Third-party risk management
-
EU Commission proposals on digital sovereignty and high-risk vendors
Regulation to push European businesses and third-country suppliers to consider potential exposure to government influence when assessing their technology vendor relationships.
-
The next chapter in UK operational resilience: Operational incident and third-party reporting
New regime changes how firms report serious incidents and critical third-party dependencies, gives regulators improved real-time visibility of threats.
-
Your Canada update: Electronic trading rules, insider status, and more
CIRO offers guidance on how to notify the agency about third-party risk management control providers and when agreements with them are terminated.
-
Data Insights Shoosmiths 2026: Security in the age of AI abuse
The practical reality of AI-augmented threats, who should be responsible for governance, and how to deal with the pitfalls of vendor management.
-
FCA confirms new incident and third-party rules after cyberattacks
Regulator says new rules will make existing incident and third-party reporting clearer, more consistent, and easier for firms to follow.
-
Are you ready for the new Reg S-P?
The amendments significantly expand expectations around incident response, customer notification, and service provider oversight.
-
Podcast: Janaya Moscony and Leigh Wittick walk us through complying with Reg S-P
Janaya Moscony and Leigh Wittick spoke to GRIP about how financial institutions can demonstrate compliance with the many components of Reg S-P.
-
EU revises cybersecurity rules to shield critical infrastructure and supply chains
New cybersecurity package includes changes to the Cybersecurity Act and NIS 2 Directive.