Search results for: third-party risk
Study: Open-Source Software Risks Are Rampant
A newly released study finds that the vast majority of software systems that businesses use to manage their operations rely to at least some extent on open-source software — and the vast majority of that open-source code contains multiple high-risk vulnerabilities. So says the 2025 Open Source Security and Risk Analysis Report, released Tuesday by…
Read MoreSome Reminders on Fraud Risk
Last week a former employee of Takeda Pharmaceuticals was sentenced to prison for a multi-million dollar embezzlement scheme against the company. The case is a good reminder that companies will always need strong internal accounting controls no matter what regulatory changes might happen in Washington, so let’s take a look. The ex-employee at the center…
Read MoreSustainability Risk Is Supply-Chain Risk
Last week we reported on a study that captured the challenges of third-party risk management these days. Today we can take a deep dive into one specific slice of that challenge courtesy of Microsoft, and its quest to reduce carbon emissions in its supply chain. The news is as follows. Last week Microsoft released its…
Read MoreAnother Way of Looking at AI Risk
Today we return to artificial intelligence, since these days compliance officers need all the good advice they can get on the subject. The New York City Bar Association recently published a paper on how AI might help with anti-money laundering compliance, and along the way raised several issues about AI that every compliance officer should…
Read MoreA Small Bank’s Big Lessons About Risk
Banking regulators have given us more lessons to ponder about effective third-party risk management and compliance programs, courtesy of a $30 million sanction against a bank in New York that had neither and ended up stuck in a pandemic-era $300 million fraud scheme. The bank in question is Metropolitan Commercial Bank (MCB), a bank in…
Read MoreMore on Managing ‘ChatGPT Risk’
Internal auditors, compliance officers, and risk managers looking for more perspective on how artificial intelligence might affect your lives, look no further. A cybersecurity research institute has published a fascinating paper on the potential risks from ChatGPT, with lots of unsettling implications for risk assurance professionals. The paper, titled “I, Chatbot,” comes from Recorded Future,…
Read MoreFINRA Talks Cyber Risks
FINRA, the regulator for broker-dealer firms that every other compliance professional should follow anyway, has given us yet another piece of nifty guidance: its annual report on regulatory examinations, brimming with advice about risks related to cybersecurity, anti-money laundering, and other issues. Like most other financial regulators, FINRA examines the compliance programs of businesses under…
Read MoreFresh Approaches to Cybersecurity Risk
Every regulator and their uncle is climbing aboard the cybersecurity bandwagon these days. Before that bandwagon starts rolling away with itself, however, we might want to ask whether corporate audit and compliance teams, and even the regulators themselves, are going about all this in the wisest way possible. Two recent posts on Radical Compliance capture…
Read MoreRussia’s Effect on Supply Chains, Compliance Risk
The Ethics & Compliance Initiative hosted its annual conference this week, including a panel discussion about Russia’s war against Ukraine and its long-term implications for corporate ethics and compliance. The speakers spooled out a bundle of useful observations, so let’s take a few minutes to recap those points and ponder them a bit more. The…
Read MoreNotes on Cybersecurity and Operational Risk
Last week one of the country’s top banking regulators published its semi-annual report on risks to the financial system, and to no surprise cybersecurity risk was near the top. The more one ponders the findings, however, the more you can see insights about cybersecurity, internal control, and innovation that are worth the time of a…
Read More