Posts Tagged ‘third-party risks’
Glencore, Part III: Third-Party Agents
Today we have another exploration of Glencore’s recent compliance progress report, this time looking at how the trading giant handles third-party risk management. Glencore’s report does offer extensive detail into how it runs its compliance program and third-party risk drives everyone nuts, so let’s see what lessons we can learn. For those unfamiliar with the…
Read MoreTackling Third-Party Risk Management
This week I had the good fortune to moderate a webinar on third-party risk management, and the role that compliance officers should play in this critically important — but increasingly complicated — task. The conversation was excellent and I took plenty of notes; and now pass them along to the compliance community for whatever they’re…
Read MoreMore Tips on Third-Party Risk
FINRA, the regulator for broker-dealer firms, published its annual report on regulatory oversight issues this week — and to little surprise, the report included a section on third-party risk and the internal controls that your firm should consider to keep those risks in check. The advice is useful to anyone in any business sector, so…
Read MoreAn Update on TPRM Programs
A new survey finds that companies are — at long last — pushing their third-party risk management programs up the maturity curve, as they move from monitoring the cybersecurity risks among their vendors to actually reducing those risks. The report comes from BlueVoyant, a firm that helps businesses to manage their supply chain cybersecurity risks.…
Read MoreThird-Party Risk Still a Shaggy Mess
We have an intriguing survey on third-party risk management to study today, one that suggests many companies are still struggling with siloed approaches and manual processes to manage their vendors — which, consequently, leaves lots of companies managing only a small fraction of the vendors they have. The survey comes from Prevalent, a vendor of…
Read MoreA Small Bank’s Big Lessons About Risk
Banking regulators have given us more lessons to ponder about effective third-party risk management and compliance programs, courtesy of a $30 million sanction against a bank in New York that had neither and ended up stuck in a pandemic-era $300 million fraud scheme. The bank in question is Metropolitan Commercial Bank (MCB), a bank in…
Read MoreA Mixed Picture on Compliance Efforts
Most large companies are doing at least passably well at managing compliance risks around third parties, although the vast majority are also still struggling to develop strong data analytics capability, according to a compliance benchmarking survey from two of the biggest names in the advisory world. KPMG and law firm White & Case published their…
Read MoreMore Help on Third-Party Risk
Banks have fresh guidance this week on how to tackle third-party risk management, and the material offers plenty of good advice on the subject for businesses in any sector. The guidance comes from the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corp., and the Federal Reserve, which have been working for…
Read MoreLessons in Cardiac Company Fraud Settlement
A medical device company based in Oregon has agreed to pay $12.95 million to settle charges that it ran a sham training program as a vehicle to pay kickbacks to doctors, in a case that offers compliance professionals plenty of lessons about internal controls and third-party risk. The company is Biotronik, a maker of defibrillators,…
Read MoreLog4j: We Have to Talk About This
By now compliance and audit professionals may have heard about the cybersecurity vulnerability called Log4j. This will foremost be a problem for IT security officers; but Log4j also illuminates a lot of challenges that audit, compliance, and risk management challenges will face in the 2020s. So let’s unpack the issues afoot here. First, the background.…
Read More