Third-Party & Supply Chain

ACCC Opens Competition Probe Into Diesel Supply Chain Risks

Australia’s competition watchdog has opened an enforcement investigation into the country’s diesel supply chain, stepping into a politically and economically sensitive space where fuel availability, pricing pressure, and regional livelihoods intersect.

Ericsson Discloses Third-Party Data Incident After Vendor System Breach

Ericsson has begun notifying individuals that their personal information may have been exposed in a data security incident involving one of the company’s service providers.

EU Industrial Accelerator Act Signals New Compliance & Supply Chain Expectations for Strategic Industries

The European Commission has proposed new legislation aimed at strengthening Europe’s industrial base while accelerating the shift toward low-carbon manufacturing. But beyond its economic ambitions, the proposal could introduce a new set of governance and compliance considerations for companies operating across strategic industrial sectors.

The Breach Came from a Vendor You Never Hired

In June 2025, procurement vendor Chain IQ Group AG was hit by a sophisticated cyberattack. Hackers accessed data from Chain IQ and at least 19 of its clients, uploading files to the dark web shortly afterward, exposing over 130,000 employee records from firms including UBS and Pictet. None of those firms had hired the attackers’ actual entry point. They had hired Chain IQ.

When AI Becomes the Auditor: What Claude Code Security Signifies for TPRM & GRC Programs

The numbers came quickly. On February 20, 2026, Anthropic introduced Claude Code Security. Within hours, JFrog dropped nearly 25%. CrowdStrike and Cloudflare each fell about 8%. Losses extended to GitLab, Palo Alto Networks, and Zscaler. It was the second time in a month that a single AI announcement had rattled the entire cybersecurity industry.

Third-Party Risk & the Quiet Collapse of Accountability

Third-party risk rarely announces itself with alarms. More often, it arrives quietly, disguised as an assumption. The assumption is that responsibility can be shared without consequence. That accountability can be distributed, diluted, and still hold its shape when pressure arrives. That contracts, frameworks, and carefully worded clauses will stand in for human judgment when systems fail and decisions cannot wait.

Basel Committee Resets Expectations for Bank Third-Party Risk in a Digital Era

As banks lean ever more heavily on cloud providers, fintech partners, data vendors, and other external service firms, global regulators are making it clear that third-party risk can no longer be treated as a side issue. Against that backdrop, the Basel Committee on Banking Supervision has published a new set of principles aimed at reshaping how banks manage third-party risk in an increasingly digital financial system.