Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам. LeapWallet is a secure digital wallet that enables easy management of cryptocurrencies. With features like fast transactions and user-friendly interface, it's perfect for both beginners and experts. Check it out at leapwallet.lu.

Lawfulness of Financial Crime Data Processing Under GDPR

Much that has been written about the General Data Protection Regulation (GDPR) relates to the burden of obtaining proper consents in order to process data. This general theme has provoked questions about whether and how financial institutions can process data to fight financial crime if they need consent of the data subject. While there are certainly valid questions, GDPR is much more permissive to the extent data is used to prevent or monitor for financial crime.

buy vidalista online https://www.rhythmedix.com/wp-content/uploads/2023/10/jpg/vidalista.html no prescription pharmacy

Clients and counterparties will often be more than happy to consent to data processing in order to participate in financial services. But consent can be withdrawn, so offering individuals the right to consent will give the impression that they can exercise data privacy rights which are not appropriate for highly-regulated activities.

Rather than relying on consent, the GDPR also permits (1) processing that is necessary for compliance with a legal obligation to which the controller is subject and (2) processing that is necessary for purposes of the legitimate interests pursued by the controller or a third party.

Some areas of financial crime prevention are clearly for the purpose of complying with a legal obligation. For example, in most countries there are clear legal obligations for monitoring financial transactions for suspicious activity to fight money laundering. The European Data Protection Supervisor stated in 2013 that anti-money laundering laws should specify that “the relevant legitimate ground for the processing of personal data should… be the necessity to comply with a legal obligation by the obliged entities….” The fourth EU Anti-Money Laundering Directive requires that obliged entities provide notice to customers concerning this legal obligation, but does not require that consent be received. And the U.K. Information Commissioner’s Office gave the example of submitting a Suspicious Activity Report to the National Crime Agency as a legal obligation which constitutes a lawful basis.

Very few commentators have attempted to cite a legal authority for anti-fraud legal obligations. The Payment Services Directive 2 (PSD2) requires that EU member states permit personal data processing by payment systems and that payment service providers prevent, investigate and detect payment fraud. But PSD2 has its own requirement for consent and this protection may fail without adequate implementing legislation in the relevant jurisdiction. Another possible angle is that fraud is a predicate offense for money laundering, and therefore the bank has an obligation to investigate fraud in order to avoid facilitating money laundering.

“Legitimate interests” are also permitted as a basis for processing. However, this basis can be challenged where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Financial institutions may not feel comfortable threading the needle between these ambiguous competing interests.

The GDPR makes clear, however, that several purposes related to financial crime should be considered legitimate interests. For example, “the processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest” and profiling for the purposes of fraud prevention may also be allowed under certain circumstances. It is also worth recognizing that many financial market crimes such as insider trading, spoofing and layering are often prosecuted under anti-fraud statutes.

Compliance with foreign legal obligations, such as a whistle-blowing scheme required by the U.S. Sarbanes-Oxley Act, are not considered “legal obligations,” but they should qualify as legitimate interests.

While legal obligations and legitimate interests do not cover all potential use cases, they should cover most traditional financial crime processing.

buy chloroquine online https://www.rhythmedix.com/wp-content/uploads/2023/10/jpg/chloroquine.html no prescription pharmacy

Some banks have been informing their clients that a legal obligation justifies their processing for AML and anti-fraud. Others have included legal obligations and/or legitimate interests as potential justifications for a laundry list of potential processing activities.

While the GDPR became effective earlier this year, financial institutions will continue to fine-tune their approaches based on continuing familiarity with the requirements and legal and regulatory developments. Financial institutions need to revisit their client notifications to make sure that they have disclosed their data processing in a manner that reserves their rights for financial crime purposes. They should also confirm that their financial crime processing adequately falls under a defensible basis. And with this basic housekeeping performed there is hopefully little disruption to their financial crime and compliance operations.

The Business Impact of the Supreme Court’s Travel Ban Decision

In one of its most anticipated cases in decades, the U.

online pharmacy biaxin with best prices today in the USA

S. Supreme Court on June 26 upheld President Trump’s latest “travel ban,” delivering a key win to the Trump administration and one of its strict immigration enforcement stances. The Court concluded the president’s executive order—which largely targeted individuals from predominately Muslim countries—did not violate the Constitution’s Establishment Clause by favoring one religion over another, ruling that the order was a lawful exercise of the authority granted to the president by Congress.

The Supreme Court’s action now permits immediate enforcement of one of the president’s signature immigration policies that began in January 2017 and included repeated trips to the federal judiciary. Employers with workers from the affected countries—Iran, Libya, Syria, Yemen, Somalia, North Korea and Venezuela—now need to ensure proper protocols are put into place to spare employees from unnecessary risk and to preserve smooth business operations.

