Posted
By

Business continuity and disaster recovery (BC/DR) plans are an essential element of your and your suppliers’ business—an increasingly apparent fact as we now face the uncertainty caused by COVID-19. Your agreements with suppliers and service providers likely account for exigent circumstances via force majeure and BC/DR provisions, and reviewing and updating those contingencies now is imperative. In “Time to Review Your (and Your Suppliers’) Business Continuity and Disaster Recovery Plans,” Aaron M. OserJohn L. Barton and Mia Rendar discuss in depth the scrutiny of BC/DR plans that could prove crucial during the pandemic.

Posted
By

In managing relationships with their suppliers during the pandemic, companies will find it in their interest to show some flexibility—but only within certain parameters. In “COVID-19: BCP and Remote Work Notifications from Suppliers,” colleagues  Vipul N. NishawalaAaron M. Oser and Mario F. Dottori take a practical look at just what this means for often global networks of third-party suppliers and the companies that employ them.

Posted
By

EBA-logo-300x188From September 30, 2019, new guidelines on outsourcing arrangements (Guidelines) issued by the European Banking Authority (EBA) will apply to all outsourcing arrangements entered into, reviewed or amended on or after this date. The Guidelines aim to establish a more harmonized framework for all financial institutions that are within the scope of the EBA’s mandate, including credit institutions, investment firms and payment institutions. All financial institutions must also update all existing outsourcing arrangements in line with the Guidelines by December 31, 2021.

The Guidelines will have an impact that is much wider than just European markets. As large scale outsourcing deals typically benefit global operations, even where deals are being led out of the United States they will need to take account of the Guidelines if European businesses are to be service recipients.

Financial institutions should act now to address the key considerations of the Guidelines:

Continue reading

Posted
By

Recently, third parties have been petitioning the U.S. Customs and Border Protection (CBP) to initiate investigations into forced labor violations involving specific manufacturers/exporters and specific merchandise. In “Slavery in Supply Chains: CBP Petitions Raise New Forced Labor Compliance Risks,” colleagues Nancy A. FischerSahar J. Hafeez  and Stephanie T. Rosenberg examine the role these petitions play in the growing fight against corporate modern slavery and how proactively engaging in corporate modern slavery compliance is necessary from both corporate social responsibility and risk management perspectives.

Posted
By

A recent data breach and subsequent bankruptcy combine to form a cautionary tale on the importance of cyber insurance. On our Insurance & Recovery blog Policyholder Pulse, in “From Data Breach to Bankruptcy – A Cautionary Tale for Those Without Cyber Insurance,”colleagues Matthew G. Jeweler, Meighan E. O’Reardon, Curtis A. Simpson and Robert Shoemaker examine the data breach suffered by American Medical Collection Agency and how that forced its parent company, Retrieval-Master Creditors Bureau Inc., into Chapter 11.

 

Posted
By , and

Federal-reserve-logo-300x300The Board of Governors of the Federal Reserve System has recently indicated it may move forward with enhanced cybersecurity standards that had previously been floated by the Board, the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) back in 2016. Specifically, in October 2016, the Board, the three entities issued a joint advance notice of proposed rulemaking (ANPR) on enhanced cybersecurity standards before deprioritizing it in 2017. While the OCC and the FDIC withdrew their ANPRs earlier this Spring, the Board may revive the issue this coming Fall.

Continue reading

Posted
By

The recent data breach of India-based technology services provider Wipro serves as yet another reminder that technology or outsourcing service providers are high-priority targets for cyberattacks. In “Managing Risk in Light of the Wipro Data Breach,” colleagues Meighan E. O’ReardonAndrew CaplanMia Rendar and Curtis Simpson examine the potential consequences of the breach for Wipro customers and some steps that an institution should consider both to respond to, and to hopefully contain the effects of, a data security incident involving an outsourced service provider. 

Posted
By

UK-outsourcing-playbook-217x300In what is a challenging sector—especially following recent revelations over “secretive” government-awarded post-Brexit contracts—the UK Government recently issued new guidance on outsourcing aimed at improving government procurement and delivering better public service. Released on February 20, 2019, the “Outsourcing Playbook” targets improvements in how government works with industry and delivers better public services, but there are lessons to be learned for the private sector, as well.

Continue reading

Posted
By and

NY DFSFinancial institutions regulated by the New York Department of Financial Services (DFS)—referred to in this post as “Covered Entities”—should by now be well familiar with the department’s sweeping cybersecurity regulation, 23 NYCRR 500, that became effective on March 1, 2017. The regulation delves into a level of detail (e.g., multi-factor authentication and encryption requirements) and requires a level of senior level attention (e.g., annual attestation of compliance, signed by the Board of Directors or a Senior Officer) heretofore unseen in U.S. federal or state regulations.

Continue reading

Posted
By

When it comes to artificial intelligence, a lack of transparency in process and bad data to begin with are two of the issues most hampering the embrace by the boardroom. In AI: Black boxes and the boardroom, colleagues Tim Wright and Antony Bott examine how the resulting lack of trust can make companies wary of the AI technology despite its many potential benefits, and some basic steps one can take to alleviate those concerns.