Category Archives: Regulatory Risk

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

PCI Poll Finds Public Support for TRIA

Posted on by

Nearly 68% of likely voters favor extending the Terrorism Risk Insurance Act (TRIA) beyond December 31, 2014 according to a poll released by the Property Casualty Insurance Association of America (PCI).

The poll asked likely voters various questions relating to TRIA and the economic implications of a terrorist attack. In addition to showing public support for an extension of the TRIA program, the poll clearly shows a belief that the federal government should have some responsibility for the economic losses associated with a terrorist attack. Over 72% of those polled believe that a combination of the federal government and private insurance companies should be responsible for the costs from injuries to workers and property damage in the case of a terrorist attack.

Over 90% believe that protecting against losses from terrorist attacks against the United States should be at least in part a federal responsibility.

Many in the insurance industry, including RIMS, have been arguing in favor of a long term extension of TRIA, but this poll presents the first real evidence that there is a support among the general public as well. “We saw remarkable agreement among voters that the responsibility for the costs from injuries to workers and property damages from a terrorist attack should be shared amongst the federal government and private insurance companies. We also saw a true sense of patriotism, there was no division amongst rural and urban areas. Citizens understand the national economic implications of a terrorist attack and the importance of having a plan in place,” said Marguerite Tortorello, PCI’s senior vice president public affairs.

While the results do seem to bolster the arguments made by TRIA advocates, it does show little public awareness of the program. When asked whether it was true that TRIA was created after 9/11 only 32.7% of those surveyed responded that it was true while 26.7% responded false and 40.5% did not respond. This isn’t too surprising as the public tends to lack awareness of government program specifics. On the positive side, once informed that TRIA was in fact created, 73.2% stated that they supported the decision to create the TRIA program.

RMORSA Part 4: Risk Monitoring, Control & Action Plans

Posted on by

The fourth step of ORSA implementation, risk monitoring, control, and action plans illustrates the importance of adhering to best practices when executing risk culture and governance, identification and prioritization, and risk appetite and tolerances.

With the necessary structure in place to track and collect risk intelligence, the next step involves orchestrating a plan for improvement. Why is a plan for improvement so critical? Besides limiting the risk exposure of your organization, consider that under the SEC Rule Proxy Disclosure Enhancements, boards of directors and executive leadership can be found negligent for having inadequate or ineffective ERM programs. Having a demonstrable plan for improvement, however, can greatly reduce or even exempt companies from penalties under the Federal Sentencing Guidelines.

The Right Way to Monitor Control Activities

Boards and CEOs are depending on risk managers to monitor key risk indicators at the business process level. This can be accomplished one of two ways: testing or business metrics.

Testing provides a high level overview of whether a control is occurring, usually in the form of a simple pass/fail. Testing does not, however, provide actionable steps to take in order to improve a mitigation activity. The result is that many organizations are only testing compliance with internal policies, which may or may not tie back to the specific risks that the policies were designed to mitigate.

Here’s an example: an insurance organization with an online customer service system is experiencing unacceptable downtimes, and the appropriate staff members never seem to be available to fix the problem. The organization implements what would appear to be a reasonable control activity, by insisting that every member of the support team be trained to refresh the system.

The company tests internal compliance with this policy by tracking whether the online training has been completed. Unfortunately, even if everyone takes the training, the company has no idea whether this control is fulfilling its purpose.

In testing compliance to the policy, the organization has lost sight of the risk. If they had tracked a business metric, like system downtime, however, they would have realized that the controls in place made no difference to the impact or likelihood of system failure. Business metrics may have indicated that the system was going down during peak usage hours, like lunch, when staff was unavailable. With no business metric tracking, the organization continued with a Band-Aid approach when money might have been better spent upgrading system memory.

Developing the Action Plan

To avoid this common pitfall, your key business metrics need to be aligned not only with the control activities you’ve designed, but the risks they were designed for. Keeping track of these linkages can be impossible with two dimensional spreadsheets, but is critical to monitoring the risks you’ve identified so that your action plans and control activities are meaningful and measurable.

As a risk manager, approach process owners in need of assistance with mitigation plans geared toward their most severe risks. As you develop actionable plans for improvement, don’t lose sight of the end goal or fall into the trap of testing controls rather than monitoring risks.

Interested in the best way to monitor or audit your risk management program?

buy tadalista online medilaw.com/wp-content/uploads/2015/03/jpg/tadalista.html no prescription pharmacy

Check out the RIMS Risk Maturity Model Audit Guide, also available through the RIMS Risk Maturity Model.

