Regulatory Whirlwind 2018: What’s Ahead for Third-Party Risk Management?

NAVEX Global will present a complimentary webinar on recent and anticipated enforcement and regulatory changes as they relate to third-party risk.

The online event will be Thursday, Jan. 25, at 1 p.m. EST / 10 a.m. PST.

Michael Volkov, renowned FCPA and third-party due diligence expert, will help participants learn about new FCPA policies and DOJ advice, data privacy regulations coming in May and more.

Participants also will learn what’s ahead in the world of anti-bribery, corruption and third-party risk management efforts.

Anyone who can’t watch the live online event may register to receive a recording of the webinar afterwards.

Register for the webinar.

 

 




The Importance of Attention to Risk Allocation Provisions in Contracts

A recent Indiana Court of Appeals decision illustrates the importance of having an overall risk allocation strategy in contracts where appropriate, and paying close attention to the language used to express that strategy, writes Christian Jones of Barnes & Thornburg.

In the post on the firm BT Policyholder Protection Blog, Jones writes that this is particularly when multiple contracts and parties are involved.

“This case illustrates the difficulty of coordinating risk allocation language across multiple contracts. [The insurer] might have attempted to pursue subrogation claims under any circumstances, but it seems possible that litigation might have been avoided if all of the contracts at issue had contained their own express waiver of subrogation clauses” Jones explains.

Read the article.

 

 




Benchmark Report: Learn How Your Peers Manage Third-Party Risk

Risk managementNAVEX Global has published its 2017 Third-Party Risk Management Benchmark Report to document how practitioners are successfully conducting third-party risk management — including screening, monitoring and auditing techniques.

“Third parties can be unpredictable,” the company says on its website. “When managing hundreds or even thousands of third parties, keeping an eye out for red flags may seem a herculean task. Use the report to improve your own program outcomes, stop bad behavior in its tracks, and ensure you know how to spot the warning signs.”

The study, which includes information from more than 400 professionals, offers guidance on the approach to third-party risk management that organizations find most effective, how they are using outside providers to assist with third-party due diligence, if automated due diligence affects ROI, and more.

Download the benchmark report.

 

 




Webinar: Step-Up Your Third-Party Risk Management Program

Risk managementNAVEX Global will present a free webinar, “Using Metrics to Improve Your Third-Party Risk Management Program,” on how to set up a third-party risk management program for success.

The event will be Thursday, Oct. 26, at 10 a.m. PDT/1 p.m. EST.

Participants will learn how companies with advanced programs manage their third-party risk and due diligence processes and will get industry benchmarks to size up your program.

Expert presenters will discuss the steps that should be taken to improve a program and minimize risk — regardless of organization size or number of third parties managed.

Organization following the steps have:

  • Reduced their risk of legal or regulatory action
  • Appropriately defined “high risk” third parties
  • Found the most powerful screening and monitoring methods
  • Measured the effectiveness of their third-party due diligence programs

Register for the webinar.

 

 




The Evolving Role of the GC in Risk and Crisis – Complimentary Article

Risk managementThe National Association of Corporate Directors has published an article that outlines five key steps to help companies prevent negative headline events and respond when a crisis can’t be avoided. The article can be downloaded from the NACD website.

With social media as an accelerant, a smoldering corporate crisis or failure can almost instantly flare into the firestorm of a viral headline event. In this recent interview in NACD Directorship magazine, Robert E. Bostrom outlines the five key steps companies can follow. He strongly recommends that companies take the following measures:

  • Establish an enterprise-wide risk committee.
  • Proactively evaluate and prioritize a broad portfolio of risks.
  • Empower the GC as the representative on risk to the board.
  • Use risk management as a business tool for evaluating strategies, plans, and investments.
  • Strategize and plan for managing negative events.

Bostrom provides some strong insights into the role of the GC in both preventing and managing crises. He also offers his thoughts on how boards and management must align in order to prevent (or survive) headline events.

Download the article.

