Risk Pulse

View all data →
Trade Policy
7.7%

US Effective Tariff Rate

Highest since 1947. IEEPA ruling may reduce to 6.0% in 2026.

Supply Chain
−75%

Suez Canal Container Traffic

Collapse since Houthi attacks. Still 49% below pre-crisis levels.

Logistics
+47%

Asia-US Transit Time Increase

Cape of Good Hope rerouting extends SE Asia to US East Coast shipping.

ESG Regulation
36

ISSB Adopting Jurisdictions

Sustainability disclosure standards now live across 36 jurisdictions globally.

Risk, Resilience, Compliance — Without the Jargon.

Latest Analysis

View all articles →
Monthly Geopolitical Risk Report: Template, Structure and Example
ERM

Monthly Geopolitical Risk Report: Template, Structure and Example

General Motors booked $3.1 billion in tariff costs during 2025, close to a quarter of its earnings before interest and taxes. Ford chief executive Jim Farley summed up the year for analysts as a season of chaos, and his company’s own tariff bill still landed near $1 billion. A monthly geopolitical risk report is how ... <a title="Monthly Geopolitical Risk Report: Template, Structure and Example" class="read-more" href="https://riskpublishing.com/monthly-geopolitical-risk-report-template/" aria-label="Read more about Monthly Geopolitical Risk Report: Template, Structure and Example">Read more</a>

Chris EkaiJul 14, 202614 min read
sanctions screening in third-party risk management guide on a navy riskpublishing.com hero with a screening-list motif and one flagged red entry
Risk Assessment

Sanctions Screening in Third-Party Risk Management

On November 21, 2023, OFAC announced a $968,618,825 settlement with Binance, the largest in the agency’s history, hours after chief executive Changpeng Zhao pleaded guilty in a Seattle courtroom. Across Treasury, DOJ, and CFTC, the package reached $4.3 billion. Binance failed to screen its own customers, but the same statutes reach every US company’s suppliers, ... <a title="Sanctions Screening in Third-Party Risk Management" class="read-more" href="https://riskpublishing.com/sanctions-screening-third-party-risk-management/" aria-label="Read more about Sanctions Screening in Third-Party Risk Management">Read more</a>

Chris EkaiJul 8, 202612 min read
Critical Supplier Identification and Tiering Methodology
Risk Assessment

Critical Supplier Identification and Tiering Methodology

At 12:09 a.m. Eastern on July 19, 2024, a faulty CrowdStrike Falcon update began knocking 8.5 million Windows devices offline, and Delta Air Lines spent the next five days canceling roughly 7,000 flights. Chief executive Ed Bastian put the bill at $500 million, and Delta sued CrowdStrike that October. By procurement’s math, CrowdStrike was a ... <a title="Critical Supplier Identification and Tiering Methodology" class="read-more" href="https://riskpublishing.com/critical-supplier-identification-tiering/" aria-label="Read more about Critical Supplier Identification and Tiering Methodology">Read more</a>

Chris EkaiJul 7, 202613 min read
SaaS vendor risk assessment guide on a navy riskpublishing.com hero with a cloud and app-tile motif, covering shared responsibility and OAuth exposure
Risk Assessment

SaaS Vendor Risk Assessment: Cloud-Specific Evaluation

On August 20, 2025, Salesloft and Salesforce revoked every live OAuth token for the Drift chat application after the threat group UNC6395 spent ten days exporting data from more than 700 corporate Salesforce environments. Cloudflare, Zscaler, and Palo Alto Networks all confirmed exposure, and not one of them had been breached directly. Every victim inherited ... <a title="SaaS Vendor Risk Assessment: Cloud-Specific Evaluation" class="read-more" href="https://riskpublishing.com/saas-vendor-risk-assessment/" aria-label="Read more about SaaS Vendor Risk Assessment: Cloud-Specific Evaluation">Read more</a>

Chris EkaiJul 7, 202615 min read
supply chain risk heat map guide on a navy riskpublishing.com hero with a 3x3 heat map motif, covering the 5x5 build and refresh cadence
ERM

Supply Chain Risk Heat Map: How to Build and Maintain One

At 1:29 a.m. on March 26, 2024, the container ship Dali lost power and brought down Baltimore’s Francis Scott Key Bridge, closing the top US auto port for 11 weeks. Maryland lost roughly $15 million a day, and almost no supply chain risk heat map in the country had that bridge on it. The gap ... <a title="Supply Chain Risk Heat Map: How to Build and Maintain One" class="read-more" href="https://riskpublishing.com/supply-chain-risk-heat-map/" aria-label="Read more about Supply Chain Risk Heat Map: How to Build and Maintain One">Read more</a>

