Category Archives: Insurance

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

Multiple Risks to Watch Out For at 2018 World Cup

Posted on by

Above: Luzhniki Stadium in Moscow 

The 2018 World Cup tournament began on June 14 and lasts until July 15. Thousands of fans will travel to Russia for the event, which consists of 64 matches and 32 teams in 11 cities. Like other mega events, it presents countless challenges for a number of industries including construction, travel, hospitality and security.

Circuit Magazine for security specialists reports that threat for terrorism is high, as there have been attacks in Moscow and the North Caucasus and most recently, a suicide attack on a Metro Train in St. Petersburg. It notes, however, that “Past performance in security terms of Russia at large events has been very strong, the Sochi Olympics was well controlled with no terrorist incidents affecting fans.

Based on our assessment we continue to recommend that any attendance at large events, or corporate travel in Russia is supported by additional risk management measures.”

The article also recommends that attendees remain vigilant in public places, adding that to address this risk, security has been increased at airports and transportation hubs. It warns of street crime, including pickpocketing, that targets tourists. “Bogus police officers have harassed and robbed tourists.

If you are stopped always insist on seeing identification. Avoid openly carrying expensive items, or anything that might easily identify you as a tourist. Avoid walking about late at night alone,” Circuit warned.

Not to be overlooked are health concerns.

The European Centre for Disease Prevention and Control (EU/EEA) recommends in a recent report that anyone traveling to Russia for the games make sure their vaccinations are up-to-date, particularly for diphtheria, hepatitis A, hepatitis B, measles, meningococcal infection, mumps, pertussis, poliomyelitis rubella and tetanus. According to the EU/EEA:

“As is often the case with mass gathering events, during the 2018 FIFA World Cup in Russia visitors may be most at risk of gastrointestinal illness and vaccine-preventable infections. The risk of being affected by gastrointestinal illness can be reduced by employing standard hygiene measures including regular hand washing with soap, drinking safe water (bottled, chlorinated or boiled before consumption); eating thoroughly cooked food and carefully washing fruit and vegetables with safe drinking water before consumption.”

It added that while outbreaks and spread of vaccine-preventable diseases are of particular concern during such mass gatherings. “there are no indications that the risk is higher than usual.”

Beazley notes that many of the 2018 World Cup’s risks impacting various industries will be covered by the London insurance market. The insurer outlines some of the key risks and their likely insured values:

Secure Messaging in Incident Response and Business Continuity

Posted on by

Today’s businesses face unprecedented risks. As mass interconnectivity replaces operational silos, every aspect of business, from transportation and the supply chain to email, data storage, facilities management and financial transactions, are all vulnerable to compromise, disruption and human error. In addition to the people, processes and technology that are at risk in a crisis, so too are the communications mediums most commonly used for incident notification and response.

At the forefront of defining their organization’s risk management strategies, risk managers, board members, chief security officers and chief information security officers all have a responsibility to initiate both incident response plans and business continuity strategies that transcend the digital and physical worlds. After all, a digital threat can quickly evolve into physical damages and destruction while a physical event can negatively impact digitally-driven business operations. However, if the communications mediums through which companies collaborate and disperse important news and information are also compromised, challenging situations increasingly become more complex.

Secure Messaging’s Role in Incident Response & Business Continuity
All organizations must prepare for out-of-course events. Situations like acts of nature, data breaches or other compromises require planned responses under the assumption that one day they will occur. Yes, different situations will require a different chain of events to take place, but there is one thing that all incident response and business continuity plans have in common: the need for ongoing communication during and after the event.

Whether you represent a power company that needs to notify first responders and emergency managers of an unexpected power outage/grid loss, an IT department discussing a plan of action during and after a ransomware attack, a healthcare team in different parts of a university communicating information during an active shooter event, or an enterprise sending messages to employees during a blizzard, fast, efficient and secure communications are essential.

How risk managers keep their businesses safe, how stakeholders communicate with colleagues and clients during a crisis and how an organization continues operations as quickly as possible is of the utmost importance. In some settings such as healthcare, energy or even on a campus, business can’t stop. So how do we ensure that caring for patients can continue and that we are prepared for any type of incident, emergency or crisis?

The first step is certifying that your company’s communication plans are solid. No one should want to depend on a phone tree in which you never know if someone receives a voicemail, wonder if information sent via fax is shared after receipt, or worry if a text has been compromised.

That means instantaneous response is required. For example, an organization’s proactive incident response personnel can use their secure messaging platform to preemptively set up templates and pre-schedule a series of texts to notify first responders and emergency management offices as well as all field employees during a declared emergency. Replies to these automated communications can be routed to a specific mailbox or group for monitoring and response, or disallowed based on the type of communication and need, providing a central communication hub.