 

 




Register for the Innoxcell Annual Symposium – USA Series

The Innoxcell Annual Symposium 2017 USA Series (IAS) scheduled for Oct. 12 in San Francisco focuses on USA – Asia Cross Border Litigation and Investigation matters.

The event will be at Park Central – 50 Third Street San Francisco, CA 94103 (Financial District).

This conference is for U.S. companies operating in Asia. C-level, In-house counsel, compliance, audit and risk professionals should attend to gain insight knowledge on cross border litigation, investigation, data privacy, mitigation risks and antitrust matters.

‘Complimentary tickets are available  for corporate counsel, compliance, investigation and risk professionals.

Topics 

  • Crossing Border: Dispute Resolution, Corporate Compliance and Investigations
  • Fighting Fraud, Bribery and Corruption
  • Carried Out Antitrust Investigation in Asia
  • Procurement Fraud – Prevent – Detect and Investigate
  • Criminal Defense and Dealing with the Investigating Authorities
  • Economic Uncertainty, Unethical Conduct: How Should Over-Burdened Compliance Functions Respond?
  • Legal Risk Control of Investment & International Joint Venture – Due Diligence, Core Terms, Negotiation and Execution
  • Fraud, Bribery & Corruption Impact on International Arbitration
  • The Bedtime Story – A Journey to the Dark Side of International Business and Steps to Protect Your Organization
  • Mastering Internal Investigations in Japan and Asia Pacific
  • Using AI and Visual Analytics for Investigations

Register for the symposium.

 

 




Third-Party Risk Management Feedback Needed

Risk managementIndependent marketing research firm Phase5 is conducting a comprehensive study on the current state of third-party risk management and is seeking input.

Confidential responses will be aggregated with other responses, summarized, and published in a comprehensive report.

A spokesman said anyone participating will receive a copy of the final report. That report will show how others manage their third-party risk and due diligence processes and discover techniques for effectively reducing legal risk.

Take the survey.

 

 

 




Global Risk: Fraud Detection and Investigations Across Jurisdictions

FraudBloomberg BNA will present a complimentary afternoon briefing on DOJ and SEC enforcement trends, new emerging risks, and recent cases that will keep attorneys ahead of the changing landscape, on Tuesday, Jan. 24, from 3:30-6 p.m., with a networking reception to follow.

The event is underwritten by EY and will take place at Bloomberg LP, 120 Park Ave., New York, NY 10165.

Lanny A. Breuer, the Vice Chair for Covington & Burling LLP and one of The National Law Journal‘s 100 most influential lawyers in America, will give a keynote interview at the event.

Experts will discuss:

  • Navigating investigations in the new administration, including how to prepare for a pending investigation
  • Recent cases and emerging areas of risk in 2017 and beyond
  • Technology’s role in global investigations and how to leverage new technologies to implement fraud-prevention rules

Register for the event.

 

 




GCSG Launches a New Due Diligence Report Product for Businesses

GCSG, a source of risk management solutions for businesses, announces the launch of a new due diligence report product. The report is intended for companies that need a quick snapshot of the potential risk a third-party relationship may present to their business, according to a release from the company.

“The reputation and compliance focus of third-party partners has emerged as a top concern for companies operating in a global market. Businesses that operate globally have realized the reputation of their partnerships can impact their own reputation and even result in civil and criminal enforcement actions,” said Jonathan Mellard, founder, GCSG.

The reports contain company and individual information, key risks identified on the report subject, and country specific risks. The report is part of a suite of third-party risk management solutions that also includes advisory services, in-depth onsite assessments, and compliance training.

“We are excited to announce the launch of our new report and to build on our existing suite of third party risk solutions. This report will help our clients assess some of the risks involved with their current and potential third party relationships,” added Mellard.

 

Join Our LinkedIn Group

 

 




Webinar: Top 5 Open Source Issues – Stories from the M&A Trenches

Computer cybersecurityBlack Duck Software has posted a complimentary ondemand webinar discussing the top five open source issues that impact transactions for both buyers and sellers in M&A transactions.

