News & Analysis as of

Third-Party Service Provider Risk Management

Goodwin

NYDFS Publishes Guidance on AI-Related Cybersecurity Risks

Goodwin on

On October 16, 2024, the New York State Department of Financial Services (NYDFS or the “Department”) published an industry letter (the “Guidance”) regarding the increased reliance on artificial intelligence (AI) and the...more

Mayer Brown

New York State Department of Financial Services Issues Industry Letter on Cybersecurity Risks Arising from Artificial Intelligence

Mayer Brown on

BACKGROUND - On October 16, 2024, the New York State Department of Financial Services (DFS) issued an industry letter, Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks,...more

Goodwin

EU Commission Regulations on Digital Operational Resilience: A Reminder That DORA is Less Than Three Months Away and Will Apply to...

Goodwin on

The European Commission’s adoption on 23 October 2024 of the two regulations (Regulations) supplementing the [the Regulation on digital operational resilience for the financial sector Publications Office (europa.eu)] (DORA)...more

Cozen O'Connor

NYDFS Issues Guidance on Cybersecurity Risks Arising from Artificial Intelligence

Cozen O'Connor on

On October 16, 2024, the New York Department of Financial Services (NYDFS) issued an Industry Letter that discusses the cybersecurity risks associated with the use of artificial intelligence (AI) and outlines strategies to...more

Mayer Brown

Navigating Facilities Management Outsourcing in a Post-COVID World

Mayer Brown on

The COVID-19 pandemic has significantly reshaped the facilities management (FM) outsourcing landscape. Companies have transitioned from fully office-based work to home-based work, and now to hybrid models, prompting a...more

Mayer Brown Free Writings + Perspectives

FINRA Highlights Increasing Cybersecurity Risks at Third-Party Providers

The Cyber and Analytics Unit within the Member Supervision program of the Financial Industry Regulatory Authority, Inc. (“FINRA”) recently published a cybersecurity advisory regarding increasing cybersecurity risks at...more

Baker Donelson

Best Practices for Protecting Operations from Vendor's Cyber Incidents

Baker Donelson on

In the aftermath of a vendor's hack that crippled an industry, ensure your business is up to date on best practices for mitigating the risks of third-party cyber incidents. Many businesses struggle to adequately consider the...more

Latham & Watkins LLP

DORA: Just Over Three Months Until Take Off

Latham & Watkins LLP on

The deadline is fast approaching for in-scope financial entities and their ICT service providers to conform to the EU’s new digital operational resilience regulation. With effect from 17 January 2025, a broad range of EU...more

BCLP

The EU’s Digital Operational Resilience Act 2022/2554 (DORA)

BCLP on

Long IT sub-contracting chains can make it hard for financial institutions to understand the vulnerabilities in their IT estate and the location of key functions (where these may be located in entities who do not have a...more

WilmerHale

Obligations for Deployers, Providers, Importers and Distributors of High-Risk AI Systems in the European Union’s Artificial...

WilmerHale on

In this blog post, we will focus on obligations that the European Union’s Artificial Intelligence Act (AI Act) sets for deployers, providers, importers and distributors regarding high-risk AI systems....more

Ballard Spahr LLP

Regulators Outline Risks that Third-Party Servicers Pose to Banks

Ballard Spahr LLP on

Banking regulators have issued a joint statement outlining the potential risks that financial institutions face in arrangements with third parties to deliver bank deposit products and services and examples of risk management...more

Goodwin

ESA Publications on Digital Operational Resilience: A Reminder That DORA is Less Than Six Months Away and Will Apply to US and UK...

