Third-Party & Supply Chain

ACCC Uses New Emergency Powers for First Time Amid Middle East Supply Chain Disruptions

For months the world's attention has drifted toward the Strait of Hormuz with the uneasy awareness reserved for places that are both geographically small and economically immense. The waterway has always been more than a shipping route. It is a pressure point. When conflict interrupts traffic there, the consequences do not remain in the Gulf for long. They surface weeks later in warehouses, procurement meetings and production schedules half a world away, where businesses discover that the shortest distance between a geopolitical crisis and an empty shelf is often a container ship that never arrived.

When Trade Changes Suppliers, Third-Party Risk Changes Too

A supplier that looked perfectly sensible in January can become a liability by April without having changed at all. The factory is the same, the quality standards are the same, and the people answering the phone are the same people they were a few months earlier. What changed happened somewhere else, perhaps in a government office thousands of miles away, perhaps in the latest round of trade negotiations, perhaps in a policy announcement that never mentioned the supplier by name. Yet procurement is suddenly looking elsewhere, finance is recalculating costs, and operations is asking how quickly production can move if it has to.

What Happens to Your Data After You Hit Send?

It takes about a second. An analyst pastes a contract into a chat box and requests a summary. A recruiter drops a stack of résumés into a tool to rank them. A finance manager uploads a draft board deck and asks for a tighter narrative. The cursor blinks, the answer appears, and everyone moves on. Nothing felt risky. Nothing broke. Yet in that one second, something important happened that almost no one in the building noticed. Information left the organization and went somewhere it had never been.

From Business Case to Business Change: Making TPRM Value Stick

The response to my session at Icon 2026 reminded me of something I have seen many times in this field. Organizations are not struggling to agree with the argument for supplier risk management. They are struggling to act on it. In the latest piece on my website, We Are Measuring the Value of TPRM Wrong, I argued that the business case for supplier risk management has been framed too narrowly and too focused on workflow, controls, and compliance, and not nearly enough on avoided disruption, avoided loss, and the confidence to move through uncertainty.

Japan’s FSA Examines Global Practices to Strengthen Third-Party Cyber Risk Management

Japan’s Financial Services Agency has published a research report examining how financial institutions can strengthen the management of third-party cybersecurity risks, commissioning Deloitte Tohmatsu Cyber to conduct the study.

FTC Takes Aim at Match & OkCupid Over Alleged Data Sharing That Contradicted Privacy Promises

The Federal Trade Commission has brought an enforcement action against OkCupid and its affiliate Match Group Americas, accusing the companies of quietly sharing users’ personal data with a third party despite telling users otherwise.

The Invisible Third-Party: AI as a Vendor Risk You're Probably Not Managing

Imagine a scenario that unfolds hundreds of times daily across organizations of all sizes and sectors. A senior analyst, facing a tight deadline, pastes the text of a confidential vendor contract into an AI-powered tool. She seeks a quick summary, perhaps highlighting key terms or comparing it with a previous agreement. The tool responds promptly. She gets the information she needs in seconds and moves on.