Regulatory coverage

Built for the obligations that apply to you.

Third-party risk management is no longer best practice — it's an obligation, in Europe and in Asia alike. The platform structures your program to meet today's frameworks, and the new generation of Asian regulations.

Europe & International

European and international frameworks.

France

Sapin II

Obligation to map risks and document the assessment of third parties (clients, suppliers, intermediaries) under the anti-corruption regime.

The platform: graded third-party assessment, due-diligence traceability and an audit trail for the AFA.

European Union

DORA

Digital operational resilience: managing risk from third-party ICT service providers in the financial sector.

The platform: provider register, assessment and continuous monitoring of ICT third-party risk.

Germany

LkSG

Supply-chain due-diligence act: risk analysis and corrective measures across suppliers.

The platform: supplier assessment, corrective-action management and reporting.

European Union

CS3D / CSDDD

EU corporate sustainability due diligence: identifying, preventing and remediating harms along the value chain.

The platform: value-chain mapping, assessment and traced remediation.

European Union

GDPR

Governing data transfers to processors and the assessment of their safeguards.

The platform: structured document collection and tracking of processor commitments.

United States

FCPA

Anti-corruption law with extraterritorial reach: due diligence on intermediaries and business partners.

The platform: screening, enhanced due diligence and documentation of reasonable diligence.

Asia-Pacific

The new generation of Asian frameworks.

Asia-Pacific is accelerating. Singapore's MAS is redefining third-party risk, Australia's APRA imposes a DORA-comparable framework, and China is overhauling its supply-chain rules. A program that was adequate three years ago now has gaps.

SingaporeNew 2026

MAS TPRM Guidelines

Issued March 2026, they supersede the old outsourcing rules and extend expectations to all third-party arrangements: register, governance, full lifecycle and sub-contractors.

The platform: register of third-party arrangements, governance and lifecycle management from pre-contract to termination.

Australia

APRA CPS 230

Operational-risk standard in force since July 2025 (material-provider contract compliance due by July 2026). Monitoring and continuity of critical providers.

The platform: material-provider register, assessment, continuous monitoring and continuity.

China

Supply-chain decrees & AUCL

Decrees 834 and 835 (2026) govern information gathering and due diligence. China also concentrates most FCPA actions and requires China-specific supplier verification.

The platform: adapted investigative diligence, in-depth verification and rigorous documentation.

Hong Kong

HKMA — Operational Resilience

Strengthened expectations on operational resilience and provider management for financial institutions.

The platform: assessment and monitoring of critical providers, audit trail.

Japan

FSA — Operational Resilience

Growing expectations on operational resilience, third-party risk and technology risk.

The platform: register, graded assessment and provider monitoring.

India

SEBI — BRSR

Business responsibility and sustainability reporting obligations, including the value chain, aligned with global standards.

The platform: ESG assessment of value-chain third parties and document collection.

This summary is provided for general information only and does not constitute legal advice. Applicable obligations depend on your situation: we recommend confirming your scope with your counsel.

Which regulations apply to your third parties?

Let's map how to structure your program to your obligations.

Request a demo