Risk Pulse
View all data →US Effective Tariff Rate
Highest since 1947. IEEPA ruling may reduce to 6.0% in 2026.
Suez Canal Container Traffic
Collapse since Houthi attacks. Still 49% below pre-crisis levels.
Asia-US Transit Time Increase
Cape of Good Hope rerouting extends SE Asia to US East Coast shipping.
ISSB Adopting Jurisdictions
Sustainability disclosure standards now live across 36 jurisdictions globally.
Risk, Resilience, Compliance — Without the Jargon.
Geopolitical Risk Assessment: How to Analyze, Monitor, and Mitigate Geopolitical Threats
ESGESG Risk Management: How to Identify, Assess, and Report Environmental, Social, and Governance Risks
Resilience & DORAOperational Resilience Framework: Building Resilience Beyond Business Continuity
GRCGRC Framework: How to Build an Integrated Governance, Risk, and Compliance Program
Latest Analysis
View all articles →
Monthly Geopolitical Risk Report: Template, Structure and Example
General Motors booked $3.1 billion in tariff costs during 2025, close to a quarter of its earnings before interest and taxes. Ford chief executive Jim Farley summed up the year for analysts as a season of chaos, and his company’s own tariff bill still landed near $1 billion. A monthly geopolitical risk report is how ... <a title="Monthly Geopolitical Risk Report: Template, Structure and Example" class="read-more" href="https://riskpublishing.com/monthly-geopolitical-risk-report-template/" aria-label="Read more about Monthly Geopolitical Risk Report: Template, Structure and Example">Read more</a>

Sanctions Screening in Third-Party Risk Management
On November 21, 2023, OFAC announced a $968,618,825 settlement with Binance, the largest in the agency’s history, hours after chief executive Changpeng Zhao pleaded guilty in a Seattle courtroom. Across Treasury, DOJ, and CFTC, the package reached $4.3 billion. Binance failed to screen its own customers, but the same statutes reach every US company’s suppliers, ... <a title="Sanctions Screening in Third-Party Risk Management" class="read-more" href="https://riskpublishing.com/sanctions-screening-third-party-risk-management/" aria-label="Read more about Sanctions Screening in Third-Party Risk Management">Read more</a>

Critical Supplier Identification and Tiering Methodology
At 12:09 a.m. Eastern on July 19, 2024, a faulty CrowdStrike Falcon update began knocking 8.5 million Windows devices offline, and Delta Air Lines spent the next five days canceling roughly 7,000 flights. Chief executive Ed Bastian put the bill at $500 million, and Delta sued CrowdStrike that October. By procurement’s math, CrowdStrike was a ... <a title="Critical Supplier Identification and Tiering Methodology" class="read-more" href="https://riskpublishing.com/critical-supplier-identification-tiering/" aria-label="Read more about Critical Supplier Identification and Tiering Methodology">Read more</a>

SaaS Vendor Risk Assessment: Cloud-Specific Evaluation
On August 20, 2025, Salesloft and Salesforce revoked every live OAuth token for the Drift chat application after the threat group UNC6395 spent ten days exporting data from more than 700 corporate Salesforce environments. Cloudflare, Zscaler, and Palo Alto Networks all confirmed exposure, and not one of them had been breached directly. Every victim inherited ... <a title="SaaS Vendor Risk Assessment: Cloud-Specific Evaluation" class="read-more" href="https://riskpublishing.com/saas-vendor-risk-assessment/" aria-label="Read more about SaaS Vendor Risk Assessment: Cloud-Specific Evaluation">Read more</a>

Supply Chain Risk Heat Map: How to Build and Maintain One
At 1:29 a.m. on March 26, 2024, the container ship Dali lost power and brought down Baltimore’s Francis Scott Key Bridge, closing the top US auto port for 11 weeks. Maryland lost roughly $15 million a day, and almost no supply chain risk heat map in the country had that bridge on it. The gap ... <a title="Supply Chain Risk Heat Map: How to Build and Maintain One" class="read-more" href="https://riskpublishing.com/supply-chain-risk-heat-map/" aria-label="Read more about Supply Chain Risk Heat Map: How to Build and Maintain One">Read more</a>

