Category Archives: Emerging Risk

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

Travel Risk Management for LGBTQ+ Employees

Posted on by

LGBTQ+ travelers can face unique challenges when traveling abroad—many countries do not legally recognize same-sex marriage and more than 70 countries consider consensual LGBTQ+ relationships a crime. If an employee travels on business to a country where their sexual orientation or expression of gender identity is criminalized, an extra layer of complexity is added to duty of care responsibilities. Corporate risk managers need to consider how to best protect employees in a way that doesn’t make them feel singled out, working with them to stay safe and respect local laws without compromising their own values. 

This process begins by providing up-to-date guidance on laws and cultural variations as part of an organization’s duty of care. Attitudes towards the LGBTQ+ community vary considerably around the world, and employers therefore need to shape their duty of care policies around a wide range of considerations, both legal and cultural.

Understand the Law

Risk managers need to ensure they have relevant and up-to-date information at hand to fully understand the traveler’s destination. There are nuances within each country’s legislation, and acceptance can vary dramatically even within different regions of the same country, also evolving over time. Employees need to be informed of the laws to which they will be subject at their destination before they travel. Duty of care procedures should incorporate pre-travel advice and awareness, educating employees on what to expect when on business travel as well as how to respond and whom to contact in an emergency.

Legislation may impact an employee’s behavior in a given destination and travel managers can provide advice on best practices. In the United Arab Emirates for example, transgender, gay and gender nonconforming people have been arrested for violating a law against men “disguised” as women. To the extent possible, it is best for travelers in these countries to remain in resort areas and for same-sex couples to refrain from holding hands, hugging or kissing in public.

Understand the Culture

In addition to local laws, social norms are another factor to consider for deciding whether a destination is safe. While many countries officially recognize homosexuality and allow gender confirmation measures, some communities within these “safe” countries still harbor prejudice against the LGBTQ+ community. In such environments, LGBTQ+ travelers who engage in open displays of affection with each other or appear gender nonconforming may be at risk of harassment and assault, and may also feel intimidated when reporting the incident to local police. There may be few or no local venues that provide a safe space for members of the LGBTQ+ community and the risk of hate crimes and police raids at such establishments cannot be ruled out. Travelers are advised to maintain a low profile in countries that lack full protection for the LGBTQ+ community and exercise caution about where and with whom to discuss related topics in public spaces.

Social media can also put travelers at risk. For example, while dating apps can help people connect with local members of the LGBTQ+ community when traveling or relocating for work, employees should be advised to exercise caution if they plan to use these in communities that are not LGBTQ-friendly. In Russia, where prejudice is widespread and a law against “gay propaganda” has been in effect since 2013, far-right activists and gang members have used dating apps to lure gay men to assault and extort them. Prior to travel, risk managers should advise employees to review privacy settings on social media platforms and reconsider the use of dating applications while abroad.

With some countries still refusing to accept—let alone recognize—the LGBTQ+ community, LGBTQ+ employees often feel compelled to take additional precautions that others would not have to even consider. However, corporate risk managers can help employees to stay safe while on business travel by being aware of the local laws and social norms of the destination before departure.

For other guidance on how to support LGBTQ+ employees and advance diversity, equity and inclusion programs, check out these additional pieces from Risk Management Magazine and the Risk Management Monitor:
Beyond Pride: Building Strong Diversity and Inclusion Programs
The LGBT Travel Risk Dilemma
The Benefits of Diversity & Inclusion Initiatives
Engaging Employees in Their Own Duty of Care
Developing a Strategy for Transgender Workers
The Case for Effective DE&I Training

New York City’s New Biometric Information Law Governs Collection and Use of Consumer Health Data

Posted on by

For risk professionals, the COVID-19 pandemic has increased the importance of ensuring customer and employee safety measures are incorporated into operations, processes and future strategies. As many businesses reopen from pandemic shutdowns or return from remote work arrangements, some enterprises are now exploring both the effectiveness and the risks associated with conducting health screenings that collect biometric information and other personal health data.

This month, New York City released the Biometric Information Law, a new measure that goes into effect on July 9 and imposes disclosure requirements on businesses that collect consumer biometric information.

online pharmacy ciprodex with best prices today in the USA

It also sets parameters on what they can do with that information, most importantly, prohibiting the exchange of biometric information for anything of value.

