third party risk

Daniel Wendt, a member at Miller & Chevalier, discusses the new Foreign Extortion Prevention Act that was signed into law by President Biden in December 2023.  FEPA was designed to prevent extortion by foreign officials and criminalizes the act of foreign officials demanding bribes addressing a potential gap in the FCPA. Here is a link to a recent alert that Miller & Chevalier published on FEPA as well as a link to Daniel’s bio and contact information. 

Ann Sultan and Alexandra Beaulieu of the law firm Miller & Chevalier came on the show to discuss recent enforcement developments and trends concerning the Foreign Corrupt Practices Act. Ann is a Partner and Vice Chair of the International Department at the firm and provides public companies and private organizations with advice on a wide range of enforcement, ethics and compliance topics. Alexandra is an Associate at the firm and focuses her practice on the design and implementation of risk-based corporate compliance programs and internal and government investigations. You can find a link to a recent review of FCPA enforcement trends and developments published by the firm here. 

In this episode I'm looking at the 4-month long investigative report by the New York Times into the damning claims of wide-spread, systemic exploitation of underaged migrant workers in some of the biggest, most beloved household brands in America.

The articles headed by journalist Hannah Dreier, presented one of several investigative pieces into the enormous scale of trafficked and enslaved young people across America.
 
So who is looking after these kids?  More specifically, who is looking after the downstream 3rd party suppliers who introduced these illegal and unethical practices  into the supply chains and why did the enterprise supplier risk vetting fail so miserably?

We'll break that down and look at three ways we can all do more to mitigate this from happening in our companies.

Resources and Citations: 

Referenced News Articles:

• https://www.nytimes.com/2023/02/25/us/unaccompanied-migrant-child-workers-exploitation.html (you can Google the Mar, Apr, May links from there) 
• https://www.msnbc.com/the-reidout/reidout-blog/joy-reid-child-labor-migrants-rcna72944
• https://www.nytimes.com/2023/05/07/us/politics/child-labor-immigration-democrats-republicans-biden.html?smid=nytcore-ios-share&referringSource=articleShare
• https://www.minimum-wage.org/colorado/child-labor-laws#:~:text=8%20hours%20of%20work%20per,hours%20per%20week%20are%20allowed 
• https://www.gartner.com/en/newsroom/press-releases/2023-02-21-gartner-survey-shows-third-party-risk-management-misses-are-hurting-ororganizations 

TPRM Resources:
✅  Get My FREE Third Party Risk for Leaders eGuide HERE  

• https://assets.kpmg.com/content/dam/kpmg/uk/pdf/2021/04/outsourcing-and-third-party-risk.pdf 
• https://www.upguard.com/resources/whitepaper-third-party-risk-management-services 

✅  Past blog on forced labour and human trafficking HERE  

Want to hear more about these topics? Please leave us a like and a review or join our mail list for information upcoming courses like our Negotiation Foundations course due out MARCH 2024! www.kelliconfidential.com

It's me, Jeffrey. And the first three episodes of my new podcast release on February 13th. I want YOU to tune in and experience the fun and knowledge shared every week. 

I am inviting fellow cyber security experts and icons in the field to chat about relevant topics (plus all things cinema!) Stay tuned.

In this discussion, Dr. Laura Jones, Director of Governance, Risk, and Compliance at Hearst, and Eileen Fahey, Chief Risk Officer at Fitch Group, share their decades of expertise in risk management with Atul Vashistha, Chairman and CEO, Supply Wisdom.

During the hour-long discussion, the panellists share their wisdom about the essentials for building out and scaling risk management programs with the goal of helping a new generation of risk professionals learn from leaders. 

Listen now for lessons learned, the importance of learning from peers, the value of industry associations and forums in fostering growth and education, and why one risk program cannot fit all businesses. 

• Defining 'maturity' for a risk management program 
• Best practices on building and scaling TPRM programs 
• How to develop an effective risk appetite framework 
• Maximizing the value of TPRM investments 

In Part 3 of this episode of CRO Wisdom, James Gellert talks about the importance of listening and learning from peers to be a great leader. He shares his advice on why young professionals must have a roadmap for their chosen career destination even while being flexible about getting there. 

 In Part 2 of this episode of CRO Wisdom, James Gellert talks about Covid-induced disruptions and how automation has helped them mitigate a lot of impact. 

James delves into the challenges of helping risk professionals assess risk from private companies and the importance of automating under the hood to deliver the most value to customers. He also emphasizes the importance of maintaining the appropriate internal data, such as lists of suppliers and their criticality, to get the most value out of risk management solutions. 

In this episode of CRO Wisdom, James Gellert sits down with Atul Vashistha, Chairman, Supply Wisdom and talks about his long career in banking and how he transitioned to Technology, growing Rapid Ratings into the leader it is today.

Business today is a complex web of third-party relationships, and risks of disruption from these third parties are increasing in frequency and severity.
 
