Category Archives: Emerging Risk

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

The Risky ‘Business of Art’ Explored at Observer Event

Posted on by

From left: Massimo Sterpi, Elena Zavelev, Anne Bracegirdle, Devin Finzer, Curt Bilby / Photo: Keith Sherman & Associates

NEW YORK—On May 21, the Observer’s inaugural “Business of Art Observed” event brought experts in art, insurance, risk management, tech and finance to the Roosevelt Hotel to discuss established and emerging risks facing the $50 billion art industry.

The “Insurance and Risk Management” session wasted no time exploring creative risk and claims management approaches to the various forms of potential damage to artwork. From transit to security to geopolitical risk, panelists agreed fine art coverage is not a paint-by-numbers process, and said the “framing of a claim” can facilitate a payment.

“Insurance companies get a bad reputation,” said Mary Pontillo, senior vice president and national fine art practice leader at DeWitt Stern. “But the higher-end, really good-quality insurance companies are looking for ways to pay claims. I think that’s where there are a lot of misconceptions.”

For example, she mentioned advising a client whose work was being kept on a yacht. While certain maritime and environmental risks such as humidity were not covered by the policy, she was able to demonstrate that ocean spray had been the source of the damage and successfully get the claim covered.

The session discussed modernizing risk management in the art market and how the industry should apply forensic due diligence to transactions and ensure they view all business activities through a lens of strategic risk. And with transparency cited as a continuous challenge, Dennis Wade, a senior partner at Wade Clark Mulcahy, LLP, who has handled international fine art matters, pointed out the importance of reputation risk when drafting a policy.

“Many policies also contain an exclusion for the dishonesty of the person to whom you deliver or entrust the goods,” Wade said. “So if you consign a work to a corrupt gallerist, there may be an exclusion in your policy and you may not be covered at all.”

The emergence of blockchain technology dominated discussion at another session, “Art Market 2.0: Using Art & Technology to Drive the Industry Forward.” According to panelists, authentication and secure transactions have risen to the top of their risk registers. New Art Academy Founder Elena Zavelev said blockchain’s ability to put individual faces on digital artwork has mostly solved the prior risk of unauthorized duplications, forgeries, and fraud. Zavelev and her co-panelists said blockchain may facilitate a long-term change in the way art is created, sold, curated and insured by improving the ability to track a work’s provenance.

Christie’s AVP Anne Bracegirdle said the masterstroke for streamlining the authentication process is to create a digital, industry-wide registry. Tokenizing original works, she said, would simplify the experience of buying, selling and trading. “If each piece had its own digital identity that would stay the same, no matter where it went, it would instantly provide secure provenance and prices,” Bracegirdle said. “There are companies like Consensus and Microsoft working to create distributed identity networks. The security within that could be applied to scale blockchain—regardless of which blockchain you’re interacting with. Digital identities would provide clients with access to all their consignments and their purchases in one consolidated space, which currently doesn’t exist.”

The evolution of art was also a hot topic during this session since what’s considered a “finished piece” is no longer just a physical canvas. Digital, virtual and even crypto-art may be in their relative infancy but these are gaining global popularity and could significantly influence the industry, said Devin Finzer, co-founder and CEO of OpenSea, a peer-to-peer marketplace for crypto collectibles, gaming items, and digital art.   

“[Owning digital products] has always been confined to a specific ecosystem, like event tickets to a ticketing site,” Finzer said. “Blockchain offers a new type of ownership for these digital assets and it’s exciting for digital art because you can own it in a variety of [digital forms]. Right now, we see the enthusiasm is from tech enthusiasts, but I think over time these ideas around digital ownership will cross over to a mainstream crowd who appreciate the art more than the technology.”