As detailed in recent client notice from the law firm Reed Smith, highlights from the law include:

  • The measure requires a business that “collects, retains, converts, stores or shares biometric identifier information of customers” to place a “clear and conspicuous sign” near all consumer entrances that, in plain language, discloses the collection, retention or sharing of biometric information.
  • It stipulates that it is unlawful to “sell, lease, trade, share in exchange for anything of value or otherwise profit from the transaction of biometric identifier information.”
  • It establishes “an ‘aggrieved’ consumer’s private right of action,” meaning that “[a]ny person who is aggrieved by a violation by this chapter is entitled to commence an action to enforce its protections.”

There are key exclusions, however, as “governmental agencies, employers, or agents” are expressly excluded from compliance with any provision.

New York is not the only state to enact a law attempting to govern how organizations can use biometric information. Arkansas, California, Illinois, Texas and Washington have also set guidelines for businesses.

online pharmacy tenormin with best prices today in the USA

Indeed, the recent Risk Management Magazine article “Preparing for Biometric Litigation from COVID-19” addresses the imminent and critical questions businesses must answer when collecting and handling such data.

Sensitivities surrounding the confidentiality of biometric and other health information are not new in certain industries, such as healthcare. Further, even before COVID-19, risk professionals were already grappling with the risks associated with new biometric technologies and the data collected, especially with regard to facial recognition, wearables and even the rise in popularity of telehealth.

Now, with every organization on high alert about infectious diseases and how quickly they can interrupt business, health and safety have become top priorities for every risk professional in every sector.

online pharmacy xtandi with best prices today in the USA

As risk professionals look to new technology for help with these concerns, monitoring the emerging regulation and security risks around health and biometric technology will become increasingly critical in balancing benefit and risk to their organizations.
Online Pharmacy https://galenapharm.com/ no prescription
Data security will continue to remain a significant threat, but New York’s Biometric Information Law should serve as a reminder that what the organization does with that data can also have a lasting impact on the enterprise’s reputation and consumer trust.

For more information to help risk professionals manage new health technology and data, check out these articles from Risk Management Magazine:

Combating Fraudulent COVID Unemployment Claims

Posted on by

As federal and state officials scramble to send unemployment and stimulus funds to help people hit hard by COVID-19 business shutdowns, it has become a perfect storm for cyber fraud.

The payments are an easy target for cybercriminals as hackers and cyber gangs around the world have started to file unemployment claims use stolen identities. Some criminals claim benefits in the names of dead or incarcerated people, while others set up shell companies, “hiring and firing” fictitious employees to collect payments.

For example, cyber gangs in Nigeria have stolen millions in benefits from multiple states using hacked names, Social Security numbers and other information sold for as little as two dollars each on the dark web. In New York, a man was charged with filing more than $1.4 million in false COVID-19 unemployment claims, using the stolen identities of over 250 unknowing victims. According to U.S. attorneys, he was caught in part because he used the same IP address and security question and answer—the name of his family dog, Benji—to submit the applications.

The U.S. Department of Labor estimates fraudsters may already have stolen at least $63 billion through phony jobless claims, while other reports say the losses could be as high as $200 billion. In addition, unsuspecting victims are at risk of receiving surprise tax bills because cybercriminals stole their identities and filed fraudulent claims for COVID-19 unemployment payments.

Watch Closely for Signs of Fraud

The Federal Trade Commission warns that unemployment fraud puts workers at additional risk of identity theft crimes including tax fraud. What can you do to help protect your employees?

Unemployment fraud is often uncovered when employers are notified by state officials that employees have applied for benefits. If they are still working, they may be the victim of identity theft.

buy clomiphene online cphia2023.com/wp-content/uploads/2023/08/jpg/clomiphene.html no prescription pharmacy

Be alert to the signs of cybercrimes and unemployment fraud. Contact your human resources department or tax administrator and ask them to look carefully at any notices or requests they receive from state unemployment officials. If you get a report about unemployment benefits that an employee did not request or receive, contact the employment division of your state labor department. Unemployment fraud is so widespread that most states have set up special procedures to deal with these situations.

buy biaxin online cphia2023.com/wp-content/uploads/2023/08/jpg/biaxin.html no prescription pharmacy

Warn Your Employees

Let employees know that unemployment scams are a serious problem. Identity theft can also lead to tax fraud, credit card theft and loans taken out in their names.

buy cipro online cphia2023.com/wp-content/uploads/2023/08/jpg/cipro.html no prescription pharmacy

Notify a working employee immediately if the state informs you they have filed for unemployment benefits. They may be the victim of identity theft and should file a police report. Officials say workers scammed by cybercriminals do not have to pay unemployment taxes, but they must report the crime to the state labor department. And they should file their federal and state taxes on time for the correct amount of their income. The U.S. Labor Department has created a special website for victims of unemployment fraud.

