Category Archives: Business

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

Resiliency in 2018: Q&A With BCI’s David Thorp

Posted on by

Organizational resiliency is a focus of the Business Continuity Institute (BCI) and executive director David Thorp. It was the theme of this year’s annual Business Continuity Awareness Week, which Risk Management Monitor covered in May, and was the focus of BCI’s updated manifesto.

We reached out to Thorp to get his insight on organizational resiliency, how businesses can improve their continuity plans and for ways to better incorporate them into their culture.

Risk Management Monitor: What companies have best demonstrated resilience?

David Thorp: A few examples of organizations that have displayed a high level of resilience are Apple, TomTom, and PostNL.

Apple displayed resilience when they reemployed Steve Jobs to reshape the company.

TomTom started by making software for Palm computers. It has dealt with a rapidly changing marketplace and over the years it has:

  • produced navigation software for PDAs (personal digital assistant)
  • produced its own navigation devices
  • developed live traffic information
  • acquired a digital mapping company
  • developed navigation software for smartphones
  • struck up deals with car manufacturers

PostNL (formerly TNT) has had to adapt to the decline in regular mail as well as tapping into the requirement to deliver more packages (outside working hours) as a result of an increase of web shops.

RMM:  What do organizations most commonly overlook in their continuity planning?

DT: Two most commonly overlooked aspects are keeping plans up to date and exercising/testing.

Business continuity management is often initiated as a project, usually assisted with external expertise. Internal personnel frequently have this role in addition to their “normal” functions. As the organization changes, these plans often get overlooked. After one or two exercises have been carried out, the focus on exercising quickly diminishes.

Unfortunately, these two aspects have a large impact on the ability to recover as planned. It could be argued that this is an indication of a lack of management commitment.

RMM: Why do so many companies overlook their continuity planning and emergency preparedness?

DT: The biggest reason is that it is not a requirement for many organizations. When not required by a regulator or a customer, the organization must:

  1. know about continuity planning and emergency preparedness
  2. understand their risk
  3. understand its value before there is a possibility of it being implemented

By not having done a risk or impact analysis, it is also easy for organizations to think that a disruptive event will not happen to them and therefore not worth the hassle and investment.

RMM: How much time and effort does creating and initiating a business continuity plan take?

DT: This depends on the size and complexity of the organization, the ambition level and the resources available. For small organizations, it is possible to create and exercise plans within a month—but this would typically take a little longer as the required people will also have other tasks. For a large and more complex organization, it may take two-to-three years to reach the desired maturity level.

RMM: What advances would you like to see the global risk management community achieve with regard to planning and preparedness?

DT: I would like to see a better understanding of each other’s disciplines and a better collaboration between them. There is much overlap between the two disciplines and with better collaboration, we can more efficiently and effectively minimize risks and improve the continuity. We are currently working on better understanding how we achieve synergy between business continuity and risk management. We see this as being a prerequisite for achieving organizational resilience. Collaboration with other disciplines is also necessary.

RMM: We’ve seen examples of reputation crises that have in some cases forced companies to close. How can organizations avoid these pitfalls?

DT: A major factor in managing the extent of the reputation damage is the quality of the crisis communication. How well and honestly you inform those affected and of course how you deal with social media makes the difference in how you are perceived. The subsequent actions need to be in line with the messages communicated.

RMM: What has changed in the BCI’s Manifesto for Organizational Resilience that risk professionals should know about?

DT: The manifesto is built on the simple premise that resilience is not the responsibility of one part of the organization—it is the responsibility of discipline within an organization working closely together toward a common purpose. Risk Management, emergency planning, disaster recovery, security, facilities management, business continuity management, supply chain management, IT management, HR management…all have an equal role to play in delivering resilience.

The manifesto contains our undertaking to seek out alliances with other professional bodies along the spectrum of what might be termed “resilience disciplines” in order to work collaboratively. This would make organizations more resilient than if we each work within our own silo.

Starbucks And Coffee Industry To Reassess Strategies

Posted on by

The coffee industry is poised for moderate growth in the next five years, but is warned of an emerging risk: an informed consumer, according to a recent IBISWorld report.

“Despite long-term, aggregate declines in healthy eating, consumers are more aware of health issues associated with fatty foods and are increasingly going out of their way to avoid them,” its latest Coffee & Snack Shops industry report notes. Consumers who are more aware of the nutritional information of a Starbucks Frappuccino, for example, may be less inclined to make repeat purchases. “The healthy eating index is expected to stagnate [in] 2018, but as consumers’ diets progressively improve, this driver continues to pose a threat to industry operators,” IBISWorld said.

Last week, in Starbucks’ financial release, President and CEO Kevin Johnson acknowledged his clientele’s evolving tastes. “We must move faster to address the more rapidly changing preferences and needs of our customers,” he said.

