CCO Third-Party and Vendor Compliance

Question 1

Which phase of the third-party lifecycle is most critical for identifying compliance risks before a vendor relationship begins?

Accepted Answer

Due diligence and onboarding

Answer

Contract negotiation

Answer

Ongoing monitoring

Answer

Offboarding and termination

Question 2

A CCO discovers that a third-party vendor has been convicted of bribery in a foreign jurisdiction. Under the Foreign Corrupt Practices Act (FCPA), what is the primary concern for the organization?

Accepted Answer

The organization may be held liable for the vendor's corrupt acts performed on its behalf

Answer

The vendor's contract must be renegotiated immediately

Answer

The organization must report the vendor to the SEC within 30 days

Answer

Only the vendor's executives face FCPA liability

Question 3

What is the primary purpose of a vendor risk tiering system in a compliance program?

Accepted Answer

To allocate oversight resources proportionally based on the risk each vendor poses

Answer

To rank vendors by annual contract value for budget planning

Answer

To determine which vendors qualify for most-favored-nation pricing

Answer

To schedule vendor audits in alphabetical order

Question 4

Which element is typically included in a vendor contract's compliance addendum?

Accepted Answer

Audit rights allowing the organization to inspect the vendor's compliance records

Answer

Guaranteed profit margins for the vendor

Answer

Exclusivity clauses preventing the vendor from serving competitors

Answer

Indemnification solely in favor of the vendor

Question 5

When a vendor operates as a 'fourth party' (a subcontractor to your direct vendor), what is the organization's best practice?

Accepted Answer

Require direct vendors to flow down compliance obligations and monitor their subcontractors

Answer

Ignore fourth parties since there is no direct contractual relationship

Answer

Conduct the same level of due diligence on fourth parties as on direct employees

Answer

Report all fourth parties to the relevant regulatory authority

Question 6

A CCO learns that a key supplier is experiencing severe financial distress. From a compliance perspective, what is the primary risk?

Accepted Answer

The supplier may cut corners on compliance controls, increasing regulatory and reputational risk

Answer

The supplier may increase prices, affecting the organization's margins

Answer

The supplier may hire away your compliance staff

Answer

Financial distress automatically voids the compliance terms of the contract

Question 7

Which regulatory framework specifically requires financial institutions to conduct due diligence on third-party vendors who handle sensitive customer data?

Accepted Answer

Gramm-Leach-Bliley Act (GLBA)

Answer

Sarbanes-Oxley Act (SOX)

Answer

Sherman Antitrust Act

Answer

Robinson-Patman Act