Third Party Risk Management Sample Clauses

Third Party Risk Management. 8.1.1. Novartis expects Suppliers with whom work to respect the laws and adopt the ethical business principles set out in the Novartis Third Party Code. The Novartis Third-Party Code and other codes, policies, and guidelines ("Novartis Third Party Standards") related to suppliers are available on the website: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/supplier-portal 8.1.2. Suppliers should become familiar with the Novartis Third Party Standards and should provide all information required by Novartis in relation to its practices: Labor Rights, Health, Safety, Environmental, Animal Welfare, Anti-Bribery, Fair Competition, Data Privacy and Information Protection, Responsible Minerals, Quality GMP, Trade Sanctions and Export Controls in the required form. Novartis (or the third-party specialists that it has designated), will have sufficient and adequate access to audit the compliance of these Third Party Standards 8.1.3. Suppliers shall commit their best efforts to remedy cases of identified non-compliance and report to Novartis the progress of these cases, when required. At Novartis' sole discretion, the failure to comply with these Standards of Conduct by the Supplier will grant Novartis the right of terminating the business relationship of this Purchase Order, without the Supplier is, entitled to the payment of any compensation, fine or indemnity. The Supplier confirms having read and understanding all the Novartis Third Party Standards.

Third Party Risk Management. (1) Within sixty (60) days of the date of this Agreement, the Board shall adopt and Bank management shall implement and thereafter adhere to a written program to effectively assess and manage the risks posed by third-party fintech relationships (“Third-Party Risk Management Program”). Refer to OCC Bulletin 2013-29, “Third-Party Relationships” and OCC Bulletin 2020-10, “Third-Party Relationships: Frequently Asked Questions to Supplement OCC Bulletin 2013-29”; Refer to OCC Bulletin 2021-40, “Third-Party Relationships: Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks”. (2) The Third-Party Risk Management Program shall be commensurate with the level of risk and complexity of the Bank’s third-party fintech relationship partners and shall, at a minimum, address the following for the Bank’s third-party fintech relationship partners: (a) written policies, procedures, and processes governing the Bank’s third- party fintech relationship partners that, at a minimum: (i) address how the Bank identifies and assesses the inherent risks of the products, services, and activities performed by the third-parties, including but not limited to BSA, compliance, operational, liquidity, counterparty and credit risk as applicable; (ii) details how the Bank selects, assesses, and oversees third-parties; (iii) details the Bank’s strategic plan for providing necessary resources, infrastructure, technology controls, and organizational capabilities to manage the third-party fintech relationship partners in a safe and sound manner; and (iv) establishes criteria for Board review and approval of third-party fintech relationship partners; (b) an assessment of BSA risk for each third-party fintech relationship partner, including risk associated with money laundering, terrorist financing, and sanctions risk as well as the third-party’s processes for mitigating such risks and complying with applicable laws and regulations; (c) due diligence and risk assessment criteria for selecting and approving a third-party fintech relationship partner that is appropriate and unique to the particular products, services, and activities provided by the third-party; Refer to OCC Bulletin 2021-40, “Third-Party Relationships: Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks”; (d) an effective compliance oversight program for third-party fintech relationship partners to include: (i) evaluation of the products, services, and activities ...

Third Party Risk Management. (1) Within ninety (90) days of the date of this Agreement, the Board shall adopt and the Bank, subject to Board review and ongoing monitoring, shall implement and thereafter adhere to a revised third party risk management program that is consistent with OCC Bulletin 2013-29, Third-Party Relationships: Risk Management Guidance (October 30, 2013) and any subsequent OCC guidance, that includes at a minimum: (a) Board review and approval of an updated vendor management policy that delegates oversight responsibility for proper implementation of the Bank's third party risk management program to appropriate management personnel; (b) a list of all activities, functions, or responsibilities that are currently, or will be, outsourced to third-parties, identifying the parties, noting any affiliations, and describing the terms and conditions of the third party agreements; (c) a process to ensure third party relationships are governed by written agreements that clearly outline and document the rights and responsibilities of the parties; (d) a risk assessment process to identify third party service providers that perform critical activities for the Bank; (e) a due diligence process for selecting third-party service providers and an on-going process for monitoring third parties that require reviews of third party financial information, service and other contracts governing the relationship, and reports/attestations on third party controls; (f) controls to ensure transactions with affiliated third parties comply with affiliate laws and regulations and do not present conflicts of interest; and (g) a cost-benefit analysis of the Bank's third-party relationships, that includes ongoing monitoring of third party expenses, reports analyzing direct and indirect costs of each relationship, and consideration of the Bank's in- house expertise. (2) Upon adoption, the Board shall submit a copy of the revised third party risk management program to the Assistant Deputy Comptroller.

