Regulations that affect third-party risk

  • Release version: Zurich
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Regulations that affect third-party risk

    When implementing third-party risk management programs, ServiceNow customers must carefully consider relevant regulations. These regulations vary based on industry, geographic location, jurisdiction, and operational nature. Understanding the regulatory landscape helps ensure compliance and mitigate risks associated with third-party relationships.

    Show full answer Show less

    It is recommended to consult legal and compliance experts to identify the specific regulations that apply to your organization’s third-party engagements.

    Key Regulations Affecting Third-Party Risk Management

    • Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF): Require verification of third-party identities and assessment of funding sources to prevent illicit financial activities.
    • Anti-Corruption and Bribery Laws: Regulations such as the U.S. FCPA and UK Bribery Act mandate due diligence to identify risks related to bribery or corruption within third parties.
    • Data Protection and Privacy Regulations: Laws like GDPR and CCPA require companies to evaluate third parties’ data protection and privacy practices to ensure compliance with personal data safeguards.
    • Sanctions and Embargoes: Organizations must verify that third parties are not subject to government sanctions or embargoes and are not engaged in prohibited activities.
    • Financial Regulations: Depending on sector, regulations such as SOX and Dodd-Frank necessitate assessing third-party financial stability, reporting accuracy, and internal controls.
    • Labor and Employment Laws: Due diligence should confirm third-party compliance with labor standards including wage laws, working hours, health and safety, and equal employment opportunity to reduce labor violation risks.
    • Environmental Regulations: Evaluate third parties’ compliance with environmental laws and sustainability standards, particularly when their activities impact the environment.

    Practical Implications for ServiceNow Customers

    Incorporating these regulatory considerations within your third-party risk management program enables proactive identification and mitigation of compliance risks. By assessing third parties against these regulations, your organization can enhance governance, reduce legal and reputational exposure, and maintain alignment with industry best practices.

    When implementing your third-party risk management program, you must carefully consider the regulations. Applicable regulations vary depending on your industry, geographic location, jurisdiction, and nature of your operations.

    Regulations that typically affect third-party risk management programs

    You should consult legal and compliance experts to determine the specific regulatory landscape relevant to your third-party relationships. Here's a list of regulations that are typically considered when assessing third-party risk:

    Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) regulations
    These regulations aim to prevent money laundering, terrorist financing, and other illicit financial activities. They require companies to verify the identity of their third parties, assess their sources of funds, and ensure compliance with applicable AML and CTF laws.
    Anti-Corruption and Bribery laws
    Regulations such as the U.S. Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act impose strict requirements on companies to prevent bribery and corruption. Due diligence helps identify any potential risks related to bribery or corruption in the third party's operations and relationships.
    Data Protection and Privacy regulations
    With the increasing focus on data protection and privacy, regulations like the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) require companies to safeguard personal data. Due diligence includes assessing a third party's data protection and privacy practices to ensure compliance with these regulations.
    Sanctions and Embargoes
    Governments impose sanctions and embargoes on certain countries, individuals, or entities to restrict trade and prevent support for illegal activities. Companies need to ensure that their third parties aren’t subject to any sanctions or embargoes and aren’t engaged in activities that violate these restrictions.
    Financial Regulations
    Depending on the industry, companies might need to consider financial regulations such as the Sarbanes-Oxley Act (SOX) for publicly traded companies or sector-specific regulations like the Dodd-Frank Act for financial institutions. These regulations often require companies to assess the financial stability, reporting accuracy, and internal controls of their third parties.
    Labor and Employment Laws
    Companies need to ensure that their third parties comply with labor and employment laws, including regulations related to minimum wage, working hours, health and safety, and equal employment opportunities. This helps mitigate risks associated with labor violations and potential reputational harm.
    Environmental Regulations
    Companies might need to evaluate a third party's compliance with environmental regulations, particularly if the third party engages in activities that have an environmental impact. This includes assessing their environmental practices, waste management, pollution control measures, and adherence to sustainability standards.