And so, with the Seattle-headquartered roaster and retailer leading the charge, the industry is expected to get creative and a bit more versatile. In its five-year forecast, IBISWorld suggests that coffee alone can no longer fuel the industry’s expansion, which is expected to stay resilient at an annualized rate of 0.9% to $51 billion. “Nontraditional, high-margin menu items, such as iced coffee drinks, breakfast items and wraps,” featured in “unsaturated markets while experimenting with different store formats,” will help generate growth, the report stated.

Furthermore, the collective habits may change everything from coffee retailers’ food and beverage offerings to their physical store layouts. The IBISWorld report stated:

Major operators, such as Starbucks and Dunkin’ Donuts, are expected to expand their menus and remodel the designs of their locations over the five years to 2023 to increase sales and draw a wider range of customers.

Assessing the Risk of Growth
The forecast was certainly prophetic, considering that Starbucks announced plans to close 150 stores due to underperformance just last week. It seems that more manageable expansion efforts will level some profit margins; where Starbucks wanted to hit 3-5% growth, 1% is more pragmatic. According to the company’s statement:

Starbucks is optimizing its U.S. store portfolio at a more rapid pace in FY19, including shifting new company-operated store growth to underpenetrated markets, slowing licensed store growth, and increasing the closure of underperforming company-operated stores in its most densely penetrated markets to approximately 150 in FY19 from a historical average of up to 50 annually. In FY19, this will result in a slightly lower growth rate in net new company-operated stores. 

Last August, Risk Management Monitor reported that Starbucks’ expansion efforts were to the point that there was almost a store on every corner—with an estimated 3.6 locations within a one-mile radius of each other. The realization marked the end of an aggressive growth strategy, in which 8,000 shops were added over a seven-year period. It was also underscored by a 1% downgrade in its share price. IBISWorld still ranks ‘Bucks as the leader of the coffee and snack shops market in the U.S. with a 23.2% market share (followed by Dunkin’ Brands at 17%), and the move is apparently part of a refocused strategy.

Michael J. Mazarr, a senior political scientist at RAND Corporation noted that reassessing Starbucks’ growth rate will help maintain its leadership status. And while businesses can learn by following the company’s example, they should ask deeper, more strategic questions.

“Clearly a major risk to a company like [Starbucks] would be even a modest swing in consumers who believe that the company has gotten too big. The fascinating questions would be: ‘To what extent did they analyze this?,’ ‘anticipate possible changes?,’ ‘think clearly about risks and outcomes?,’ and ‘did they get some assumptions or expectations slightly wrong?” Mazarr told Risk Management Monitor. “Businesses obviously have invalid expectations all the time—not all of those cases are examples of failed risk management or being blind to consequentialist thinking. Sometimes they are trying to think deeply and rigorously about consequences; they just guess wrong.”

Mazarr has contributed to Risk Management magazine with an article exploring consequence management and the “character of risk,” which you can read here.

Despite A ‘Near-Average’ Forecast, Hurricane Flooding May Increase

Posted on by

With so many businesses and individuals affected by Hurricanes including Maria, Harvey and Irma in 2017, risk managers and insurers are looking to revised forecasts of this year’s hurricane season for a glimmer of hope that 2018 will not bring the same destruction. They may have found it in new information released by Colorado State University, which indicates that a near-average season is likely. It predicts 14 named storms between now and Nov. 30, of which six would become hurricanes. But the caveat is that one immense storm during a “near-average” season can still wreak havoc on businesses and homes.
The criteria is heavily based on the number of hurricanes and not their economic impact. Look to other years with similar buzzword descriptors to determine if its impact is included in your organization’s systematic risk.

“The years 1960, 1967 and 2006 had near-average Atlantic hurricane activity, while 1996 and 2011 were both above-normal hurricane seasons,” said Phil Klotzbach, research scientist in the Department of Atmospheric Science and lead author of the report.

Most of those years endured damage caused by heavy tropical storms—the most noteworthy was 2011 when Hurricane Irene touched down and ultimately cost $15 billion alone. Klotzbach’s team predicts that 2018 hurricane activity will be about 135% of the average season. By comparison, 2017’s hurricane activity, highlighted by Harvey, Irma and Maria, exceeded average season expectations by about 245%.

Given the outlook, experts are still optimistic about the insurance industry’s resilience. A recent Moody’s report noted that despite last year’s losses, the reinsurance industry has sufficient capital to absorb hurricane-related claims.

“Hurricanes, particularly Harvey, Irma and Maria, alongside other catastrophe events last year wiped out a number of reinsurers’ profitability for the year and drove the sector’s profitability to its lowest level since 2005,” analyst Rocio Nunez said in a statement.

