Latest Blog Articles

Read the Latest Blog Posts
Knowledge. Useful. Quick. 


Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • Nonprofit organizations play a crucial role in society, focusing on important causes like environmental conservation, humanitarian aid, and community development. Nonprofits often collaborate with third parties, like vendors, service providers, and even other nonprofits, to streamline operations and make their mission-driven work more effective. However, it's important to recognize that working with third parties comes with its own set of risks. Third parties expand the risk landscape for nonprofit organizations, introducing potential liabilities that must be effectively managed.
  • Stay up-to-date on the latest vendor risk management news happening this month. Check out the articles below.
  • Automation has been an absolute game-changer for third-party risk management. It can almost seem like a superhero on your team, speeding up processes, catching errors, and allowing full-time employees to focus on strategic tasks. However, even with the rise of automation tools like artificial intelligence , it’s essential to remember that even superheroes need sidekicks. While automation is powerful, human intellect and review remain essential in due diligence.
  • One often overlooked way to manage risks when working with your third-party vendors is by making sure your vendors have the necessary insurance coverage. To validate your third-party vendor’s insurance coverage, it's a common practice to ask for and review a copy of their certificate of insurance (COI) , but what do you do once you’ve received the COI? To make sense of it and ensure that it's valid, it's useful to understand some basic terminology and types of policies.
  • In most cases, half the battle of building or maturing a third-party risk management (TPRM) program is obtaining organizational buy-in. The next challenge is figuring out how to maximize your limited resources to ensure your TPRM stakeholders can effectively perform their duties.
  • Unforeseen natural disasters and unexpected events can wreak havoc on any business, but particularly for commercial real estate developers. Not only do developers need to worry about the physical building, but also the safety of occupants and operational continuity. To remain prepared, commercial real estate developers must establish a robust and comprehensive business continuity plan (BCP) and ensure their vendors have done the same.
  • Retail payment activities have grown increasingly popular in recent years, and Canadian regulators have taken steps to ensure these transactions are safe for consumers and businesses. Starting November 1, 2024, payment service providers (PSPs) are required to comply with Canada’s Retail Payment Activities Act (RPAA), which are supplemented with the Retail Payment Activities Regulations (Regulations). The RPAA and accompanying Regulations is intended to address operational risks associated with PSPs and protect the end-users’ funds.
  • The third-party risk oversight process doesn't end when the contract is signed. Your third parties’ performance and risk must be monitored on an ongoing basis throughout the life of the relationship. An effective third-party risk management (TPRM) program will maintain ongoing monitoring and follow best practices.
  • Stay up-to-date on the latest vendor risk management news happening this month. Check out the articles below.
  • During challenging economic times, it is only natural that business leaders shift their focus towards cost-savings strategies, which often times can be short-sighted in nature and cause broad issues to the organization. These can include anything from budget cuts, hiring freezes, and even layoffs of employees and contractors.
  • Cyberattacks, natural disasters, and technology outages are just a few events that can create significant operational disruptions for your organization and your vendors. While these events aren’t a new concern, regulators across the world have been developing more guidelines and frameworks to help organizations strengthen their operational resilience.
  • Climate-related disclosures have steadily gained prominence in recent years, with regulations currently established in the EU and California. Many organizations have anticipated regulations at the U.S. federal level for almost two years since the SEC first proposed its rule on climate-related disclosures in 2022. The wait is now over. On March 6, 2024, the SEC issued The Enhancement and Standardization of Climate-Related Disclosures for Investors .
  • In 2014, the National Institute of Standards and Technology (NIST) released its Cybersecurity Framework (CSF) as a guide for organizations in critical infrastructure. Ten years later, CSF 2.0 has been released and is intended for a much broader audience. Organizations in any industry can use the new framework as a guideline for improving their cybersecurity programs. In addition to this broader scope, CSF 2.0 dedicates more attention to managing supply chain cybersecurity risk, which is a part of third-party cybersecurity risk.
  • Reading and evaluating vendor financial statements is an important due diligence activity that can reveal many hidden risks. For instance, a vendor with poor financial health can potentially lead to declining service levels or the vendor’s inability to continue providing a product or service.
  • Countless organisations in Australia outsource to service providers for products and services, which can reduce costs and increase efficiency. However, outsourcing also comes with its own set of risks. When organisations use external service providers, vendors, or third parties, they may face data breaches, loss of sensitive information, and reputational damage.