Category Archives: Risk Management

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

Earth Day 2020: What Does Climate Change Mean for Risk Management?

Posted on by

On Earth Day 2020, risk professionals can reflect on ways to protect both the environment and their businesses. Worldwide, climate change poses countless risks, including increasing the frequency and magnitude of natural disasters, reducing access to resources and disrupting supply chains.

To celebrate Earth Day and help risk management professionals address environmental risks and climate change, here is a roundup of some of our coverage from the past year about these critical topics:

From Risk Management Magazine:

Aligning Sustainability and Risk Management: A collaborative approach between sustainability and ERM can best drive real change.

Taking Action on Climate Change: As the potentially devastating impacts of climate change become clear, risk managers must assess the resulting risk exposures and ­opportunities for their companies.

Insurers Divest from Coal Over Climate Risks: Insurers are pulling coverage and investments related to the mining and use of coal.

Will Climate Change Impact Reinsurance Rates?: As natural disaster losses mount, the reinsurance response could spur action on climate change.

Getting Serious About ESG Risks: Investors are increasingly scrutinizing environmental, social and governance activity.

From the Risk Management Monitor blog:

Venice Sees Near-Record Flooding: The city of Venice, Italy, faced the worst flooding of its famous canals since the devastating floods of 1966, suffering major economic impacts.

Catastrophic Floods More Frequent in 2019: Major flooding has become a normal occurrence for many regions of the country, and by all indications, it is becoming worse each year.

Global Heat Waves Signal Climate Risks: The pattern of dangerous heat waves has become a yearly occurrence across the globe. 

Texas Study Shows Business Impact of Major Storms: The large storms hitting the coast of Texas are having serious impacts on industries across the state and country.

Limit Organizational Exposure During the Polar Vortex: Tips for protecting businesses during the frigid weather phenomenon.

Putting Risk Management on the Front Line

Posted on by

Businesses in India expressed an overwhelming desire to approach risk management more strategically in this year’s Excellence in Risk Management India report, with 68% of respondents deeming “integrating risk management into strategic planning” their top priority. Today, managing risk intelligently is everyone’s responsibility—not just the company’s executives—and the question of how to enable risk management at the front line of defense (FLoD) was a key theme for Marsh’s “Enabling the First Line of Defense” panel discussion at the RIMS Risk Forum India 2019. Consistently taking the initiative is key to risk management, and panelists discussed a number of proactive strategies for enabling front-line employees to address risk.

Enabling the First Line of Defense

As risk responsibilities move to the front line, organizations will need to review how their risk framework can be adapted. To equip everyone to confidently handle risk, risk management needs to be more intuitive. Data and analytics can also play a significant role in making the process more collaborative, measurable and strategic. Backed by technology, many firms are now not only able to prevent downside risks, but have capitalized on new markets, opportunities and changes in demand.

Panelists expressed that risk management was not a priority for frontline staff like sales executives, who are more likely to be encouraged to meet sales KPIs. Reflecting on his time within financial services, panelist Sudip Basu, Hinduja’s group head of risk, said that during peak times, risk was not an important consideration, and rarely outweighed more immediate profit and success motivations. Of course, self-examination happens during down-turns, which the sector has experienced over several tumultuous decades, both in India and globally. Basu said that this was definitely the case after the global financial crisis.

Bake Risk Management into KRAs

One key activity that the panelists flagged was baking risk management into key responsibility areas (KRAs) so that risk management messaging cascades down to the front line and into business activities. However, the panelists also expressed concern about the level of monitoring being implemented alongside these KRAs, stressing the need for follow-through on good intentions and highlighting this as an area of development needed for success.

Celebrate Successes

Celebrating success is far from an unfamiliar concept, though firms may need to address how success is measured and at what level. According to panelist Jyotsna Sharma, Bridgestone India’s chief financial officer and head of IT, firms are very good at celebrating risk management successes at the senior levels, but not as good at recognizing it for front-line teams. Sharma said that it would be beneficial to build in small acknowledgements for front-line teams and employees who have done exceptional work, have been proactive or have demonstrated risk management best practices.

Acknowledge Incremental Gains

The panelists also stressed the importance of incremental gains. A  change in the front line’s perception of risk management is not likely to happen overnight. If only key milestones or large events are recognized, it could be harder to gain buy-in and ongoing support from teams on the ground. Much like celebrating wins achieved by the FLoD, acknowledging incremental gains helps the team to view the journey to success as a process, and could help FLoD initiatives to more easily gain momentum.

While the FLoD is traditionally associated with operational management, as risks grow increasingly complex and interrelated, risk management is no longer only the purview of control functions, particularly when major influences from regulatory and broader economic environment exist. Ensuring that there is adequate awareness of risks—while rewarding successes across various levels of the organization—is critical for organizations to cope with risk in the current business environment.

