Regulations that affect third-party risk

  • Release version: Yokohama
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Regulations that affect third-party risk

    When implementing a third-party risk management program in ServiceNow, it is essential to consider various regulations that impact how you assess and manage risks associated with third parties. These regulations differ based on industry, geographic location, jurisdiction, and operational nature. Understanding and complying with these regulations helps mitigate risks and ensures your third-party relationships align with legal and compliance requirements.

    Show full answer Show less

    Key Regulations Affecting Third-Party Risk Management

    • Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) Regulations: Require verification of third-party identities and assessment of their funding sources to prevent illicit financial activities.
    • Anti-Corruption and Bribery Laws: Laws such as the U.S. Foreign Corrupt Practices Act (FCPA) and UK Bribery Act mandate due diligence to identify risks related to bribery and corruption within third parties.
    • Data Protection and Privacy Regulations: Regulations like GDPR and CCPA necessitate evaluating third parties' data protection and privacy practices to ensure compliance with personal data safeguarding requirements.
    • Sanctions and Embargoes: Companies must verify that third parties are not subject to government sanctions or embargoes and are not engaged in prohibited activities.
    • Financial Regulations: Depending on the sector, regulations such as Sarbanes-Oxley Act (SOX) or Dodd-Frank Act require assessing third-party financial stability, reporting accuracy, and internal controls.
    • Labor and Employment Laws: Compliance with labor laws related to wages, working hours, health and safety, and equal employment opportunity must be ensured to avoid labor violations and reputational risks.
    • Environmental Regulations: Evaluation of third parties’ adherence to environmental laws and sustainability practices is necessary, especially when their activities impact the environment.

    Practical Implications for ServiceNow Customers

    ServiceNow customers should engage legal and compliance experts to identify which specific regulations apply to their third-party relationships. Incorporating these regulatory considerations into third-party risk assessments enhances compliance, reduces legal and reputational risks, and strengthens overall risk management. ServiceNow’s platform can support documenting and tracking these due diligence efforts to maintain regulatory alignment.

    When implementing your third-party risk management program, you must carefully consider the regulations. Applicable regulations vary depending on your industry, geographic location, jurisdiction, and nature of your operations.

    Regulations that typically affect third-party risk management programs

    You should consult legal and compliance experts to determine the specific regulatory landscape relevant to your third-party relationships. Here's a list of regulations that are typically considered when assessing third-party risk:

    Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) regulations
    These regulations aim to prevent money laundering, terrorist financing, and other illicit financial activities. They require companies to verify the identity of their third parties, assess their sources of funds, and ensure compliance with applicable AML and CTF laws.
    Anti-Corruption and Bribery laws
    Regulations such as the U.S. Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act impose strict requirements on companies to prevent bribery and corruption. Due diligence helps identify any potential risks related to bribery or corruption in the third party's operations and relationships.
    Data Protection and Privacy regulations
    With the increasing focus on data protection and privacy, regulations like the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) require companies to safeguard personal data. Due diligence includes assessing a third party's data protection and privacy practices to ensure compliance with these regulations.
    Sanctions and Embargoes
    Governments impose sanctions and embargoes on certain countries, individuals, or entities to restrict trade and prevent support for illegal activities. Companies need to ensure that their third parties aren’t subject to any sanctions or embargoes and aren’t engaged in activities that violate these restrictions.
    Financial Regulations
    Depending on the industry, companies might need to consider financial regulations such as the Sarbanes-Oxley Act (SOX) for publicly traded companies or sector-specific regulations like the Dodd-Frank Act for financial institutions. These regulations often require companies to assess the financial stability, reporting accuracy, and internal controls of their third parties.
    Labor and Employment Laws
    Companies need to ensure that their third parties comply with labor and employment laws, including regulations related to minimum wage, working hours, health and safety, and equal employment opportunities. This helps mitigate risks associated with labor violations and potential reputational harm.
    Environmental Regulations
    Companies might need to evaluate a third party's compliance with environmental regulations, particularly if the third party engages in activities that have an environmental impact. This includes assessing their environmental practices, waste management, pollution control measures, and adherence to sustainability standards.