Third-Party & Supply Chain

The response to my session at Icon 2026 reminded me of something I have seen many times in this field. Organizations are not struggling to agree with the argument for supplier risk management. They are struggling to act on it. In the latest piece on my website, We Are Measuring the Value of TPRM Wrong, I argued that the business case for supplier risk management has been framed too narrowly and too focused on workflow, controls, and compliance, and not nearly enough on avoided disruption, avoided loss, and the confidence to move through uncertainty.

Japan’s Financial Services Agency has published a research report examining how financial institutions can strengthen the management of third-party cybersecurity risks, commissioning Deloitte Tohmatsu Cyber to conduct the study.

The Federal Trade Commission has brought an enforcement action against OkCupid and its affiliate Match Group Americas, accusing the companies of quietly sharing users’ personal data with a third party despite telling users otherwise.

Imagine a scenario that unfolds hundreds of times daily across organizations of all sizes and sectors. A senior analyst, facing a tight deadline, pastes the text of a confidential vendor contract into an AI-powered tool. She seeks a quick summary, perhaps highlighting key terms or comparing it with a previous agreement. The tool responds promptly. She gets the information she needs in seconds and moves on.

Australia’s competition watchdog has opened an enforcement investigation into the country’s diesel supply chain, stepping into a politically and economically sensitive space where fuel availability, pricing pressure, and regional livelihoods intersect.

Ericsson has begun notifying individuals that their personal information may have been exposed in a data security incident involving one of the company’s service providers.

The European Commission has proposed new legislation aimed at strengthening Europe’s industrial base while accelerating the shift toward low-carbon manufacturing. But beyond its economic ambitions, the proposal could introduce a new set of governance and compliance considerations for companies operating across strategic industrial sectors.