Risk Pulse
View all data →US Effective Tariff Rate
Highest since 1947. IEEPA ruling may reduce to 6.0% in 2026.
Suez Canal Container Traffic
Collapse since Houthi attacks. Still 49% below pre-crisis levels.
Asia-US Transit Time Increase
Cape of Good Hope rerouting extends SE Asia to US East Coast shipping.
ISSB Adopting Jurisdictions
Sustainability disclosure standards now live across 36 jurisdictions globally.
Risk, Resilience, Compliance — Without the Jargon.
Geopolitical Risk Assessment: How to Analyze, Monitor, and Mitigate Geopolitical Threats
ESGESG Risk Management: How to Identify, Assess, and Report Environmental, Social, and Governance Risks
Resilience & DORAOperational Resilience Framework: Building Resilience Beyond Business Continuity
GRCGRC Framework: How to Build an Integrated Governance, Risk, and Compliance Program
Latest Analysis
View all articles →
The Business Continuity Management Program: A Complete Hub for Practitioners
A business continuity management program is what separated the airlines on July 19, 2024, when a defective CrowdStrike update crashed 8.5 million Windows machines and cost the Fortune 500 an estimated $5.4 billion. Delta alone absorbed $500 million and days of cancellations, while competitors flying the same software recovered over a weekend. The gap was ... <a title="The Business Continuity Management Program: A Complete Hub for Practitioners" class="read-more" href="https://riskpublishing.com/business-continuity-management-program/" aria-label="Read more about The Business Continuity Management Program: A Complete Hub for Practitioners">Read more</a>

Key Risk Indicators: The Complete Directory for Risk Practitioners
Key risk indicators earn their board seat every time an institution fails with the warnings already written down. When Silicon Valley Bank collapsed in March 2023 holding $209 billion in assets, the Federal Reserve’s own review counted 31 unaddressed supervisory findings, roughly triple the average at peer banks. The indicators existed; the response did not. ... <a title="Key Risk Indicators: The Complete Directory for Risk Practitioners" class="read-more" href="https://riskpublishing.com/key-risk-indicators-directory/" aria-label="Read more about Key Risk Indicators: The Complete Directory for Risk Practitioners">Read more</a>

The Complete Risk Assessment Guide: Methods, Templates, and Frameworks
Risk assessment failures now carry ten-figure price tags. On October 10, 2024, TD Bank agreed to pay about $3.09 billion across coordinated resolutions, including FinCEN’s record $1.3 billion penalty and a $450 million OCC action, after regulators found its monitoring left 92% of transaction volume unassessed. That unmonitored slice totaled roughly $18.3 trillion between 2018 ... <a title="The Complete Risk Assessment Guide: Methods, Templates, and Frameworks" class="read-more" href="https://riskpublishing.com/complete-risk-assessment-guide/" aria-label="Read more about The Complete Risk Assessment Guide: Methods, Templates, and Frameworks">Read more</a>

NIST Vendor Risk Assessment Questionnaire: 40 Mapped Questions
On February 21, 2024, drug distributor Cencora discovered attackers had been inside its systems stealing patient data it processed for pharmaceutical manufacturer clients. By September, Bloomberg reported the company had paid $75 million to the Dark Angels gang, the largest ransom payment on record. A NIST vendor risk assessment questionnaire exists to catch that exposure ... <a title="NIST Vendor Risk Assessment Questionnaire: 40 Mapped Questions" class="read-more" href="https://riskpublishing.com/nist-vendor-risk-assessment-questionnaire/" aria-label="Read more about NIST Vendor Risk Assessment Questionnaire: 40 Mapped Questions">Read more</a>

Risk Management KPI Dashboard: How to Build One in Excel
On July 10, 2024, the Federal Reserve fined Citigroup $60.6 million and the OCC added $75 million more, a combined $135.6 million, for failing to fix risk data and reporting weaknesses first ordered closed in October 2020. The regulators’ language was blunt: the bank had made insufficient progress on data quality management. A risk management ... <a title="Risk Management KPI Dashboard: How to Build One in Excel" class="read-more" href="https://riskpublishing.com/risk-management-kpi-dashboard/" aria-label="Read more about Risk Management KPI Dashboard: How to Build One in Excel">Read more</a>

