Search results for: third-party risk
Russia’s Effect on Supply Chains, Compliance Risk
The Ethics & Compliance Initiative hosted its annual conference this week, including a panel discussion about Russia’s war against Ukraine and its long-term implications for corporate ethics and compliance. The speakers spooled out a bundle of useful observations, so let’s take a few minutes to recap those points and ponder them a bit more. The…
Read MoreNotes on Cybersecurity and Operational Risk
Last week one of the country’s top banking regulators published its semi-annual report on risks to the financial system, and to no surprise cybersecurity risk was near the top. The more one ponders the findings, however, the more you can see insights about cybersecurity, internal control, and innovation that are worth the time of a…
Read MoreSteel Firm’s Lessons on Sanctions Risk
Sometimes that third-party risk is a party mighty close to you. Such was the case with an Oklahoma steel manufacturer, which just paid $435,000 to settle charges that its chief engineer sub-contracted design work to an Iranian engineering company owned by the man’s brother. The company, Alliance Steel, agreed to pay the fine to the…
Read MoreThoughts on IT Risk Management
Another week, another report painting a mottled picture of corporations and their approach to IT risk and compliance. This time around we have interesting points to explore about the pandemic’s effect on IT risk, how companies are responding to that pressure, and who is or isn’t in charge of all this stuff. The report is…
Read MoreCitigroup, Part IV: Compliance Risk
We finish our examination of the Citigroup enforcement action with a look at the issue most dear to compliance officers’ hearts: compliance risk, and how Citigroup needs to improve its compliance risk management function to meet regulators’ expectations. First, the backstory. On Oct. 7 the Office of the Comptroller of the Currency levied a $400…
Read MoreWynn, Part II: Third-Party Oversight
Today we revisit Wynn Resorts and the report its compliance monitor released last month. As you might recall, that report is a sweeping review of how Wynn has tried to rectify its operations after a sexual harassment scandal forced the departure of its founder and long-time CEO, Steve Wynn. Last month we took a deep…
Read MoreEight Objectives to Manage Pandemic Risks
Companies everywhere are racing to retool their risk management operations to address Covid-19, and I’ve been on a quest to find as much guidance as possible to pass along to everyone else. The GRC software firm Galvanize (formerly known as ACL) just hosted an emergency webinar to talk about how it’s trying to cope —…
Read MoreNew FINRA Guidance on Pandemic Risks
Another day, another gumdrop of guidance from financial regulators that’s worth reading for the whole compliance community. This time it’s FINRA, which published a bulletin Monday reminding broker-dealer firms about how to manage pandemic risk. FINRA has Rule 4370 for broker-dealers, which requires them to draft and maintain a business continuity plan. That rule doesn’t…
Read MoreSurvey: Big Enterprise Risks in 2020
Protiviti has just released its annual survey of enterprise risks that worry corporate leaders. Economic conditions and regulatory change topped the list, and apparently CFOs, chief risk officers, and internal auditors see bigger risks afoot this year than CEOs and board directors do. The survey, Executive Perspectives on Top Risks 2020, comes out every year…
Read MoreSupply Chain Risk: We’re Looking at It Wrong
I was reading the New York Times this weekend when an article jumped out at me: yet another example of misconduct in a large company’s supply chain suddenly bursting into public view, bringing grief to a company that clearly hadn’t known trouble was afoot. Ethics and compliance officers should take note. When we dissect exactly…
Read More