Many communications, even during an emergency, are confidential to the business. They must be retained for compliance and reporting purposes and need to be protected from leaks. Simply put, communications that require confidentiality and secure discussions do not belong on non-secure channels. In these situations, secure messaging platforms allow for rapid, secure notifications and response communications to meet corporate operating procedures and compliance mandates, without worry of third-party surveillance or leaks.

Every organization must proactively prepare to respond in a secure and efficient manner to minimize the impact to employees, clients and its bottom line. With email and SMS texts plagued with inherent risk, secure messaging platforms are emerging as the trusted option to ensure rapid, efficient and secure communications when they matter most.

Are You Prepared for GDPR?

Posted on by

If your work involves personal data, you probably already know the European Union’s (EU) General Data Protection Regulation (GDPR) enforcement date is May 25.

buy vidalista online pelmeds.com/wp-content/uploads/2023/10/jpg/vidalista.html no prescription pharmacy

While penalties for noncompliance can be stiff, the sky may not be falling just yet.

GDPR focuses on personal data originating from the EU, which reaches well beyond the EU’s borders into organizations around the world that collect, process, use and store that data. As a regulation focused on data protection and privacy, GDPR’s impact may extend far outside the EU. For example, there are signs that Latin American countries may be considering a regulation that mirrors GDPR. With the recent Facebook/Cambridge Analytica data privacy fallout, several pieces of privacy-related legislation in the U.S. are currently being considered by federal lawmakers.

Privacy is a risk-based problem. Organizations should assess which risks exist and determine their risk tolerance. With data privacy, these risks are typically financial (such as fines and lawsuits) and reputation (bad press and negative perceptions).

buy tobradex online pelmeds.com/wp-content/uploads/2023/10/jpg/tobradex.html no prescription pharmacy

GDPR also introduces a newer risk into the risk landscape – one related to activist groups potentially using GDPR as a springboard to flood a target organization with data subject requests.

Why GDPR matters and to whom it applies
GDPR applies to personal data originating from the EU. GDPR gives individuals (aka “data subjects”) control and ownership over their personal data. This includes personally identifiable information (PII), IP addresses, biometric data, social identity, along with health, economic, cultural and genetic data. There are two reasons this has gotten so much attention:

  • The GDPR represents the EU’s most sweeping changes to privacy regulations in decades. It requires organizations to be transparent about which data is collected and how it will be used. All data collected must have a purpose and be kept accurate and up to date. Individuals (aka data subjects) now have the power to access their data, fix errors, restrict usage, move data and demand that their data be deleted.
  • The penalties for noncompliance are unprecedented. The law sets out penalties of up to four percent of global revenue or €20 million, whichever is greater. It is not clear at this point how and when these fines will be applied or if they are even enforceable outside the EU. However, the significant size of the potential fines and potential risk of noncompliance captured the attention of organizations around the world.

Large data-driven organizations have been working toward GDPR compliance since the regulation was passed in 2016. A significant number of organizations may not be ready, however. In fact, a flash poll conducted by Baker Tilly during a recent GDPR webinar revealed that 90% of attendees do not have the necessary controls in place to be GDPR-compliant.

What to do today
Preparing for GDPR compliance is a matter of preparing for privacy in general. Whoever you are and wherever you are in the world, consider these steps in your compliance journey:

  1. Identify potential data and systems affected by GDPR: Put a process in place to understand what data you collect and why. Know where it is coming from and where it is stored. You will want to know where you have “data pools” with GDPR relevance and you’ll want to know the scope. Is it one record or one million? Where are the gaps in compliance?
  2. Understand existing data privacy controls: Review your existing data protection controls and assess GDPR compliance. Do you have written security protocols in place? What is your risk exposure? Depending on the type of organization you represent, you may actually be closer to compliance than you think. For example, organizations compliant with NIST, ISO, HIPAA, PCI DSS, Privacy Shield or other frameworks, may be well on the way to GDPR compliance.
  3. Lead from the top and educate: The news cycle is now dominated by the questionable use of personal information and it appears the shift to a data subject-centered environment may very well be here to stay. This issue goes beyond risk management and IT. Marketing, legal, government affairs, HR and communications are just a few of the functional areas touched by privacy issues. They all need to be as committed to data protection as the chief privacy officer.
  4. Be clear about how you will deal with data-subject requests: Once you have a clear picture of the data you possess, it is essential to design, implement and document your processes to correct, transfer and delete that data if required or being able to provide a valid, legal reason for retaining the data.
  5. Determine whether you need a data privacy officer: The GDPR requires that a data privacy officer (DPO) be appointed in most situations. Proactive organizations should consider the organization’s position and strategy. Is privacy an essential piece of the business model (as it is for a bank) or the brand (as it is for Apple)?
    buy imodium online pelmeds.com/wp-content/uploads/2023/10/jpg/imodium.html no prescription pharmacy

    The answer may well influence whether or not you define a new area of leadership and accountability.