The 60-minute webinar is titled “Top 5 Open Source Issues – Stories from the M&A Trenches.”

“Open source risk is a significant issue for both buyers and sellers in M&A transactions,” Black Duck says on its website. “Although open source comprises 30-50% of the code in an average application, sellers rarely know what open source they’re using and there are often serious risks associated with open source components in code assets.”

In this session, Jim Markwith, a technology attorney who handles complex IP licensing transactions, and has been involved in scores of M&A deals, provides in-depth descriptions of the challenges encountered and their impact on the transaction, punctuating the presentation with insightful stories from the M&A trenches.

Register for the ond-demand webinar.

 

 




Managing Political and Security Risks in a Volatile Investment Environment

Risk signPractical Law will present a complimentary webinar on steps investors can take to gain a more comprehensive awareness of the challenges they face and to protect their investments and rights when investing in a foreign country.

The event will be Wednesday, Oct. 25, at 1 p.m. EDT. CLE credit available is available in multiple states. See the registration page for full details.

On its website, Practical Law says expropriation and resource nationalism, political and civil unrest, war, acts of terrorism, currency restrictions, endemic corruption and weaknesses in governance and the rule of law. These are only a few of the risks that investors must consider when investing abroad.

The failure to properly assess and account for these risks can result in:
A total loss of the investment.
Non-repayment of outstanding loans.
Reputational harm.
Civil and criminal penalties.

Practical Law, Baker & McKenzie LLP and Global Torchlight Ltd. will present the webinar, during which political risk and investment protection experts David J. Chmiel and Ed Poulton will examine the ways in which investors can mitigate these risks including:
Provisions in their loan and investment agreements.
Political and credit insurance.
Reliance on international agreements.
Comprehensive political risk due diligence.

Register for the webinar.

A short Q&A will follow.
Presenters:
David J. Chmiel, Managing Director, Global Torchlight Ltd.
David J. Chmiel advises companies on the effects of geopolitical risk on their business strategies and operations. He has a particular expertise in East and South Asia, Russia, and the CIS as well as the politicization of international commerce and the regulation of foreign direct investment for national security purposes. Before co-founding Global Torchlight, David practiced law for ten years as a cross-border M&A lawyer in the London and Chicago offices of a major global law firm.

Ed Poulton, Partner, Baker & McKenzie, LLP
Ed Poulton is a partner in Baker & McKenzie’s Dispute Resolution team, based in London. A key name in the arbitration community, Ed sits as an arbitrator in ICC and LCIA arbitrations, and is the consulting editor of a seminal text on the arbitration of M&A disputes. He advises clients on managing risk and resolving disputes relating to investment treaties, financial services and M&A.

Erlyne J. Nazaire, Senior Legal Editor, Practical Law Finance

Erlyne is a Senior Legal Editor with Practical Law’s Finance Service and is primarily responsible for writing, editing and curating Practical Law’s project finance and cross-border resources. These resources include practice notes on construction contracts, operation and maintenance agreements, loan documents and project risk assessment. In her capacity as Senior Legal Editor, Erlyne has moderated webinars on cross-border investment issues, financial covenants and public-private partnerships. Before joining Practical Law, Erlyne was an associate in Debevoise & Plimpton LLP’s international practice group where she represented clients in a wide range of cross-border transactions including project finance, private M&A and joint ventures.

Register for the webinar.




Compliance Risks: What You Don’t Contain Can Hurt You

As global regulations proliferate and stakeholder expectations increase, organizations are exposed to a greater degree of compliance risk than ever, according to an article posted in The Wall Street Journal’s CFO Journal.

Compliance risk is the threat posed to a company’s financial, organizational, or reputational standing resulting from violations of laws, regulations, codes of conduct, or organizational standards of practice, the report explains.

The article includes a list of best practices to use in compliance risk assessment, including: Gather input from a cross-functional team, establish clear risk ownership of specific risks and drive toward better transparency, and solicit external input when appropriate.

Read the article.

