Regulations that affect third-party risk

  • Release version: Washingtondc
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Regulations that affect third-party risk

    When establishing a third-party risk management program, it is crucial to understand the various regulations that apply based on your industry, location, and operations. Engaging with legal and compliance experts will help clarify the specific regulatory requirements relevant to your third-party relationships.

    Show full answer Show less

    Key Features

    • Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF): Mandates verification of third-party identities and assessment of funding sources to prevent illicit activities.
    • Anti-Corruption and Bribery Laws: Laws like the U.S. Foreign Corrupt Practices Act (FCPA) require due diligence to identify potential bribery or corruption risks in third-party operations.
    • Data Protection and Privacy Regulations: Laws such as GDPR and CCPA necessitate the safeguarding of personal data and compliance checks on third-party data practices.
    • Sanctions and Embargoes: Organizations must verify that third parties are not subject to trade restrictions or engaged in activities that violate existing sanctions.
    • Financial Regulations: Compliance with regulations like Sarbanes-Oxley (SOX) and Dodd-Frank requires assessment of third-party financial stability and reporting practices.
    • Labor and Employment Laws: Companies must ensure third parties adhere to labor laws regarding wages, working conditions, and equal opportunities to mitigate reputational risks.
    • Environmental Regulations: Evaluation of third-party compliance with environmental laws, focusing on sustainability practices and pollution controls.

    Key Outcomes

    By understanding and applying relevant regulations, ServiceNow customers can effectively manage third-party risks, ensuring compliance, safeguarding their reputation, and minimizing operational disruptions. This strategic approach not only protects the organization but also enhances trust with stakeholders and regulatory bodies.

    When implementing your third-party risk management program, you must carefully consider the regulations. Applicable regulations vary depending on your industry, geographic location, jurisdiction, and nature of your operations.

    Regulations that typically affect third-party risk management programs

    You should consult legal and compliance experts to determine the specific regulatory landscape relevant to your third-party relationships. Here's a list of regulations that are typically considered when assessing third-party risk:

    Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) regulations
    These regulations aim to prevent money laundering, terrorist financing, and other illicit financial activities. They require companies to verify the identity of their third parties, assess their sources of funds, and ensure compliance with applicable AML and CTF laws.
    Anti-Corruption and Bribery laws
    Regulations such as the U.S. Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act impose strict requirements on companies to prevent bribery and corruption. Due diligence helps identify any potential risks related to bribery or corruption in the third party's operations and relationships.
    Data Protection and Privacy regulations
    With the increasing focus on data protection and privacy, regulations like the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) require companies to safeguard personal data. Due diligence includes assessing a third party's data protection and privacy practices to ensure compliance with these regulations.
    Sanctions and Embargoes
    Governments impose sanctions and embargoes on certain countries, individuals, or entities to restrict trade and prevent support for illegal activities. Companies need to ensure that their third parties aren’t subject to any sanctions or embargoes and aren’t engaged in activities that violate these restrictions.
    Financial Regulations
    Depending on the industry, companies might need to consider financial regulations such as the Sarbanes-Oxley Act (SOX) for publicly traded companies or sector-specific regulations like the Dodd-Frank Act for financial institutions. These regulations often require companies to assess the financial stability, reporting accuracy, and internal controls of their third parties.
    Labor and Employment Laws
    Companies need to ensure that their third parties comply with labor and employment laws, including regulations related to minimum wage, working hours, health and safety, and equal employment opportunities. This helps mitigate risks associated with labor violations and potential reputational harm.
    Environmental Regulations
    Companies might need to evaluate a third party's compliance with environmental regulations, particularly if the third party engages in activities that have an environmental impact. This includes assessing their environmental practices, waste management, pollution control measures, and adherence to sustainability standards.