Episode 30 - Inaugural Episode with Ian Sherr: Compliance Week’s Insights and Reflections from June to July 2025
Compliance Tip of the Day: Internal Controls for Third Parties
Upping Your Game: Harnessing AI to Revolutionize Third-Party Risk Management
Compliance Tip of the Day: Terminating Third Parties
FCPA Compliance Report: Upping Your Game in Compliance
Episode 368 — LRN Issues New Report Highlighting Growing Gap in Compliance Program Performance
FCPA Compliance Report: From Compliance to Commercial Value: Removing Friction with AI
Episode 364 -- Five Strategies to Mitigate a New Risk Environment
The Privacy Insider Podcast Episode 12: Compliance Is Good Business: Getting Beyond Fines with Tom Fox of Compliance Podcast Network
Third-Party Risk The competitive world of banking struggles to keep up with technological advances, particularly in a regulatory environment.
Episode 360 -- Natalie Druckman from Certa on AI-Enhanced Third-Party Risk Management
Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 223: Cybersecurity and Privacy Risks with Healthcare Vendors with Brandon Robinson of Maynard Nexsen
Compliance Tip of the Day: Board Questions and Metrics for 3rd Party Risk Management
Why Privacy is Your Secret Weapon Against Third-Party Risk
A Third Party's Perspective on Third Party Risk
Privacy Issues from Third-Party Website Tags
Episode 329 -- Bryn Sedlacek from Aravo on TPRM Holistic Risks and Unified Visibility
Corruption, Crime and Compliance: Third-Party Risks and Sanctions Compliance
Compliance into the Weeds: Sustainability and Managing 3rd Party Risk
Episode 304 -- Nathalie Druckmann, VP at Certa, on Artificial Intelligence Third-Party Risk Management
As cybersecurity threats escalate, state legislatures across the country are tightening requirements for how insurance entities respond to data breaches – and thanks to a new law just passed several weeks ago, Missouri is...more
DORA (Digital Operational Resilience Act) is an EU regulation that sets rules for how financial entities manage ICT (Information and Communication Technology) risks. It covers areas like cyber resilience, incident reporting,...more
On April 8, 2025, a sweeping rule issued by the US Department of Justice (DOJ) will take effect. The rule imposes restrictions—and in some cases, outright prohibitions—on US companies in connection with certain types of data...more
In a notable development for corporate defendants grappling with consumer privacy litigation, the Southern District of New York has recently issued a decision in Lee v. Springer Nature America, Inc., embracing a broadened...more
On January 28, 2025, FINRA published its Annual Regulatory Oversight Report (the Report). The Report highlights emerging risk areas and recent developments, common compliance deficiencies, and best practices for member firms....more
The Video Privacy Protection Act (“VPPA”), a federal statute enacted in 1988, is gaining new relevance in recent years as plaintiffs bring lawsuits with the goal of enforcing online privacy rights. 2024 saw a continuation of...more
Crafting an AI Governance policy best suited for your business requires careful consideration of the types of AI, how AI will be used, current and future legislation, and a group of individuals specifically designated to...more
The adoption of artificial intelligence (AI) in healthcare has ushered in a new era of innovation that is transforming diagnostics, treatment planning and operational efficiencies. However, with great potential comes...more
It is no secret that ransomware dominates headlines, and cybersecurity incidents have become part of our everyday language. However, the criminal “business model” behind ransomware keeps evolving. Originally published in...more
The FCA, PRA, and Bank of England have published their finalised critical third party (CTP) rules (and accompanying guidance) in PS24/16 Operational resilience: Critical third parties to the UK financial sector....more
The new regime will take effect on 1 January 2025, but will not diminish the responsibilities of financial services firms relying on the services of critical third parties....more
In the aftermath of a vendor's hack that crippled an industry, ensure your business is up to date on best practices for mitigating the risks of third-party cyber incidents. Many businesses struggle to adequately consider the...more
All lawyers understand that they have an ethical obligation to protect client confidential information from prying eyes, whether in a locked file cabinet, on a cloud storage device, or passing through the networks of...more
Every spring, BakerHostetler collects, analyzes, and compares key metrics on the incident response matters we handled in the prior year. The output – our Data Security Incident Response (DSIR) Report – highlights key findings...more
Third-party relationships supporting core operations are now more important than ever for most organizations. Yet too often, procurement, information security, compliance, and other professionals are overburdened with the...more
Join members of McDermott’s Global Privacy & Cybersecurity team and Alan Gutierrez-Arana of Mazars for the next installment in our PCI DSS 4.0 series. PCI DSS 4.0 brings major changes to payments with an increased focus on...more
The use of tracking technologies on websites and mobile applications (e.g., cookies) has become largely ubiquitous in our technology-driven world. Health care providers and organizations, for example, may use tracking...more
On February 15, Federal Reserve Board Governor Michelle W. Bowman delivered remarks at the Midwest Cyber Workshop, during which she discussed topics related to third-party service provider reliance and regulatory expectations...more
Cybersecurity is a growing concern for all nonprofit organizations, especially those that store, process, and transmit sensitive data. While it is common to think of the cyber issue as relevant to digital communications and...more
Financial services firms are increasingly reliant upon third-party companies to provide important services, ranging from cloud services and data analytics to machine learning and cash distribution. As these third parties...more
The task of conducting due diligence in the selection of technology vendors is a critical component of the lawyer’s ethical obligation to maintain reasonable security over client confidential information. However, for several...more
The Black Shadow hacking group’s attack on Cyberserve, reported a few days ago, has resulted (at this point in time) in the leaking of a database with more than 800,000 records pertaining to various individuals and the...more
We recently dove into what vendor risk and vendor risk management entails. Once you understand that this is the risk that results from vendors, it’s simple to extend this and establish that vendor risk assessment (VRA), or...more
Vendor risk management (VRM), or third-party risk management, is the management, monitoring, and evaluation of risks that result from third-party vendors and suppliers of products and services. It’s a crucial initiative...more