Showcasing news items, reports and handy resources that have caught our eye, and add to the dialog on third party, vendor and supplier risk and performance management.

 

Click Here to Skip Sections:

Third Party Risk Management

Third Party Risk Management - Cybersecurity & Data Privacy

Third Party Risk Management - Anti-Bribery & Anti-Corruption

Upcoming Aravo Webinars

Additional Aravo Content

Featured Resource

Deloitte - CEO & Board Risk Management Survey Report

Deloitte - CEO & Board Risk Management Survey Report

This recent Deloitte report shows given the increased usage and elevated nature of third-party involvement, extended enterprise risk has become a strategic risk for C-suite executives and board members.

 

 

Third Party Risk Management

News & Articles

McKinsey Insights - Value and Resilience Through Better Risk Management

In a risk environment that is growing more perilous and costly, boards need to help steer their companies toward resilience and value by embedding strategic risk capabilities throughout the organization.

Supplier Risk Monitoring for Effective Third Party Oversight

John Bree discusses why organizations need to identify and manage the risks of third parties that have significant impact on reputation, compliance, and business operations. 

How Can Businesses Prepeare Their Supply Chain for Brexit?

According to experts, businesses with integrated EU and UK supply chains will be particularly affected by a no-deal Brexit.

What Loss of Trust Costs Companies in Dollars and Cents

What is the business impact of reputation damage? A new study calculates cost of incidents that hurt a company’s reputation.

Industry Surveys & Guidance 

PWC Report – 2018 State of Compliance - Getting ahead of the watchdogs: Real-time compliance management

PWC Report – 2018 State of Compliance - Getting ahead of the watchdogs: Real-time compliance management

See how are organization worldwide are addressing the ever-evolving challenges of the compliance and ethics landscape.

Global Supply Chain Risk Report by Cranfield School of Management and Dun & Bradstreet

Global Supply Chain Risk Report
by Cranfield School of Management and Dun & Bradstreet

Despite preparation, fears over Brexit are increasing businesses’ perception of the risks in their supply chain.

The Deloitte Global Outsourcing Survey 2018

The Deloitte Global Outsourcing Survey 2018

This survey indicates that disruptive outsourcing solutions—led by cloud and automation—are fundamentally transforming traditional outsourcing.

KPMG Report - U.S. 2018 CEO Outlook

KPMG Report - U.S. 2018 CEO Outlook

Find out how CEOs are pursuing growth and technology-driven disruption and what risks are top of their agendas.

 

Third Party Risk Management - Cybersecurity & Data Privacy

 

Featured Resource

Ponemon Institute Report - Second Annual Study on The Internet of Things (IoT): A New Era of Third-Party Risk

Ponemon Institute Report - Second Annual Study on The Internet of Things (IoT): A New Era of Third-Party Risk

For those interested in the scope and frequency of data breaches, the Privacy Rights Clearinghouse maintains a database of reported data breaches together with the number of records breached. These are identified through either government agencies or verifiable media sources. They are only for data breaches reported in the U.S, although those outside the US are included if individuals in the U.S. are also affected. The tool lets you filter by type of breach, type of organization breached and year, and you can also embed charts and graphics from the tool into web pages.

News & Articles

British Airways Says Data Breach Larger Than Estimated

British Airways has admitted that up to 185,000 more people than first thought, this after Cathay Pacific, a partner to British Airways in the Oneworld airline alliance, said up to 9.4 million records were compromised in a separate attack.

Third-Party Problems: 4 Ways To Stop What You Can’t See

Organizations need to treat their extended network as part of their own security family. This article explores security risks caused by sharing data with information with third party vendors, and best practices for addressing them.

NIST Warns About Cybersecurity Vulnerabilities in Healthcare IoT

Many organizations are not fully aware they are using a large number of IoT devices. Organizations need to understand their use of IoT and the associated cybersecurity and privacy risks.

Torii IoT Botnet Underscores Need for IoT Cybersecurity, Privacy Guidance

The new Torrii IoT Botnet underscores the need for the Federal government to provide guidance on how agencies can reduce risks associated with the deployment of their IoT networks.

Streamline Your Bank's Third-Party Vendor Management Risk Assessments

BitSight looks at how banks and other financial institutions can achieve efficiencies in cybersecurity by redistributing resources away from assessing the least risky vendors into assessing the most critical ones.

Going Back 2 Cali: The Golden State Passes Two New Data Privacy/Security Laws

California recently passed two new Privacy laws: the California Consumer Privacy Act of 2018 (CCPA) & the pioneering IoT security law, that have significant third party risk management implications. Tom Garrubba of Shared Assessments notes some of the implications of these new laws.

