Showcasing news items, reports and handy resources that have caught our eye, and add to the dialog on third party, vendor and supplier risk and performance management.


Click Here to Skip Sections:

Third Party Risk Management

Third Party Risk Management - Cybersecurity & Data Privacy

Third Party Risk Management - Anti-Bribery & Anti-Corruption

Additional Aravo News & Resources

Featured Resources

Aravo Webinar - Best Practices for Third Party Management RFPs

Webinar - Best Practices for Third Party Management RFPs

Guest presenter Michael Rasmussen from GRC 20/20 & Dave Rusher from Aravo provide a framework and insights for evaluating or considering TPRM solutions.


An Aravo Point of View - Is Best Practice for RFPs not to Issue RFPs?

The RFP has long been accepted as an “objective” way to conduct vendor selection for purchases ranging from hard goods to complex services. But is it necessarily the best way to buy third party risk management (TPRM) technology?

Third Party Risk Management

News & Articles

EY Insights - How Understanding Independence Can Lead to More Strategic Relationships

How do you encourage objectivity when companies use the same third party for internal audit and other services?

[Video] Association of Corporate Treasurers Webinar - Know Your Third Party Compliance

This webinar reviews how to best prevent, detect, and investigate supplier and third party risk by implementing a straightforward Know Your Third Party (KY3P) framework.

European Union Leaders Agree Brexit Deal - So What Are Your Supply Chain Risks?

The UK’s withdrawal from the European Union has been approved, now the question is does Brexit represent a supply chain risk to be mitigated, or a supply chain opportunity to be exploited?

Moody's is Going to Start Building the Risk of a Business-Ending Hack into its Credit Ratings

Credit Ratings (AAA-C) given to organizations by Moody’s will factor in their risk of a major impact from a cyberattack.

Industry Surveys & Guidance 

Front lines

Deloitte Insights - Resetting the Front Line of Defense - Managing Risk Across the Extended Enterprise

How can organizations limit exposures arising from extended enterprise in their network?

Image 389

Dun & Bradstreet Report - Compliance And Procurement Sentiment Report

A recent Dun & Bradstreet report indicates confidence about the implementation of compliance and procurement procedures through year’s end.

Image 384

EY Survey – 9th Annual EY/IIF Global Bank Risk Management Survey: Accelerating Digital Transformation - Four Imperatives for Risk Management

This global survey focuses on four imperatives that boards, senior management, CROs, and other key executives will have to address to gain a competitive advantage, maintain trust, and successfully achieve their digital transformation objectives.


McKinsey on Risk – Journal Number 6, Winter 2019

Third Parties can have tremendous impact on your organization’s performance. McKinsey’s journal offers global perspective and strategic thinking on risk, focusing on the key risk areas affecting the performance of the world’s leading companies.


Third Party Risk Management - Cybersecurity & Data Privacy


Featured Resources

Image 388

PWC Insights - Revitalizing Privacy and Trust in a Data-Driven World - Key Findings from The Global State of Information Security® Survey 2018

PWC report states most businesses don’t require third parties to comply with their privacy policies which can lead to third-party data breaches.

Image 392

UK Financial Conduct Authority (FCA) Survey - Cyber and Technology Resilience: Themes from Cross-Sector Survey 2017 - 2018

Top concerns include cyber-resilience and third party management. Third party issues, such as an IT failure at an important supplier, accounted for 15% of the operational incidents reported to the FCA (the second highest root cause).

News & Articles

GDPR-like Legislation to be Drafted by the US Senate in early 2019

United States Senate subcommittee reveals it is working on a draft of a GDPR-style legislation for the United States.

Marriott’s Starwood Data Breach Joins a Decade-Long List of Hotel Data Exposures

A growing number of major cybersecurity incidents is leading to calls for hotels to take a more bank-like approach to data protection.

[Video] Apple CEO Tim Cook calls for GDPR for the Rest of the World

Tim Cook’s keynote address at the 40th International Conference of Data Protection and Privacy Commissioners about need for data privacy and protection regulation.

[Podcast] Managing Third-Party Risk in the Age of Ransomware

This podcast looks at why it's critical that healthcare organizations improve vendor risk management to have a plan in place to protect against ransomware or other cyberattacks.

Fear, Uncertainty and Doubt May Be Clouding Cyber Insurance and ERM-Cybersecurity Integration

Cybersecurity leaders are looking to quantify the probability and business impact of cybersecurity events while also evaluating new options, including cyber insurance, as they look for new ways to address growing challenges, such as third-party risk management.

