Third Party Risk


Business argument

Materiality, Scope 3 emissions elicit debate in SEC climate rule comments

2022-07-06T13:40:00+01:00By

Comment letters in response to the SEC’s climate-related disclosure rule have laid out opponents’ issues with the proposal, while supporters have used the process to buttress the agency’s case for implementing it.

Barclays

FINRA fines Barclays $2.8M over supervision, disclosure lapses

2022-07-01T16:36:00+01:00By

Barclays Capital agreed to pay $2.8 million as part of a settlement with the Financial Industry Regulatory Authority for “failure to comply with customer confirmation and related supervision rules” that led to disclosure lapses.

control risks 300x200

CPE Webcast: Managing challenges of sanctions screening in your third-party risk program

2022-06-30T14:00:00+01:00Provided by Control Risks

Sanctions are one of the most important risk factors to consider in any compliance program. No one wants to be found to have business ties to a sanctioned entity given the potential for significant financial penalties and reputational damage.

China flags

Uyghur Forced Labor Prevention Act should prompt due diligence reassessment

2022-06-30T12:15:00+01:00By

All companies with a global footprint should be reevaluating their supply chain due diligence and documentation practices to show the absence of forced labor in the wake of the Uyghur Forced Labor Prevention Act taking effect.

Mergers

Survey: Tell us about your M&A compliance

2022-06-29T14:33:00+01:00Provided by Avalara

Take part in this 3-minute survey to help benchmark your mergers and acquisitions pain points against those of your peers. One lucky respondent will win a $200 Amazon gift card for completing the survey.

JLT UK

FCA fines JLT Specialty $9.7M for financial crime control lapses

2022-06-22T20:41:00+01:00By

The U.K. Financial Conduct Authority fined a unit of insurance broker Jardine Lloyd Thompson Group 7.9 million pounds (U.S. $9.7 million) for failing to control financial crime within its South and Central American subsidiaries.

Russia economy

‘Have contingency plans’: TPRM expert on confronting Russia risk exposure

2022-06-21T12:31:00+01:00By

Melanie Gallagher, head of third-party risk management at financial software company Intuit, offered best practices for navigating sanctions compliance risks at CW’s TPRM Summit in Chicago.

TPRM2022 Linda Tuck Chapman

Five prevailing themes from TPRM Summit

2022-06-17T21:56:00+01:00By

Editor In Chief Kyle Brasseur recaps popular points of discussion across Compliance Week’s two-day Third-Party Risk Management Summit held in Chicago.

Supply chain

Strain in your supply chain no excuse for compliance shortcuts

2022-06-16T11:23:00+01:00By

With the Russia-Ukraine war’s ever-expanding sanctions landscape, supply chain strain and risk of enforcement are sharply increasing. Speakers at a recent event hosted by Drexel University’s Kline School of Law offered best practices.

july21

July 21 | Getting started with third-party risk management

2022-06-15T18:30:00+01:00Provided by

Nearly every business does due diligence when onboarding and renewing contracts, but many times the work stops well short of a program to efficiently manage strategic third parties, their contributions to business performance, and the risks they could pose to the organization.

TPRM2022 room

Primer: Third-Party Risk Management & Oversight Summit

2022-06-13T11:00:00+01:00By

Editor In Chief Kyle Brasseur previews Compliance Week’s Third-Party Risk Management Summit, a two-day conference solely dedicated to the sharing of knowledge and experience within TPRM.

Global business

Best practices, common pitfalls in working in high-risk countries

2022-05-25T13:50:00+01:00By

A panel of compliance professionals discussed the increasingly relevant topic of working in high-risk countries, sharing their experiences and lessons learned at Compliance Week’s National Conference in Washington, D.C.

Brasseur_opinion

Ten highlights from Compliance Week 2022

2022-05-23T11:30:00+01:00By

Editor In Chief Kyle Brasseur recaps the moments that stood out to him most from Compliance Week’s first in-person event since 2019.

CW2022 Matthew Friedman

Expert: Combating modern slavery starts with understanding the issue

2022-05-18T15:13:00+01:00By

Matthew Friedman, an expert on international human trafficking with more than 30 years of experience, discussed the importance of companies addressing modern slavery in their supply chains as part of a virtual fireside chat on the human factor of ESG at Compliance Week’s National Conference.

USAA

Whistleblower to OCC: USAA had 400,000 undisclosed Military Lending Act violations

2022-05-06T15:00:00+01:00By

USAA Bank engaged in an estimated 400,000 violations of the Military Lending Act, a former director of compliance within the bank reported to the Office of the Comptroller of the Currency in documents seen by Compliance Week.

USAA building

A look inside USAA’s ‘catastrophically mismanaged’ compliance culture

2022-05-06T15:00:00+01:00By

In exclusive interviews with Compliance Week, former USAA insiders describe a risk and compliance culture in which numerous individuals either were given the axe or quit because the problems were so endemic.

