Category Archives: Business

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

Data Breach Risk: What’s Next?

Posted on by

Ten years ago, many companies didn’t even ask about using encryption to protect data. Over the years, that has changed. More security and privacy professionals began to see it as an option in their cybersecurity defense.

buy desyrel online medilaw.com/wp-content/uploads/2015/03/jpg/desyrel.html no prescription pharmacy

Then it eventually became a necessary component of most companies’ security strategies and the use of encrypted laptops became a condition precedent for many cyber and privacy insurance policies.

Now, after strengthening their cybersecurity with encryption and other measures, companies need to identify the next potential data exposure points where bad actors can likely turn their attention. One overlooked vulnerability is the visual display of sensitive data on screens.

Protect Visual Privacy
Not every risk management, security and IT professional is familiar with visual hacking, but they should be.

Visual hacking is the unauthorized capturing of sensitive, private or confidential information for unauthorized use. It can include visually stealing information from someone’s phone screen, viewing information left on a printer at work or other opportunities of information that is in plain sight. Very likely, it is already happening to workers in your organization.

It is commonplace for professionals who travel for work to access sensitive corporate material on the go. They could be riding on a train, plane or bus and simply open their laptops, giving those seated next to them full view of their work. In these situations, no one can be certain they are not exposing sensitive information—even something simple like a network username. It is not likely such a road warrior can be aware at all times whether another person is viewing or capturing what’s on their screen.

A study conducted by the Ponemon Institute revealed that 87% of mobile workers have caught someone looking over their shoulder at their laptop in a public space. Yet, despite this potential risk, more than half of mobile workers surveyed said they took no steps to protect important information while working in public.

Visual privacy risks don’t just exist outside the office. A worker who steps away from his or her computer or has a screen facing a public walkway can also expose highly sensitive data to onlookers.

Reduce Your Risk
As with any risk, companies should evaluate the severity and potential frequency of visual privacy exposures to better understand their risk. An insurance broker can help determine if insurance coverage is available for these risks or if insurance premium credits may be available for implementing additional safeguards.

There are other steps any organization can take to reduce the risk of visual hacking. Working with IT departments and information-security officers, companies can implement small, easy changes to existing policies and procedures.

For example, companies can deploy privacy filters on laptops or mobile devices that darken screen data when viewed by onlookers from the side. These filters can also be fitted on device screens in an office to help limit the views of potential insider threats. For example, a receptionist should likely have such a privacy screen in place if his or her screen can be viewed by visitors.

Clean-desk policies should also be in place. Such a policy can reduce the display of sensitive information in printed and electronic forms when workers are away from their desks.

buy champix online medilaw.com/wp-content/uploads/2015/03/jpg/champix.html no prescription pharmacy

Workers should also be printing or storing sensitive information in locked areas and use crosscut shredders to destroy sensitive material.

buy aricept online medilaw.com/wp-content/uploads/2015/03/jpg/aricept.html no prescription pharmacy

Finally, because visual privacy can only exist if workers adhere to policies, training is obviously important. Workers should be trained on the importance of visual privacy and being aware of their surroundings. They should also receive regular training on an organization’s privacy policies and associated safeguards.

Tackle Uncertainty with Certainty
Visual privacy may seem like an additional, unnecessary risk management burden to bear. But, like any other potential threat to sensitive data, it deserves attention. After all, a visual hack can leave no trace of when, where or how it happened—and such uncertainties may become problematic when addressing a data breach.

The Data Analytics Adventure

Posted on by

Is your audience changing? Are your products still relevant and addressing customers’ needs? Are there opportunities for organization to predict—or least make an informed guess—about the future of the market or other trends? Answers to these difficult questions are often buried in the overwhelming amount of data organizations are already collecting and storing.

In this digital age, data analytics is a hot topic for businesses and their risk professionals. In fact, nearly half of the survey respondents (46%) from the RIMS MARSH Excellence in Risk Management XV survey agreed that to successfully become digital, using data and analytics to unlock value and make decisions faster was critical.

Where to begin?
Gathering, organizing and understanding data can be such a daunting task that many often choose to put it off for “another day.

buy minocin online orthosummit.com/wp-content/uploads/2023/10/jpg/minocin.html no prescription pharmacy

Paul Koziatek, Enterprise Risk Manager for Coca-Cola Beverages Florida, LLC and an upcoming presenter for the RIMS’ Aug. 2 webinar titled “Mother Lode—Driving Results from Your Data Analytics” offered strategies for risk professionals to get their hands dirty and embark on this data-crunching adventure.

Before getting started, risk professionals must realize that data analytics is an ongoing process, not a project. “One of the biggest misconceptions is that it is a one-off deal,” he said. “It’s the complete opposite. Data analytics is a living, breathing adventure. If you go in with a project-like mindset, you’ll be doomed from the start.”

A great advantage risk professionals have today is the software available to them. “There are a lot of risk professionals who are under the impression that data analytics software is expensive. That might have been the case several years ago, but now RMIS systems can be tailored to meet specific needs and purchased in pieces.”

Additionally, he notes that data analytics programs must constantly be reevaluated.  As information begins to trickle in, risk professionals might have to take a closer look at what they are requesting. “Risk professionals should examine and maintain the program frequently because the original variables used to obtain the data might not always produce the same outcomes.”

Engaging co-workers
A data analytics program requires information and clarification from various subject matter experts from a range of business units. To build these relationships, risk professionals need support from leadership to ensure others in the organization are committed to the process and aware of leadership’s expectations.

With that support, risk professionals can overcome a lack of urgency from others in the organization. “There is a potential to hear feedback such as ‘There is not enough time,’ or ‘We’ll get to that later.’ It is the risk professional’s job to help department leaders see that risk management can create value and is not just a cost-center,” Koziatek said. “Consider those experts as tools and resources. They are going to be the ones who pull the data and provide what it is you need.

buy cipro online orthosummit.com/wp-content/uploads/2023/10/jpg/cipro.html no prescription pharmacy

The ability to explain to those experts exactly what you need to get the job done is important. If that’s not accomplished, you can wind up with a bunch of usable or corrupt data.”

He added, “Sales, marketing and planning teams are a great place to start. In some organizations already have the tools, packages and software risk professionals need to analyze data.”

Quick Wins
Quick wins will be a bit different for every organization. Many data analytic adventures get started because of a legacy of bad workers’ compensation cases or a rash of claims against the organization. “For some, a quick win might be focusing the program on a hot, troublesome and expensive activity to quickly reduce the cost of the risk. Key to determining what might constitute a quick-win is understanding the business’s strategy. “Listen to the board of directors, to the CEO and CFO. Then tailor your analytics to that communication and help drive the company’s strategy,” Koziatek said.

Realizing the Value
Data analytics is like a treasure hunt.  With the right information, guidance and support, organizations and their risk professional can discover hidden potential, revenue streams, cost-saving measures and new opportunities.

More than figuring out where the weak points are for the organization, data analytics uncovers connections. “Data analytics is all about the correlation between different variables and outcomes.

buy cytotec online orthosummit.com/wp-content/uploads/2023/10/jpg/cytotec.html no prescription pharmacy

It offers great value by allowing risk professionals to identify those variables before it’s too late,” Koziatek said.

He points to workers compensation and employee-related injuries as an example of data analytics at its best. His organization found that the frequency of injuries and claims were highest among short-term employees (two years or less). Thus, the correlation between claims, length of employment and training were quickly realized. “Without data analytics it might take an organization much longer to really identify the root cause of the activity and, as time goes by, more money can be lost.”

Data analytics’ greatest value for the risk professional is its ability to justify and gain even more support for risk management initiatives. “There is nothing more important than having the data to back up my solutions, my ideas and my needs. That is what the board, senior executives and business leaders want to see. Without these analytics, their outcomes and the reports we produce as a result, it would be extremely difficult to ‘sell’ my ideas to leadership,” Koziatek concluded.

Lawfulness of Financial Crime Data Processing Under GDPR

Posted on by

Much that has been written about the General Data Protection Regulation (GDPR) relates to the burden of obtaining proper consents in order to process data. This general theme has provoked questions about whether and how financial institutions can process data to fight financial crime if they need consent of the data subject. While there are certainly valid questions, GDPR is much more permissive to the extent data is used to prevent or monitor for financial crime.

buy vidalista online https://www.rhythmedix.com/wp-content/uploads/2023/10/jpg/vidalista.html no prescription pharmacy

Clients and counterparties will often be more than happy to consent to data processing in order to participate in financial services. But consent can be withdrawn, so offering individuals the right to consent will give the impression that they can exercise data privacy rights which are not appropriate for highly-regulated activities.

