Category Archives: Reputation Risk

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

Greenberg, New York State Settle Long-Running Civil Case

Posted on by

One of Wall Street’s longest-running dramas closed Feb. 10 as New York State and Maurice “Hank” Greenberg finally ended a legal clash which began in 2005 under the stewardship of then Attorney General Elliot Spitzer.

Former American International Group, Inc. CEO Greenberg and the Attorney General’s office reached a settlement over accusations that the company engaged in fraudulent transactions to boost reserves and hide losses.

Greenberg, who was chairman and CEO of AIG from 1967 until his ouster in 2005 and now serves as chairman and CEO of C.V. Starr & Co., will pay some $9 million to end his role in the saga. Also, Howard Smith, former AIG CFO and Greenberg’s lieutenant will pay $900,000 to settle the charges stemming from two alleged transactions designed to misrepresent company finances.

This included a $500 million deal in the year 2000 with reinsurer General Re, part of businessman Warren Buffet’s Berkshire Hathaway Inc., to pad AIG’s loss reserves. Greenberg allegedly initiated the Gen Re deal with a call to the company’s CEO.

The two former AIG leaders were also said to be involved in a deal with Capco Reinsurance Co., which masked a $210 million underwriting loss as an investment loss.

The sums paid by the men are related to performance bonuses earned from 2001 to 2004, according to New York Attorney General Eric Schneiderman, who inherited the long-running conflict. Schneiderman sought to ban the men from the securities industry and from serving as directors and officers of public companies as part of the settlement, which ultimately did not include these provisions.

Schneiderman had previously dropped a $6 billion damage claim against Greenberg and others, once a class action settlement was approved in 2013 under which Greenberg paid $115 million to AIG shareholders.

A 2009 settlement with the U.S. Securities and Exchange Commission over charges related to AIG‘s accounting saw Greenberg pay $15 million and Smith $1.5 million to the agency.

Late last year Greenberg and the Attorney General’s office turned to mediation after trial testimony had already begun in state court. The mediation, which ultimately produced the settlement, was run by alternative dispute resolution specialist Kenneth Feinberg.

The finale to the case was perhaps more of a whimper than a bang, with settlements hardly headline-grabbing and no one admitting to much more than accounting slips.

In a press release from the N.Y. State Attorney General’s Office, Schneiderman sounded a triumphant tone. “Today’s agreement settles the indisputable fact that Mr. Greenberg has denied for 12 years: that Mr. Greenberg orchestrated two transactions that fundamentally misrepresented AIG’s finances,” Schneiderman said in the statement. “After over a decade of delays, deflections, and denials by Mr. Greenberg, we are pleased that Mr. Greenberg has finally admitted to his role in these fraudulent transactions and will personally pay $9 million to the State of New York.”

Greenberg, who was unapologetic, in his statement said, “The Gen Re transaction was done for the purpose of increasing AIG’s loss reserves, and the Capco transaction was done for the purpose of converting underwriting losses into investment losses. I knew these facts at the time that I initiated, participated in and approved these two transactions…As a result of these transactions, AIG’s publicly-filed consolidated financial statements inaccurately portrayed the accounting, and thus the financial condition and performance for AIG’s loss reserves and underwriting income.”

The pundits had their say as well, split as to what it all meant.

“The taxpayers of New York State should be furious,” said the Wall Street Journal’s Paul Gigot, editorial page editor. “The $9 million fine amounts to pin money for Mr. Greenberg…It won’t come close to covering the state’s costs for pursuing the case over so many years…The real lessons of the Greenberg case start with the absurd lengths that progressive prosecutors will go to punish capitalists they don’t like,” Gigot said.

Mr. Greenberg’s lawyer David Bois called the deal with the Attorney General a “nuisance settlement,” according to the New York Times.

Others were less forgiving of Mr. Greenberg. “Just because he hasn’t pled guilty to fraud doesn’t mean he’s been vindicated,” David Schiff, a former insurance analyst who followed AIG, told the Times.

Business Interruption Seen as Top Risk Globally

Posted on by

A survey of more than 1,200 risk managers and corporate insurance experts in over 50 countries identified business interruption as the top concern for 2017. According to the sixth annual Allianz Risk Barometer of top business risks, this is the fifth successive year that business interruption has been seen as the biggest risk.
top-10-risks

“Companies worldwide are bracing for a year of uncertainty,” Chris Fischer Hirs, CEO of AGCS said in a statement. “They are concerned about rather unpredictable changes in the legal, geopolitical and market environment around the world. A range of new risks are emerging beyond the perennial perils of fire and natural catastrophes and require re-thinking of current monitoring and risk management tools.”

While natural disasters and fires are what businesses fear most, non-damage events such as a cyber incident, terrorism or political violence resulting in denial of access are moving higher up on the scale, according to the report. These types of incidents can cause large loss of income to companies, without actual physical loss.

