Category Archives: Governance, Risk & Compliance

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

Cyber, Regulation Seen as Top Emerging Risks, Report Finds

Posted on by

SAN DIEGO—Forecasting risk is not expected to get easier in the next three years, with cyberattacks and regulation topping the list of emerging risks, according to a new report published jointly by Marsh and RIMS.

online pharmacy spiriva with best prices today in the USA

The 13th annual Excellence in Risk Management report found that while risk professionals are increasingly relied upon to identify and assess emerging risks, there are still organizational and other barriers to identifying those risks. In fact, nearly half of survey respondents—48%—predicted that forecasting critical business risks will be more difficult three years from now, while just over one-quarter said it would be the same.

“Whether emerging risks are on your doorstep, around the corner, or on the far horizon, they have the potential to catch organizations unaware,” said Brian Elowe, Marsh’s U.S. client executive leader and co-author of the report. “It’s important for risk professionals to maintain awareness of global risk trends, and to make the connection to their organizations’ business strategy.”

Where do risk professionals turn when trying to understand the impacts of emerging risks on their organization? According to the report:
One of the goals of this year’s Excellence survey’s goal was to better understand how organizations view the emerging risks facing them, what tools they use and the barriers they face in assessing, modeling, and understanding the risks. According to the findings, a majority of respondents—61%—cited cyber-attacks as the likely source of their organization’s next critical risk. This was followed by regulation, cited by 58% of the respondents, and talent availability, cited by 40% of the respondents.

Based on survey responses and insights from numerous focus group discussions, it became clear that risk professionals generally agree on the importance of identifying emerging risks, and also that there is no clearly established framework for doing so. More can be done to better identify, assess, and manage the impact emerging risks may have on organizations.

For example, a majority—60%—of the risk management respondents said they use claims-based reviews as one of the primary means to assess emerging risks, compared to 38% who said they use predictive analytics.

“The widespread use of claims-based reviews means that a majority of organizations are relying on studying past incidents to predict how emerging risks will behave rather than using predictive analytic techniques like stochastic modeling and game theory to help inform their decision making,” Elowe said.

Survey respondents also cited several barriers to understanding the impact of emerging risks on their business strategy.

online pharmacy vilitra with best prices today in the USA

Decisions with lack of cross-organization collaboration ranked first among risk professional respondents.

“Lack of collaboration across the organization is still an issue for many risk professionals. On the other hand, breaking down silos has become less of a concern for executives,” said Carol Fox, vice president of strategic initiatives for RIMS and co-author of the report. “Tackling emerging risks often requires creative yet pragmatic approaches. It has to encompass internal cross-functional conversations — formal and informal — around the intersection of risk and strategy, senior-leadership engagement, and tapping into external information sources. Risk professionals are encouraged to broaden the scope and collaboration around emerging risk issues within their organizations.”

According to the report:

As the risk environment becomes increasingly complex and more entwined with financial decisions, risk strategy is increasingly a boardroom issue. As we have seen in past Excellence surveys, senior leaders’ expectations of the risk management department have increased in everything from leading enterprise risk management to providing better risk quantification and analysis.

However, while more is being asked of risk professionals, investment is not necessarily keeping pace. For example, the percentage that say they expect to hire more staff dropped to 25% this year from 37% when we asked in 2015. “We’ve all experienced this elevation of risk management at our institutions, but…as we are battling for budget, it becomes pretty easy for risk management to get pushed over to the side,” said the assistant vice president of risk management at a major university.

The survey is based on more than 700 responses to an online survey and a series of focus groups with risk executives in January and February 2016.

Dip, Don’t Swipe: How the EMV Liability Shift Impacts Merchants

Posted on by

shutterstock_287890574

More than 575 million chip-cards have been issued by financial institutions to consumers, and you’ve probably been walking around with one in your pocket since June of last year. Since October 2015, merchants may have requested you begin to ‘dip’ rather than ‘swipe’ your card. Why? Although the transition to chip-card technology may be confusing at first, it’s ultimately a benefit to privacy and security.

