Latest Blog Articles

Read the Latest Blog Posts
Knowledge. Useful. Quick. 


Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • Stay up-to-date on the latest vendor risk management news happening this month. Check out the articles below.
  • You may be familiar with the term ESG, which represents the environmental, social, and governance practices and risks that aren’t usually disclosed in an organization’s financial statements. Many regulatory bodies are introducing guidelines that require organizations to disclose their ESG metrics for greater transparency. The UK and EU have already implemented several ESG regulations, while the U.S. is currently developing its own.
  • Mergers and acquisitions can occur unexpectedly, causing uncertainty about your vendor relationship. You may have many questions if your vendor has recently announced its acquisition. Depending on the details, there may even be a sense of urgency to change or end the vendor relationship. Consider these next steps that can help guide you in deciding the future of your vendor relationship.
  • In today's fast-paced business world, insurance companies often rely on business process outsourcing (BPO) to handle various operational tasks, streamline processes, and reduce costs. While outsourcing these functions brings significant benefits, it also exposes insurers to certain risks.
  • For many organizations, third-party relationships are primarily managed by various vendor owners or vendor managers. These individuals are vital to the success of vendor relationships, as they perform functions like completing risk assessments, negotiating contracts, managing the vendor’s risk and performance, and remediating issues as they emerge.
  • Budget constraints and competing business priorities are familiar struggles that affect nearly every organization. Outsourcing third-party risk management creates a lot of organization-wide value, but justifying the cost to senior management and the board can sometimes feel like an uphill battle.
  • While shadow procurement may sound like the title of a thrilling espionage blockbuster, it's actually a real issue that plagues higher education. Shadow procurement involves buying goods or services outside of the established procurement process.
  • Artificial intelligence (AI) is continuing to shape the business world, and it seems like only a matter of time before most organizations will adopt this technology in some form or another. Several studies have shown that over half of business owners are already using AI, or plan to use it in the future. Whether your organization is part of this group or not, it’s likely that AI will influence at least some of your vendors. So, what does this mean for your organization and managing AI vendor risk ?
  • Many third-party risk management (TPRM) guidelines and regulations are designed to protect an organization, and by extension, its customers. Regulators have continuously emphasized the need for robust TPRM practices, like due diligence and ongoing monitoring, and the Consumer Financial Protection Bureau (CFPB) is uniquely focused on how these activities will benefit the consumer.
  • This blog post was written in collaboration between Hilary Jewhurst , at Venminder, and Mike Morris at Wipfli , who is a consulting firm with services that range from audit and accounting to digital transformation and managing disruption. Although outsourcing isn’t new, it has become more widespread and complex. And while many registered investment advisors (RIAs) must outsource to remain competitive, it’s crucial to identify and mitigate the risks associated with outsourcing. According to the Securities and Exchange Commission (SEC), if an advisor outsources specific functions without taking proper steps to ensure the protection of their clients’ interests, it may be considered deceptive and not in line with their legal obligations under federal securities laws.
  • Experiencing a cyber incident within your credit union can be stressful, whether it originates from your own system or a third-party vendor. Regardless of who is responsible, or when it occurred, the National Credit Union Administration (NCUA) now expects your credit union to report the incident within 72 hours after it was discovered. The details of this rule are laid out in 23-CU-07 , which went into effect on September 1, 2023.
  • When your organization partners with a third-party vendor, you’ll need to engage in a variety of activities to ensure that the relationship continues to provide value. Activities like ongoing monitoring and periodic due diligence are critical, but third-party contract management essentially sets the standards for your vendor relationship.
  • There’s a common saying that a chain is only as strong as its weakest link. This is helpful to think of in relation to your vendor management program. Just one single vendor can expose your organization to significant risk, but what about those other links you can’t see? Remember, each of your vendors also has their own vendors, also known as your fourth parties.
  • Stay up-to-date on the latest vendor risk management news happening this month. Check out the articles below.
  • As so many organizations transition to cloud-based systems, it’s increasingly common for organizations to experience outages. Typically, cloud services rely on centralized management and data centers. When these centers encounter issues, it can affect all users across the infrastructure. Unfortunately, this is a common cause of cloud outages.