The cosmetics industry, unknown to many, is essentially not regulated by a federal regulatory agency. Cosmetics technically fall under the purview of the Food and Drug Administration (“FDA”), but there are few requirements that manufacturers must comply with. The FDA only requires that manufacturers comply with several labeling regulations so companies can avoid listing a product’s total ingredients, and the FDA does not require manufacturers to report health complaints. The FDA instead relies on direct reports of adverse events from consumers, which has the potential to delay remedying a potentially dangerous situation. A study published in JAMA Internal Medicine found that between 2015 and 2016, the number of complaints of adverse health results related to cosmetic products more than doubled from the previous years. Additionally, the FDA only has the equivalent of six full-time inspectors to monitor three million shipments of cosmetics that come into the United States each year. Last year, inspectors only conducted tests on about 364 of those shipments, and 20 % of those shipment that were inspected led to adverse findings.
Financial institutions often rely on outside vendors to provide information technology services. While doing so often provides economic efficiency and quicker technological innovation, the risks associated with outsourcing information technology services are significant. Institutions must develop strong vendor management programs to ensure the safety of their customer’s personal information. Several large financial institutions have come together to create a new consortium to perform vendor and partner due diligence.