Third Party Risk Management. ▇▇▇▇▇▇ has put in place a third party risk management framework which is aimed at promoting the societal and environmental values of the United Nations Global Compact with third parties that Sandoz deals with. In connection with the above, Supplier shall 8.1.1 comply with the “Third Party Code” (and any published updates thereof) which can be viewed and downloaded from ▇▇▇▇▇://▇▇▇▇.▇▇▇.▇▇▇▇▇▇.▇▇▇/sites/spare53_sandoz_com/files/2023- 10/Sandoz-Third-Party-Code.pdf; 8.1.2 provide information/documentation on reasonable request to Sandoz to allow ▇▇▇▇▇▇ to ver- ify compliance with the Third Party Code in the form requested; 8.1.3 rectify identified non-compliances with the Third Party Code (where capable of remedy) and report remediation progress to ▇▇▇▇▇▇ on request; 8.1.4 ensure that Supplier’s Affiliates, Subcontractors and/or agents of Supplier also comply with the above requirements relating to the Third Party Code; and 8.1.5 where required by ▇▇▇▇▇▇, co-operate with ▇▇▇▇▇▇ in completing and returning, as reason- ably instructed, the Questionnaire for Third Parties. Supplier warrants and represents that the information provided in any Questionnaire for Third Parties is accurate and complete. For the avoidance of doubt, this subparagraph applies to Supplier only, and not to any Subcontractor engaged by it.

Third Party Risk Management. Novartis expects the supplier to adhere to ethical business practices and to observe the Novartis Third Party Code and any other applicable Novartis codes, policies and guidelines. By providing goods/services/deliverables pursuant to this Purchase Order, the supplier hereby agrees that it will:  comply with the Third Party Code (and any published updates) which can be viewed and downloaded from ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/esg/reporting/codes-policies-and- guidelines (the supplier may request a copy free of charge from Novartis);  provide information/documentation on reasonable request to Novartis, its affiliated companies and respective representatives to allow Novartis to verify compliance with the Third Party Code in the form requested;  use best endeavours to rectify identified non-compliances with the Third Party Code (where capable of remedy) and report remediation progress to Novartis, its affiliated companies and respective representatives on request;  ensure supplier’s affiliated companies and/or subcontractors/agents directly engaged in providing goods/services/deliverables in pursuance of this Purchase Order are also required to comply with all the above requirements; and  where required by Novartis, fully co-operate (at supplier’s own expense) with Novartis and Novartis affiliated companies and respective representatives in completing and returning, as reasonably instructed, any questionnaire relating to compliance topics including, without limitation, anti-bribery compliance, that supplier has received as part of Novartis Third Party Risk Management processes at any time and any updates of same (“Questionnaire for Third Parties”). The supplier warrants and represents that the information provided in any Questionnaire for Third Parties (whether provided before or after the date of this Purchase Order, including updates to the same) is accurate and complete (and such information shall be treated as being part of the agreement between Novartis and the supplier pursuant to this Purchase Order). For the avoidance of doubt, this subparagraph applies to the supplier only, and not to any subcontractor engaged by the supplier in accordance with the terms of this Purchase Order (including in accordance with the provisions of the Third Party Code). Seven business days after the receipt of a written request from Novartis, the supplier will allow Novartis associates (or any third party auditor nominated by Novartis) adequate access to supplier’s premises ...

Third Party Risk Management. Novartis has put in place a Third Party risk management framework which is aimed at promoting the societal and environmental values of the United Nations Global Compact with specific third parties that Novartis deals with (the “Third Party Code”). In connection with the above, Licensor shall: (a) comply with the Third Party Code as set out at ▇▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇/▇▇▇▇▇▇▇▇_▇▇▇/▇▇▇▇▇/▇▇▇▇▇▇▇▇-▇▇▇▇▇-▇▇▇▇▇-▇▇▇▇-▇-▇.▇▇▇; (b) having regard to Section 12.6 of the Third Party Code, provide information/documentation on reasonable request to Novartis (or any Third Party auditor reasonably acceptable to Licensor) to allow Novartis to verify Licensor’s compliance with the Third Party Code in the form requested; (c) use its Commercially Reasonable Efforts to rectify identified non-compliances with the Third Party Code (where capable of remedy) and report remediation progress to Novartis on request; and (d) Licensor shall adopt standards that cover the same principles and content included in the Third Party Code when appointing its own suppliers or contractors who are engaged (and to the extent they are engaged) specifically for the purpose of this Agreement.

Third Party Risk Management. If the Parties have agreed certain remediation actions identified as part of Deloitte’s third party risk management process, these are set out in Schedule 6. The Supplier has agreed to complete these remediation actions within an agreed timeframe notified by Deloitte set out in Schedule 6 and, as required, to co-operate with Deloitte regarding such completion. The Parties agree that this clause is a condition of this Agreement.

Third Party Risk Management. (1) By June 30, 2024, the Bank shall submit to the Assistant Deputy Comptroller for review and prior written determination of no supervisory objection an acceptable written program to effectively assess and manage the risks posed by third-party relationships (Third- Party Risk Management Program). Refer to OCC Bulletin 2023-17, “Third-Party Relationships: Interagency Guidance on Risk Management,” for related safe and sound principles. The Third- Party Risk Management Program shall be commensurate with the level of risk and complexity of the Bank’s third-party relationships and shall, at a minimum, address the following: (a) plans that outline the Bank’s strategy for third-party relationships, identify the inherent risks of the activities performed by the third parties, and detail how the Bank selects, assesses, and oversees third parties; (b) proper due diligence in selecting third parties; (c) written contracts that outline the rights and responsibilities of all parties and that adequately document and protect the Bank’s interests; (d) ongoing monitoring of third-party activities and performance, including (e) contingency plans for terminating third-party relationships in an effective manner; (f) clear roles and responsibilities for overseeing and managing third-party relationships and risk management; (g) documentation (including an inventory of the Bank’s third- and fourth- party service providers) and reporting that facilitates Board and management oversight, accountability, monitoring, and risk management associated with third-party relationships; and (h) independent reviews that allow Bank management to assess whether the Bank’s risk management process aligns with its strategy and effectively manages risks associated with third-party relationships. (2) Within thirty (30) days following receipt of the Assistant Deputy Comptroller’s written determination of no supervisory objection to the Third-Party Risk Management Program or any subsequent amendment to the program, the Board shall adopt and Bank management, subject to Board review and ongoing monitoring, shall immediately implement and thereafter ensure adherence to the program. The Board shall review the effectiveness of the program at least quarterly, and more frequently if necessary or if required by the OCC in writing, and amend the program as needed or directed by the OCC. Any amendment to the program must be submitted to the Assistant Deputy Comptroller for review and prior written determinatio...

Third Party Risk Management. Databricks assesses the security compliance of applicable third parties, including vendors and subprocessors, in order to measure and manage risk. This includes, but is not limited to, conducting a security risk assessment and due diligence prior to engagement and reviewing external audit reports from critical vendors at least annually. In addition, applicable vendors and subprocessors are required to sign a data processing agreement that includes compliance with applicable data protection laws, as well as confidentiality requirements.