Spotting Coronavirus-Related Phishing Emails

Posted on by

Amid widespread public concern and constantly evolving news about the COVID-19 pandemic, cybercriminals are finding new fodder for phishing campaigns. With the eagerness for new information about the coronavirus outbreak, distraction during disruption, and the disorienting shift to remote work for many, employees may be particularly susceptible to falling for these schemes right now.

Some of these phishing emails play off companies having employees work from home to launch credential-stealing attacks. Such phishing campaigns may impersonate IT teams or may direct recipients to fake login pages to access work networks or accounts remotely. See the screenshot at right for an example. Email security firm Mimecast’s Threat Intel team reported seeing over 300 examples of such a campaign using a fake OneDrive login.

“We see that threat actors are keeping up with the daily developments concerning the coronavirus,” said Mimecast’s Threat Intel team. “As the pandemic continues to spread and more and more people are made to work from home, we are seeing more phishing emails that are trying to trick users into giving their credentials through a faked login page. Threat actors are actively utilizing this pandemic to attempt to compromise individual’s accounts and organization’s networks. The potential for human error will inevitably increase in the coming weeks and we expect to see more of these phishing attempts in the coming days and weeks.”

Other phishing scams purport to be new updates from government authorities or public health organizations, directing recipients to click malicious links for updates on the spread of the COVID-19 pandemic, new containment measures ordered by governments, or local advisories. Last month, the World Health Organization warned that some criminals were spoofing WHO officials to send fraudulent emails, and Kaspersky Labs reportedly found emails spoofing the CDC asking for Bitcoin donations to help fund a coronavirus vaccine. Some other phishing emails include malicious attachments purporting to be tips for protecting yourself from the coronavirus or maps of the outbreak, for example, but actually contain malware.

“We are living in a heightened time of cyberrisk,” said David Simpson, Virginia Tech professor and former chief of the Federal Communications Commission’s Public Safety and Homeland Security Bureau. “Cybercriminals will take advantage of public fear and due diligence health measures to generate coronavirus-themed phishing attacks. We should be aware of unsolicited COVID-19 emails with specious links or attachments.”

To help employees detect these scams, check out the following infographic from Cofense’s Phishing Defense Center for tips on spotting coronavirus-related phishing emails:

Mitigating Payment Fraud Risks

Posted on by

For businesses that thrive on person-to-person transactions, cash is quickly being replaced by cards, as well as tap-to-pay systems, mobile wallets and QR-based payment systems. These technologies will continue to dominate the market in the near future, but the long-term future of the payment card industry will likely be shaped by the impact of blockchain and artificial intelligence. These developments will eventually also impact risk management, marketing and financial planning, as they present opportunities for serious risks, including fraud. Hence, it is imperative for risk management professionals to plan for these short- and long-term changes in the industry.

Strong risk monitoring requires proactively assessing threats and planning mitigation measures to minimize risk impact on the company or organization. To help mitigate payment fraud risks, businesses can take the following steps:

Train your Employees Regularly

The more regularly you train your employees, the more likely are they to spot suspicious behavior, no matter what payment technology the business uses. Repeated and regular trainings are essential because employees tend to forget what they have learned with time. These training workshops should teach the workers to never accept damaged cards from customers, confirm customer identities, and never enter a card number manually.

Use Contactless and EMV-Enabled Terminals

As payment technology changes, businesses must evaluate what options are safest and least prone to fraud. Currently, businesses should use EMV (short for Europay, Mastercard and Visa), which involves chips embedded into payment cards—a significant step in making transactions safer. The introduction and adoption of EMV-enabled secure terminals, particularly when using PIN and EMV security together, has helped merchants and customers prevent fraudulent transactions.

Contactless smartcards such as chip and magnetic stripe cards use contactless payment, which can present another secure way to process transactions. Most EMV terminals are also enabled with contactless payment. At such terminals, a fast and secure transaction is possible using Near Field Communication (NFC) or Radio-Frequency Identification (RFID) via smartcard or smartphone. If a merchant chooses to use contactless payment without PIN, they can put a limit to the amount spent on each contactless transaction to further minimize risk.

Beware Uncommon Transactions

Transactions that involve unusually large purchases could be a sign of potential fraud. Businesses should examine such transactions closely and confirm the identity of the customer. Similarly, if several purchases are made with a card in a short timeframe, it could indicate that the card was stolen and being used by someone other than the owner.

Maintain Online Security

As merchants and consumers shift to contactless and EMV-enabled point of sale terminals, risk has shifted towards online transactions. To mitigate this risk, it is important for online businesses to use the Address Verification Service (AVS), which verifies that the billing information matches the one registered with the card issuer. Vendors should also ask for Card Verification Value 2 (CVV2) to verify that the user has the card in hand when placing the order. Another important check is to put a limit on an IP address for the number of cards it can use for online transactions.

Prevent Employee Fraud

Employee fraud is always a major concern for risk management professionals.  Businesses should remember to keep an eye on credit card activity, particularly returns, as employee theft often shows up in fake discounts or returns. Companies should create alerts that set limits on returns at stores and notify management any time those limits are exceeded.