On Demand Events

This meeting covered Microsoft's nuclear-powered data center. We discussed NIST standards for post-quantum cryptography (PQC), emphasizing the transition from RSA to ML Chem and ML DSA for key encapsulation and digital signatures. The conversation highlighted the rapid advancements in AI and the need for agile governance to balance innovation and regulation. The discussion also touched on the lessons learned from Y2K, the importance of asset management, and the potential risks and benefits of AI, drawing parallels to past technological fears and uncertainties.

The Shared Assessments Healthcare Committee discussed the rapid evolution of technology, particularly AI, and its impact on third-party risk management. Key points included the importance of aligning risk assessments with contractual terms and business impact analysis. The committee members shared their assessment volumes, with some performing over 500 assessments annually. They also discussed the use of AI tools to streamline the assessment process and the challenges of managing large volumes of assessment questions. The meeting concluded with a review of the committee's achievements in 2024 and plans for 2025, emphasizing the need for continuous improvement and adaptation to emerging risks.

The Shared Assessments Global ESG TPRM Committee discussed the consideration of rebranding from ESG to Sustainability, with 62% of respondents supporting the change. Gary Roboff, Senior Advisor, Shared Assessments, discussed the EU's new regulation on deforestation, emphasizing its importance for global supply chains. Rhonda Cook, Senior Advisor, reviewed Noteworthy News on ESG &TPRM. A Deloitte survey revealed that 66% of private company leaders view climate change as a high or very high risk. The US Department of Commerce unveiled the SCALE tool to assess supply chain risks, though it is not publicly accessible. Members expressed interest in AI’s role in Sustainability as a topic for future discussion in the Committee. Links to suggested reading are included in the Master Deck, attached. The meeting concluded with a ShopTalk on integrating sustainability into third-party risk programs, highlighting practical steps and challenges.

The Shared Assessments Insurance Committee discussed various topics, including the upcoming UK Summit on September 25, the 2025 US Summit in Fort Lauderdale, and the importance of AI in third-party risk management. They recapped data privacy, cybersecurity, liability, and generalized risks associated with autonomous vehicles (AVs). During open discussion on TPRM Insights, they highlighted the need for a risk appetite framework, the roles country risk and operational risk management play. The committee also explored the challenges of assessing vendors during proof-of-concept (POC) phases, suggesting early involvement and data minimization strategies. They noted the increasing number of third-party assessments, with some organizations performing over 500 annually, and the importance of continuous monitoring and cyber threat intelligence tools.

Jen Hancock highlighted the importance of the IAG guidance for navigating third-party risk and regulatory requirements. Chris Johnson introduced the Shared Assessments IAG gap analysis tool, which maps IAG to rescinded FRB, FDIC, and OCC guidance, helping identify new requirements and potential gaps. During the Open Mic for Members Participants noted the need to explore alternative methods of assurance / due diligence when direct assessments are not possible. The committee explored offshore delivery center controls. Feedback from organizations was they are implementing a combination of physical and technological controls for offshore delivery centers, rather than relying solely on physical security measures like "clean rooms” and a trend towards bringing more critical functions in-house or to captive centers to maintain tighter control over sensitive data and processes, rather than relying on third-party offshore providers. Lastly, participants highlighted the challenges of maintaining control environments and talent acquisition/retention for offshore locations, especially with the shift to more remote and hybrid work models during the pandemic.

The Shared Assessments AI & Emerging Technology Committee provided an update on Shared Assessments' AI initiatives, including the EU AI ACT, response to the Treasury's RFI and an upcoming AI briefing paper. The committee discussed potential cyber risks and concerns around autonomous vehicles (AVs), including data privacy, cross-border data sharing, and the lack of underwriting history compared to human-driven vehicles. Participants highlighted the need for regulatory frameworks and standards to address the risks of AVs, as the technology is rapidly evolving. Lastly, the committee had an in-depth discussion on the advancements in deep fake technology and the potential for misuse, including identity fraud in remote work situations. Participants emphasized the balance between convenience and security, and the need for new methods to verify identity in a remote workforce. The group also discussed the importance of educating customers and third parties about the risks of deep fakes. The next meeting is scheduled for October 22, 2024.

The conversation focused on various regulations and directives related to ESG (Environmental, Social, and Governance) factors in vendor management programs. Speakers discussed the German Supply Chain Act, EU's Corporate Sustainability Due Diligence Directive, and ESG ratings, highlighting their significance in ensuring ethical and sustainable practices. They also discussed the potential impact of recent Supreme Court decisions on ESG regulations and the evolving nature of third-party risk management in the face of climate change. The speakers emphasized the importance of staying abreast of changes in the insurance industry and incorporating insurance reviews into third-party risk programs to mitigate potential risks. Thank you to our guest speakers, including Justin Libucki, ESG Risk Analyst, SEI Investments, and Jennifer Hancock, Senior Advisor, Shared Assessments.