An Update on TPRM Programs

third-party risk

A new survey finds that companies are — at long last —  pushing their third-party risk management programs up the maturity curve, as they move from monitoring the cybersecurity risks among their vendors to actually reducing those risks. The report comes from BlueVoyant, a firm that helps businesses to manage their supply chain cybersecurity risks.…

Read More

Third-Party Risk Still a Shaggy Mess

third-party risk

We have an intriguing survey on third-party risk management to study today, one that suggests many companies are still struggling with siloed approaches and manual processes to manage their vendors — which, consequently, leaves lots of companies managing only a small fraction of the vendors they have. The survey comes from Prevalent, a vendor of…

Read More

A Small Bank’s Big Lessons About Risk

risk

Banking regulators have given us more lessons to ponder about effective third-party risk management and compliance programs, courtesy of a $30 million sanction against a bank in New York that had neither and ended up stuck in a pandemic-era $300 million fraud scheme. The bank in question is Metropolitan Commercial Bank (MCB), a bank in…

Read More

A Mixed Picture on Compliance Efforts

survey

Most large companies are doing at least passably well at managing compliance risks around third parties, although the vast majority are also still struggling to develop strong data analytics capability, according to a compliance benchmarking survey from two of the biggest names in the advisory world. KPMG and law firm White & Case published their…

Read More

More Help on Third-Party Risk

third-party risk

Banks have fresh guidance this week on how to tackle third-party risk management, and the material offers plenty of good advice on the subject for businesses in any sector.  The guidance comes from the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corp., and the Federal Reserve, which have been working for…

Read More

Lessons in Cardiac Company Fraud Settlement

biotronik

A medical device company based in Oregon has agreed to pay $12.95 million to settle charges that it ran a sham training program as a vehicle to pay kickbacks to doctors, in a case that offers compliance professionals plenty of lessons about internal controls and third-party risk. The company is Biotronik, a maker of defibrillators,…

Read More

Log4j: We Have to Talk About This

log4j

By now compliance and audit professionals may have heard about the cybersecurity vulnerability called Log4j. This will foremost be a problem for IT security officers; but Log4j also illuminates a lot of challenges that audit, compliance, and risk management challenges will face in the 2020s. So let’s unpack the issues afoot here. First, the background.…

Read More

Foster Wheeler’s FCPA Lessons

We have our first FCPA enforcement action of the Biden Administration: a $177 million punch against engineering firm Amec Foster Wheeler, for bribery involving overseas agents to win a contract with Brazilian state-owned oil giant Petrobras. The settlement was announced Friday by U.S. regulators and the parent company of Foster Wheeler, John Wood Group. Wood…

Read More

Steel Firm’s Lessons on Sanctions Risk

sanctions

Sometimes that third-party risk is a party mighty close to you. Such was the case with an Oklahoma steel manufacturer, which just paid $435,000 to settle charges that its chief engineer sub-contracted design work to an Iranian engineering company owned by the man’s brother. The company, Alliance Steel, agreed to pay the fine to the…

Read More

The Cracks in Third-Party Risk Management

Another day, another report looking at challenges of third-party risk management. This time the report is from software firm Prevalent, and it’s worth some attention for the conflicting perceptions about third-party risk that it calls out. Foremost, the report is interesting because it defines third-party risk as a cybersecurity and supply chain issue, rather than…

Read More