The second concern, market developments, could result from stagnant markets or M&As, or from digitalization and use of new technologies.

Cyberrisk, third on the list of perils, has jumped up from 15th place in just four years. Cyber was identified as the second concern in the United States and Europe.

According to Allianz:

The results indicate that cyber risk occupies a significant portion of a company’s exposure map. The risk now goes far and beyond the issue of privacy and data breaches. A single incident, be it a technical glitch, human error or an attack, can lead to severe business interruption, loss of market share and cause reputational damage. Of the top 10 global risks in the 2017 Allianz Risk Barometer, a cyber incident could be a potential root cause or trigger for 50% of them. In addition, the toughening of data protection regulation regimes around the world is also contributing to this risk being at the forefront of risk managers’ minds, as penalties for non-compliance are increasingly severe.

Fourth on the list, natural catastrophes added up to $150 billion in total economic losses in 2016—with insured losses accounting for $42 billion of those losses—up from $28 billion in 2015, according to the report. Businesses also are more concerned about the impact of climate change and increasing weather volatility year-on-year.

Trump outlook for 2017

“Opportunities and challenges,” says Ludovic Subran, head of Euler Hermes Economic Research and deputy chief economist of Allianz research. “Companies which are domestic, either a regional multinational or national, will benefit. However, the business environment for large multi-national corporations who do have global, strongly regionally diversified business models will be more challenging. Stronger regional interests will make the lives of companies more complicated as there will be increasing protectionist regulation.”

Key Steps to a Robust Risk Management Program

Posted on by

rm-monitoring
Our business environment is constantly changing—technologies improve, regulations are modified, competition increases, and demand evolves. Effective risk management grants an ability to adapt to these changes.

Recent headline events, including the Volkswagen emissions deception, the Wells Fargo scandal, and the penalty paid by Dwolla to the Consumer Financial Protection Bureau (CFPB), illuminate powerful motivators for strong risk management programs. Key to a robust program is preventing stressful, and possibly catastrophic, surprises.

When Plains All American Pipeline failed to detect corrosion in its pipeline, for example, the result was a 3,000-barrel oil spill and millions of dollars in fines. The corrosion had run under the radar because the company did not delegate sufficient inspection resources and did not maintain proper procedures and systems for preventing problems from escalating into emergencies. Risk management best practices, however, could have standardized these procedures throughout the organization and prevented the disaster from occurring.

Complying with regulators like the SEC and CFPB
Dwolla, a small, private e-commerce and online payment company, was found by the CFPB to be guilty of risk management negligence for inadequate data security practices. The catch is that Dwolla did not suffer a data breach and none of its customers were compromised.
buy avanafil online https://galenapharm.com/pharmacy/avanafil.html no prescription

The CFPB fined Dwolla $100,000 as part of its increased focus on companies’ existing prevention strategies. Regulators are no longer simply pursuing organizations that have suffered risk management incidents; organizations need to take proactive approaches rather than simply hope to get by.

Improving productivity and encouraging innovation
An independent, peer-reviewed report, “The Valuation Implications of Enterprise Risk Management Maturity,” published in The Journal of Risk and Insurance, proved that organizations with mature ERM programs (as defined by the RIMS Risk Maturity Model) can achieve a 25% firm valuation premium over those without. Risk management does not have to be a burdensome addition to daily responsibilities—and if it is executed properly, it won’t. It simplifies daily operations by increasing transparency and allowing more resources to be devoted to value-add activities, like product development and customer services.

Checklist for evaluating your risk management efforts

A better question than “does my organization perform risk management?” is “how effectively does my organization identify and mitigate risks?” The following checklist outlines characteristics common to effective risk management programs. Your organization should prioritize development in these areas.

  1. Effective risk management governance

Boards, through their risk oversight role, are accountable for a risk’s material impact, whether the cause is at the executive level or on the front lines. The SEC considers “not knowing about a material risk” negligence, which carries the same penalties as fraud.

  • The board must monitor the effectiveness of the organization’s risk management process, ensuring it reaches all levels and business areas.

  • Internal auditors must independently confirm the board is informed on all material risks.
  • All material risks must be disclosed to shareholders, along with evidence that they are effectively mitigated.
  1. Performance management and goal management
  • Divide corporate objectives into business-unit contributions.
  • Identify business processes contributing to a goal within each business unit.
  • Cascade goals to all front-line managers within contributing processes.

  • Aggregate goal assessments and determine links between contributing business processes.
  1. Consistent risk identification and prioritization

Risk assessments must address more than high-level concerns. Effective assessments drill into risk events, uncovering the root cause, or problem “driving” the risk. Repeatable risk assessments are based on common numerical scales and scoring criteria across departments.

  1. Actionable risk tolerances

Risk appetite is a high-level statement that serves as a guide for strategic decisions. In order to be actionable, it should be accompanied by its quantitative cousin, risk tolerance. Risk tolerance is an effective monitoring technique for key performance goals and risk metrics.

