Third-Party & Supply Chain

Third-party risk teams have spent the last few years preparing for a world where ESG reporting would continually grow in scope, depth, and regulatory expectation. Companies were told to map emissions throughout their supply chains, understand human-rights risks in their upstream tiers, and gather detailed data from suppliers that had never before been part of formal reporting channels. For better or worse, the direction felt clear.

If 2024 reminded us of anything, it’s that the threat landscape never stands still. In every breach headline, there’s a familiar pattern: an organization falls not because of its own failure, but because a trusted partner left a back door open.

As financial institutions continue to lean on an expanding universe of cloud, fintech, and AI providers, New York’s financial regulator is reminding them that outsourcing doesn’t mean offloading responsibility.

‍The European Commission is moving to fine-tune the EU Deforestation Regulation (EUDR), aiming to lighten the reporting load on smaller players and stabilize the IT backbone that underpins one of the world’s most ambitious supply-chain laws.

European importers of tin, tungsten, tantalum, and gold will soon have an easier path to compliance after the European Commission recognized the first supply chain due diligence scheme under the EU’s Conflict Minerals Regulation.

Australia’s financial watchdog has issued a pointed warning to licensees relying on offshore service providers, urging stronger oversight and risk management after a review uncovered governance shortfalls that could leave consumers and investors exposed.

In this article, Jason Busch unpacks Albania’s bold experiment to fight procurement corruption with an AI “minister,” weighing its potential to trim graft against the country’s deep-rooted traditions of bribery, backroom deals, and bureaucratic stalling.