Chris EkaiJul 6, 202614 min read
concentration risk in third-party relationships assessment guide on a navy riskpublishing.com hero covering dependency mapping, HHI scoring, and exit testing
ERM

Concentration Risk in Third-Party Relationships: Assessment Guide

At 04:09 UTC on July 19, 2024, CrowdStrike pushed a defective Falcon sensor update that crashed 8.5 million Windows devices in 78 minutes. Concentration risk in third-party relationships stopped being an abstract exam finding that morning: insurance modeler Parametrix put direct Fortune 500 losses at $5.4 billion. The failure propagated because one security vendor protected ... <a title="Concentration Risk in Third-Party Relationships: Assessment Guide" class="read-more" href="https://riskpublishing.com/concentration-risk-third-party-relationships/" aria-label="Read more about Concentration Risk in Third-Party Relationships: Assessment Guide">Read more</a>

Chris EkaiJul 6, 202614 min read
fourth-party risk management guide on a navy riskpublishing.com hero covering how to assess your vendors' vendors with mapping, contract clauses, and KRIs
ERM

Fourth-Party Risk Management: Assessing Your Vendors’ Vendors

In June 2023, the California Public Employees’ Retirement System told roughly 769,000 members that their personal data had been stolen. Fourth-party risk management exists for the strange part of that disclosure: CalPERS itself was never breached. The data left through PBI Research Services, a subcontractor that ran death audits on Progress Software’s MOVEit file transfer ... <a title="Fourth-Party Risk Management: Assessing Your Vendors’ Vendors" class="read-more" href="https://riskpublishing.com/fourth-party-risk-management/" aria-label="Read more about Fourth-Party Risk Management: Assessing Your Vendors’ Vendors">Read more</a>

Chris EkaiJul 4, 202613 min read
greenwashing risk assessment guide on a navy riskpublishing.com hero covering how to audit ESG claims with the five-step evidence test regulators expect
ERM

Greenwashing Risk Assessment: How to Audit ESG Claims

In September 2024, Australia’s Federal Court ordered Vanguard Investments Australia to pay a record A$12.9 million penalty for misleading ESG claims. A greenwashing risk assessment run honestly would have caught the problem years earlier: about 74% of the securities in the fund Vanguard marketed as ethically screened were never screened at all. ASIC called it ... <a title="Greenwashing Risk Assessment: How to Audit ESG Claims" class="read-more" href="https://riskpublishing.com/greenwashing-risk-assessment/" aria-label="Read more about Greenwashing Risk Assessment: How to Audit ESG Claims">Read more</a>

Chris EkaiJul 4, 202615 min read
risk assessment
ERM

NYDFS Cybersecurity Regulation AI Amendment: What 23 NYCRR 500 Now Requires for AI Risk Management

On May 21, 2026, the New York Department of Financial Services issued two warnings on a single day to the banks, insurers, mortgage servicers, and money transmitters it licenses. One flagged a heightened cyber threat environment; the other warned that “frontier AI” models can now find exploitable vulnerabilities at a pace human patching cycles were ... <a title="NYDFS Cybersecurity Regulation AI Amendment: What 23 NYCRR 500 Now Requires for AI Risk Management" class="read-more" href="https://riskpublishing.com/nydfs-cybersecurity-regulation-ai-amendment/" aria-label="Read more about NYDFS Cybersecurity Regulation AI Amendment: What 23 NYCRR 500 Now Requires for AI Risk Management">Read more</a>

Chris EkaiJul 4, 202617 min read
PESTLE vs PESTEL vs STEEPLE on a navy riskpublishing.com hero, showing one external-scanning framework, three spellings, and one ethics extension
ERM

PESTLE vs PESTEL vs STEEPLE: Which to Use

On March 10, 2023, California regulators seized Silicon Valley Bank, the second-largest bank failure in US history at that point. The trigger was the most basic external force any strategist is supposed to watch: interest rates. The PESTLE vs PESTEL question starts right here, because the letter E for Economic is exactly the signal SVB ... <a title="PESTLE vs PESTEL vs STEEPLE: Which to Use" class="read-more" href="https://riskpublishing.com/pestle-vs-pestel-vs-steeple-which-to-use/" aria-label="Read more about PESTLE vs PESTEL vs STEEPLE: Which to Use">Read more</a>

Chris EkaiJun 30, 202613 min read

Practitioner Toolkits & Templates

Ready-to-use frameworks, registers, and assessment tools built for risk management professionals. All guides include downloadable templates.