Category Archives: Emerging Risk

Want to scan your crypto wallet for risks? Check: AML check BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money. You may not be aware of a risky transaction and at any moment, even can increase your AML rating into the red zone.

RIMS ERM 2018: Earning the ‘Mandate’ and a ‘Seat at the Table’

Posted on by

MONTREAL – More than 300 risk management professionals and students attended the 2018 RIMS ERM Conference on Monday and Tuesday in an effort to gain insight from, and network with, the industry’s enterprise risk management leaders. Wisdom, data, and motivation within the ERM space were on tap during all the sessions and workshops.

buy proscar online sinusys.com/email/img/jpg/proscar.html no prescription pharmacy

On October 29, Martin Vilsoe, partner of the Implement Consulting Group, opened the two-day event by highlighting the importance of ERM’s worldwide capabilities and how to operationalize the best ERM practices. Vilsoe said that risk managers need to “earn the mandate” to work with ERM, and focused on the idea that risks can equal opportunities.

He said that ultimately the risk manager’s job when implementing an ERM framework is to “enable brave decisions” and to maintain an organization’s best direction. With a visual aid of a freighter and individual boats in an ocean, he rhetorically asked: “Is your framework similar to a supertanker or 15-speed boats going in separate directions?”

He also spoke to the importance of risk management’s value to an organization without the sole reliance on analytics.

“Risk management’s purpose is to show value. If it is about value, then we better bring it,” he said. “We don’t always communicate that. There’s a big difference between calculating and measuring value versus communicating value. You can do it without having complete proof – you shouldn’t lie to people, but you should tell them you’re doing something great for the organization.

buy addyi online sinusys.com/email/img/jpg/addyi.html no prescription pharmacy

He encouraged the audience to consider their current roles as a consultant – and the importance of “winning customers” in this alternate role. This involves some sales prowess, he said, and the ability to tell a core story or narrative that describes what you do to engage with stakeholders. Build a core story around the ERM program and send different messages to different stakeholders around your core story.

“I don’t see enough of this in risk management programs because of the idea that it is ‘too big,’ or ‘I can’t communicate it,’” he said. “You can do it. We have to move past that mentality.

buy chloroquine online sinusys.com/email/img/jpg/chloroquine.html no prescription pharmacy

“The misconceptions is that risk management is about IT systems. And if you’re thinking as a risk consultant, be aware that putting stuff in systems will not help you manage your risks. Your ability to facilitate awareness, promote decisions and execute them, will.”

Day 2

Dovetailing on the idea that risks can become opportunities, October 30 opened with “Advancing Risk Management: Having A Seat At The Table,” presented by Laura Cisi, the Clorox Company’s vice president of global risk management, and Soraya Wright, founder and CEO of SMW Risk Management Consulting LLC.

In a fireside chat-style setting, the duo used Clorox – a 105-year-old company – as a case study to demonstrate the effectiveness of its ERM initiatives.

A 25-year veteran of the risk management industry, Cisi has been with Clorox for the past four years and said her ERM initiatives evolved from being viewed as the “insurance department” to a “strategic business partner,” with Wright’s collaboration with Cisi’s team to take the company on its ERM journey.

The duo said its ERM framework was built on routines, which provide “an outline that enabled us to use [it] to use as a tool,” for decision-making and assessing its critical risks as well, such as embracing a change in its formula during the manufacturing process.

“We decided to convert from chlorine to high-strength bleach,” Cisi said. “That risk bubbled up through our ERM committee and the actions that needed to be taken, and the methodology behind that came up through ERM.”

ERM was also a key influence when assessing the decision in 2014 to close Clorox Venezuela and cease operations in the country. “‘Should we be the first to exit?’” was the question on stakeholders’ minds for a long time before they discontinued operations, Cisi said. The company was required to sell more than two-thirds of its products at prices frozen by the Venezuelan government. As a result, Clorox Venezuela had been selling its products at a loss, causing ongoing operating losses despite attempts to reach a pragmatic solution with the country’s government. “Looking back, it was a good decision.”

Ultimately, the risk manager’s seat is one of many at a table occupied by executives, stakeholders and the C-suite. Cisi and Wright advocated not for being the loudest one there – but for bringing sound ideas and options. And perhaps coincidentally, Cisi and Wright’s approach seem to be putting Vilsoe’s mantras of engagement and alignment into practice.

