A Small Bank’s Big Lessons About Risk

risk assessments

Banking regulators have given us more lessons to ponder about effective third-party risk management and compliance programs, courtesy of a $30 million sanction against a bank in New York that had neither and ended up stuck in a pandemic-era $300 million fraud scheme. The bank in question is Metropolitan Commercial Bank (MCB), a bank in…

Read More

A Mixed Picture on Compliance Efforts


Most large companies are doing at least passably well at managing compliance risks around third parties, although the vast majority are also still struggling to develop strong data analytics capability, according to a compliance benchmarking survey from two of the biggest names in the advisory world. KPMG and law firm White & Case published their…

Read More

More Help on Third-Party Risk

third-party risk

Banks have fresh guidance this week on how to tackle third-party risk management, and the material offers plenty of good advice on the subject for businesses in any sector.  The guidance comes from the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corp., and the Federal Reserve, which have been working for…

Read More

Lessons in Cardiac Company Fraud Settlement


A medical device company based in Oregon has agreed to pay $12.95 million to settle charges that it ran a sham training program as a vehicle to pay kickbacks to doctors, in a case that offers compliance professionals plenty of lessons about internal controls and third-party risk. The company is Biotronik, a maker of defibrillators,…

Read More

Log4j: We Have to Talk About This


By now compliance and audit professionals may have heard about the cybersecurity vulnerability called Log4j. This will foremost be a problem for IT security officers; but Log4j also illuminates a lot of challenges that audit, compliance, and risk management challenges will face in the 2020s. So let’s unpack the issues afoot here. First, the background.…

Read More

Foster Wheeler’s FCPA Lessons

We have our first FCPA enforcement action of the Biden Administration: a $177 million punch against engineering firm Amec Foster Wheeler, for bribery involving overseas agents to win a contract with Brazilian state-owned oil giant Petrobras. The settlement was announced Friday by U.S. regulators and the parent company of Foster Wheeler, John Wood Group. Wood…

Read More

Steel Firm’s Lessons on Sanctions Risk


Sometimes that third-party risk is a party mighty close to you. Such was the case with an Oklahoma steel manufacturer, which just paid $435,000 to settle charges that its chief engineer sub-contracted design work to an Iranian engineering company owned by the man’s brother. The company, Alliance Steel, agreed to pay the fine to the…

Read More

The Cracks in Third-Party Risk Management

Another day, another report looking at challenges of third-party risk management. This time the report is from software firm Prevalent, and it’s worth some attention for the conflicting perceptions about third-party risk that it calls out. Foremost, the report is interesting because it defines third-party risk as a cybersecurity and supply chain issue, rather than…

Read More

ComEd Pays $200M on Domestic Bribery


Commonwealth Edison, a subsidiary of energy giant Exelon Corp. and the largest utility in the state of Illinois, agreed Friday to pay $200 million to settle federal corruption charges that also involve one of the state’s most powerful politicians. The case is a reminder to compliance officers that FCPA-like misconduct can happen right here within…

Read More

Wynn, Part II: Third-Party Oversight


Today we revisit Wynn Resorts and the report its compliance monitor released last month. As you might recall, that report is a sweeping review of how Wynn has tried to rectify its operations after a sexual harassment scandal forced the departure of its founder and long-time CEO, Steve Wynn.  Last month we took a deep…

Read More