Third-Party & Supply Chain

The clock is ticking for Europe’s financial sector as the Digital Operational Resilience Act (DORA) prepares to go live on 17 January 2025. To pave the way, the European Supervisory Authorities (EBA, EIOPA, and ESMA—collectively, the ESAs) have announced how they’ll collect the vital information needed to designate Critical ICT Third-Party Providers (CTPPs). The message is clear: start preparing now, or risk falling behind.

The UK has escalated its pressure on Vladimir Putin, announcing its largest package of sanctions since May. This new wave targets the Kremlin’s sprawling web of military supply chains and the shadowy mercenary groups doing Moscow's bidding from Ukraine to Africa. With these measures, the UK aims to choke off Putin’s lifelines, hitting Russia where it hurts most: its ability to sustain the prolonged—and increasingly desperate—war in Ukraine.

Supply chains have become a high-stakes frontier in the world of cybersecurity. BlueVoyant’s State of Supply Chain Defense report for 2024 reveals that companies are no longer just talking about third-party cyber risk—they’re taking action. Across industries from healthcare to finance, leaders are focusing on practical, proactive ways to defend against the rising tide of supply chain threats.

The U.S. Department of Homeland Security (DHS) has announced the addition of several textile companies from the People’s Republic of China (PRC) to the Uyghur Forced Labor Prevention Act (UFLPA) Entity List. This action, effective November 1, 2024, will prevent goods from 78 PRC-based companies from entering the United States, reinforcing the U.S. commitment to fighting forced labor and the atrocities against Uyghurs and other ethnic minorities in the Xinjiang Uyghur Autonomous Region (XUAR).

As businesses increasingly depend on external partners, the concept of a "self-contained" organization has become outdated. From suppliers and service providers to contractors and consultants, third-party relationships now form the backbone of modern operations. However, with this expansion into vast networks of external entities comes an equally vast landscape of risks—many of which businesses fail to fully grasp, often resulting in costly mistakes that could have been avoided.

The U.S. Department of Commerce has introduced a cutting-edge supply chain risk assessment tool at its first-ever Supply Chain Summit. The event, held on Tuesday, September 10, 2024, marked a significant shift from reactive measures to proactive strategies in managing global supply chain disruptions.

The banking sector finds itself at a critical juncture. The proliferation of partnerships between traditional financial institutions and innovative FinTechs has ushered in unprecedented opportunities for growth and customer engagement. However, this intricate web of relationships has also introduced a new dimension of risk that demands immediate attention from Governance, Risk, and Compliance (GRC) professionals, Third-Party Risk Management (TPRM) specialists, and compliance officers.