Protection Authority announced a fine of NOK 65 million (U.S. $7.2 million) against gay dating app Grindr for sharing personal data with third parties without users’ consent.
NYDFS guidance addresses common MFA problems—and how to fix them
The New York State Department of Financial Services outlined common vulnerabilities in multi-factor authentication and how to address them from a cybersecurity risk management standpoint.
OCC report: Cyberattacks, pandemic among top bank risk areas in 2021
Banks and financial institutions regulated by the OCC faced elevated risks in 2021 from cyberattacks launched on them and their third parties, as well as compliance risks related to the pandemic, according to the agency’s latest report.
How agile companies succeed in the throes of supply chain woes
In the midst of unimaginable global supply chain chaos, leading companies are adjusting their supply chains in a variety of ways, turning disruption into competitive advantage.
Rule requires banks report significant ‘computer-security incidents’ within 36 hours
Federal banking regulators issued a rule that requires financial institutions to notify their regulator within 36 hours of a “computer-security incident” that materially affects their operation, ability to deliver services, or the stability of the financial sector.
CPE Webcast: Third-party risk deep dive: How to calculate inherent risk
When building an efficient vendor risk management program, it is critical to prioritize which vendors present the most risk.
Volkswagen not resting on laurels post-monitorship
Volkswagen CCO Kurt Michels shared how the company has intensified business partner due diligence in the wake of completing its three-year U.S. monitorship during a fireside chat at CW’s virtual Europe event.
CWE panel: Risks, rewards of outsourcing compliance
As they look to manage third-party risks, compliance departments are increasing their reliance on outsourcing. Experts at Compliance Week’s virtual Europe event discuss the benefits and risks of enlisting external help.
Honeywell records charge of $160M in FCPA probe
Honeywell International has recorded a charge of $160 million in accrued liability concerning an investigation by U.S. and Brazilian authorities as to whether the company’s use of third parties in Brazil violated the FCPA.
Compliance Week National Conference is going back in person in May
Mark your calendars: Compliance Week’s National Conference in Washington, D.C. will be held in person for the first time in nearly three years from May 16-18, 2022.
How to respond to government’s renewed emphasis on cybersecurity
The Department of Justice’s new Civil Cyber-Fraud Initiative is the latest development to suggest companies’ cybersecurity defenses had better be up to snuff when doing business with the U.S. government or risk enforcement.
Metals Technology Initiative issues new anti-corruption resources
The Metals Technology Initiative has launched a new website making its guidance on gifts and hospitality and third-party due diligence freely accessible.
Report: China, U.S. most confident in combating corruption risks
Risk leaders at companies in China and the United States expressed the highest level of confidence in their approach to mitigating bribery and corruption risk, according to a new global benchmark report from Kroll.
CPE Webcast: Emerging trends from Deloitte’s global TPRM survey 2021
Join ProcessUnity and Deloitte’s leading third-party risk practitioners as they explore key findings from Deloitte’s 2021 Global TPRM Survey. You will hear what organizations are doing in the wake of last year’s pandemic to make advancements in their approach to third-party risk.
CPE Webcast: Defending yourself from ransomware third-party risks
Ransomware continues to dominate headlines with no sign of slowing down. What started more than 30 years ago has become one of the most prevalent and lucrative cyberattacks that does not discriminate by company size, industry, or geography.
Banking guidance: Six key areas of FinTech due diligence
Three federal banking regulators have released guidance offering tips and suggestions to community banks for conducting due diligence on potential FinTech partners.
FINRA notice outlines key areas for supervising third parties
The Financial Industry Regulatory Authority issued a notice on compliance deficiencies arising from firms’ relationships with vendors culled from examination findings.