Problem: Most enterprises follow a siloed approach with assessments of a few risks

•  Data collected at a point in time is quickly stale – fails to present a current view of risk
•  Usually limited to financial and cyber (often lagging indicators of trouble) – fails to present a comprehensive view of risk
•  Siloed approach – fails to provide an enterprise-wide view of risk

All of which leaves organizations unable to prevent third-party and supply chain disruptions.

Solution: Real-time full-spectrum third-party risk intelligence

• Real-time intelligence provides an early warning – to enable effective proactive risk mitigation actions
• Full-spectrum coverage brings any leading indicators to your attention – to enable focus on most today’s most critical risks

In this CRO Wisdom discussion, risk leaders Atul Vashistha, CEO, Supply Wisdom, and Debra Zoppy-Hendershott, Head of TPRM & Op Risk Business Resiliency, Guardian Life and Mike Rasmussen, GRC Pundit & Analyst, GRC 20/20 Research talk about the integration of continuous, full-spectrum risk intelligence into existing third-party risk/GRC architecture  can deliver the continuous 360° situational awareness enterprise resilience requires today.

 This episode of CRO Wisdom features Linda Tuck Chapman, CEO, Third Party Risk Institute. In this episode hosted by Atul Vashistha, Chairman, Supply Wisdom, Linda speaks about her career trajectory from procurement to third party risk at Scotia Bank and how the function was all about compliance and regulatory reporting in the 2000s. 

Linda discusses her entrepreneurial journey and raising awareness about the importance of third party risk in the board at banks. She talks about her two books on the subject and why one of them is written for auditors. Listen to her on why she believes the Covid pandemic has fundamentally changed the landscape for third party risk and its role in resilience and why continuous monitoring needs solutions that can prevent risk teams from being bombarded with negative news alerts. 

This episode of CRO Wisdom features Paul Milkman, CISO, Operational and Technology Risk Leader, CIT.  In this episode hosted by Atul Vashistha, Chairman, Supply Wisdom, Paul speaks about how he landed into risk from his time at Xerox in the 90s and later in Fannie Mae. 

Paul discusses the importance of operational risk and why it is particularly relevant when every financial institution works with technology and operational partners who handle data and money. He shares his thinking around what is important in third-party risk isn't  very different from the risk within the enterprise and why there is more to risk than just cyber risk and ransomware.

This episode of CRO Wisdom features Yakut Akman, Risk Leader. Yakut Akman was Chief Third Party Management Officer at Citi till 2019, following long stints at Deutsche Bank and Citi across the world. In this episode hosted by John Bree, Chief Evangelist & Chief Risk Officer, Supply Wisdom, Yakut talks about her long career in internal audit and risk management.  

Yakut discusses the importance of a risk culture within organizations and why it's essential for risk management to not be reactive. She shares her views on best practices for incorporating continuous monitoring and why the business must be part of the solution for risk.

This episode of CRO Wisdom features Victor Meyer, COO, Supply Wisdom. In this episode hosted by John Bree, Chief Risk Officer and Chief Evangelist, Supply Wisdom, Victor talks about his long career in the Navy as a SEAL and how he naturally transitioned into Non-Financial Risk from there. 

Victor talks about his extensive risk experience at Deutsche Bank and the risk component in recent issues such as the Archegos fallout. Victor points out why third-party non-financial risk is the new cybersecurity risk and why risk practitioners must apply the same rigor to monitoring third parties in their supply chains as they would to internal governance and controls. He makes a case for monitoring risk across a wide risk aperture to ensure resilience.

This episode of CRO Wisdom features Renee Forney, Senior Director, Azure Hardware Systems & Infrastructure Security, Microsoft. In this episode hosted by Atul Vashistha, Chairman, Supply Wisdom, Renee talks about her career trajectory from programming and network administration to her current leadership role in cybersecurity and risk management. 

Renee discusses why a multi-layered approach to risk management that goes beyond one-time risk assessments is essential to effectively build resilience. She shares the importance of continuous monitoring and OSINT to enterprise risk programs and her own lessons incorporating experts from government and military services to build effective risk programs. Don't miss her insight into why ethics in the workforce is one of the least understood areas of risk, especially in a world where engineers wield enormous influence. 

This episode of CRO Wisdom features Jenna Wells, Director of TPRM, Iron Mountain. In this episode hosted by Atul Vashistha, Chairman, Supply Wisdom, Jenna talks about her current role implementing and managing risk programs at Iron Mountain and how she transitioned into risk from a Signals career in the Marines. 

Jenna discusses her priorities for risk and why being agile and dynamic will be key to managing supply chain risk and increasing regulatory pressures. She shares her views on continuous monitoring and the importance of automation and AI to identify risk at scale and mitigate them.

This episode of CRO Wisdom features Shamla Naidoo, Managing Partner, IBM Security. In this episode hosted by Atul Vashistha, Chairman, Supply Wisdom, Shamla talks about the challenges of risk management at a time when digital risks are rising. She talks about why she expects continuous monitoring will lead to a cultural shift towards self-regulating organizations.

Shamla discusses what she sees as the problems of silo-isation and fragmentation of data and why an integrated view of risk will lead to exponential new benefits. Don't miss her advise to CISOs on the need to look outside to get a truly complete picture of risk to their organizations.