Goodwin on

The publication by the Joint Committee of the European Supervisory Authorities (ESAs) on (a) 17 July 2024 of the second batch of implementing materials and (b) 26 July 2024 of the sub-contracting of information and...more

Dorsey & Whitney LLP

CTA Compliance Obligations for CTA Participants: Reporting Companies, Beneficial Owners, and Third-Party Preparers

Dorsey & Whitney LLP on

In an evolving (and somewhat disjointed) process, FinCEN has been providing guidance to persons and entities that are responsible for filing required beneficial ownership information (“BOI”) reports to FinCEN, as well as to...more

Integreon

Unleashing the Power of GenAI in Contracts Management: 3 Easy Ways to Start and Benefit

Integreon on

Corporate interest in AI, particularly generative AI (genAI), has surged dramatically. For many legal teams, there is pressure all the way from the C-suite to start using this new technology. However, the process of...more

Pillsbury - Global Sourcing Practice

Old Tricks for the New Dog: Why Traditional Technology Sourcing Best Practice Is Relevant for Cutting-Edge AI

Since the release of OpenAI’s ChatGPT, the intense hype around large language models (LLMs) and complex AI systems has exploded. Organizations have rushed to both try and buy these new tools. Along with it, a flood of...more

The Volkov Law Group

A Deeper Dive into Supply Chain Transparency & Accountability

The Volkov Law Group on

The sheer proliferation of supply chain transparency and accountability regulations at international scale itself warrants a closer look at the level of scrutiny required of organizations with complex, multi-faceted, global,...more

Mitratech Holdings, Inc

Compliance Down Under: Understanding Australian Regulation CPS 230

The Australian Prudential Regulation Authority (APRA) released Prudential Standard CPS 230 in March 2017. At a glance, the regulation aims to strengthen the cybersecurity resilience and operational risk management of the...more

A&O Shearman

One Step Closer to a Mandated Reference Checks Regime: the MAS finalises its proposals for the regime

A&O Shearman on

The Monetary Authority of Singapore (MAS) has recently finalised its proposals on mandating reference checks. The finalised proposals are substantially in line with those initially proposed in its Consultation Paper on...more

Integreon

Global Impact: Exploring Business Continuity and Growth with Offshoring Strategies

Integreon on

In the current landscape of heightened customer expectations and fierce industry competition, law firms find themselves needing to exceed traditional service delivery norms. The need to go above and beyond in meeting client...more

BakerHostetler

DSIR Deeper Dive: Data Processing Addendums: Indemnities, Limitations of Liability and the Cost of a Data Breach

BakerHostetler on

When negotiating technology or data services contracts, businesses of all sizes and industries are now spending more time and attention on privacy controls. The increasing prevalence of comprehensive U.S. state privacy laws...more

A&O Shearman

UK sanctions systems and controls: lessons learnt

A&O Shearman on

The UK Financial Conduct Authority (FCA) has assessed the systems and controls relating to sanctions compliance for over 90 firms across a range of sectors and summarised its findings of good and poor practice. Acknowledging...more

Smith Gambrell Russell

SEC’s New Cybersecurity Rule—Including Key Disclosure Requirements

Smith Gambrell Russell on

SGR would like to bring to your attention the recent development from the U.S. Securities and Exchange Commission (SEC) regarding cybersecurity regulations that impacts public companies subject to the reporting requirements...more

NAVEX

[Webinar] Trust Beyond Boundaries: Holistic Approaches to Third-Party Risk - September 14th, 9:00 am BST

NAVEX on

Third-party relationships supporting core operations are now more important than ever for most organizations. Yet too often, procurement, information security, compliance, and other professionals are overburdened with the...more

NAVEX

[Webinar] Trust Beyond Boundaries: Holistic Approaches to Third-Party Risk - September 13th, 9:00 am PT

NAVEX on

Third-party relationships supporting core operations are now more important than ever for most organizations. Yet too often, procurement, information security, compliance, and other professionals are overburdened with the...more

Guidepost Solutions LLC

The SEC has new Cybersecurity Rules. Are you prepared and ready?

On July 26, 2023, the Securities and Exchange Commission (SEC) implemented new cybersecurity rules to require disclosure of material cybersecurity incidents within four business days, with limited exceptions.  Additionally,...more

129 Results
 / 
View per page
Page: of 6

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide