Is there a regulatory requirement that a company's third parties (ie business partners) must be trained on their Compliance responsibilities?

Additionally, regulatory requirements regarding the training of a company’s third parties on compliance responsibilities can vary depending on the industry, location, and specific regulations that apply to the company. Many industries, especially those in finance, healthcare, and highly regulated sectors, often have strict requirements for 3P compliance training to ensure that partners are aware of and adhere to relevant regulations.

In the USA, for instance, the FCPA and SOX Act have provisions that can apply to third parties, and training may be necessary to ensure compliance. Additionally, the GDPR in the EU mandates that data processors (which can include third parties) adhere to certain data protection requirements.

Im unaware of any such regulation directly imposing legal responsibility on a company for ensuring its 3P business partners are “trained” on the company’s own compliance requirements, but there are regulations around payments, tax, KYC, ABAC, anti money laundering, and environmental compliance, that require best practice due diligence protocols to be implemented when onboarding (in good faith), and also that may indirectly impose certain certification requirements on 3rd parties’ compliance (which get handled contractually). 

EU DAC-7 for platforms is one of these, as is the EU Digital Services Act for online marketplaces and other large platforms. There are also several ISO standards on ABAC and corporate compliance that discuss avoiding/mitigating regulatory enforcement risk by implementing 3rd party protocols on training and certification as well as audit.