Category Archives: Governance, Risk & Compliance

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

OSHA Revises Stance on COVID-19 Record-Keeping and Enforcement

Posted on by

The Occupational Safety and Health Administration (OSHA) recently issued two enforcement memos regarding COVID-19. The first of these memos revised OSHA’s requirements for employers as they determine whether individual cases of COVID-19 are work-related. The second revised OSHA’s policy for handling COVID-19-related complaints, referrals, and severe illness reports. The changes in these revisions include:

Record-Keeping and Reporting

OSHA’s position for months has been that cases of COVID-19 are subject to record-keeping and reporting requirements if they are work-related. On May 26, 2020, OSHA’s new memorandum superseded the previous April 10, 2020 memorandum on the subject of work-relatedness.

The April 10 memorandum essentially provided most employers latitude to assume that cases of COVID-19 were not work-related, absent evidence to the contrary. The May 19 memorandum revises OSHA’s position, requiring employers to investigate COVID-19 cases more heavily before concluding whether they are work-related.

The primary thrust of the agency’s revised position is that OSHA enforcement officers should consider three primary factors when evaluating whether an employer’s determination of work-relatedness was reasonable:

  • The reasonableness of the employer’s investigation into work-relatedness;
  • The evidence available to the employer; and
  • The evidence that a COVID-19 illness was contracted at work.

Regarding the first, OSHA stated that it is sufficient in most circumstances for an employer, when it learns of an employee’s COVID-19 illness, to (1) ask the employee how he or she believes they contracted COVID-19; (2) while respecting employee privacy, discuss with the employee his or her work and out-of-work activities that may have led to the COVID-19 illness, and (3) review the employee’s work environment for potential COVID-19 exposure.

Employee privacy rights are a potential trap for unwary employers when inquiring about exposure outside of the workplace. Such discussions could implicate a variety of employment laws, including state-specific laws.

Regarding the second factor, OSHA directed employers to consider the evidence “reasonably available” at the time they makes their work-relatedness determination. If employers later learn more information related to an employee’s COVID-19 illness, then employers shall also consider that information.

OSHA elaborated on the third factor by listing certain types of evidence that weigh in favor of or against work-relatedness. For example, OSHA stated that COVID-19 illnesses are likely work-related when several cases develop among employees who work closely together and there is no alternative explanation. OSHA also stated that an employee’s COVID-19 illness is likely work-related if it was contracted shortly after lengthy, close exposure to a particular customer or coworker who has a confirmed case of COVID-19 and there is no alternative explanation.

OSHA justified its revised position on work-relatedness by stating that the nature of COVID-19 and the ubiquity of community spread frequently make it difficult to accurately determine whether a COVID-19 illness is work-related, especially when employees have experienced potential exposure both in and out of the workplace. OSHA might also have been motivated by some organizations calling for it to take a more aggressive response to COVID-19.

Complaints, Referrals and Illness Reports

The second memo, also issued on May 19, 2020, was related to complaints, referrals, and severe illness reports. Specifically, in geographic areas where community spread of COVID-19 has significantly decreased, OSHA will return to its normal pre-COVID-19 methods for prioritizing reported events for inspections. 

OSHA will continue to prioritize cases of COVID-19 to some degree, but will increasingly conduct these efforts by phone or other remote methods. In geographic areas experiencing either sustained elevated community transmission or a resurgence in community transmission, OSHA will continue to heavily prioritize COVID-19, including conducting on-site inspections, especially in high-risk workplaces.

Action Items and Final Takeaways

OSHA’s enforcement approaches regarding the COVID-19 pandemic continue to evolve. The agency will likely continue to closely monitor employers’ compliance with COVID-19-related requirements even after states and localities lift stay-at-home orders.

Professionals with questions on how OSHA’s recent enforcement policies affect a business or organization should consider consulting with legal counsel. Also, OSHA distributes by email an informative twice-monthly newsletter called “QuickTakes,” open for subscription. OSHA’s regulations on injury and illness recordkeeping and reporting, found at 29 C.F.R. Part 1904, also include helpful questions and answers about these topics.

Finally, employers should bear in mind that the negative consequences of choosing not to comply with OSHA’s record-keeping and reporting requirements often outweigh the potential negative consequences of bringing injuries and illnesses to OSHA’s attention.

RIMS and ISACA Release Joint Report “Bridging the Digital Risk Gap”

Posted on by

All too often, IT and risk management professionals seem to be speaking a different language—that is, if they even speak at all. Bridging the Digital Risk Gap, the new report jointly authored by the RIMS, the risk management society®, and ISACA®, promotes understanding, collaboration and communication between these professionals to get the most out of their organizations’ technological investments.

