Regulations that affect third-party risk

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Regulations that affect third-party risk

    Implementing a third-party risk management program requires careful consideration of various regulations that vary by industry, location, jurisdiction, and operational nature. It is essential to consult with legal and compliance experts to understand the specific regulatory landscape applicable to your third-party relationships.

    Show full answer Show less

    Key Features

    • Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF): Companies must verify third-party identities and ensure compliance with AML and CTF laws to prevent illicit activities.
    • Anti-Corruption and Bribery Laws: Regulations like the U.S. FCPA and UK Bribery Act require due diligence to identify potential bribery and corruption risks in third-party operations.
    • Data Protection and Privacy: Compliance with regulations such as GDPR and CCPA is necessary to safeguard personal data, requiring an assessment of third parties' data protection practices.
    • Sanctions and Embargoes: Companies must ensure third parties are not subject to government-imposed sanctions or engaged in activities violating these restrictions.
    • Financial Regulations: Relevant financial regulations (e.g., SOX for public companies) necessitate the assessment of third parties' financial stability and internal controls.
    • Labor and Employment Laws: Compliance with labor laws helps mitigate risks associated with violations and reputational harm related to third-party employment practices.
    • Environmental Regulations: It's important to evaluate third parties' adherence to environmental regulations, focusing on their sustainability practices and pollution control measures.

    Key Outcomes

    By understanding and adhering to these regulations, ServiceNow customers can effectively mitigate third-party risks, ensuring compliance, safeguarding their reputation, and enhancing operational integrity across their business relationships.

    When implementing your third-party risk management program, you must carefully consider the regulations. Applicable regulations vary depending on your industry, geographic location, jurisdiction, and nature of your operations.

    Regulations that typically affect third-party risk management programs

    You should consult legal and compliance experts to determine the specific regulatory landscape relevant to your third-party relationships. Here's a list of regulations that are typically considered when assessing third-party risk:

    Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) regulations
    These regulations aim to prevent money laundering, terrorist financing, and other illicit financial activities. They require companies to verify the identity of their third parties, assess their sources of funds, and ensure compliance with applicable AML and CTF laws.
    Anti-Corruption and Bribery laws
    Regulations such as the U.S. Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act impose strict requirements on companies to prevent bribery and corruption. Due diligence helps identify any potential risks related to bribery or corruption in the third party's operations and relationships.
    Data Protection and Privacy regulations
    With the increasing focus on data protection and privacy, regulations like the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) require companies to safeguard personal data. Due diligence includes assessing a third party's data protection and privacy practices to ensure compliance with these regulations.
    Sanctions and Embargoes
    Governments impose sanctions and embargoes on certain countries, individuals, or entities to restrict trade and prevent support for illegal activities. Companies need to ensure that their third parties aren’t subject to any sanctions or embargoes and aren’t engaged in activities that violate these restrictions.
    Financial Regulations
    Depending on the industry, companies might need to consider financial regulations such as the Sarbanes-Oxley Act (SOX) for publicly traded companies or sector-specific regulations like the Dodd-Frank Act for financial institutions. These regulations often require companies to assess the financial stability, reporting accuracy, and internal controls of their third parties.
    Labor and Employment Laws
    Companies need to ensure that their third parties comply with labor and employment laws, including regulations related to minimum wage, working hours, health and safety, and equal employment opportunities. This helps mitigate risks associated with labor violations and potential reputational harm.
    Environmental Regulations
    Companies might need to evaluate a third party's compliance with environmental regulations, particularly if the third party engages in activities that have an environmental impact. This includes assessing their environmental practices, waste management, pollution control measures, and adherence to sustainability standards.