Latest Blog Articles

Read the Latest Blog Posts
Knowledge. Useful. Quick. 

Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • April 2024 Vendor Management News

    yesterday
    Stay up-to-date on the latest vendor risk management news happening this month. Check out the articles below.

  • What Is Third-Party Risk? A Quick Look for Beginners

    2 days ago
    Internal and external business risks are a given for every organization, regardless of size or industry. And many external risks are from third parties contracted to provide products and services. Third-party risks can be just as impactful to an organization’s success and well-being, yet these types of risks are often misunderstood or left unmanaged. This can lead to significant consequences for an organization and its customers.

  • Protecting Your Nonprofit With Third-Party Risk Management

    3 days ago
    Nonprofit organizations play a crucial role in society, focusing on important causes like environmental conservation, humanitarian aid, and community development. Nonprofits often collaborate with third parties, like vendors, service providers, and even other nonprofits, to streamline operations and make their mission-driven work more effective. However, it's important to recognize that working with third parties comes with its own set of risks. Third parties expand the risk landscape for nonprofit organizations, introducing potential liabilities that must be effectively managed.

  • The Importance of Human Reviews in Vendor Due Diligence

    9 days ago
    Automation has been an absolute game-changer for third-party risk management. It can almost seem like a superhero on your team, speeding up processes, catching errors, and allowing full-time employees to focus on strategic tasks. However, even with the rise of automation tools like artificial intelligence , it’s essential to remember that even superheroes need sidekicks. While automation is powerful, human intellect and review remain essential in due diligence.

  • Third-Party Insurance Basics and Understanding Insurance Documents

    10 days ago
    One often overlooked way to manage risks when working with your third-party vendors is by making sure your vendors have the necessary insurance coverage. To validate your third-party vendor’s insurance coverage, it's a common practice to ask for and review a copy of their certificate of insurance (COI) , but what do you do once you’ve received the COI? To make sense of it and ensure that it's valid, it's useful to understand some basic terminology and types of policies.

  • 7 Steps to Outsource Third-Party Risk Management Activities

    16 days ago
    In most cases, half the battle of building or maturing a third-party risk management (TPRM) program is obtaining organizational buy-in. The next challenge is figuring out how to maximize your limited resources to ensure your TPRM stakeholders can effectively perform their duties.

  • Protecting Commercial Real Estate With Third-Party Business Continuity

    17 days ago
    Unforeseen natural disasters and unexpected events can wreak havoc on any business, but particularly for commercial real estate developers. Not only do developers need to worry about the physical building, but also the safety of occupants and operational continuity. To remain prepared, commercial real estate developers must establish a robust and comprehensive business continuity plan (BCP) and ensure their vendors have done the same.

  • Third-Party Risk Management for Canada's Retail Payment Activities Act

    23 days ago
    Retail payment activities have grown increasingly popular in recent years, and Canadian regulators have taken steps to ensure these transactions are safe for consumers and businesses. Starting November 1, 2024, payment service providers (PSPs) are required to comply with Canada’s Retail Payment Activities Act (RPAA), which are supplemented with the Retail Payment Activities Regulations (Regulations). The RPAA and accompanying Regulations is intended to address operational risks associated with PSPs and protect the end-users’ funds.

  • 12 Ongoing Monitoring Best Practices for Third-Party Risk Management

    24 days ago
    The third-party risk oversight process doesn't end when the contract is signed. Your third parties’ performance and risk must be monitored on an ongoing basis throughout the life of the relationship. An effective third-party risk management (TPRM) program will maintain ongoing monitoring and follow best practices.

  • March 2024 Vendor Management News

    29 days ago
    Stay up-to-date on the latest vendor risk management news happening this month. Check out the articles below.

  • The Importance of Third-Party Risk Management in a Difficult Economy

    one month ago
    During challenging economic times, it is only natural that business leaders shift their focus towards cost-savings strategies, which often times can be short-sighted in nature and cause broad issues to the organization. These can include anything from budget cuts, hiring freezes, and even layoffs of employees and contractors.

  • Meeting EU DORA Third-Party Risk Requirements

    one month ago
    Cyberattacks, natural disasters, and technology outages are just a few events that can create significant operational disruptions for your organization and your vendors. While these events aren’t a new concern, regulators across the world have been developing more guidelines and frameworks to help organizations strengthen their operational resilience.

  • SEC Climate-Related Disclosure Requirement Third-Party Considerations

    one month ago
    Climate-related disclosures have steadily gained prominence in recent years, with regulations currently established in the EU and California. Many organizations have anticipated regulations at the U.S. federal level for almost two years since the SEC first proposed its rule on climate-related disclosures in 2022. The wait is now over. On March 6, 2024, the SEC issued The Enhancement and Standardization of Climate-Related Disclosures for Investors .

  • Third-Party Risk Requirements of NIST Cybersecurity Framework 2.0

    one month ago
    In 2014, the National Institute of Standards and Technology (NIST) released its Cybersecurity Framework (CSF) as a guide for organizations in critical infrastructure. Ten years later, CSF 2.0 has been released and is intended for a much broader audience. Organizations in any industry can use the new framework as a guideline for improving their cybersecurity programs. In addition to this broader scope, CSF 2.0 dedicates more attention to managing supply chain cybersecurity risk, which is a part of third-party cybersecurity risk.

  • How to Read a Vendor Financial Statement

    one month ago
    Reading and evaluating vendor financial statements is an important due diligence activity that can reveal many hidden risks. For instance, a vendor with poor financial health can potentially lead to declining service levels or the vendor’s inability to continue providing a product or service.
More