Looking ahead
There is a shift taking place. People used to accept (or not know) that their online data and personal information were being tracked and used by others. Many people seemed to think this was simply the price of being online. Now, people are questioning how their data is being used and governments are starting to listen. GDPR is the likely first step toward far more widespread change.

This is not about solving every single detail today. Most experts believe that a well-documented plan and clear effort to comply with the GDPR will make conversations with supervisory authorities significantly easier. Do the homework ahead of time, know your landscape, get your systems in place, be transparent and be ready to pivot when necessary. Do that, and you will be miles (or kilometers) ahead of everyone else next time a new law or regulation goes into effect.

Confronting D&O Insurers’ Efforts To Carve Back Subpoena Coverage

Posted on by

Whether a government subpoena constitutes a “claim” is a frequently contested issue between D&O insurers and their policyholders. D&O policies—at least with respect to coverage for private companies and individual insureds at any company—typically define “claim” through multiple subparagraphs: first, a broad and generalized subparagraph that usually references a “written demand for monetary or non-monetary relief,” followed by several narrowly framed subparagraphs that address more specific situations, such as “a civil or criminal proceeding commenced by the service of a complaint or similar pleading.” Most courts have held that generalized language, such as any “written demand for . . . non-monetary relief,” must be read expansively to encompass government subpoenas.

Insurers trying to avoid covering costs incurred by policyholders in connection with government subpoenas sometimes respond to these decisions by arguing that the generalized subparagraph should not be read broadly if one or more subsequent specific subparagraphs reference government subpoenas (or government investigations). For instance, an insurer may argue that a subparagraph expressly providing coverage for government subpoenas issued to individuals implicitly narrows the meaning of “written demand for . . . non-monetary relief” to foreclose coverage for government subpoenas issued to corporate entities. Similarly, an insurer might contend that a subparagraph explicitly providing coverage for subpoenas issued by the Securities and Exchange Commission implicitly narrows the meaning the meaning of “written demand for. . . non-monetary relief” to preclude coverage for subpoenas issued by other government agencies. Policyholders should be prepared to reject such arguments, as they ignore both well-established law regarding the interpretation of insurance policies (which prohibits insurers from limiting coverage by implication) and the typical structure of D&O policies (which contemplates that the subparagraphs defining “claim” will complement, not limit, each other).

First, it is well settled that provisions in an insurance policy setting forth the scope of coverage must be understood in their most expansive and inclusive sense for the policyholder’s benefit, while language that would limit coverage must be narrowly and strictly construed against the insurer (especially where that language would negate coverage provided elsewhere in the policy). Additionally, courts and commentators agree that any limitations on coverage must be stated in clear and unmistakable terms and cannot be extended by implication. Further, to the extent that there are any ambiguities in a policy’s terms, those ambiguities must be resolved in favor of coverage. Given these rules of construction, insurers have no basis to argue that a specific subparagraph in the definition of “claim” implicitly removes coverage that would otherwise be available under the generalized subparagraph.

Second, the multiple subparagraphs defining “claim” are intended to supplement, not restrict, each other. Insurance policies are often drafted with what courts have referred to as a “belts and suspenders” approach, and the definition of “claim” in D&O policies is one such example, where the generalized subparagraph is the belt ensuring coverage for a broad range of losses, whether or not they are enumerated in the specific subparagraphs, and the specific subparagraphs are the suspenders providing additional certainty on issues of particular importance to a policyholder. This additive approach to defining “claim” is also mandated by the use of the connector “or” between subparagraphs, a word that courts have consistently held requires that each of the connected provisions be given separate meanings that do not modify each other. This reading is also consistent with the many court decisions holding that a “written demand for . . . non-monetary relief” includes government subpoenas, as those courts reached their rulings despite the presence of multiple specific subparagraphs in those policies’ definitions of “claim.”

For these reasons, policyholders faced with an insurer attempting to deny or restrict coverage for government subpoenas by implication should be prepared to respond forcefully and push for coverage under the broad and generalized subparagraph that promises coverage for any “written demand for monetary or non-monetary relief.”