 

 




Managing Project Risk With Enforceable Indemnity Agreements

ConstructionMost contracts in the construction industry supply chain require the “downstream” project participant to indemnify those “upstream” against a spectrum of losses or claims relating to the project, write Shawn M. Doorhy and Patrick J. O’Connor, Jr. on the website of Faegre Baker Daniels LLP.

“Upstream participants, such as owners and general contractors, naturally seek the broadest indemnity available under the circumstances. It is not uncommon for owners and general contractors to draft broad indemnity agreements seeking protection from loss due to the indemnitee’s own direct fault,” they write. “Whether this can be successfully accomplished depends on a number of factors, including the specific language used and the law of the applicable jurisdiction.”

They add that — because indemnity agreements often are strictly construed against the party seeking indemnification — careful drafting is especially important.

Read the article.

 




Negotiating Limitations of Liability in Technology Transactions

By Rob Scott
Scott & Scott

I am a lawyer in a boutique law firm that specializes in technology law matters. I support some of the world’s largest legal departments on IT procurement projects. The one inescapable trend I have seen in technology transactions is the prominence of risk balancing provisions in contracts. One of the most notable risk-balancing provisions is the limitations of liability. Historically, IT services and software were offered “as-is” or on a “best-efforts” basis with sweeping limitations of liability in favor of the vendor. For software purchased for on-premises deployment, such limitations of liability were generally accepted by customers. Today, the risk profile of most technology transactions has changed due to increased legal regulation of customer data. In response to this increased risk profile, the market adapted by tying limitations of liability to the revenue paid by the customer under the contract for either a trailing six or twelve months prior to an incident. Sophisticated customers objected to revenue-based limitations of liability because the potential claims scenarios involving data privacy and business continuity substantially outweighed the revenue paid.

As customers demanded greater risk balancing, sophisticated service providers secured professional liability insurance also known as cyber-liability coverage that protected each of the provider’s customers for a single annual premium tied to revenue. For SMB and mid-market deals most of my clients require vendors to carry adequate professional liability insurance to cover likely claims scenarios including data breach incident response, class action response, and regulatory response. Contractual risk balancing is achieved by limiting liability to the proceeds of insurance or a combination of the proceeds of insurance and some multiple of revenue for uncovered claims. For these reasons, limitations of liability provisions need to be reviewed in tandem with the indemnity provisions and the insurance provisions.

The cleanest way to accomplish risk balancing using professional liability insurance is to clearly define the insurance coverage, draft the indemnity provisions to be as broad as the coverage grant, i.e. all claims arising from the services, and craft the limitation of liability so it does not limit the client’s access to the insurance. Insurance provisions should clearly require the provider during the term and for period of one year after expiration, to carry professional liability including cyber liability coverage for data loss remediation, data breach incident response, crisis management, and regulatory response with an aggregate limit no less than the probable claim scenario amount. Even with good insurance language, narrowly crafted indemnity or limitations of liability provisions can be invoked by carriers to limit the availability of insurance proceeds in the event of a claim. I like to mirror the coverage grant language from the cyber liability policy directly into the indemnity provision so it is clear that the provider’s indemnity obligation is identical to the risk that has been transferred. Finally, the limitation of liability has to be crafted so that is tied to the proceeds of insurance or contains a carve-out from broader limitations for covered claims.

Limitations of liability tied to professional liability solves a portion of the risk balancing problem, but it does not solve the risk balancing problem for uncovered claims or for large vendors that do not carry professional liability coverage. When dealing with large vendors, third-party insurance is less common. Providers like Microsoft for example, do not agree to carry third-party insurance. In many instances, I have advised my clients to secure first party cyber-liability coverage to cover the increased risk associated with a transaction. Negotiating limitations of liability with these vendors is even more critical and therefore potentially contentious.

As hosting and cloud based services have emerged, risk balancing has become a central negotiating point in almost all technology transactions. The market is moving toward riskier delivery models. Taking advantage of emerging technology without bearing undue risk will be one of the factors that determines who wins and who loses.