All Third Party Risk articles
-
News BriefCommunication and relationships is increasingly critical for compliance teams
Compliance is increasingly in the spotlight as companies are tackling everything from artificial intelligence and other new technologies to risk management and mitigation. But it’s soft skills of communication and relationship building that are becoming the most critical tools for success.
-
News BriefTechnology advancements are making export controls more important than ever
Russia’s invasion of Ukraine has sparked a war with unusual implications: The U.S. has stepped up sanctions and export controls. But companies are increasingly learning that the most seemingly innocuous products can find themselves in “dual use,” as a product for daily life and a product for war. A gyroscope ...
-
News BriefESG goes beyond politics: Vendor management, forced labor, sustainability
ESG is no longer in vogue. But its issues still are. Almost none of the nearly 200 attendees at Compliance Week’s Third Party Management summit this week said they’re currently working on ESG when informally surveyed. The show-of-hands results marked a dramatic reversal from even just a couple years ...
-
News BriefIn a world filled with uncertainty, boards need to focus on connecting dots
Regulators and investors increasingly say boards of directors need more expertise to ensure they can respond to fast-changing politics, policy, and technology that threaten to undermine their businesses. In the U.K., government officials say boards need to think more about cyber. In the EU, they need to prepare for the ...
-
WebcastCPE Webcast: Adapting to Global Regulatory Change and Supply Chain Disruption in 2025
Wondering how new approaches to age-old regulations affect ethical business practices across your extended enterprise? What about how tariffs may impact your supply chain integrity, and how to best adapt your organization to accelerated shifts in business practices?
-
WebcastCPE Webcast: Slow Vendors, Changing Risks: The Compliance Customization Gap
A recent survey found that 66% of compliance leaders say their training programs are hard to customize quickly, and nearly half (46%) are being asked to cut training time.
-
WebcastCPE Webcast: Taking a data-first, questionnaire-second approach to TPRM
Join us for a live webcast to learn how the newest risk exchange models are eliminating 80 percent of questionnaire requests with data.
-
PremiumNavigating compliance: A guide for small teams to tackle CMMC
Many small organizations within the Defense Industrial Base are struggling to meet the rigorous requirements validated through the Cybersecurity Maturity Model Certification, writes Thomas Graham, CISO at Redspin. If you haven’t been tracking it closely, CMMC was finalized in October, with an effective date of December 16, 2024.
-
News BriefDOJ fines MORSE Corp $4.6M for lax cyber controls amid crack down on federal contractors
Yet another government contractor has been slapped with a fine by the Department of Justice for applying lax cybersecurity defenses on sensitive government data.
-
Resourcee-Book: Tackling Third Party Risk In A Global World
TPRM has always been a tough subject, requiring regular monitoring and audits to be done right. But until recently, it was something companies chose to do.
-
PremiumWhen it comes to trust, make sure to verify
The increasing efforts to fight modern slavery across the globe are getting a boost from EU rules that require companies to track and report on the issue. But compliance executives can’t lean on easy databases and automated solutions, experts increasingly say, that supply chain companies may ignore or lie to.
-
SurveySurvey: The State of Third-Party Due Diligence
This is a Compliance Week Survey, sponsored by GAN Integrity. It is completely anonymous and designed to help benchmark the state of third-party due diligence. Results will be shared by Compliance Week and GAN Integrity in the form of a benchmark report.
-
PremiumExperts explain why IIA's new global audit rules will be 'central' to securing high-quality assurance
Compliance teams should expect more support from their organization’s internal audit functions. That is the clear message from the Institute of Internal Auditors, the global body of national affiliated internal audit institutes, which has just put into action its new Global Internal Audit Standards.
-
News BriefCrypto exchange OKX latest target of DOJ, hit with $505M penalty over AML, KYC failures
One of world’s largest cryptocurrency exchanges agreed to pay more than $500 million in penalties and plead guilty to AML and KYC violations, along with failing to register as a money transmitting business with the U.S. Treasury Department, the DOJ said.
-
PremiumExperts: Prepare now with U.K. failure to prevent fraud offense on horizon
Fraud prevention is about to get more complicated with penalties rising sharply for U.K. organizations. Starting Sept. 1, larger businesses will be liable to criminal prosecution if any of their employees–or an agent, subsidiary, or other “associated person”–commits fraud that is intended to benefit the company.
-
News BriefDOJ indicts five in remote IT work scheme to circumvent North Korean sanctions
Five people, including two Americans, allegedly duped U.S. companies into hiring North Koreans for contract IT work, and funneled millions in U.S. dollars to the sanctioned regime, the Department of Justice said.
-
PremiumExperts say DORA compliance not coming easy as more firms pass buck to IT providers
New rules have come into effect across the European Union to promote better cybersecurity and IT resilience across the financial services sector, but experts warn that compliance is likely to be patchy and regulatory enforcement across the bloc perhaps even patchier.
-
News BriefCannabis company dinged by SEC over ‘round-trip’ transfer to inflate year-end cash
A cannabis company agreed to pay $225,000 to settle allegations that funds were temporarily deposited into its year-end accounts for the sole purpose of inflating year-end cash, the Securities and Exchange Commission said.
-
PremiumExperts unsure of risk appetite as EU beefs up cyber rules for critical infrastructure
New rules on cyber risk management across the EU put execs firmly in the crosshairs for noncompliance and are likely to apply to a wider range of organizations than many business leaders may initially think. However, there are also concerns that the rules may become muddled across the wide bloc. ...
-
PremiumTPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025
New rules that push IT firms providing “critical” services to the U.K.’s financial sector to share more data about cyberattacks and resiliency measures have been welcomed by industry experts. However, concerns remain over how suppliers will be classified and how key data might be gathered and shared.