Blog

Bribery & Corruption – A growing focus for governments and companies

Although the way firms and individuals are being prosecuted for bribery and corruption continues to evolve, the overall direction of travel is towards increased responsibility for the prevention of these activities. Most FCPA actions (83%) of 2017 involved bribery schemes that relied on third-party intermediaries such as agents, consultants, or contractors.  And yet according to a recent survey, organizations are not responding fast enough by implementing the right policies and risk assessments.  

Read More

Topics: third party risk management, tprm, supplier risk, vendor risk, risk and compliance, compliance risk, Anti-Bribery and Anti-Corruption, uk bribery, Bribery, Corruption, regulation

Five Third Party Risks The Regulators are Focusing On

It’s the billion-dollar question – what is on a regulator’s mind when they walk through the door of a firm? What kinds of things are they looking for – and is the firm prepared?

The focus on third party risk management by regulators has increased significantly over the past few years.  The regulators themselves are providing some clear and coherent guidance on their expectations, such as: OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance; FFIEC Appendix J: Strengthening the Resilience of Outsourced Technology Services. And, if you’re looking for a ‘crib-sheet’ of what the examiners are likely to be looking at, there’s also OCC Bulletin 2017-7: The OCC's Supplemental Examinations Procedures for Third Party Relationships.

In February 2018, Aravo brought together a panel of experts, two of whom were former US regulators, to talk about how supervisors are thinking about third party risk management. You can listen to the broadcast here – but we’ve also distilled it down into five key take-aways.

Read More

Topics: third party risk management, tprm, supplier risk, vendor risk, occ compliance, FFIEC, third party risk regulators, regulatory frameworks, risk and compliance, third party risk, third party compliance, third party vendor, concentration risk, fourth party risk, geopolitical risk, cyber risk, information security, compliance risk

Whetting the Appetite in Third Party Risk

A snapshot of the results of two new audience surveys suggests that the concept of “risk appetite” within the third-party risk management framework is still finding its feet. Attendees at a pair of June New York and London conferences, aimed at the financial services industry’s third party risk professionals, responded very similarly to three key questions.

Read More

Topics: third party risk management, risk and compliance, Financial Services, compliance risk, reputational risk, risk management, tprm, event, EMEA, governance, compliance programs, third party risk, risk appetite, survey

Evaluating Third Party Risk and Performance

Best practice approaches to risk and performance scoring and automated workflow

As businesses have evolved and matured, so too has their approach to third parties. In the past, companies focused more on transactional ‘supplier’ relationships, typically for raw materials or ‘parts’. However, today third party relationships form a much deeper and far-reaching part of the strategic and operational ecosystem of any Global 2000 organization.

DOWNLOAD THE WHITE PAPER

Read More

Topics: third party risk management, risk and compliance, tprm, business complexity, scale, compliance risk, Global 2000, business change, business scale, third parties, white paper, risk-scoring, performance scoring, automated workflows, risk dashboard

Board Reporting, Risk Scorecards, Cybersecurity and more – takeaways from CEFPROs Vendor and Third Party Risk USA Conference

Earlier this month, I attended and chaired at the Center for Financial Professional’s conference on Vendor and Third Party Risk USA in New York. The two-day event highlighted the complexity that third party risk managers face, with topics as far ranging as cyber-risk at fourth parties, to applying third party risk frameworks to intra-company organizations. The event also demonstrated that the discipline is having to evolve and mature fast in order to keep pace with the changing digital landscape as well as ongoing regulatory change. Here are my top takeaways from the event, which I hope you will find of interest.

Read More

Topics: third party risk management, risk and compliance, Anti-bribery & Anti-corruption, Financial Services, High Technology, business case, Responsible Sourcing, compliance risk, reputational risk, risk management, tprm, event, EMEA, governance, compliance programs, third party risk

CEFPRO's Vendor & Third Party Risk EMEA conference - Top 10 Key Takeaways for Third Party Risk

This week, I had the pleasure of chairing Day one of the Center for Financial Professional’s conference on Vendor and Third Party Risk EMEA. The conference brought together insights about the evolution of the discipline as well as some key best practices. Here are my top ten takeaways from the event that I would like to share.

Read More

Topics: third party risk management, risk and compliance, Anti-bribery & Anti-corruption, Financial Services, High Technology, business case, Responsible Sourcing, compliance risk, reputational risk, risk management, tprm, event, EMEA, governance, compliance programs, third party risk

Third Party Risk Management in the Dynamic of Business Scale, Complexity, and Change

Why TPRM objectives fail – and what Global 2000 companies need to succeed

Even though large organizations have invested time, attention, and resources into third party risk management (TPRM) over the past decade, it’s clear that many programs are failing to deliver on their primary objective - keeping the organization safe.

DOWNLOAD THE WHITE PAPER

Read More

Topics: third party risk management, risk and compliance, tprm, business complexity, scale, compliance risk, Anti-bribery & Anti-corruption, Responsible Sourcing, Data Security & Privacy, Global 2000, business change, business scale, third parties, white paper

Sustainable Procurement - Survey Shows Progress Still To Be Made

Sustainability and corporate social responsibility (CSR) are now important or critically important items on the supply chain agendas of organizations around the world, according to a new survey. However, organizations need to continue to drive improvement in the implementation of their sustainability/CSR programs to ensure risks and compliance are managed, and brand reputation protected.

Read More

Topics: procurement, sustainability, corporate resonsibility, corporate social responsibility, csr, risk management, compliance, brand reputation, ecovadis, hec, risk mitigation, board of directors, sustainable procurement, SP program, global supply chain, governance, Responsible Sourcing, third party risk management, reputational risk, compliance risk, regulatory risk, suppliers