Saint Joseph’s University Wins Spencer-RIMS Risk Management Challenge

Posted on by

BOSTON—Students from Saint Joseph’s University won the Spencer-RIMS Risk Management Challenge at RIMS 2019. Comprising team members Joseph Angelina, Katherine Branson, Ashley Myers, Daniel Tan, and academic advisor Michael Angelina, the winners earned $4,000 for the risk management program they developed and presented at the conference here in Boston this week. Second and third place went to St.

buy symbicort inhaler online meadfamilydental.com/wp-content/uploads/2023/10/jpg/symbicort-inhaler.html no prescription pharmacy

Mary’s University and Butler University, which won ,000 and ,000, respectively.

buy oseltamivir online meadfamilydental.com/wp-content/uploads/2023/10/jpg/oseltamivir.html no prescription pharmacy

The case study for this year’s challenge came from Robert Zhang, RIMS board director and the risk and compliance director for IKEA China. Zhang tasked the students with identifying the top five risks of integrating new physical and digital commerce options for customers.

In determining a winner, the fine print proved critical, with the best presentations specifically focusing on the core part of the prompt: given digital transformation and shifting consumer preferences, what are the key risks involved as such a massive company innovates and evolves?

The winning team took a useful, strategic approach to risk management that could be flexible for the company to adapt and use going forward.

“They provided a true strategic view of IKEA’s risks as they transition from traditional brick-and-mortar into a multi-channel retailer, and they provided IKEA with a strategic framework that can be built out with tactical options,” said Andrew Bent, risk director at Sage and one of the challenge judges.

This year’s Spencer-RIMS Risk Management Challenge drew more entries than ever before, with teams from 28 schools initially submitting papers on the case study. And the competition was strong—according to Louis Drapeau, who served as a judge, they could not pick a top eight submissions, as anticipated, so they invited nine teams for the in-person presentation rounds here in Boston.

buy tamiflu online meadfamilydental.com/wp-content/uploads/2023/10/jpg/tamiflu.html no prescription pharmacy

Poise and pertinent PowerPoint slides reflected the strong presentation skills of the top three teams, Drapeau noted. RIMS CEO Mary Roth had a similar impression, praising all of this year’s participants as impressive aspiring additions to the risk management community. “Beyond the remarkable presentations delivered by each university team, our Spencer-RIMS Risk Challenge students continue to demonstrate the highest-degree of professionalism and an exceptional grasp of sophisticated concepts,” she said.

Pregnancy-Tracking Apps Pose Challenges for Employees

Posted on by

As more companies embrace health-tracking apps to encourage healthier habits and drive down healthcare costs, some employees are becoming uncomfortable with the amount and types of data the apps are sharing with their employers, insurance companies and others.

This is especially true for apps that track fertility and pregnancy. As the Washington Post recently reported, these apps collect huge amounts of personal health information, and are not always transparent about who has access to it. The digital rights organization Electronic Frontier Foundation even published a paper in 2017 titled The Pregnancy Panopticon detailing the security and privacy issues with pregnancy-tracking apps. Employers can also pay extra for some pregnancy-tracking apps to provide them with employees’ health information directly, ostensibly to reduce health care spending and improve the company’s ability to plan for the future.

Given the documented workplace discrimination against women who are pregnant or planning to become pregnant, users may worry that the information they provide the apps could impact employment options or treatment by colleagues and managers. Pregnancy-tracking apps also collect infinitely more personal data than traditional health-tracking apps and devices like step-counters or heart rate monitors. This can include everything from what medications users are taking and when they are having sex or their periods, to the color of their cervical fluid and their doctors’ names and locations.

Citing discomfort with providing this level of information, the Washington Post reported some women have even taken steps to obscure their personal details when using the apps, for fear that their employers, insurance companies, health care providers or third parties may have access to their data and could use it against them in some way. They use fake names or fake email addresses and only give the apps select details or provide inaccurate information. Fearing the invasion of their newborn children’s privacy, some have even chosen not to report their children’s births on the apps, despite this impacting their ability to track their own health and that of their newborn on the app.

Like many other apps or online platforms, it may be difficult to parse out exactly what health-tracking apps are doing with users’ information and what you are agreeing to when you sign up. When employers get involved, these issues get even more difficult. By providing incentives—either in the form of tangible rewards like cash or gift cards, or intangible benefits such as looking like a team player—companies may actually discourage their employees from looking closely at the apps’ terms of use or other key details they need to fully inform the choice to participate or not.