Scaling Cyber Supply Chain Risk Management With Dark Web Monitoring

With many recent cyberattacks originating through exposures in third-party systems, this article explores what makes cyber supply chains vulnerable, and what companies can do to protect their systems and sensitive company information.

BSI Study: One in Six European Companies Unprepared for GDPR Breach

One in six European businesses are not adequately ready to face the risk of a data breach, according to this recent study from British Standards Institution (BSI).

 

Third Party Risk Management - Anti-Bribery & Anti-Corruption

 
Featured Resources 
 
Exporting Corruption - Progress Report 2018: Assessing Enforcement of the OECD Anti-Bribery Convention

Exporting Corruption - Progress Report 2018: Assessing Enforcement of the OECD Anti-Bribery Convention

Transparency.org scored countries on corruption enforcement and provides overall and country-specific recommendations for improvement in meeting OECD anti-bribery standards.

World Bank Group Sanctions System Annual Report FY18

World Bank Group Sanctions System Annual Report FY18

Review the FY18 operations of the World Bank Group Sanctions System, including the 78 firms and individuals that were debarred during the period.

Podcast - Investigations & Enforcement: Emerging Trends in FCPA Enforcement

Podcast - Investigations & Enforcement: Emerging Trends in FCPA Enforcement

Attorneys from Sullivan & Cromwell discuss their observations on FCPA enforcement trends, including an increase in declination with disgorgement and greater international cooperation.

Example procedures for screening, engaging and managing third parties

Example Procedures for Screening, Engaging and Managing Third Parties

These charts from Transparency International UK set out example procedures for an anti-bribery framework for screening, engaging and managing third parties.

News & Articles

Examining the JPMorgan “Princeling” Settlement: Insight Into Current Foreign Corrupt Practices Act (FCPA) Interpretation and Enforcement

This scholarly article from the Washington University Global Studies Law Review examines recent corruption cases and provides guidance for companies trying to aggressively pursue business while complying with the law. 

Transparency International & OECD - Building a Peaceful and Safer World Through Collective Action in the Fight Against Corruption

Because corruption flows aren’t confined to national boundaries, governments must band together to stop abuses say officials of Transparency International, OECD, Government Open Partnership and Development Collective Denmark in this joint blog post.

Multi-Jurisdictional Anti-Corruption Investigation and Enforcement Trends and Developments

To respond to an increasingly global approach to anticorruption enforcement, companies should review their compliance programs and controls to stay on top of legal developments in jurisdictions where they operate.

Stryker FCPA Enforcement Action: Compliance Lessons for Distributors and Dealers – Part I

Chief compliance officers at companies with distribution sales models can improve their risk management strategies by learning from the investigation into bribery schemes in multiple countries.

Justice Department Demands Details from Glencore on Intermediary Firms

The US DOJ investigation appears to be focused on potential FCPA violations at three intermediary firms that do business with the Switzerland-based firm.

This wraps up some of the recent Third Party Risk related news stories and content we found of interest. If you have resources, tools and publications that you find particularly useful, and would like to share with the community, please let us know and we will include them in future editions. Send details to insights@aravo.com.

Below you'll find upcoming webinars plus content from Aravo.

Upcoming Aravo Webinars

 
Webinar - Best Practices for Third Party Management RFPs

Upcoming Webinar - Best Practices for Third Party Management RFPs

Thursday, November 29th
9am PT/ 12pm ET/ 5pm GMT
Cost: Complimentary
 
Speakers:
Michael Rasmussen, Principal Analyst, GRC 20/20
Dave Rusher, SVP, Product Strategy and Alliances, Aravo

Additional Aravo Resources

Aravo Third Party Risk Management for Financial Services_icon-2

Overview Video – Aravo Third Party Risk Management for Financial Services

Aligned with OCC guidance, Aravo TPRM for Financial Services, is a cloud-application designed to help financial institutions quick-start and accelerate their third party risk programs and support compliance with increased regulatory expectations.

Webinar - From FCPA to Reputation Risk: The Importance of Internal Controls

Webinar Replay - From FCPA to Reputation Risk: The Importance of Internal Controls

Recent ethics and compliance failures have cost corporations billions in fines & penalties - this webinar explores some notable enforcement actions and what internal controls should achieve for effective compliance. Click the link or image to watch now.

Aravo White Paper - From FCPA to Reputation Risk: The Importance of Internal Controls

Webinar Companion White Paper - From FCPA to Reputation Risk: The Importance of Applying Internal Controls to the Extended Enterprise

Third parties can bring a host of risks to corporations, and due diligence alone is not enough to prevent the most dangerous of those risks from striking your organization. This paper will explore the importance of effective internal controls to govern third parties and those risks they can pose to you.