Search results for: third-party risk
Survey: Third-Party Data Risk Still a Mess
Another year, another report confirming what most compliance and IT security officers already know: third-party vendors are an enormous security and privacy risk, and oversight of those parties is a mess. That’s the message of a report released Thursday by Opus and the Ponemon Institute, which surveyed more than 1,000 IT and data security professionals…
Read MoreGlencore, Part III: Third-Party Agents
Today we have another exploration of Glencore’s recent compliance progress report, this time looking at how the trading giant handles third-party risk management. Glencore’s report does offer extensive detail into how it runs its compliance program and third-party risk drives everyone nuts, so let’s see what lessons we can learn. For those unfamiliar with the…
Read MoreStudy: Open-Source Software Risks Are Rampant
A newly released study finds that the vast majority of software systems that businesses use to manage their operations rely to at least some extent on open-source software — and the vast majority of that open-source code contains multiple high-risk vulnerabilities. So says the 2025 Open Source Security and Risk Analysis Report, released Tuesday by…
Read MoreSome Reminders on Fraud Risk
Last week a former employee of Takeda Pharmaceuticals was sentenced to prison for a multi-million dollar embezzlement scheme against the company. The case is a good reminder that companies will always need strong internal accounting controls no matter what regulatory changes might happen in Washington, so let’s take a look. The ex-employee at the center…
Read MoreSustainability Risk Is Supply-Chain Risk
Last week we reported on a study that captured the challenges of third-party risk management these days. Today we can take a deep dive into one specific slice of that challenge courtesy of Microsoft, and its quest to reduce carbon emissions in its supply chain. The news is as follows. Last week Microsoft released its…
Read MoreAnother Way of Looking at AI Risk
Today we return to artificial intelligence, since these days compliance officers need all the good advice they can get on the subject. The New York City Bar Association recently published a paper on how AI might help with anti-money laundering compliance, and along the way raised several issues about AI that every compliance officer should…
Read MoreA Small Bank’s Big Lessons About Risk
Banking regulators have given us more lessons to ponder about effective third-party risk management and compliance programs, courtesy of a $30 million sanction against a bank in New York that had neither and ended up stuck in a pandemic-era $300 million fraud scheme. The bank in question is Metropolitan Commercial Bank (MCB), a bank in…
Read MoreMore on Managing ‘ChatGPT Risk’
Internal auditors, compliance officers, and risk managers looking for more perspective on how artificial intelligence might affect your lives, look no further. A cybersecurity research institute has published a fascinating paper on the potential risks from ChatGPT, with lots of unsettling implications for risk assurance professionals. The paper, titled “I, Chatbot,” comes from Recorded Future,…
Read MoreFINRA Talks Cyber Risks
FINRA, the regulator for broker-dealer firms that every other compliance professional should follow anyway, has given us yet another piece of nifty guidance: its annual report on regulatory examinations, brimming with advice about risks related to cybersecurity, anti-money laundering, and other issues. Like most other financial regulators, FINRA examines the compliance programs of businesses under…
Read MoreFresh Approaches to Cybersecurity Risk
Every regulator and their uncle is climbing aboard the cybersecurity bandwagon these days. Before that bandwagon starts rolling away with itself, however, we might want to ask whether corporate audit and compliance teams, and even the regulators themselves, are going about all this in the wisest way possible. Two recent posts on Radical Compliance capture…
Read More