Establishing an effective governance, risk, and compliance (GRC) program can be a difficult task. Developing an enterprise-wide approach that encompasses third-party relationships adds even more complexity. Given the prevalence of vendor cybersecurity and supply chain issues, many organizations are recognizing the value of investing in a mature, comprehensive GRC program for properly managing third-party relationships and mitigating risks or compliance violations. Integrating Third-Party GRC A mature third-party governance program requires transparency and control over…
Each month, Quantivate provides our blog readers with access to the top attorney-generated compliance alert our customers receive. While there were 22 alerts and advisories to be aware of in April, the most pressing is that the Office of the Comptroller of the Currency (OCC) issued its final rule amending suspicious activity report (SAR) regulations. Executive Summary On March 28, 2022, the OCC issued a final rule amending SAR regulations. The rule clarifies the…
Data privacy has been a hot topic for businesses and regulators over the past six months, with several states passing legislation improving protections for consumers’ personal data. Utah has followed suit, with the state legislature passing the Utah Consumer Privacy Act (UCPA) on March 3, 2022, which will now move along to the governor for final approval. The UCPA draws influence from other state privacy acts, such as the California Privacy Rights Act and…
Each month, Quantivate provides our blog readers with access to the top attorney-generated compliance alert our customers receive. While there were 12 alerts and advisories to be aware of in March, this month the biggest to come into effect was an advisory to all financial institutions reminding them of the ability to establish special-purpose credit programs. Executive Summary Five federal financial institution regulatory agencies, in connection with the Department of Housing and Urban Development…
The rise of remote-first organizations in the wake of the COVID-19 pandemic introduced new challenges. With personnel working from home, the demand for strategies and frameworks to manage new risks and vulnerabilities left teams responsible for governance, risk management, and compliance (GRC) feeling the pressure. As organizations navigated operational resilience management in a remote environment, vendor risk and cybersecurity emerged as particular concerns. A 2021 report on third-party security found that more than 50% of…