Review Your Cybersecurity

Much of the personally identifiable information used by cyber thieves comes from data breaches, phishing schemes and other cyberattacks. Remind employees, particularly in human resources and tax departments, to be alert for suspicious emails, telephone calls and text messages about payroll information or W-2 forms.

The threat will continue beyond the pandemic. Business email compromise, in which employees are tricked into paying company funds into fraudulent accounts, is at an all-time high, so make sure employees have regular cybersecurity training. If you haven’t conducted a data inventory, do so now. Once you know what data you keep, you can determine what controls you require to protect that data. Store employee records securely and dispose of personally identifiable information carefully. It is also advisable to use a secure email gateway, which protects from spam, viruses, malware and denial-of-service attacks, and make sure employees working remotely are using secure company devices. Install patches and software updates, setting up automatic software updates whenever possible.

Unemployment or tax fraud targeting multiple employees may indicate a data breach. If you have a theft or cyberattack, contact your insurance carrier and, if necessary, seek expert help to identify the source, the extent of the problem and how best to respond.

Six Considerations Impacting Strategic Regulatory Change Management

Posted on by

Regulatory change management (RCM) is one of the most important risk and compliance related domains in 2021, thanks to two key drivers. First, the shift from Republican deregulation to Democratic control and an expected uptick in regulatory requirements. Second, similar to the 2008 crash, the pandemic-induced economy and focus on Paycheck Protection Program (PPP) loans caused many banks to relax their regulatory exams and requirements, while regulators gave companies extra runway for transitioning processes and policies for remote/work-from-home models.

Sometimes regulatory changes are significant enough to change business strategy. In 2021, chief risk officers must be prepared to quickly adapt and react to a historically volatile risk management environment.

buy advair online dentalhacks.com/wp-content/uploads/2023/10/jpg/advair.html no prescription pharmacy

When thinking about an updated, strategic regulatory change management program, here are six considerations for chief risk officers:

1. Lax compliance during the pandemic in 2020 may have introduced hidden risk for activities that normally would have had deeper oversight. 
Sometimes rule changes can also introduce new risks or eliminate a previous risk that needed to be managed, such as potential new default rates around extensions, forfeiture and other things. For example, historically low interest rates present a vexing risk for banks dealing with less profit but just as many loans to process.

buy xenical online dentalhacks.com/wp-content/uploads/2023/10/jpg/xenical.html no prescription pharmacy

What kind of new risk may be found within those loans?

2. When communicating change across the enterprise, establish responsibility to manage it.
Once you understand which regulations have changed, prioritize those that present the most risk, identify what department’s products and processes are impacted, and determine who is responsible for managing those policies. Having a secure central repository for communicating, storing and managing compliance documentation, versus relying on employees storing information on devices outside corporate servers, is ideal.
buy proscar online dentalhacks.com/wp-content/uploads/2023/10/jpg/proscar.html no prescription pharmacy

 

3. If conducting quarterly testing of compliance requirements, it may be challenging to identify key areas in advance that could slip, such as controls around IT/cybersecurity.
When the risk portfolio changes, the controls to manage those risks must be updated accordingly. Firms that may now be less dependent on management oversight and more dependent on confirmations that processes are being followed should put automated controls in place to verify those activities.

4. Companies should shift to best practice or common checklists that can be standardized and shared across the enterprise. 
Assessment checklists are a great way to ensure that all requirements are being met for a wide variety of business processes. Once checklists have been updated, cloud-based software systems can track who has access and can also notify when changes happen. 

5. Historically done manually in-house by visible teams, monitoring and testing for compliance purposes will be conducted remotely. 
The visibility of those tests presents significant challenges, and it is critical to determine how errors and issues will progress and be communicated to the remote testing teams, management, and the organization at large. 

6. Verifying and certifying online training for remote employees can be daunting. 
Creating courses formalized for online training represents a major compliance and process change, particularly for companies in industries with limited work-from-home models, such as financial services. Training materials will need to be updated for new employees, while previously trained employees will need to be retrained.