Concentration Risk in Third-Party Relationships: Assessment Guide
At 04:09 UTC on July 19, 2024, CrowdStrike pushed a defective Falcon sensor update that crashed 8.5 million Windows devices in 78 minutes. Concentration risk in third-party relationships stopped being an abstract exam finding that morning: insurance modeler Parametrix put direct Fortune 500 losses at $5.4 billion. The failure propagated because one security vendor protected ... <a title="Concentration Risk in Third-Party Relationships: Assessment Guide" class="read-more" href="https://riskpublishing.com/concentration-risk-third-party-relationships/" aria-label="Read more about Concentration Risk in Third-Party Relationships: Assessment Guide">Read more</a>

Fourth-Party Risk Management: Assessing Your Vendors’ Vendors
In June 2023, the California Public Employees’ Retirement System told roughly 769,000 members that their personal data had been stolen. Fourth-party risk management exists for the strange part of that disclosure: CalPERS itself was never breached. The data left through PBI Research Services, a subcontractor that ran death audits on Progress Software’s MOVEit file transfer ... <a title="Fourth-Party Risk Management: Assessing Your Vendors’ Vendors" class="read-more" href="https://riskpublishing.com/fourth-party-risk-management/" aria-label="Read more about Fourth-Party Risk Management: Assessing Your Vendors’ Vendors">Read more</a>

Greenwashing Risk Assessment: How to Audit ESG Claims
In September 2024, Australia’s Federal Court ordered Vanguard Investments Australia to pay a record A$12.9 million penalty for misleading ESG claims. A greenwashing risk assessment run honestly would have caught the problem years earlier: about 74% of the securities in the fund Vanguard marketed as ethically screened were never screened at all. ASIC called it ... <a title="Greenwashing Risk Assessment: How to Audit ESG Claims" class="read-more" href="https://riskpublishing.com/greenwashing-risk-assessment/" aria-label="Read more about Greenwashing Risk Assessment: How to Audit ESG Claims">Read more</a>

NYDFS Cybersecurity Regulation AI Amendment: What 23 NYCRR 500 Now Requires for AI Risk Management
On May 21, 2026, the New York Department of Financial Services issued two warnings on a single day to the banks, insurers, mortgage servicers, and money transmitters it licenses. One flagged a heightened cyber threat environment; the other warned that “frontier AI” models can now find exploitable vulnerabilities at a pace human patching cycles were ... <a title="NYDFS Cybersecurity Regulation AI Amendment: What 23 NYCRR 500 Now Requires for AI Risk Management" class="read-more" href="https://riskpublishing.com/nydfs-cybersecurity-regulation-ai-amendment/" aria-label="Read more about NYDFS Cybersecurity Regulation AI Amendment: What 23 NYCRR 500 Now Requires for AI Risk Management">Read more</a>

PESTLE vs PESTEL vs STEEPLE: Which to Use
On March 10, 2023, California regulators seized Silicon Valley Bank, the second-largest bank failure in US history at that point. The trigger was the most basic external force any strategist is supposed to watch: interest rates. The PESTLE vs PESTEL question starts right here, because the letter E for Economic is exactly the signal SVB ... <a title="PESTLE vs PESTEL vs STEEPLE: Which to Use" class="read-more" href="https://riskpublishing.com/pestle-vs-pestel-vs-steeple-which-to-use/" aria-label="Read more about PESTLE vs PESTEL vs STEEPLE: Which to Use">Read more</a>
Explore by Desk
Enterprise Risk Management
ERM frameworks, risk appetite, risk registers, AI risk, operational risk
Business Continuity
ISO 22301, BIA, BCP templates, DRP, exercises, crypto BCM
Cyber & InfoSec
NIST CSF, CIS Controls, CRAMM, ransomware, incident response
Risk Assessment
Methodologies, frameworks, quantitative analysis, sector-specific
ESG Risk
ISSB, CSRD, climate risk, double materiality, Scope 1-3
Geopolitical Risk
Sanctions, tariffs, trade war, country risk, supply chains
Resilience & DORA
DORA, impact tolerances, IBS mapping, resilience testing
GRC
Governance frameworks, compliance, audit, OCEG, Three Lines