Kroger joins victims of Accellion data breach
Two months after cloud service vendor Accellion first identified one of its legacy products was targeted by a sophisticated cyber-attack, users of the product continue to feel the impact, with grocery chain Kroger the latest to reveal its exposure.
Done right, outsourcing compliance can be rewarding
Should you consider outsourcing some of your firm’s compliance functions? Perhaps, even, all of them? The answer is complicated and requires a thorough analysis of the risks and rewards.
White paper: Rethinking Third-Party Cyber Risk Management
This guide will help you better understand the choices before you, no matter if your organization hasn’t even cracked the seal on third party cyber risk management.
SolarWinds hack turning into Pandora’s box of cyber-risk
The more we learn about the SolarWinds hack, the more troubled compliance officers should be by the scope and breadth of the risks their companies might have incurred.
Norwegian DPA warns Grindr of $11.7M GDPR fine
Norway’s data privacy watchdog issued gay dating app Grindr with a notice of intention to fine it NOK 100 million (U.S. $11.7 million) for sharing personal data with third parties without users’ consent.
CPE Webcast: How to manage third-party risk: Expected trends for 2021
Join Deloitte’s leading practitioners in third party risk management for a one-hour webinar as they explore key findings from their fifth annual extended enterprise risk management (EERM) survey.
Deutsche Bank to pay $130M to settle bribery, ‘spoofing’ charges
Deutsche Bank has agreed to pay more than $130 million to resolve charges that it paid bribes to third parties to secure business deals in Asia and the Middle East, in addition to a separate commodities fraud “spoofing” case.
Learning from SolarWinds: Five steps to fortify your cloud supply chain
For most companies, supply chain risk management traditionally focuses on managing physical third-party risks. But what the SolarWinds cyber-attack revealed is the catastrophic havoc fourth and fifth parties can also wreak in the often-ignored cloud supply chain.
Cyber-security lessons from the SolarWinds hack
The lessons from the massive SolarWinds hack on where vulnerabilities still lurk in the third-party vendor supply chain cannot be grasped soon enough.
CPE Webcast: How to get your TPRM program ready for success in 2021
To say that 2020 was filled with change and challenges would be an understatement. As businesses adjust to new ways of working, many are reassessing the risk profiles of their third parties and re-evaluating their third-party risk management programs as they prepare for the new year.
CPE Webcast: Third party risk: Tough challenges and real-world solutions
Join this educational session as we outline best practices for developing and optimizing efficient processes within your third party risk management program.
Preparation, monitoring key to combating third-party cyber-security risk
A spate of recent cyber-security breaches occurring via third parties is a reminder of the importance for companies to stay on top of risk management. Regulators have shown to not take kindly to finger-pointing.
Trio of U.K. fines expose third-party risks under GDPR
Recent GDPR fines against British Airways, Marriott, and Ticketmaster by the U.K. Information Commissioner’s Office each saw the regulator dismiss claims by the companies that third parties were primarily responsible for the data breaches in question.
Mar. 9 | Navigating financial regulations for third-party risk management
Today’s financial services industry operates in an environment characterized by significant regulatory scrutiny. To be compliant, organizations must be aware and adhere to regulations, guidelines, and industry standards as it relates to their vendors, suppliers and third parties.
CPE Webcast: Build a world-class vendor risk program with limited resources
Today, many organizations find themselves stretched thin with limited resources and unable to put together a world-class vendor risk management program.
Ticketmaster UK fined $1.6M under GDPR for 2018 data breach
The U.K. Information Commissioner’s Office fined Ticketmaster £1.25 million (U.S. $1.6 million) for its failures relating to a 2018 data breach by a third party.
New bank resiliency guidance tackles cyber-risk, pandemic planning
Federal banking regulators have released new operational resiliency guidance aimed to strengthen risk management around technology-based failures, cyber-incidents, pandemic outbreaks, natural disasters, and more.
Bribes, falsified records cost Beam Suntory $19.6M in FCPA settlement
Alcoholic beverage maker Beam Suntory agreed to pay $19.6 million to resolve Foreign Corrupt Practices Act charges of improper payments by its Indian subsidiary.
OCC deems ‘true lenders’ responsible for actions of third-party partners
The Office of the Comptroller of the Currency’s finalized “true lender” rule clarifies how banks are responsible for the compliance obligations and actions of their third-party lending partners.
CPE Webcast: Third-party risk in the era of COVID-19
This webinar will discuss how companies are making changes to their onboarding processes and supply chain due diligence and how COVID-19 has shifted priorities and budgets going forward.
CPE Webcast: Empower visibility for an efficient vendor risk program
Managing third-party risk for your organization is increasingly becoming more urgent with today’s environmental and geopolitical challenges, business continuity issues and regulatory demands.
Berkshire Hathaway fined $4.1M for Iran sanctions violations
The U.S. Department of the Treasury’s Office of Foreign Assets Control assessed a $4.1 million fine against Berkshire Hathaway for “egregious” violations of sanctions against Iran committed by a subsidiary in Turkey.
Best practices for M&A cyber-security due diligence in a virtual world
The slowdown in mergers and acquisitions in the early stages of the coronavirus pandemic in March is waning, and M&A activity is approaching pre-pandemic levels again, with cyber-security risk now the top concern.
CPE Webcast: Tips to jumpstart your CMMC certification plan
With the release of the DOD’s Cybersecurity Maturity Model Certification program in 2020, contractors are required for the first time to comply with a specific set of cybersecurity capabilities—and have that compliance certified by a third party.
OCC fines Morgan Stanley $60M for data inventory risk failures
Morgan Stanley has agreed to pay $60 million as part of a settlement with the OCC for failing to adequately protect customer data when the bank decommissioned two U.S.-based wealth management data centers.