Rather than relying on consent, the GDPR also permits (1) processing that is necessary for compliance with a legal obligation to which the controller is subject and (2) processing that is necessary for purposes of the legitimate interests pursued by the controller or a third party.

Some areas of financial crime prevention are clearly for the purpose of complying with a legal obligation. For example, in most countries there are clear legal obligations for monitoring financial transactions for suspicious activity to fight money laundering. The European Data Protection Supervisor stated in 2013 that anti-money laundering laws should specify that “the relevant legitimate ground for the processing of personal data should… be the necessity to comply with a legal obligation by the obliged entities….” The fourth EU Anti-Money Laundering Directive requires that obliged entities provide notice to customers concerning this legal obligation, but does not require that consent be received. And the U.K. Information Commissioner’s Office gave the example of submitting a Suspicious Activity Report to the National Crime Agency as a legal obligation which constitutes a lawful basis.

Very few commentators have attempted to cite a legal authority for anti-fraud legal obligations. The Payment Services Directive 2 (PSD2) requires that EU member states permit personal data processing by payment systems and that payment service providers prevent, investigate and detect payment fraud. But PSD2 has its own requirement for consent and this protection may fail without adequate implementing legislation in the relevant jurisdiction. Another possible angle is that fraud is a predicate offense for money laundering, and therefore the bank has an obligation to investigate fraud in order to avoid facilitating money laundering.

“Legitimate interests” are also permitted as a basis for processing. However, this basis can be challenged where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Financial institutions may not feel comfortable threading the needle between these ambiguous competing interests.

The GDPR makes clear, however, that several purposes related to financial crime should be considered legitimate interests. For example, “the processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest” and profiling for the purposes of fraud prevention may also be allowed under certain circumstances. It is also worth recognizing that many financial market crimes such as insider trading, spoofing and layering are often prosecuted under anti-fraud statutes.

Compliance with foreign legal obligations, such as a whistle-blowing scheme required by the U.S. Sarbanes-Oxley Act, are not considered “legal obligations,” but they should qualify as legitimate interests.

While legal obligations and legitimate interests do not cover all potential use cases, they should cover most traditional financial crime processing.

buy chloroquine online https://www.rhythmedix.com/wp-content/uploads/2023/10/jpg/chloroquine.html no prescription pharmacy

Some banks have been informing their clients that a legal obligation justifies their processing for AML and anti-fraud. Others have included legal obligations and/or legitimate interests as potential justifications for a laundry list of potential processing activities.

While the GDPR became effective earlier this year, financial institutions will continue to fine-tune their approaches based on continuing familiarity with the requirements and legal and regulatory developments. Financial institutions need to revisit their client notifications to make sure that they have disclosed their data processing in a manner that reserves their rights for financial crime purposes. They should also confirm that their financial crime processing adequately falls under a defensible basis. And with this basic housekeeping performed there is hopefully little disruption to their financial crime and compliance operations.

2Q Sees 2.5% Average P&C Rate Increase

Posted on by

Property and Casualty rates in the United States were up 2.5% on average in the second quarter of 2018, with continued tough conditions for trucking and auto, MarketScout reports.

“Insurers seem to have a longer memory these days. It’s hard to find a commercial insurer who hasn’t suffered from a book of auto/trucking risks in the past 10 years,” Richard Kerr, MarketScout chief executive officer said in a statement. He noted that  previous bad experiences and challenges have meant that fewer insurers are willing to write auto or trucking risks. “The demand is exceeding the supply so rates continue to trend upward,” he said.

Compared to the first quarter of 2018, property, auto, directors & officers and employment practices liability rates saw increases. Business Interruption and general liability rates moderated. Workers compensation rates dropped from minus 2% to minus 3%. All other coverage classifications held steady.
Transportation risks saw a notable rate increase, up 6% in the second quarter of 2018 compared to up 4% in the first quarter. Habitation, service, contracting and manufacturing risks saw a slight rate increase from the first quarter of 2018 to the second. All other industry groups remained unchanged, MarketScout said.
Small accounts saw a slight rate increase while all other accounts were unchanged from the first to the second quarter of 2018, according to MarketScout.