Third-Party & Supply Chain

The recent implementation of new cybersecurity incident disclosure requirements by the U.S. Securities and Exchange Commission (SEC) has placed third-party cyber risk squarely in the spotlight. These new regulations underscore the materiality of third-party cyber risk, emphasizing its significance as a business risk. The SEC's final rule acknowledges that a substantial number of organizations, approximately 98%, rely on third-party vendors that have suffered breaches within the last two years.

In a new development aimed at eradicating U.S. connections to forced labor within Chinese supply chains, electric-vehicle batteries and other automotive components have become the latest targets for scrutiny by U.S. authorities. According to a document seen by Reuters, as well as agency statistics and sources, the enforcement of a year-old U.S. law barring the import of goods produced in Xinjiang, China, has expanded its focus beyond its initial areas of concern, which included solar panels, tomatoes, and cotton apparel.

Recent research underscores the mounting concerns of retail and consumer packaged goods (CPG) executives, with supply chain disruption ranking among their foremost fears. The study, a collaboration between professional services firm Genpact and research organization HFS, exposes the industry's struggle to keep pace with supply challenges, revealing that a mere 22% believe they have successfully modernized order-management operations.

Contributor Insight - Who knit this sweater? What was the environmental impact of growing these almonds? How was this cell phone made and transported to my home? These aren’t merely idle thoughts for many modern consumers today. They are important criteria for making purchasing decisions, and businesses are increasingly aware of the need for ethical sourcing.

In its annual Cost of a Data Breach Report, IBM Security has shed light on the growing concerns surrounding third-party risk and security in the modern digital landscape. The report reveals crucial insights into data breaches originating from supply chain compromises, indicating a rising threat that businesses must address to safeguard their sensitive information.

The Office of the Comptroller of the Currency (OCC) has imposed a $15 million civil money penalty on American Express National Bank (American Express) for violations of regulations pertaining to third-party oversight and customer retention efforts targeting small businesses. The OCC's findings revealed significant deficiencies in American Express's governance and oversight of a third-party affiliate, along with non-compliance with Customer Identification Program (CIP) regulations.

Fashion Revolution, a global movement advocating for increased transparency and sustainability in the fashion industry, released its eighth annual Fashion Transparency Index earlier this month. The report reveals that many fashion brands are still falling short in increasing transparency in their supply chains and addressing global impacts from the previous year.