Posts Tagged ‘third-party risks’
An Update on TPRM Programs
A new survey finds that companies are — at long last — pushing their third-party risk management programs up the maturity curve, as they move from monitoring the cybersecurity risks among their vendors to actually reducing those risks. The report comes from BlueVoyant, a firm that helps businesses to manage their supply chain cybersecurity risks.…
Read MoreThird-Party Risk Still a Shaggy Mess
We have an intriguing survey on third-party risk management to study today, one that suggests many companies are still struggling with siloed approaches and manual processes to manage their vendors — which, consequently, leaves lots of companies managing only a small fraction of the vendors they have. The survey comes from Prevalent, a vendor of…
Read MoreA Small Bank’s Big Lessons About Risk
Banking regulators have given us more lessons to ponder about effective third-party risk management and compliance programs, courtesy of a $30 million sanction against a bank in New York that had neither and ended up stuck in a pandemic-era $300 million fraud scheme. The bank in question is Metropolitan Commercial Bank (MCB), a bank in…
Read MoreA Mixed Picture on Compliance Efforts
Most large companies are doing at least passably well at managing compliance risks around third parties, although the vast majority are also still struggling to develop strong data analytics capability, according to a compliance benchmarking survey from two of the biggest names in the advisory world. KPMG and law firm White & Case published their…
Read MoreMore Help on Third-Party Risk
Banks have fresh guidance this week on how to tackle third-party risk management, and the material offers plenty of good advice on the subject for businesses in any sector. The guidance comes from the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corp., and the Federal Reserve, which have been working for…
Read MoreLessons in Cardiac Company Fraud Settlement
A medical device company based in Oregon has agreed to pay $12.95 million to settle charges that it ran a sham training program as a vehicle to pay kickbacks to doctors, in a case that offers compliance professionals plenty of lessons about internal controls and third-party risk. The company is Biotronik, a maker of defibrillators,…
Read MoreLog4j: We Have to Talk About This
By now compliance and audit professionals may have heard about the cybersecurity vulnerability called Log4j. This will foremost be a problem for IT security officers; but Log4j also illuminates a lot of challenges that audit, compliance, and risk management challenges will face in the 2020s. So let’s unpack the issues afoot here. First, the background.…
Read MoreFoster Wheeler’s FCPA Lessons
We have our first FCPA enforcement action of the Biden Administration: a $177 million punch against engineering firm Amec Foster Wheeler, for bribery involving overseas agents to win a contract with Brazilian state-owned oil giant Petrobras. The settlement was announced Friday by U.S. regulators and the parent company of Foster Wheeler, John Wood Group. Wood…
Read MoreSteel Firm’s Lessons on Sanctions Risk
Sometimes that third-party risk is a party mighty close to you. Such was the case with an Oklahoma steel manufacturer, which just paid $435,000 to settle charges that its chief engineer sub-contracted design work to an Iranian engineering company owned by the man’s brother. The company, Alliance Steel, agreed to pay the fine to the…
Read MoreThe Cracks in Third-Party Risk Management
Another day, another report looking at challenges of third-party risk management. This time the report is from software firm Prevalent, and it’s worth some attention for the conflicting perceptions about third-party risk that it calls out. Foremost, the report is interesting because it defines third-party risk as a cybersecurity and supply chain issue, rather than…
Read More