Risk Managers Gain Foothold as ERM Program Drivers

Posted on by

Fewer boards of directors are seen as their company’s top ERM program drivers, dropping to 26% in 2013 from 34% in 2011, according to the 2013 RIMS Enterprise Risk Management Survey, released today. This year risk managers came in as the second driver at 17%. By comparison, the second highest category in the 2011 report, which did not include risk management as an option, was “other” at 19%. Commenting on the 2011 report, Carol Fox, RIMS director of strategic & enterprise risk practice confirmed that many respondents wrote in their comments, that “other” was a risk management department initiative. “While I can’t do a direct comparison to this year’s 17%, I’d say it may be a shift as risk professionals take more of a leadership role in instituting ERM programs,” she said.

In 2011, in fact, part of the survey’s response was that “risk managers needed to take more of a leadership role with ERM. And since board leadership showed a drop [in 2013], risk managers may have taken up the slack,” she said.

Fox observed that concerns about rating agency requirements resulting from the financial crisis of 2008—that were some of the drivers for ERM in 2011—were also lower. “In 2013 ‘regulatory drivers’ for implementing ERM was 14%, dropping from 18% in 2011—so it is a shift,” she said.

What this means, she explained, is that more organizations understand the value of ERM. “It’s no longer about compliance with regulations or pressure from the rating agencies. They’re seeing the value in ERM itself.”

The board is still the largest driver, however. “That hasn’t changed, ERM is still very much top of mind for the board. As you look at the types of risk that can affect the objectives of the organization, they are mostly strategic. They are still the primary driver, but they were a higher driver in years past,” she said, adding, “This doesn’t say the board is less interested. The primary driver is the leadership role the risk professional is bringing.”

The 2013 RIMS ERM Survey was produced with Advisen LTD as a follow up to previous surveys in 2009 and 2011. The survey is free for both RIMS members and non-members and can be downloaded in RIMS newly revamped Risk Knowledge library at www.rims.org/RiskKnowledge.

 

Companies Ignore Whistle-blower Protections

Posted on by

Whistle-blowers are in the news more and more, but some organizations don’t seem to have caught up with the trend, or the fact that retaliation is illegal. They don’t seem to realize that negative reactions to a whistle-blower can make them look petty—and guilty.

Take two front page stories in our area newspaper on the same day this week. Both were about whistle-blowers who put their jobs on the line to come forward. One was fired, the other was suspended and later resigned.

In one case, The Journal News reported, a member of a New York town’s financial staff, the supervisor of fiscal services for more than 10 years, testified at a hearing that she notified several of her superiors that the town’s revenue projections were overestimated—on a financial statement needed for a bond application. She also reported improper money transfers—one made to the town supervisor. The woman was ignored, told to keep quiet, and eventually fired.

Not only did the town officials make no move to right the wrongs she reported to them, one official denied ever being told of potential corruption or fraud. Meanwhile, the town, which is also being investigated by the FBI, has filed perjury and other charges against this former employee.

The second newspaper article is about a former security expert at the Indian Point nuclear power plant in New York. Because he feared the plant was vulnerable to a terrorist attack, he voiced his concerns to supervisors. In June he was suspended.

He filed a 76-page lawsuit in the U.S. District Court alleging misconduct and retaliation against him. The Indian Point employee alleged that security was inadequate and that documents and internal reports were falsified.

Unfortunately these sound like other stories in the news over the past few years following the financial crisis. At Lehman Brothers, the company’s chief risk officer, Madelyn Antoncic warned Dick Fuld, the CEO, that their risk in mortgage-backed security bets was too great. Her warnings were ignored. Her reward was to be fired.

The knee-jerk reaction of many organizations seems to be; get rid of the employee, blame the employee and then go to court. It appears that the whistle-blower protections under the Dodd-Frank Act, such as prohibiting retaliation against whistle-blowers, is still a mystery to some organizations.

Fraud experts contend that the burden is on the organization to see that employees are comfortable in coming forward and that their concerns are addressed. They advise companies to have hotlines available for employees to provide whistle-blower tips—and to act on those tips.

Whether or not a company is guilty of fraud, firing an employee for coming forward can make the organization look guilty and cause a whole host of other problems, including risk to the company’s reputation. Public entities and corporations would do well to study Dodd-Frank and put a plan in place before an employee does come forward. Have organizations learned nothing from Watergate? The cover-up always leads to exposure of the crime.