Here Comes The Flood
There is another risk associated with hurricanes that could also explain the rising costs and number of claims. The storms themselves—not their windspeeds—have been moving slower than they did 70 years ago. With the collective pace of weather systems slowing down, the risk for flooding increases. Jim Kossin, a researcher at the National Oceanic and Atmospheric Association (NOAA), recently published findings and offered some theories to explain why storms and hurricanes are overstaying their welcome.

According to his recent report, A Global Slowdown of Tropical Cyclone Translation Speed:

One thing scientists do know is that the location where tropical cyclones reach maximum intensity has been shifting toward the poles. And, this may be related to or even causing the overall slowdown.

Using the ‘operational best-track’ data from the Automated Tropical Cyclone Forecasting System (ATCF), the 2017 mean-over-land Atlantic translation speed is 17.9 km h-1, which is at the slowest 20th percentile of over-land translation speeds for the period since 1949.

Some experts believe that global warming also contributes to the slower pace since it “weakens the summertime circulation of the atmosphere in the tropics.” Still, a stalled hurricane and ongoing precipitation may be too much for some infrastructures to handle, as was demonstrated in Houston last year.

Hindsight
The 2017 hurricane season was undoubtedly a wakeup call for the United States, as it saw 12 named storms causing 100 deaths—68 from Hurricane Harvey alone—and is considered the 17th deadliest hurricane season since 1990. With regard to economic impact, last year’s natural disasters between June 1 and Nov. 30 caused $200 billion in reported damages, making it the second-costliest season on record behind the 2005 season.

“Hurricane Harvey was a different beast—its movement stalled because of high pressure regions that essentially blocked its path. It’s not clear whether we’ll see that specific situation more commonly as the world warms,” an Ars Technica article noted. Other ways in which climate change contributed to Harvey’s impact—like warmer ocean water and warmer air holding more water vapor—are more obvious.

Risk Management Monitor reported that the majority of senior executives of large U.S. companies with operations in Texas, Florida or Puerto Rico admitted to being unprepared for the hurricanes that devastated their communities in 2017. According to a survey by FM Global, 64% of respondents said the hurricanes had an adverse impact on their operations, a full 62% said they were not entirely prepared.

New RIMS Report Delivers a ‘Wakeup Call’ To Risk Managers

Posted on by

According to the new RIMS report, Enterprise Risk Management’s Wakeup Call: 10 Years After, an increasing number of organizations are at least partially integrating ERM into their frameworks as they prepare for the possibility of another financial crisis or a new threat.

“The evidence shows that risk management has evolved from a promising but somewhat perfunctory exercise into a strategic management competency,” said RIMS Vice President of Strategic Initiatives Carol Fox, who authored the report. “Even so, given increasingly uncertain times, risk management professionals would be unwise to declare victory or become complacent.”

The 10 Years After report highlights a range of perspectives from executives, officers and risk professionals who represent banking, higher education, technology, health care, transportation, and a federal agency. These professionals offer their perspectives on where ERM stands today. In fact, one shared observation is that the factors which contributed to the crisis are resurfacing, but that ERM can help protect against them. As one technology officer noted: “…as soon as people are introduced into the equation, things change and risks are introduced into the process. While financial models and robot investing are agnostic, once you introduce people, their biases come back into play and disrupt the integrity of those models.”

The integration of ERM programs—even partially—has seen a slow-but-steady climb in the past decade. The report cites statistics from recent RIMS surveys, showing that 92% of financial institutions have fully or partially integrated ERM programs since the housing market crisis. Full integration, however, may be the key to protection and value—and this is accordingly the most daunting, long-term task. “At any point in time, changes in an organization itself, given myriad complexities and disruptions, may take focus away from full integration,” Fox said.

The report discusses what the experts and their industries learned from the financial crisis in the way of risk appetite and regulatory systems. By examining recent literature and studies to better understand the risks facing organizations, the report challenges risk professionals to deliver programs that generate value.

It also offers insight as to what organizations should consider as they further integrate programs. Changes in legislation, interest rates and the volatility of cryptocurrencies are on the collective radar as risk professionals look to the future.

“[bitcoin’s] future is unknown, especially given its recent run-up and sudden devaluation,” the technology officer said. “Cryptocurrency could become problematic because of scale—particularly if someone figures out a way to short-sell it much like what occurred with CDOs.”

Enterprise Risk Management’s Wakeup Call: 10 Years After is available to RIMS members only for the first 60 days. After the introductory period, it will become available to the broader risk management community. You can download the report via Risk Knowledge.

Complementary to the report, Risk Management Monitor recently published Compliance in 2018: Q&A with James Reese of the SEC, highlighting how the SEC views organizational risk management.