USAA Bank

​Whistleblower: USAA ‘actively lying to regulators for years’ regarding violations of law

2022-05-06T15:00:00+01:00By

Senior executives at USAA ignored warnings from compliance staff and consultants for years regarding violations of U.S. federal banking laws and hid from regulators the scope of the company’s illegal practices, a former USAA director of compliance turned whistleblower told Compliance Week.

15019_processunity300x200_662860

CPE Webcast: Cybersecurity and third-party risk: Third-party threat hunting

2022-05-03T14:00:00+01:00Provided by

Learn how to build a third-party risk management program with cybersecurity risk at the forefront.

Abandoned Russian McDonalds

Experts assess risks to weigh as companies confront exit from Russia

2022-04-25T17:23:00+01:00By

As sanctions against Russia continue to come down from the United States, European Union, and other countries, companies must ensure they have the means to comply instantly—even if ceasing business dents their financials and puts them at legal risk for breaching contract.

Sanctions

ICA Insight: Russia sanctions frequently asked questions

2022-04-13T17:58:00+01:00By Jake Plenderleith, International Compliance Association

Jake Plenderleith of the International Compliance Association answers selected questions from attendees of a recent ICA webinar on Russian sanctions intended to help provide clarity on what firms can do to protect themselves from exposure.

Sustainability metrics

How to prepare for SEC’s climate-related disclosure rule

2022-03-23T22:07:00+00:00By

The Securities and Exchange Commission’s proposed climate-related disclosure rule would force companies that have been reluctant to initiate a self-examination of their environmental impact to do so, posthaste. Experts weigh in on where to start.

USAA

Compliance implications of USAA order addressing AML lapses

2022-03-22T16:59:00+00:00By

The consent order issued by the Office of the Comptroller of the Currency against USAA Bank imparts lessons for compliance officers in the financial services industry on how—and how not—to maintain a Bank Secrecy Act/anti-money laundering compliance program.

Russia sanctions

Advice for navigating ‘fast and furious’ Russian sanctions landscape

2022-03-18T17:04:00+00:00By

To help sort through the gray area of evolving sanctions and export control restrictions against Russia, chief compliance officers should consider a handful of key best practices.

USAA

USAA fined $140M for AML compliance failures

2022-03-18T11:30:00+00:00By

USAA Federal Savings Bank must pay $140 million as part of consent orders reached with the Financial Crimes Enforcement Network and Office of the Comptroller of the Currency for its failures maintaining its Bank Secrecy Act/anti-money laundering compliance program.

Allison Herren Lee and Hester Peirce

Top 10 reasons to attend Compliance Week 2022

2022-03-09T18:12:00+00:00By

A keynote with two SEC commissioners; interactive sessions on global sanctions, ESG, and ethical leadership; and a new conference location and format highlight Dave Lefort’s list of reasons to be excited for CW’s first in-person event in nearly three years.

processunity300x200

CPE Webcast: Vendor due diligence: Best practices for scoping assessments

2022-03-01T14:00:00+00:00Provided by

Join ProcessUnity for a one-hour webcast and discover best practices and the newest techniques for appropriately scoping pre- and post-contract due diligence assessments.

EyeOnDataPrivacy

Third-party cybersecurity monitoring: Tips for keeping vendors honest

2022-02-18T17:33:00+00:00By

A continuous monitoring cybersecurity strategy for third-party risks goes a long way toward proactively identifying external vulnerabilities. At CW’s virtual Cyber Risk & Data Privacy Summit, a panel of experts shared leading practices.

Cyber Risk employee monitoring

​Transparency key to navigating modern employee monitoring risk landscape

2022-02-15T17:26:00+00:00By

The opening session of Compliance Week’s virtual Cyber Risk & Data Privacy Summit addressed the challenges of using technology to monitor employees while considering regulatory and ethical risks.

Accor

How Accor manages global data privacy compliance

2022-02-09T13:37:00+00:00By

Marie-Christine Vittet, vice president of compliance at hospitality chain Accor, shares with Compliance Week the company’s journey toward a global data privacy compliance program.

Supermarket

REWE International $9M GDPR fine a lesson in managing subsidiary risk

2022-01-25T19:24:00+00:00By

A recent decision by the Austrian Data Protection Authority against food retailer REWE International underlines the fact parent companies are ultimately responsible for how their subsidiaries manage people’s data, even if the offshoot entity operates separately.

2022

NAVEX: Top 10 risk and compliance trends for 2022

2022-01-20T19:15:00+00:00By

Diversity, equity, and inclusion; prioritizing ESG; business continuity; and more highlight the latest edition of NAVEX’s annual list of risk and compliance trends worth monitoring.

Morgan Stanley

Morgan Stanley agrees to $60M settlement over compromised personal data

2022-01-04T20:38:00+00:00By

Morgan Stanley has agreed to establish a $60 million fund to settle a class-action lawsuit filed by nearly a dozen customers regarding personal data that was compromised when the bank decommissioned two wealth management centers.