Monthly Geopolitical Risk Report: Template, Structure and Example
General Motors booked $3.1 billion in tariff costs during 2025, close to a quarter of its earnings before interest and taxes. Ford chief executive Jim Farley summed up the year for analysts as a season of chaos, and his company’s own tariff bill still landed near $1 billion. A monthly geopolitical risk report is how ... <a title="Monthly Geopolitical Risk Report: Template, Structure and Example" class="read-more" href="https://riskpublishing.com/monthly-geopolitical-risk-report-template/" aria-label="Read more about Monthly Geopolitical Risk Report: Template, Structure and Example">Read more</a>

Sanctions Screening in Third-Party Risk Management
On November 21, 2023, OFAC announced a $968,618,825 settlement with Binance, the largest in the agency’s history, hours after chief executive Changpeng Zhao pleaded guilty in a Seattle courtroom. Across Treasury, DOJ, and CFTC, the package reached $4.3 billion. Binance failed to screen its own customers, but the same statutes reach every US company’s suppliers, ... <a title="Sanctions Screening in Third-Party Risk Management" class="read-more" href="https://riskpublishing.com/sanctions-screening-third-party-risk-management/" aria-label="Read more about Sanctions Screening in Third-Party Risk Management">Read more</a>

Critical Supplier Identification and Tiering Methodology
At 12:09 a.m. Eastern on July 19, 2024, a faulty CrowdStrike Falcon update began knocking 8.5 million Windows devices offline, and Delta Air Lines spent the next five days canceling roughly 7,000 flights. Chief executive Ed Bastian put the bill at $500 million, and Delta sued CrowdStrike that October. By procurement’s math, CrowdStrike was a ... <a title="Critical Supplier Identification and Tiering Methodology" class="read-more" href="https://riskpublishing.com/critical-supplier-identification-tiering/" aria-label="Read more about Critical Supplier Identification and Tiering Methodology">Read more</a>

SaaS Vendor Risk Assessment: Cloud-Specific Evaluation
On August 20, 2025, Salesloft and Salesforce revoked every live OAuth token for the Drift chat application after the threat group UNC6395 spent ten days exporting data from more than 700 corporate Salesforce environments. Cloudflare, Zscaler, and Palo Alto Networks all confirmed exposure, and not one of them had been breached directly. Every victim inherited ... <a title="SaaS Vendor Risk Assessment: Cloud-Specific Evaluation" class="read-more" href="https://riskpublishing.com/saas-vendor-risk-assessment/" aria-label="Read more about SaaS Vendor Risk Assessment: Cloud-Specific Evaluation">Read more</a>

Supply Chain Risk Heat Map: How to Build and Maintain One
At 1:29 a.m. on March 26, 2024, the container ship Dali lost power and brought down Baltimore’s Francis Scott Key Bridge, closing the top US auto port for 11 weeks. Maryland lost roughly $15 million a day, and almost no supply chain risk heat map in the country had that bridge on it. The gap ... <a title="Supply Chain Risk Heat Map: How to Build and Maintain One" class="read-more" href="https://riskpublishing.com/supply-chain-risk-heat-map/" aria-label="Read more about Supply Chain Risk Heat Map: How to Build and Maintain One">Read more</a>
Explore by Desk
Enterprise Risk Management
ERM frameworks, risk appetite, risk registers, AI risk, operational risk
Business Continuity
ISO 22301, BIA, BCP templates, DRP, exercises, crypto BCM
Cyber & InfoSec
NIST CSF, CIS Controls, CRAMM, ransomware, incident response
Risk Assessment
Methodologies, frameworks, quantitative analysis, sector-specific
ESG Risk
ISSB, CSRD, climate risk, double materiality, Scope 1-3
Geopolitical Risk
Sanctions, tariffs, trade war, country risk, supply chains
Resilience & DORA
DORA, impact tolerances, IBS mapping, resilience testing
GRC
Governance frameworks, compliance, audit, OCEG, Three Lines