Key regulations to know for managing third-party risk
Kelly Maxwell
Content Marketing Specialist, OneTrust
June 21, 2023
When constant growth is the norm, can regulations and laws slow the potential spread of unethical and illegal behavior?
Learn why third-party due diligence matters in the context of the changing global regulatory landscape and the key regulations to know for managing third-party risk.
Modern business is global business. No longer limited by proximity or a shared language, today’s enterprise is seemingly limitless. International corporations often operate in multiple countries and even continents, spreading their operations to international third parties. But when growth at any cost becomes the status quo, regulations and laws, along with the related enforcement mechanisms and officers, must intervene to slow the potential spread of unethical and illegal behavior.
Waves of new laws are coming, and if there is any hope of remaining compliant and competitive, business needs to keep up. To minimize risk, avoid substantial fines, and safeguard your reputation in the marketplace, you must have a robust third-party due diligence strategy in place; A strategy built on the latest relevant regulations.
Today, we’re examining why third-party due diligence matters in the context of the changing global regulatory landscape and the key regulations to know for managing third-party risk. Let’s begin with a refresher course on the importance of third-party due diligence.
Third parties can expose you to different kinds of risks. Some examples include:
Third-party due diligence is the process of assessing and managing risks associated with the third parties you do business with for critical red flags across ethics, compliance, legal, ESG, finance and other categories.
Download our eBook: The global regulations driving third-party due diligence. Key regulations to know for managing third-party risk.
| Bribery and corruption | Sanctions | Human rights | Money laundering and terrorist financing |
|---|---|---|---|
| US Foreign Corrupt Practices Act (FCPA) | US Office of Foreign Assets Control (OFAC) sanctions | UK Modern Slavery Act (Section 54) | UK Proceeds of Crime Act (POCA) |
| UK Bribery Act | UK Sanctions and Anti-Money Laundering Act 2018 | US Uyghur Forced Labor Prevention Act (UFLPA) | UK Money Laundering, Terrorist Financing, and Transfer of Funds Regulations 2017 |
| Brazil’s Clean Company Act | EU sanctions, promoting the objectives of the Common Foreign and Security Policy (CFSP) | German Supply Chain Due Diligence Act (SCDDA) (aka LkSG) | EU Anti-Money Laundering Directives (AMLD) |
| France’s Sapin II | UN Security Council sanctions | France’s Duty of Vigilance Law | US Bank Secrecy Act and Patriot Act |
You may also like: Webinar: Unpacking the global third-party due diligence regulatory landscape.
Often tasked with screening against regulatory risk, reputational risk, and risk of third parties violating the company’s policies, ethics and compliance teams must stay informed about the latest regulations. A wide variety of regulations influence how you conduct due diligence on third parties in your business ecosystem. The regulations discussed above are some of the notable bribery and corruption, sanctions, human rights, and money laundering and terrorism laws around the world.
Although what we’ve included here is far from an exhaustive list, the requirements in any given area are generally similar, so you can establish one set of guidelines and processes across your organization to address a particular area of third-party risk. No doubt — the regulatory drivers will continue to evolve, and third-party due diligence will become even more essential to protecting your brand from the risks third parties can impose. Given the complexity of the regulatory drivers affecting your relationship with third parties, you may want to consider a third-party management solution to help you streamline compliance screening and management.
With OneTrust Third-Party Due Diligence, you can automate the third-party due diligence process — from initial screening to risk assessment and management to ongoing reporting and monitoring. The solution keeps third-party profiles in a centralized directory and uses data intelligence to alert you when a third party’s risk profile changes.
Visit www.onetrust.com to learn more about how OneTrust Third-Party Due Diligence can protect you from third-party risk and help you build relationships with trustworthy partners in your business ecosystem.
eBook
For financial institutions in Australia, the Australian Prudential Regulation Authority’s (APRA) CPS 230 standard is a clarion call to fortify cyber resilience.
Checklist
The Digital Operational Resilience Act (DORA) is the first regulation to oversee the security functions of financial entities across the European Union.
Webinar
Join us for a virtual Lunch & Learn session and explore how OneTrust’s Third Party Management solution can streamline your risk management processes.
Infographic
This infographic gives an overview on how third-party management affects technology, growing threats, and how OneTrust Third-Party Management can help combat them.
Webinar
In this webinar, our experts will discuss the Canadian regulation and others like it globally, while providing actionable insights into building a robust and mature Third-party program.
Webinar
Join to explore how OneTrust's TPRM solution can revolutionize your third-party risk management approach. We will cover best practices for implementing and leveraging the software to minimize risks.
eBook
Streamline third-party relationships and avoid common mistakes in the process.
Checklist
Third-party management doesn’t have to be a complicated process for your business.
Infographic
Working with third parties introduces privacy and security risks, making compliance and business growth a balancing act.
Infographic
Third-party management keeps manufacturing operations running smoothly by verifying vendor and supplier compliance with regulations.
eBook
It’s imperative for security teams to implement a holistic approach to third-party management.
Webinar
Join this APAC webinar to learn the unique competencies of third-party risk and due diligence programs and examine when and how to align them to maximize the effectiveness of each.
eBook
Download this eBook to explore third-party management across industries and key considerations before bringing this approach organization-wide.
Webinar
Join this free demo session to learn the ins an outs of OneTrust’s Third-Party Management solution.
Infographic
Looking up and down your organization's supply chain for key indicators is critical to preventing, identifying, and stamping out forced labor.
Webinar
In this webinar, we’ll discuss the unique competencies of third-party risk and due diligence programs and examine when and how to align them.
Webinar
Join our webinar to learn how you can build an well-rounded Third-Party Risk Management Program that works for your organisation
Checklist
See the path to managing third-party risk effectively with a checklist that outlines the six steps for a sound TPRM program.
Webinar
Join this webinar as we discuss key trends for third-party management and lessons learned over the last year.
Webinar
Join this webinar for best practices for conducting third-party due diligence for ethics and compliance.
Webinar
Learn practical advice on how to navigate the risks of ephemeral apps and employee privacy in BYOD world.
Webinar
Join our webinar to learn the primary goals of successful Third-Party Risk and Third-Party Due Diligence programs.
Webinar
Join our live webinar and learn how to conduct comprehensive ethics investigations that are trustworthy and efficient.
Infographic
Learn how to actively screen and monitor your third parties in the OneTrust Third-Party Risk Exchange.
Webinar
Join our in-depth webinar and learn how to define third-party due dilligence levels and when to apply them during your vendor management lifecycle.
Webinar
In this webinar, we examine the scope of third-party due dilligence, best practices, and industry trends driving greater scrutiny on third parties.
Webinar
Watch our live expert webinar on understanding global sanctions and export controls and how to reduce your organiztion's risk exposure and ensure compliance.
Video
See how OneTrust's third-party management solution can help scale your third-party lifecycle and evaluate vendors with real-time risk intelligence.
Video
Learn about OneTrust Third-Party Risk Exchange in this demo video and see how it streamlines third-party risk assessments.
Webinar
Join our upcoming webinar as we explore the pivotal ways procurement and InfoSec teams can collaborate to reduce third-party risks.
Webinar
In this live webinar, our expert panel discuss emerging third-party risk regulatory trends in the Nordic region and show how OneTrust can help your business stay complaint.
Webinar
Join us for a live demo of OneTrust's Third-Party Management capabilities and how our holistic approach helps you monitor and screen third parties across critial risk domains with up-to-date intelligence.
Webinar
Learn how OneTrust's Third-Party Due Dilligence, backed by Dow Jones, can help provide your business the data it needs to find trustworthy third parties and mitigate risk.
Webinar
Experts at OneTrust and Dow Jones discuss third-party due diligence, covering industry trends, challenges, and how to streamline the process with technology.
Webinar
Watch this webinar to learn how to align your TPRM and TPDD programs to achieve workflow efficiencies and the distinction between the two discipline areas.
Webinar
Learn how a strategic plan for compliance can help companies eliminate human rights and environmental violations and avoid costly consequences.
Webinar
In this session, we'll look into the scope of third-party due diligence and a deep dive into practical implementation aspects and best practices for organizations.
Webinar
Watch this webinar and learn the seven best practices for third-party due diligence.