While getting more information about employees’ health may offer ways to improve a workforce’s health and reduce treatment costs, companies encouraging their employees to use these apps are also opening themselves up to risks. As noted above, apps are not always transparent as to what information they are storing and how. Depending on the apps’ security practices, employees’ data may be susceptible to hacking or other misuse by third-party or malicious actors. For example, in January 2018, fitness-tracking app Strava released a map of users’ activity that inadvertently exposed sensitive information about military personnel’s locations, including in war zones. Given the kinds of personal details that some apps collect, health app data could also put users at risk of identity theft or other types of fraud.

Tracking, storing, and using workers’ personal health information also exposes employers and insurance companies to a number of risks and liabilities, including third-party data storage vulnerabilities and data breaches. This is especially important in places governed by stringent online data protection regulations like the European Union’s General Data Protection Regulation (GDPR). In addition to the risks of reputation damage, companies that are breached or otherwise expose employees’ personal information could face significant regulatory fines.

People using health-tracking apps, especially fertility-related apps, should weigh the costs and benefits of disclosing personal information against how apps and others are using this information. Companies who encourage their employees to use these apps and collect their personal health details should also be as transparent as possible about how they are using it, and implement measures to protect workers’ personal data to the fullest extent possible and ensure that managers are not using this data to discriminate against workers.

Should Companies Ban USBs?

Posted on by

Earlier this month, a Chinese woman was arrested after attempting to enter President Donald Trump’s Mar-a-Lago resort while in possession of a number of suspicious electronic devices, including a USB flash drive. Apparently, the drive contained code that allows malicious software to run immediately after being plugged in, though it is still unclear what kind of malware it was. According to news reports, law enforcement also found nine other USB drives in the woman’s hotel room. If someone was able to connect a USB device to a computer on the resort’s network, attackers might be able to access all sorts of sensitive information and potentially gain control of machines on the network.

Historically, USB use has also aided insider threats, whether in the form of employees inadvertently infecting a corporate device or network with a found USB drive, or purposefully causing an infection or removing sensitive information via USB. In perhaps one the most high-profile of such cases, Edward Snowden reportedly removed NSA documents from a Hawaii facility on a flash drive before fleeing the country and providing those documents to members of the media.

Beyond the headlines, these devices continue to pose everyday risks. People mindlessly plug in flash drives, or carry their business’s most important documents on them that could accidentally be left in a hotel room or at a conference packed with corporate rivals. As companies evaluate their security policies and how to best secure their data, many are moving away from using USB or even banning them outright.

In May 2018, IBM did just that. The company’s global chief information security officer Shamla Naidoo said that IBM “is expanding the practice of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive),” and that the prohibition would apply to IBM operations worldwide, who will now rely entirely on the company’s cloud-based storage. Naidoo cited the danger of missing storage devices leading to “financial and reputational damage” as the motivation for the prohibition going forward, and acknowledged that the move may be disruptive for some departments and employees.

A 2016 University of Illinois study also showed that the now-proverbial nightmare scenario of an employee inserting a USB they found in a parking lot is actually realistic. After dropping 297 flash drives on a university campus, researchers found that people opened one or more files on 45% of the drives without taking any precautions, and that people moved 98% of the drives from the drop locations. The study’s authors noted that their results suggested that people may have picked up the drives and opened files motivated by altruism (finding the owner) and curiosity. But regardless of intent, simply plugging a flash drive into company computer can unleash any number of viruses, malware, or other cyber maladies on the company’s network.

Of course, doing away with USBs is also not a security panacea. As always, the user is the weakest part of any IT security plan, and even if a business does decide to ban USB storage devices and move their data storage to cloud-based options, employees should still be trained on password protection strategies and other security hygiene best practices. To make employee cyber-awareness training more effective, check out these tips from Risk Management.