CSO Insights - It's Time for a New Cyber Risk Management Model

Because risk management tasks such as vulnerability scanning, third-party risk audits, and penetration testing have always been conducted on a periodic and independent basis, there is no such thing as a cyber risk management baseline.

Attack on Billing Vendor Results in Massive Breach

A data breach of a third-party provider may have compromised patient information for 2.65 Million individuals, say Atrium Health. This incident would be the largest health data breach reported so far in 2018.

Empathy: The Next Killer App for Cybersecurity?

This article proposes empathy can provide security teams a deeper understanding of third-party risk, round out the risk assessment, and allow more holistic risk-based decisions to be made.

Manufacturers Remain Slow to Recognize Cybersecurity Risks

Recently a third-party vendor shipped software infected with WannaCry ransomware to a major chip maker. The undetected virus then spread. Manufacturers are increasingly vulnerable to attacks that can shut down production and have ramifications throughout a supply chain.

Incorporating The OODA Loop

This article looks at the OODA Loop which is an agile and efficient process for implementing continuous TPRM monitoring across the enterprise.


Third Party Risk Management - Anti-Bribery & Anti-Corruption

Featured Resource
Image 393

Standard Chartered Report - The ABC of Anti-Bribery and Corruption: Assessing the Risks

Standard Chartered presents best practices for managing and measuring anti-bribery & corruption risk in banking; such as implementing a risk assessment driven by evidentiary-based criteria focused on key indicators of inherent risk and operational effectiveness, as opposed to compliance with a regulatory checklist.

News & Articles

U.S. SEC Collects Nearly $4 Billion in Fines, Disgorgement in Fiscal 2018

The Securities and Exchange Commission assessed $3.945 billion in disgorgement and penalties across 821 enforcement actions in fiscal 2018, an increase from 2017 which reported 754 actions in fiscal 2017 totaling $3.7 billion in disgorgement and penalties.

SEC and DOJ Announce Resolutions of FCPA "Industry Sweep"; First SEC Charge Against a Non-U.S. Issuer for FCPA Violations

The SEC and DOJ announced much-anticipated resolutions of FCPA charges in what the SEC described as the "first sweep of a particular industrial sector in order to crack down on public companies and third parties who are paying bribes abroad.” Additional non-traditional industries will be also be targeted for these industry-wide sweeps.

U.K. Corruption Trial in F.H. Bertling’s Jasmine Case Ends

This trial involved bribes and other illicit payments made by a third party logistics firm now in liquidation, F.H. Bertling, as part of an oil exploration project by ConocoPhillips in the Jasmine gas field.

Rifinitiv Insights - Fighting Bribery and Corruption: The Experts’ View

One of the biggest challenges facing businesses today is fighting bribery and corruption. This article looks at how organizations can protect themselves from increasing third party risks in a changing regulatory landscape.

A Silver Bullet? What Data Analytics Can - and Can’t - Do to Protect Your Company From Third-Party Risk

This article draws on discussions from the recent ACI International FCPA conference about leveraging data analytics to identify and managing third-party risks.

Podcast - FCPA Compliance Report-Episode 407 Mike Volkov with a 5-Year Look Back on FCPA Compliance

In this podcast, Tom Fox and Mike Volkov discuss FCPA enforcement and compliance programs over the past five years.

This wraps up some of the recent Third Party Risk related news stories and content we found of interest. If you have resources, tools and publications that you find particularly useful, and would like to share with the community, please let us know and we will include them in future editions. Send details to

Below you'll find additional content from Aravo.

Additional Aravo News & Resources

Michael Saracini, CEO, Aravo Solutions - Third Party Risk Managment - Fidelity Selects Aravo

Aravo News: Aravo Solutions Selected to Power Fidelity International’s (FIL) Global Third-Party Risk and Performance Program

Aravo is pleased to announce that we have been selected to power Fidelity International’s (FIL) global third-party risk and performance management program. Read More

Aravo - The Business Case For Better Third Party Risk Management_sm-421149-edited-247597-edited

The Business Case for Better Third Party Risk Management

You Can't Outsource Responsibility
Third party risk management is high on the agenda of both the C-suite and the Board of Directors. Leading organizations recognize that the Board holds ultimate responsibility for third-party risk and now often appoint a specific member charged with ownership. Download this critical paper on building the business case for better third party risk management.