For merchants, however, the transition to accepting chip-card technology is essential to avoiding what the industry is calling the EMV ‘liability shift.’

What is EMV?

EMV is a global standard for secure credit card transactions utilizing microchip technology embedded in debit and credit cards. The name derives from EuroPay, MasterCard and Visa (EMB), the companies that originally developed the technology.

Although Europe adopted the practice long ago, the United States was late in transitioning to the EMV technology standard.

By the end of 2015, 70% of U.S. credit cards were issued as EMV cards, but only 59% of retail locations were expected to be EMV-compliant.

What is the EMV “liability shift”?

As of Oct. 1, 2015 (2017 for fuel-pump stations), many card brands have instituted a “liability shift” policy to incentivize both merchants and card issuers (banks and credit unions) to transition to EMV technology, which has shown to increase card security and reduce counterfeit fraud. The liability shift means that between merchant and card issuers, liability for counterfeit card-present transactions resides with the party using the least secure EMV-related technology.

In other words, prior to Oct. 1, 2015, the liability for fraudulent transactions largely fell upon the card issuer. Now, non-EMV compliant merchants could be liable for the costs associated with any chargebacks.

What does EMV mean for merchants?

Consumers were provided their new chip-cards by card issuers, but what are the next steps for merchants? Although 78,000 merchants have already installed EMV chip-activated technology, tens of thousands are still risking exorbitant costs due to fraudulent charges and the ‘liability shift.’

The average cost of an EMV-compliant point-of-sale terminal is around $500. Chip-reading mobile devices such as Square can be purchased for $29-$39. While the initial costs of EMV technology may appear large for some merchants, ultimately merchants will pay far less than the potential fines, penalties and assessments levied by major card brands against non-compliant merchants.

Under Visa’s Global Compromised Account Recovery process (GCAR), for example, Visa can levy an assessment against a non-PCI compliant merchant that suffers a breach, that includes fraud recovery (an amount to reimburse issuing banks for fraud perpetrated on cards subject to a data breach) and operating expense recovery amounts (such as an amount to reimburse issuing banks for the costs to reissue payment cards subject to a data breach). The contractual clauses governing this exposure are generally found in the Merchant Services Agreement (MSA). This portion of a merchant’s exposure is insurable, but not all cyber liability policies respond the same way. It is important to note any breach of contract exclusions or sub-limits pertaining to both PCI Fines/Penalties and PCI Assessments.

Mitigate the risk

The first step to mitigating the risk is to become EMV compliant. While each of the card brand’s EMV-compliance certification program may vary, in general, merchants must apply for and receive certification through its acquiring bank to become EMV-compliant, which entails three phases:

  • Hardware Certification: installing EMV-enabled terminals that are certified by EMVCo to process payments.
  • Software Certification: implementing payment application software.
  • End-to-end Certification: holistic testing and approval of point-of-sale configuration, where the card brands check and confirm the integrity of the payment chain as a whole.

The certification process and level of involvement will vary across merchants, depending largely upon the size and complexity of the merchant’s business; the timeframe to completion can take anywhere from a few weeks to several months.

How Cybersecure is Your Company?

Posted on by

cyber headlines

It should come as no surprise that security has moved from an afterthought at global organizations to a front-and-center consideration, often involving the CEO and board of directors. Headlines of the world’s largest companies involved in breaches are rampant, and will only increase as organizations accelerate their digital transformation plans and in doing so create lucrative opportunities for bad actors to steal valuable assets. Businesses are inherently interested in making money, and cybersecurity crimes have a significant impact on their bottom line. In fact, it is estimated that cybercrime will cost $2.1 trillion by 2019, according to Juniper Research.

For C-level execs and board members alike, their real understanding of cyber-exposure is too often binary: Are we on the front page of the Wall St. Journal or Not? While this may be an unfair over-generalization for tech-savvy board members, it is clear that cybersecurity is now included in their “fiduciary duties.” With increasing investments going to security software, consultants, and now cyber-insurance, executives and officers must know the risk profile of their digital systems and security service level agreements (SSLAs).