Digital enterprise strategy and execution are emerging as essential horizontal competencies to support business objectives. No longer the sole purview of technical experts, cybersecurity risks and opportunities are now a core component of a business risk portfolio.

buy lasix online www.arborvita.com/wp-content/uploads/2023/10/jpg/lasix.html no prescription pharmacy

Strong collaboration between IT and risk management professionals facilitates strategic alignment of resources and promotes the creation of value across an enterprise.

ISACA’s Risk IT Framework acknowledges and integrates the interaction between the two professional groups by embedding IT practices within enterprise risk management, enabling an organization to secure optimal risk-adjusted return. In viewing digital risk through an enterprise lens, organizations can better realize a broader operational impact and spur improvements in decision-making, collabora­tion and accountability. In order to achieve optimal value, however, risk management should be a part of technology implementation from a project’s outset and throughout its life cycle. By understanding the technology life cycle, IT and risk management professionals can identify the best opportuni­ties for collaboration among themselves and with other important functional roles.

IT and risk management professionals both employ various tools and strategies to help manage risk. Although the methodologies used by the two groups differ, they are generally designed to achieve similar results. Generally, practitioners from both professions start with a baseline of business objectives and the establishment of context to enable the application of risk-based decision making. By integrating frameworks (such as the NIST Cybersecurity framework and the ANSI RA.1 risk assessment standard), roles and assessment methods, IT and risk management professionals can better coordinate their efforts to address threats and create value.

For example, better coordination of risk assessments allows orga­nizations to improve performance by iden­tifying a broader range of risks and potential mitigations, and ensures that operations are proceeding within acceptable risk tolerances.

buy arimidex online www.arborvita.com/wp-content/uploads/2023/10/jpg/arimidex.html no prescription pharmacy

It also provides a clearer, more informed picture of an enterprise’s risks, which can help an organization’s board as they make IT funding decisions, along with other business investments. Leveraging the respective assessment techniques also leads to more informed underwriting—and thus improves pricing of insurance programs, terms of coverage, products and services.

Overall, developing clear, common language and mutual understanding can serve as a strong bridge to unite the cultures, bring these two areas together and create significant value along the way.

buy sinequan online www.arborvita.com/wp-content/uploads/2023/10/jpg/sinequan.html no prescription pharmacy

The report is currently available to RIMS and ISACA members through their respective websites. The report can be downloaded through the RIMS Risk Knowledge library by clicking here or from ISACA at www.isaca.org/digital-risk-gap. For more information about RIMS and to learn about other RIMS publications, educational opportunities, conferences and resources, visit www.RIMS.org. To learn more about ISACA and its resources, visit www.isaca.org.

Inclusion Does Not Stop Workplace Bias, Deloitte Survey Shows

Posted on by

In Deloitte’s 2019 State of Inclusion Survey, 86% of respondents said they felt comfortable being themselves all or most of the time at work, including 85% of women, 87% of Hispanic respondents, 86% of African American respondents, 87% of Asian respondents, 80% of respondents with a disability and 87% of LGBT respondents. But other questions in the company’s survey show a more troubling, less inclusive and productive office environment, and may indicate that simply implementing inclusion initiatives is not enough to prevent workplace bias.

While more than three-fourths of those surveyed also said that they believed their company “fostered an inclusive workplace,” many reported experiencing or witnessing bias (defined as “an unfair prejudice or judgment in favor or against a person or group based on preconceived notions”) in the workplace. In fact, 64% said that they “had experienced bias in their workplaces during the last year” and “also felt they had witnessed bias at work” in the same time frame. A sizable number of respondents—including 56% of LGBT respondents, 54% of respondents with disabilities and 53% of those with military status—also said they had experienced bias at least once a month.

Listening to those who say they have witnessed or experienced bias is especially important. When asked to more specifically categorize the bias they experienced and/or witnessed in the past year, 83% said that the bias in those incidents was indirect and subtle (also called “microaggression”), and therefore less easily identified and addressed. Also, the study found that those employees who belonged to certain communities were more likely to report witnessing bias against those communities than those outside them. For example, 48% of Hispanic respondents, 60% of Asian respondents, and 63% of African American respondents reported witnessing bias based on race or ethnicity, as opposed to only 34% of White, non-Hispanic respondents. Additionally, 40% of LGBT respondents reported witnessing bias based on sexuality, compared to only 23% of straight respondents.

While inclusion initiatives have not eliminated bias, Deloitte stresses that these programs are important and should remain. As Risk Management previously reported in the article “The Benefits of Diversity & Inclusion Initiatives,” not only can fostering diversity and inclusion be beneficial for workers of all backgrounds, it can also encourage employees to share ideas for innovations that can help the company, keep employees from leaving, and insulate the company from accusations of discrimination and reputational damage.

But building a more diverse workforce is only the first step, and does not guarantee that diverse voices are heard or that bias will not occur. Clearly, encouraging inclusion is not enough and more can be done to curtail workplace bias. And employees seeing or experiencing bias at work has serious ramifications for businesses. According to the survey, bias may impact productivity—68% of respondents experiencing or witnessing bias stated that bias negatively affected their productivity, and 70% say bias “has negatively impacted how engaged they feel at work.”

Deloitte says that modeling inclusion and anti-bias behavior in the workplace is essential, stressing the concept of “allyship,” which includes, “supporting others even if your personal identity is not impacted by a specific challenge or is not called upon in a specific situation.” This would include employees or managers listening to their colleagues when they express concerns about bias and addressing incidents of bias when they occur, even if that bias is not apparent to them or directly affecting them or their identity specifically.

According to the survey, 73% of respondents reported feeling comfortable talking about workplace bias, but “when faced with bias, nearly one in three said they ignored bias that they witnessed or experienced.” If businesses foster workplaces where people feel comfortable listening to and engaging honestly with colleagues of different backgrounds, create opportunities for diversity on teams and projects, and most importantly, address bias whenever it occurs, they can move towards a healthier, more productive work environment.

Governments Tackle Workplace Bullying and Harassment

Posted on by

This week, South Korea enacted new legislation addressing “gapjil,” or bosses using their power to bully their employees. The measure criminalizes the practice of unfairly demoting or dismissing employees who have reported being subjected to bullying, imposing a three-year prison sentence or a 30 million won (approximately ,400) fine for the practice.

buy levofloxacin online bristolrehabclinic.ca/wp-content/uploads/2023/10/jpg/levofloxacin.html no prescription pharmacy

Workplace harassment is common in the country, with two-thirds of workers experiencing harassment and 80% witnessing it, according to a recent government study.

South Korean advocacy groups like Gapjil 119, which operates a hotline for victims of abuse, have tried to fight against workplace abuses by cataloging and publicizing cases that range from employers forcing workers to pluck their grey hairs to serious violence and degradation. Several recent high-profile incidents have sparked a national debate over this conduct, including in late 2018, when videos emerged of Korea Future Technology CEO Yang Jin-ho and Marker Group CEO Song Myung-bin physically assaulting their staff members. Yang has been indicted, and Song is facing legal charges.

Experts say that South Korea’s culture of “chaebols,” or family-run conglomerates, has also enabled abuses because these companies lack external restraints on their executives’ behavior. Korean Air dynasty matriarch Lee Myung-hee was indicted in February for routinely physically and verbally abusing her staff, and Lee’s daughter, Heather Cho made headlines in December when she attacked two flight attendants for serving her macadamia nuts in a bag instead of a bowl, and demanded that the plane return to the gate. Cho was ordered to pay 20 million won (,000) to the flight attendants and served five months of a one-year prison sentence for violating aviation law.
buy symbicort generic symbicort without prescription online

These and other incidents at the company even prompted a mass demonstration of Korean Air employees and the formation of an employee union.

Other countries are also attempting to address workplace bullying of this kind, similarly spurred by high-profile cases of abuse. This month in France, former France Télécom executives stood trial for overseeing an environment of workplace abuses that allegedly led to at least 35 employees committing suicide between 2008 and 2009. The company reportedly sought to downsize 22,000 workers, but could not fire them because they were state employees, so instead systematically harassed them to drive them out. Examples of this harassment included forcing employees to relocate multiple times away from their families or drastically changing their jobs. The case is awaiting judgment, but the company faces a possible fine of €75,000 (about $84,000) and the executives could serve a year in jail and have to pay additional fines themselves.

Additionally, Japan is attempting to address workplace “pawa hara” (or power harassment) as reports of workplace bullying and abuses have reached record numbers for multiple years in a row, according to the country’s Workplace Harassment Research Institute. The measures are partially in response to a government worker released an audio file of his boss, lawmaker Mayuko Toyota, insulting him and hitting him in the face and on the head. Toyota later resigned her post, and according to Kyodo News, was hospitalized for “her unstable mental condition.”

Japan’s parliament voted in May 2019 to revise five existing laws and require companies to put mechanisms in place to prevent workplace abuses. The revisions also protect pregnant women and women who have recently returned from pregnancy leave from discrimination.

buy antabuse online bristolrehabclinic.ca/wp-content/uploads/2023/10/jpg/antabuse.html no prescription pharmacy

Similar to South Korea’s new law, Japan’s new law would bar employers from firing or discriminating against employees who report harassment, and require consultation when employees make reports of abuses. However, unlike South Korea’s law, these revisions do not outline any punitive measures for companies and their executives if they violate the requirements.

buy cellcept online bristolrehabclinic.ca/wp-content/uploads/2023/10/jpg/cellcept.html no prescription pharmacy

buy orlistat generic orlistat without prescription online

The government reportedly decided against fully banning “pawa hara” because lawmakers had difficulty defining which actions qualified as harassment.