“I think every day we get to demonstrate ERM, and not something we just do annually. For example, the ways we engage with product development and business development – we used to be thought of as compliance… and a department that said ‘no,’ Cisi said. “To shift that conversation to create more open engagements where you say ‘I’m your partner and it’s my job to identify these risks. Ultimately, it’s your business decision as to whether or not you go forward with them.”

It was then, she continued, that the risk management department was being consulted on the potential for new products by executives and other groups.

“That was when the conversation shifted from risks to opportunities,” Cisi said, adding, “and that was something they could relate to.”

RIMS members can access the live, uncut audio from “A Seat At The Table” via RIMScast.

An all-access RIMScast episode featuring conference speakers is available here.

Resiliency in 2018: Q&A With BCI’s David Thorp

Posted on by

Organizational resiliency is a focus of the Business Continuity Institute (BCI) and executive director David Thorp. It was the theme of this year’s annual Business Continuity Awareness Week, which Risk Management Monitor covered in May, and was the focus of BCI’s updated manifesto.

We reached out to Thorp to get his insight on organizational resiliency, how businesses can improve their continuity plans and for ways to better incorporate them into their culture.

Risk Management Monitor: What companies have best demonstrated resilience?

David Thorp: A few examples of organizations that have displayed a high level of resilience are Apple, TomTom, and PostNL.

Apple displayed resilience when they reemployed Steve Jobs to reshape the company.

TomTom started by making software for Palm computers. It has dealt with a rapidly changing marketplace and over the years it has:

  • produced navigation software for PDAs (personal digital assistant)
  • produced its own navigation devices
  • developed live traffic information
  • acquired a digital mapping company
  • developed navigation software for smartphones
  • struck up deals with car manufacturers

PostNL (formerly TNT) has had to adapt to the decline in regular mail as well as tapping into the requirement to deliver more packages (outside working hours) as a result of an increase of web shops.

RMM:  What do organizations most commonly overlook in their continuity planning?

DT: Two most commonly overlooked aspects are keeping plans up to date and exercising/testing.

Business continuity management is often initiated as a project, usually assisted with external expertise. Internal personnel frequently have this role in addition to their “normal” functions. As the organization changes, these plans often get overlooked. After one or two exercises have been carried out, the focus on exercising quickly diminishes.

Unfortunately, these two aspects have a large impact on the ability to recover as planned. It could be argued that this is an indication of a lack of management commitment.

RMM: Why do so many companies overlook their continuity planning and emergency preparedness?

DT: The biggest reason is that it is not a requirement for many organizations. When not required by a regulator or a customer, the organization must:

  1. know about continuity planning and emergency preparedness
  2. understand their risk
  3. understand its value before there is a possibility of it being implemented

By not having done a risk or impact analysis, it is also easy for organizations to think that a disruptive event will not happen to them and therefore not worth the hassle and investment.

RMM: How much time and effort does creating and initiating a business continuity plan take?

DT: This depends on the size and complexity of the organization, the ambition level and the resources available. For small organizations, it is possible to create and exercise plans within a month—but this would typically take a little longer as the required people will also have other tasks. For a large and more complex organization, it may take two-to-three years to reach the desired maturity level.

RMM: What advances would you like to see the global risk management community achieve with regard to planning and preparedness?

DT: I would like to see a better understanding of each other’s disciplines and a better collaboration between them. There is much overlap between the two disciplines and with better collaboration, we can more efficiently and effectively minimize risks and improve the continuity. We are currently working on better understanding how we achieve synergy between business continuity and risk management. We see this as being a prerequisite for achieving organizational resilience. Collaboration with other disciplines is also necessary.

RMM: We’ve seen examples of reputation crises that have in some cases forced companies to close. How can organizations avoid these pitfalls?

DT: A major factor in managing the extent of the reputation damage is the quality of the crisis communication. How well and honestly you inform those affected and of course how you deal with social media makes the difference in how you are perceived. The subsequent actions need to be in line with the messages communicated.

RMM: What has changed in the BCI’s Manifesto for Organizational Resilience that risk professionals should know about?

DT: The manifesto is built on the simple premise that resilience is not the responsibility of one part of the organization—it is the responsibility of discipline within an organization working closely together toward a common purpose. Risk Management, emergency planning, disaster recovery, security, facilities management, business continuity management, supply chain management, IT management, HR management…all have an equal role to play in delivering resilience.

The manifesto contains our undertaking to seek out alliances with other professional bodies along the spectrum of what might be termed “resilience disciplines” in order to work collaboratively. This would make organizations more resilient than if we each work within our own silo.

New RIMS Report Delivers a ‘Wakeup Call’ To Risk Managers

Posted on by

According to the new RIMS report, Enterprise Risk Management’s Wakeup Call: 10 Years After, an increasing number of organizations are at least partially integrating ERM into their frameworks as they prepare for the possibility of another financial crisis or a new threat.

“The evidence shows that risk management has evolved from a promising but somewhat perfunctory exercise into a strategic management competency,” said RIMS Vice President of Strategic Initiatives Carol Fox, who authored the report. “Even so, given increasingly uncertain times, risk management professionals would be unwise to declare victory or become complacent.”

The 10 Years After report highlights a range of perspectives from executives, officers and risk professionals who represent banking, higher education, technology, health care, transportation, and a federal agency. These professionals offer their perspectives on where ERM stands today. In fact, one shared observation is that the factors which contributed to the crisis are resurfacing, but that ERM can help protect against them. As one technology officer noted: “…as soon as people are introduced into the equation, things change and risks are introduced into the process. While financial models and robot investing are agnostic, once you introduce people, their biases come back into play and disrupt the integrity of those models.”

The integration of ERM programs—even partially—has seen a slow-but-steady climb in the past decade. The report cites statistics from recent RIMS surveys, showing that 92% of financial institutions have fully or partially integrated ERM programs since the housing market crisis. Full integration, however, may be the key to protection and value—and this is accordingly the most daunting, long-term task. “At any point in time, changes in an organization itself, given myriad complexities and disruptions, may take focus away from full integration,” Fox said.

The report discusses what the experts and their industries learned from the financial crisis in the way of risk appetite and regulatory systems. By examining recent literature and studies to better understand the risks facing organizations, the report challenges risk professionals to deliver programs that generate value.

It also offers insight as to what organizations should consider as they further integrate programs. Changes in legislation, interest rates and the volatility of cryptocurrencies are on the collective radar as risk professionals look to the future.

“[bitcoin’s] future is unknown, especially given its recent run-up and sudden devaluation,” the technology officer said. “Cryptocurrency could become problematic because of scale—particularly if someone figures out a way to short-sell it much like what occurred with CDOs.”

Enterprise Risk Management’s Wakeup Call: 10 Years After is available to RIMS members only for the first 60 days. After the introductory period, it will become available to the broader risk management community. You can download the report via Risk Knowledge.

Complementary to the report, Risk Management Monitor recently published Compliance in 2018: Q&A with James Reese of the SEC, highlighting how the SEC views organizational risk management.

Uptick Charted in Telemedicine Cyberrisk

Posted on by

Advances in telemedicine have benefited patients, but, as with any emerging technology, they also create exposure to cybersecurity risk.

buy xenical online thecifhw.com/wp-content/uploads/2023/10/jpg/xenical.html no prescription pharmacy

In addition to patients’ data, monitoring and diagnostic devices that can provide treatment from a distance can be compromised due to a variety of causes—from hackers to employee error.

Because of a drastic increase in internal threats, cyber events have become a prevalent threat—with alarming consequences for employers and patients. While malicious actors are perceived as a major threat, 43% of healthcare cyber events are the result of internal threats, according to The Identity Theft Resource Center’s 2017 Annual Data Breach Year-End Review.

The study found that hacking continues to rank highest in the type of attack, at 59.

buy tenormin online thecifhw.com/wp-content/uploads/2023/10/jpg/tenormin.html no prescription pharmacy

4 % of breaches—an increase of 3.2% over 2016 figures. Overall, the Review indicates a drastic upturn, with a 44.7% increase over the record high figures reported for 2016.

buy seroquel online thecifhw.com/wp-content/uploads/2023/10/jpg/seroquel.html no prescription pharmacy

Here’s more information on cyber breaches and other potentially damaging threats: