Welcome to Risk Tide Current, your signal in the flow of third-party risk where we help you navigate what’s changing, what’s coming, and what you can actually do about it.
Yes, the topics can get heavy. But we don't take ourselves too seriously. Our goal? Keep you informed, make it digestible, and maybe even make you smile along the way.
Quick Note: Risk Tide shares educational insights and our take on regulatory changes, this is not legal or compliance advice. Every organization is different, so always check with your legal or compliance teams. Think of us as your "practical" TPRM guide, not your lawyers.
What's New?
OCC Pulls Back on "Reputational Risk"
The OCC (along with the FDIC and Fed) just said the quiet part out loud: they're done citing "reputational risk" as a standalone reason to ding banks during exams.
What changed: Examiners can't write you up just because something might look bad. They need actual harm, financial loss, operational failure, compliance breach, that kind of thing.
What didn't change: If there's real risk to consumers, data, or operations, they'll still have an issue with your organization. This isn't a free pass.
What it means for TPRM:You’ll likely see fewer vague “reputational concerns” in your exam findings. Regulators want you to focus on what can be clearly shown and managed. That’s where their attention is shifting.
Translation: Less ambiguity, more proof. Which, honestly, is a good thing for everyone.
EU Drops the Hammer on AI
The EU just rolled out one of the world’s first comprehensive AI regulations, the AI Act sets strict rules on how artificial intelligence can be developed, deployed, and used.
What changed: The Act divides AI into risk categories. “Unacceptable risk” systems (like social scoring or manipulative tools) are banned outright. “High-risk” systems, things like hiring algorithms, medical tools, or law enforcement AI, now face strict compliance, testing, and transparency requirements.
What didn’t change: If you’re using AI for simple automation, analytics, or creative work, there isn't a significant impact, as long as it’s transparent and doesn’t mess with people’s rights or safety.
What it means for business: Even if you’re not in Europe, these rules reach you if your AI touches EU users. Documentation, transparency, and explainability will soon matter as much as innovation.
Translation: The EU just set an important global standard for AI governance and history shows the U.S. tends to follow. Expect state and even federal regulators to use this as the blueprint for what comes next. Time to get your data, disclosures, and ethics in order.
Where in the world is Garit?
Risk Tide co-founder (and frequent flyer) Garit Gemeinhardt is always on the move, so we’ve decided to keep track of his travels.
This week’s destination: Idaho!🏔️
Need a Midday Boost?
Tune in to our Office Playlist on Spotify, the perfect mix of focus and fun to keep you motivated through the workday.