  1. Centralized risk monitoring and control activities

Risk managers need to do more than design processes to identify risks and appropriate responses. A critical third component—monitoring—is the verification of a control’s effectiveness over the risk. A few key things to keep in mind to make monitoring effective:

  • Adjust risk assessments over time (spend less time on risks with decreasing indexes).
  • Reduce testing by identifying areas that can share controls (increase organizational efficiency).
  • Link risks and activities to determine which processes need to be monitored (prioritize activities/initiatives).
  • Monitor business metrics (discover concerning trends before they affect the organization).
  1. Forward-looking risk and goal reporting and communication

In order to continue funding their organizations’ risk management programs, boards need evidence that those programs are working. Risk managers should ask two basic questions before reporting to the board:

  • How might identified risks affect the board’s strategic objectives and key concerns?
  • Which metrics or trends most validate the program’s effectiveness?

These items are just a starting point for an analysis of your organization’s program. For a more in-depth blueprint and “state of ERM” report, take the RIMS Risk Maturity Model (RMM), a free best-practice assessment tool that scores risk management programs and generates an immediate report of your organization’s risk maturity.

Wells Fargo: What Should Have Happened

Posted on by

wells-fargo

When Wells Fargo fired 5,300 employees in September for inappropriate sales practices, then-CEO John Stumpf approached the scandal with an outdated playbook. In response to the $185 million in fines levied by regulators, he first denied any knowledge of the illegitimate accounts. Attempting to mitigate press fallout by distancing the company from a group of “bad eggs” acting independently is not the answer, however. Even if Stumpf had maintained this assertion of innocence, changes in the risk environment over the past few years demand a proactive approach.

Rather than simply deflecting responsibility in these situations, executives must be able to accomplish two things:

• Provide historical evidence of due diligence and risk management (if such a program was actually used)
• Demonstrate how the company is adjusting its policies and/or implementing new policies to ensure a similar incident doesn’t happen in the future

In 2010, the SEC’s Proxy Disclosure Enhancement (rule 33-9089) explicitly made boards of directors responsible for assessing and disclosing risk management effectiveness to shareholders. It mandates the use of risk monitoring systems to demonstrate that existing controls (mitigation activities) are effective. Under this rule, “not knowing” about an activity performed by employees is considered negligence.

buy phenergan online blockdrugstores.com/wp-content/uploads/2023/10/jpg/phenergan.html no prescription pharmacy

This is a crucial development; negligence carries the same penalty as fraud, but it does not require proof of intent. The Yates Memo (2015) gave the SEC ruling more “teeth” by requiring organizations to provide the Department of Justice with all the facts related to responsible individuals.

As a result, many companies have suffered significant penalties and frequently criminal charges, even though their executives were allegedly unaware of illicit activities. Consider the emissions scandal at Volkswagen and fines paid (to the SEC) by global health science company Nordion Inc. In both instances, deceptions were perpetrated by individuals below the executive level, but senior management’s inability to detect/prevent the incidents came back to bite them.

How to Prevent Risk Management Failures at Your Organization

John Stumpf’s approach should have started with an admission of Wells Fargo’s failure in risk management processes across the enterprise, followed by evidence that a more effective, formal enterprise risk management process is being implemented. For example, risk assessments must cascade from senior management down to the front lines and across all business silos. This ensures that the personnel most familiar with operational risks (and how to mitigate them) can keep the board informed.

In other words, instead of simply apologizing and attempting to provide restitution, Stumpf should have demonstrated that Wells Fargo is taking proactive risk management measures to protect its many stakeholders.

buy hydroxychloroquine online blockdrugstores.com/wp-content/uploads/2023/10/jpg/hydroxychloroquine.html no prescription pharmacy

It is the company’s duty to ensure that something like this never happens again.

The scandal is predictably following the same track as have previous failures in risk management: it starts with regulatory penalties, then leads to punitive damages, class action lawsuits, and finally, criminal charges and individual liability, depending on the particular case.

buy bactroban online blockdrugstores.com/wp-content/uploads/2023/10/jpg/bactroban.html no prescription pharmacy

The key to this pattern is the absence of adequate risk management, which means negligence under the new enterprise risk management laws, regulations and mandates passed since 2010.

The good news is that avoiding serious, long-term consequences is possible if proper actions are taken. For example, by providing a historical record of risk management practices, Morgan Stanley avoided regulatory penalties when an employee evaded existing internal controls. Other corporations that can provide evidence of an effective risk management program (risk assessments, internal controls that address risks, monitoring activities over these internal controls, and an electronic due-diligence trail) are largely exempt from punitive damages, class-action lawsuits, and possible jail time.

When implemented proactively, effective risk management systems have and will continue to prevent scandals, regulatory fines, litigation and imprisonment. For a more in-depth analysis of the Wells Fargo scandal, read the LogicManager blog post “The Walls Fargo Scandal is a Failure in Risk Management.”