CPE Webcast: Simplifying ‘Six Degrees of Separation’ for third-party compliance risk
The long-standing theory of having an average of only six degrees of separation between any two people takes on an interesting twist when considered through a compliance and risk management lens.
e-Book: Mind the Gap — Where Third-Party Risk Management Programs Fall Short
This e-Book from Compliance Week and Aravo reveals the results of the “2020 TPRM Benchmarking Survey.”
Carreyrou at TPRM: Theranos warning signs were there, but partners failed to spot them
John Carreyrou explained to third-party risk professionals at CW’s TPRM Virtual Summit that the mistakes made by Theranos’s business partners were entirely preventable—had they done their proper due diligence.
Compliance official key to Comtech sanctions penalty
The alleged actions of an export compliance official are at the heart of “egregious” apparent OFAC sanctions violations by New York-based Comtech Telecommunications Corp. and its wholly owned subsidiary regarding sales in Sudan.
Brockmeyer at TPRM: Regulator expectations for monitoring third parties
Former chief of the SEC’s FCPA Unit Kara Brockmeyer shared what regulators are looking for when they assess a company’s relationship with its third parties at Compliance Week’s TPRM Virtual Summit on Thursday.
CPE Webcast: Expert content + third-party risk = enhanced vendor due diligence
Maintaining the status quo with your vendor risk management program is no longer acceptable in today’s ever-changing marketplace as supply chains can drastically change overnight.
CPE Webcast: Debunking myths of AI & ML in TPRM technology
This webinar debunks the myths of AI and ML in third-party risk technology and drills into reality with a pragmatic application of how your data can be harnessed to support various risk management use cases.
Best practices KYC: What to do when your client is in the headlines
How do we, as AML professionals, assess negative media alerts? It should start with a conversation with the client relationship manager, but it shouldn’t end there, writes Martin Woods.
Q&A with Kara Brockmeyer: How pandemic has impacted third-party risk
In advance of her keynote at Compliance Week’s upcoming TPRM virtual event (Sept. 17-18), former SEC official Kara Brockmeyer discussed with CW the heightened risk third parties have during a pandemic and what companies can do about it.
John Carreyrou at TPRM: How to spot a wolf in Steve Jobs’ clothing
John Carreyrou, the Wall Street Journal reporter who exposed Theranos and its founder Elizabeth Holmes as frauds, will be the keynote speaker on Day 2 of Compliance Week’s TPRM virtual conference Sept. 18.
CPE Webcast: Compliance in the age of cloud
Running a business “in the cloud” was once reserved for innovators and large enterprises, but now nearly every business on the internet is operating in the cloud.
CPE Webcast: Third party risk management: Are programs up to scratch?
This webinar will discuss the results of the Compliance Week and Aravo TPRM benchmarking survey in the context of the DOJ’s Evaluation of Corporate Compliance Programs.
CPE Webcast: Managing third-party risk during and after a pandemic
As new insights are continually evolving, organizations around the world are trying to plan and develop their strategies for returning to the new “normal.”
Advice for compliance from new DOJ Criminal Division head
Acting Justice Department Criminal Division head Brian Rabbitt shares his perspective on recent updates to the Evaluation of Corporate Compliance Programs guidance, the FCPA Resource Guide, and more.
CPE Webcast: Rethinking third-party due diligence to minimize supply chain risk
Businesses are rethinking their strategies to maintain operations, minimize supply chain disruption, and manage heightened exposure to financial, legal, regulatory, or reputational risks.
Nothing more important than knowing your risk exposure
In performing due diligence on your supply chain partners, do not be intimidated into accepting no for an answer. Being blind to potential risks is bound to get you into trouble, writes financial crime expert Martin Woods.
CPE Webcast: A new approach to vendor risk & performance monitoring
Your vendors often handle your most sensitive data. This presents significant challenges as security, procurement, sourcing, IT, and privacy teams struggle to vet and manage vendor risks and performance in real time.
CPE Webcast: TPRM: Best practices for an efficient program
While there is no one right third-party risk management program, there is a model right for you, and incorporating best practices into your processes can have an exponential effect on your results.
CPE Webcast: TPRM; What keeps you up at night?
Do risks from your third-party ecosystem keep you up at night, especially during these trying times? How have third-party risks changed over the years, but especially lately, considering the current crisis?
CPE Webcast: Calculating COVID-19 third-party privacy risks
COVID-19 has completely changed the way organizations do business, both internally and externally. The influx of sensitive data being collected makes proactively identifying and managing privacy risk a big challenge.
Coronavirus has made CW2020 a (virtual) gathering like no other
The coronavirus pandemic has made getting together for our annual National Conference impossible, but it’s also made this virtual gathering (Monday and Tuesday) perhaps the most important one we’ve ever had.
Driving innovation in supply-chain practices post-pandemic
A number of forward-thinking companies are using the coronavirus pandemic as an opportunity to drive promising innovations in their global supply chains.
CPE Webcast: Integrating TPRM into sourcing and procurement functions
Traditionally, third-party risk management has focused on procurement, executing contracts, managing relationships, and conducting quarterly business reviews. These measures are no longer enough.
CPE Webcast: 10 steps to improving business resilience with TPRM
Third-party risk management is more important now than ever. And while compliance is a critical component, recent market turbulence has organizations prioritizing business continuity, financial due diligence, and business resilience.
Current cyber-environment calls for proactive approach
The conventional wisdom on cyber-security is to play defense and respond quickly to breaches. But these are not normal times, and proper cyber-hygiene is more important than ever.