HandsBuildingBlocks

Survey highlights need for better data integration between risk and compliance

2021-12-20T16:27:00+00:00By

A recent survey from Compliance Week and Riskonnect presents a compelling argument for companies to invest in bridging the gap between risk management and compliance data.

Grindr

Grindr fined $7.2M for GDPR consent violations

2021-12-15T17:40:00+00:00By

The Norwegian Data Protection Authority announced a fine of NOK 65 million (U.S. $7.2 million) against gay dating app Grindr for sharing personal data with third parties without users’ consent.

Privacy data access

NYDFS guidance addresses common MFA problems—and how to fix them

2021-12-08T19:10:00+00:00By

The New York State Department of Financial Services outlined common vulnerabilities in multi-factor authentication and how to address them from a cybersecurity risk management standpoint.

Digital banking

OCC report: Cyberattacks, pandemic among top bank risk areas in 2021

2021-12-08T17:19:00+00:00By

Banks and financial institutions regulated by the OCC faced elevated risks in 2021 from cyberattacks launched on them and their third parties, as well as compliance risks related to the pandemic, according to the agency’s latest report.

Shipping boat

How agile companies succeed in the throes of supply chain woes

2021-11-22T15:26:00+00:00By

In the midst of unimaginable global supply chain chaos, leading companies are adjusting their supply chains in a variety of ways, turning disruption into competitive advantage.

Cybersecurity offices

Rule requires banks report significant ‘computer-security incidents’ within 36 hours

2021-11-19T21:15:00+00:00By

Federal banking regulators issued a rule that requires financial institutions to notify their regulator within 36 hours of a “computer-security incident” that materially affects their operation, ability to deliver services, or the stability of the financial sector.

processunity300x200

CPE Webcast: Third-party risk deep dive: How to calculate inherent risk

2021-11-16T14:00:00+00:00Provided by

When building an efficient vendor risk management program, it is critical to prioritize which vendors present the most risk.

Volkswagen

Volkswagen not resting on laurels post-monitorship

2021-11-12T16:56:00+00:00By

Volkswagen CCO Kurt Michels shared how the company has intensified business partner due diligence in the wake of completing its three-year U.S. monitorship during a fireside chat at CW’s virtual Europe event.

CWE_outsourcing

CWE panel: Risks, rewards of outsourcing compliance

2021-11-11T18:43:00+00:00By

As they look to manage third-party risks, compliance departments are increasing their reliance on outsourcing. Experts at Compliance Week’s virtual Europe event discuss the benefits and risks of enlisting external help.

Honeywell

Honeywell records charge of $160M in FCPA probe

2021-10-25T18:14:00+01:00By

Honeywell International has recorded a charge of $160 million in accrued liability concerning an investigation by U.S. and Brazilian authorities as to whether the company’s use of third parties in Brazil violated the FCPA.

3x2 web graphic

Compliance Week National Conference is going back in person in May

2021-10-25T12:00:00+01:00By

Mark your calendars: Compliance Week’s National Conference in Washington, D.C. will be held in person for the first time in nearly three years from May 16-18, 2022.

United States cyber

How to respond to government’s renewed emphasis on cybersecurity

2021-10-15T20:30:00+01:00By

The Department of Justice’s new Civil Cyber-Fraud Initiative is the latest development to suggest companies’ cybersecurity defenses had better be up to snuff when doing business with the U.S. government or risk enforcement.

Metals

Metals Technology Initiative issues new anti-corruption resources

2021-10-08T15:43:00+01:00By

The Metals Technology Initiative has launched a new website making its guidance on gifts and hospitality and third-party due diligence freely accessible.

Bribery

Report: China, U.S. most confident in combating corruption risks

2021-09-20T16:43:00+01:00By

Risk leaders at companies in China and the United States expressed the highest level of confidence in their approach to mitigating bribery and corruption risk, according to a new global benchmark report from Kroll.

processunity300x200

CPE Webcast: Emerging trends from Deloitte’s global TPRM survey 2021

2021-09-09T11:00:00+01:00Provided by

Join ProcessUnity and Deloitte’s leading third-party risk practitioners as they explore key findings from Deloitte’s 2021 Global TPRM Survey. You will hear what organizations are doing in the wake of last year’s pandemic to make advancements in their approach to third-party risk.

cybergrx300x200

CPE Webcast: Defending yourself from ransomware third-party risks

2021-09-02T14:00:00+01:00Provided by

Ransomware continues to dominate headlines with no sign of slowing down. What started more than 30 years ago has become one of the most prevalent and lucrative cyberattacks that does not discriminate by company size, industry, or geography.

Bank risk

Banking guidance: Six key areas of FinTech due diligence

2021-08-30T16:27:00+01:00By

Three federal banking regulators have released guidance offering tips and suggestions to community banks for conducting due diligence on potential FinTech partners.

FINRA

FINRA notice outlines key areas for supervising third parties

2021-08-17T15:40:00+01:00By

The Financial Industry Regulatory Authority issued a notice on compliance deficiencies arising from firms’ relationships with vendors culled from examination findings.