Organizations looking to maintain their competitive edge will take a new approach to security from the first line defenders in the IT department to the boardroom. The quickest and simplest step in moving the right direction must be to answer “How secure are we as an organization?”

The Best Defense is a Good Offense

Forward thinking organizations are appointing board members that have recognized this security paradigm shift and are moving from a defensive to an offensive mindset when it comes to protecting their assets. Some companies, like AIG, Blackberry, General Motors and Wells Fargo are even going so far as to appoint board members with cybersecurity expertise. While it isn’t mandatory that organizations have cybersecurity experts on their boards, the reality is that no board can escape responsibility, and digital threats will only become more a part of daily business life.

Ask the Right Questions

Beyond asking “How secure are we?” board members should ask their CISOs and security professionals whether their resources and budgets are appropriate. While CISOs will likely always ask for more, they need to be able to demonstrate specific holes and needs or anticipate pending regulatory changes specific to their industries. It would also be wise to regularly ask what internal changes have been made in light of developments in the industry. Additional questions that should be asked include:

  • How are you designing a security posture that does not slow down business operations?
  • How do we know that data/IP systems not in our control are safe and secure, such as internet of things (IoT) and cloud?
  • How do we ensure that we are ahead of new regulatory requirements coming down the pike?
  • Who is responsible for security—CISO, CIO or risk & compliance officer?
  • What is our risk score matrix?

Establish a Seat at the Table

For CISOs, this new attention can be a double-edged sword; while the increased visibility of their position could be beneficial to their own importance to the company, their performance will be scrutinized by the highest levels of management.

CISOs and their security equivalents presenting to the board require a persistent seat at the table. Bringing them in just for an annual report will leave many questions unanswered and does not paint an accurate picture of the organization’s risk profile. Continual updates should include both positive and negative developments, which will make budget increase requests more likely when needed.

These experts should also be expected to provide detailed analytics and a tailored executive dashboard that demonstrates the progress made against goals and benchmarks. The sophistication of these dashboards will depend on the board’s expertise but educating these members should be included in any presentation.

Put a Price on it

When taking these steps and bringing security to the forefront of business planning, each board presentation will allow organizations to make security a marketable attribute. Consumers are becoming increasingly fickle about doing business with organizations that have been breached and as a result are looking for assurance that they and their data will be secured. Promoting your organization’s commitment to security can be a valuable asset to the company’s bottom line. Board members can play a significant role in shifting perception and reality in the marketplace and would be wise to ask more questions to get closer to answering “How secure are we?”

Top Board and C-Suite Risks for 2016

Posted on by

Regulatory changes, economic conditions and cyberthreats are the top concerns of board members and company executives this year, according to a new enterprise risk management survey.

U.S.-based companies listed several operational risks as top concerns, while non-U.S. companies listed only one, cyberthreat, as a major concern, according to the report, Executive Perspectives on Top Risks for 2016, by North Carolina State’s ERM Initiative and Protiviti.

Overall, companies see the current business environment as riskier than in 2015, but not as risky as 2014.

buy flexeril online cphia2023.com/wp-content/uploads/2023/08/jpg/flexeril.html no prescription pharmacy

With increased inquiries and added concerns about risk from boards of directors and company executives, respondents indicated they will be investing more in risk management this year. “More organizations are realizing that additional risk management sophistication is warranted given the fast pace in which complex risks are emerging,” the study found.

Boards of directors rated only one strategic risk among their top five concerns, with the remaining falling into macroeconomic and operational risk categories.

buy zofran online cphia2023.com/wp-content/uploads/2023/08/jpg/zofran.html no prescription pharmacy

CEOs, on the other hand, saw strategic risks as three out of their top five issues.

buy elavil online cphia2023.com/wp-content/uploads/2023/08/jpg/elavil.html no prescription pharmacy

According to the study:

“This disparity in the viewpoints emphasizes the critical importance of both the board and management team engaging in risk discussions, given their unique perspectives may be contributing to an apparent lack of consensus about the organization’s most significant emerging risks.”

ERM Risks