Third Party Risk


onetrust 2 300x200

CPE Webcast: Identifying risky vendors: 7 warning signs

2021-07-20T14:00:00+01:00Provided by

For individuals managing third-party risk, there is one primary question that needs answering: Are your vendors safe to do business with? Answering that question is not so straightforward.

processunity300x200

CPE Webcast: The rise of ESG in third-party risk management

2021-07-15T14:00:00+01:00Provided by

ESG and its role in third-party risk management have gained prominence this past year as the awareness for environmental and social issues continue to grow.

Bankatrisk

New bank guidance expands on advice for handling third parties

2021-07-14T20:10:00+01:00By

Three federal banking regulators are seeking public input on the first comprehensive update to risk management guidance for financial institutions entering into business relationships with third parties since 2013.

RisksAhead

Survey: Emerging TPRM trends in anti-corruption

2021-07-07T20:12:00+01:00By

Kroll’s newest anti-corruption benchmarking report highlights current TPRM trends such as evolving challenges with enhanced due diligence, the rise of automation, the growing incorporation of ESG matters into compliance programs today, and more.

Ransomware

TPRM 2021: What to do before, during, and after a ransomware attack

2021-07-07T14:21:00+01:00By

Two risk and compliance practitioners opened their cyber-playbooks at CW’s TPRM virtual event, explaining how to identify and address vulnerabilities, establish transparency with vendors, and strengthen an organization’s incident management program.

Charles Duross

Charles Duross: Tips for managing third-party FCPA risks

2021-06-30T21:00:00+01:00By

Charles Duross, former deputy chief of the DOJ’s Fraud Section, shared tips on how companies can best manage third parties and employees who willfully try to circumvent internal controls during his keynote speech at CW’s virtual TPRM conference.

Linda Tuck Chapman

Pandemic effect on TPRM practices here to stay, expert warns

2021-06-29T17:54:00+01:00By

With many businesses still sorting through the new layers of risk that have emerged over the last 16 months, Linda Tuck Chapman of the Third Party Risk Institute shared her top areas of focus and more at CW’s virtual TPRM event.

Software demo

Software demos: Third-party risk management (TPRM)

2021-06-29T02:53:00+01:00By Compliance Week

In the market for a software solution to help manage your third-party risk? Check out our collection of video demos from nearly a dozen of the top vendors in the space.

McDonalds

Big week for breaches: McDonald’s, Carnival, and more

2021-06-18T19:20:00+01:00By

Multiple high-profile companies—including Carnival, Wegmans, McDonald’s, Volkswagen, and CVS—have confirmed in recent days they were either victims of a data breach or were alerted to a gap in their security controls.

pwc300x200

CPE Webcast: Continuous monitoring — the key to effective TPRM

2021-06-01T14:00:00+01:00Provided by

Third-party risk management has always been a challenging area for risk and compliance professionals, never more so than today. As the global economy rebounds, third-party risk has taken on new dimensions.

cybergrx300x200

CPE Webcast: TPCRM best practices that reduce supply chain risk

2021-05-20T14:00:00+01:00Provided by

Organizations are adopting digital transformation and, as a result, increasing their reliance on third parties faster than they can scale their third-party cyber-risk management programs.

Suez Canal block

Bracing for impact: Supply chain risk management post-Suez Canal blockage

2021-04-27T15:25:00+01:00By

A month has gone by since a 1,300-foot cargo ship ran aground and blocked one of the busiest waterways in the world. For many industries, the ripple effects will continue to batter global supply chains for weeks to come, absent having in place a sound supply chain risk management program.

Suez Canal

Suez Canal blockage serves as reminder for key supply chain risk lessons

2021-03-29T18:55:00+01:00By

The grounding of the Ever Given is the latest unexpected incident to cause severe supply chain disruptions around the world. The lessons learned from others, such as the coronavirus pandemic, are just as relevant, writes Aaron Nicodemus.

processunity300x200

CPE Webcast: Navigating financial regulations for third-party risk management

2021-03-09T14:00:00+00:00Provided by

Today’s financial services industry operates in an environment characterized by significant regulatory scrutiny. To be compliant, organizations must be aware and adhere to regulations, guidelines, and industry standards as it relates to their vendors, suppliers and third parties.

Kroger

Kroger joins victims of Accellion data breach

2021-02-22T19:58:00+00:00By

Two months after cloud service vendor Accellion first identified one of its legacy products was targeted by a sophisticated cyber-attack, users of the product continue to feel the impact, with grocery chain Kroger the latest to reveal its exposure.

world map outsourcing offshoring 2021

Done right, outsourcing compliance can be rewarding

2021-02-18T19:56:00+00:00By

Should you consider outsourcing some of your firm’s compliance functions? Perhaps, even, all of them? The answer is complicated and requires a thorough analysis of the risks and rewards.

cybergrx rethinking cover img

White paper: Rethinking Third-Party Cyber Risk Management

2021-02-10T10:25:00+00:00Provided by

This guide will help you better understand the choices before you, no matter if your organization hasn’t even cracked the seal on third party cyber risk management.

SolarWinds

SolarWinds hack turning into Pandora’s box of cyber-risk

2021-02-02T20:47:00+00:00By

The more we learn about the SolarWinds hack, the more troubled compliance officers should be by the scope and breadth of the risks their companies might have incurred.

Grindr

Norwegian DPA warns Grindr of $11.7M GDPR fine

2021-01-26T20:38:00+00:00By

Norway’s data privacy watchdog issued gay dating app Grindr with a notice of intention to fine it NOK 100 million (U.S. $11.7 million) for sharing personal data with third parties without users’ consent.

processunity300x200

CPE Webcast: How to manage third-party risk: Expected trends for 2021

2021-01-19T11:00:00+00:00Provided by

Join Deloitte’s leading practitioners in third party risk management for a one-hour webinar as they explore key findings from their fifth annual extended enterprise risk management (EERM) survey.

Deutsche Bank

Deutsche Bank to pay $130M to settle bribery, ‘spoofing’ charges

2021-01-08T23:42:00+00:00By

Deutsche Bank has agreed to pay more than $130 million to resolve charges that it paid bribes to third parties to secure business deals in Asia and the Middle East, in addition to a separate commodities fraud “spoofing” case.

Cloud supply chain

Learning from SolarWinds: Five steps to fortify your cloud supply chain

2020-12-30T20:24:00+00:00By

For most companies, supply chain risk management traditionally focuses on managing physical third-party risks. But what the SolarWinds cyber-attack revealed is the catastrophic havoc fourth and fifth parties can also wreak in the often-ignored cloud supply chain.

SolarWinds

Cyber-security lessons from the SolarWinds hack

2020-12-18T15:44:00+00:00By

The lessons from the massive SolarWinds hack on where vulnerabilities still lurk in the third-party vendor supply chain cannot be grasped soon enough.

galvanize 300x200

CPE Webcast: How to get your TPRM program ready for success in 2021

2020-12-15T14:00:00+00:00Provided by

To say that 2020 was filled with change and challenges would be an understatement. As businesses adjust to new ways of working, many are reassessing the risk profiles of their third parties and re-evaluating their third-party risk management programs as they prepare for the new year.

bitsight 300x200

CPE Webcast: Third party risk: Tough challenges and real-world solutions

2020-12-08T14:00:00+00:00Provided by

Join this educational session as we outline best practices for developing and optimizing efficient processes within your third party risk management program.

Cyber-security

Preparation, monitoring key to combating third-party cyber-security risk

2020-12-07T17:49:00+00:00By

A spate of recent cyber-security breaches occurring via third parties is a reminder of the importance for companies to stay on top of risk management. Regulators have shown to not take kindly to finger-pointing.

Point the finger

Trio of U.K. fines expose third-party risks under GDPR

2020-11-30T21:34:00+00:00By

Recent GDPR fines against British Airways, Marriott, and Ticketmaster by the U.K. Information Commissioner’s Office each saw the regulator dismiss claims by the companies that third parties were primarily responsible for the data breaches in question.

processunity300x200

CPE Webcast: Build a world-class vendor risk program with limited resources

2020-11-17T14:00:00+00:00Provided by

Today, many organizations find themselves stretched thin with limited resources and unable to put together a world-class vendor risk management program.

Ticketmaster

Ticketmaster UK fined $1.6M under GDPR for 2018 data breach

2020-11-13T18:18:00+00:00By

The U.K. Information Commissioner’s Office fined Ticketmaster £1.25 million (U.S. $1.6 million) for its failures relating to a 2018 data breach by a third party.

Coronavirus look ahead

New bank resiliency guidance tackles cyber-risk, pandemic planning

2020-11-02T17:45:00+00:00By

Federal banking regulators have released new operational resiliency guidance aimed to strengthen risk management around technology-based failures, cyber-incidents, pandemic outbreaks, natural disasters, and more.

Jim Beam

Bribes, falsified records cost Beam Suntory $19.6M in FCPA settlement

2020-10-28T18:43:00+00:00By

Alcoholic beverage maker Beam Suntory agreed to pay $19.6 million to resolve Foreign Corrupt Practices Act charges of improper payments by its Indian subsidiary.

Bank loan

OCC deems ‘true lenders’ responsible for actions of third-party partners

2020-10-28T16:30:00+00:00By

The Office of the Comptroller of the Currency’s finalized “true lender” rule clarifies how banks are responsible for the compliance obligations and actions of their third-party lending partners.

refinitiv 300x200

CPE Webcast: Third-party risk in the era of COVID-19

2020-10-27T14:00:00+00:00Provided by

This webinar will discuss how companies are making changes to their onboarding processes and supply chain due diligence and how COVID-19 has shifted priorities and budgets going forward.

processunity300x200

CPE Webcast: Empower visibility for an efficient vendor risk program

2020-10-22T14:00:00+01:00Provided by

Managing third-party risk for your organization is increasingly becoming more urgent with today’s environmental and geopolitical challenges, business continuity issues and regulatory demands.

Berkshire Hathaway

Berkshire Hathaway fined $4.1M for Iran sanctions violations

2020-10-21T16:59:00+01:00By

The U.S. Department of the Treasury’s Office of Foreign Assets Control assessed a $4.1 million fine against Berkshire Hathaway for “egregious” violations of sanctions against Iran committed by a subsidiary in Turkey.

M&A activity

Best practices for M&A cyber-security due diligence in a virtual world

2020-10-15T16:12:00+01:00By

The slowdown in mergers and acquisitions in the early stages of the coronavirus pandemic in March is waning, and M&A activity is approaching pre-pandemic levels again, with cyber-security risk now the top concern.

rsa 300x200

CPE Webcast: Tips to jumpstart your CMMC certification plan

2020-10-13T14:00:00+01:00Provided by

With the release of the DOD’s Cybersecurity Maturity Model Certification program in 2020, contractors are required for the first time to comply with a specific set of cybersecurity capabilities—and have that compliance certified by a third party.

Morgan Stanley

OCC fines Morgan Stanley $60M for data inventory risk failures

2020-10-08T20:51:00+01:00By

Morgan Stanley has agreed to pay $60 million as part of a settlement with the OCC for failing to adequately protect customer data when the bank decommissioned two U.S.-based wealth management data centers.

dnb 300x200

CPE Webcast: Simplifying ‘Six Degrees of Separation’ for third-party compliance risk

2020-10-01T14:00:00+01:00Provided by

The long-standing theory of having an average of only six degrees of separation between any two people takes on an interesting twist when considered through a compliance and risk management lens.

Aravo Mind the Gap cover img

e-Book: Mind the Gap — Where Third-Party Risk Management Programs Fall Short

2020-09-22T06:46:00+01:00Provided by

This e-Book from Compliance Week and Aravo reveals the results of the “2020 TPRM Benchmarking Survey.”

Carreyrou

Carreyrou at TPRM: Theranos warning signs were there, but partners failed to spot them

2020-09-18T22:26:00+01:00By

John Carreyrou explained to third-party risk professionals at CW’s TPRM Virtual Summit that the mistakes made by Theranos’s business partners were entirely preventable—had they done their proper due diligence.

Telecom satellite

Compliance official key to Comtech sanctions penalty

2020-09-18T16:36:00+01:00By

The alleged actions of an export compliance official are at the heart of “egregious” apparent OFAC sanctions violations by New York-based Comtech Telecommunications Corp. and its wholly owned subsidiary regarding sales in Sudan.

Kara Brockmeyer

Brockmeyer at TPRM: Regulator expectations for monitoring third parties

2020-09-17T16:52:00+01:00By

Former chief of the SEC’s FCPA Unit Kara Brockmeyer shared what regulators are looking for when they assess a company’s relationship with its third parties at Compliance Week’s TPRM Virtual Summit on Thursday.

processunity300x200

CPE Webcast: Expert content + third-party risk = enhanced vendor due diligence

2020-09-10T14:00:00+01:00Provided by

Maintaining the status quo with your vendor risk management program is no longer acceptable in today’s ever-changing marketplace as supply chains can drastically change overnight.

aravo 300x200

CPE Webcast: Debunking myths of AI & ML in TPRM technology

2020-09-08T13:00:00+01:00Provided by

This webinar debunks the myths of AI and ML in third-party risk technology and drills into reality with a pragmatic application of how your data can be harnessed to support various risk management use cases.

woods

Best practices KYC: What to do when your client is in the headlines

2020-09-02T15:50:00+01:00By

How do we, as AML professionals, assess negative media alerts? It should start with a conversation with the client relationship manager, but it shouldn’t end there, writes Martin Woods.

carreyroubrockmeyer_128979

Q&A with Kara Brockmeyer: How pandemic has impacted third-party risk

2020-08-31T15:18:00+01:00By

In advance of her keynote at Compliance Week’s upcoming TPRM virtual event (Sept. 17-18), former SEC official Kara Brockmeyer discussed with CW the heightened risk third parties have during a pandemic and what companies can do about it.

John Carreyrou

John Carreyrou at TPRM: How to spot a wolf in Steve Jobs’ clothing

2020-08-21T14:22:00+01:00By

John Carreyrou, the Wall Street Journal reporter who exposed Theranos and its founder Elizabeth Holmes as frauds, will be the keynote speaker on Day 2 of Compliance Week’s TPRM virtual conference Sept. 18.

aptible300x200

CPE Webcast: Compliance in the age of cloud

2020-08-20T14:00:00+01:00Provided by

Running a business “in the cloud” was once reserved for innovators and large enterprises, but now nearly every business on the internet is operating in the cloud.

aravo 300x200

CPE Webcast: Third party risk management: Are programs up to scratch?

2020-08-11T14:00:00+01:00Provided by

This webinar will discuss the results of the Compliance Week and Aravo TPRM benchmarking survey in the context of the DOJ’s Evaluation of Corporate Compliance Programs.