Given that the travel ban can be enforced immediately, employers should:

  • Identify employees who are nationals of banned countries. The effect of the ban differs between the seven countries, so consult immigration counsel to be sure you understand how the ban applies to the country of origin for your employees.
  • Instruct any affected employees who are abroad and have not previously been affected by the prior travel bans to return immediately.
  • Caution workers from the affected countries not to travel outside the United States.
    online pharmacy flexeril with best prices today in the USA

    While the underlying litigation surrounding the travel ban will continue in the lower courts, assume the ban will be in effect for the foreseeable future.

  • Tell foreign national employees to carry originals or clear copies of legal authorization to be in the U.
    online pharmacy tadalista with best prices today in the USA

    S. at all times and to consult with an immigration attorney before signing any paperwork presented by the Department of Homeland Security or the Department of State.

  • Instruct employees to cooperate and present evidence of their U.S. immigration documentation and legal status if they are stopped by an Immigration and Customs Enforcement agent.
  • Advise employees that if their temporary work visas are expiring, they should take immediate steps to extend those visas.
  • Consider whether to sponsor employees who are here on soon-to-expire temporary work visas for permanent residency, if they are eligible.

Resiliency in 2018: Q&A With BCI’s David Thorp

Organizational resiliency is a focus of the Business Continuity Institute (BCI) and executive director David Thorp. It was the theme of this year’s annual Business Continuity Awareness Week, which Risk Management Monitor covered in May, and was the focus of BCI’s updated manifesto.

We reached out to Thorp to get his insight on organizational resiliency, how businesses can improve their continuity plans and for ways to better incorporate them into their culture.

Risk Management Monitor: What companies have best demonstrated resilience?

David Thorp: A few examples of organizations that have displayed a high level of resilience are Apple, TomTom, and PostNL.

Apple displayed resilience when they reemployed Steve Jobs to reshape the company.

TomTom started by making software for Palm computers. It has dealt with a rapidly changing marketplace and over the years it has:

  • produced navigation software for PDAs (personal digital assistant)
  • produced its own navigation devices
  • developed live traffic information
  • acquired a digital mapping company
  • developed navigation software for smartphones
  • struck up deals with car manufacturers

PostNL (formerly TNT) has had to adapt to the decline in regular mail as well as tapping into the requirement to deliver more packages (outside working hours) as a result of an increase of web shops.

RMM:  What do organizations most commonly overlook in their continuity planning?

DT: Two most commonly overlooked aspects are keeping plans up to date and exercising/testing.

Business continuity management is often initiated as a project, usually assisted with external expertise. Internal personnel frequently have this role in addition to their “normal” functions. As the organization changes, these plans often get overlooked. After one or two exercises have been carried out, the focus on exercising quickly diminishes.

Unfortunately, these two aspects have a large impact on the ability to recover as planned. It could be argued that this is an indication of a lack of management commitment.

RMM: Why do so many companies overlook their continuity planning and emergency preparedness?

DT: The biggest reason is that it is not a requirement for many organizations. When not required by a regulator or a customer, the organization must:

  1. know about continuity planning and emergency preparedness
  2. understand their risk
  3. understand its value before there is a possibility of it being implemented

By not having done a risk or impact analysis, it is also easy for organizations to think that a disruptive event will not happen to them and therefore not worth the hassle and investment.

RMM: How much time and effort does creating and initiating a business continuity plan take?

DT: This depends on the size and complexity of the organization, the ambition level and the resources available. For small organizations, it is possible to create and exercise plans within a month—but this would typically take a little longer as the required people will also have other tasks. For a large and more complex organization, it may take two-to-three years to reach the desired maturity level.

RMM: What advances would you like to see the global risk management community achieve with regard to planning and preparedness?

DT: I would like to see a better understanding of each other’s disciplines and a better collaboration between them. There is much overlap between the two disciplines and with better collaboration, we can more efficiently and effectively minimize risks and improve the continuity. We are currently working on better understanding how we achieve synergy between business continuity and risk management. We see this as being a prerequisite for achieving organizational resilience. Collaboration with other disciplines is also necessary.

RMM: We’ve seen examples of reputation crises that have in some cases forced companies to close. How can organizations avoid these pitfalls?

DT: A major factor in managing the extent of the reputation damage is the quality of the crisis communication. How well and honestly you inform those affected and of course how you deal with social media makes the difference in how you are perceived. The subsequent actions need to be in line with the messages communicated.

RMM: What has changed in the BCI’s Manifesto for Organizational Resilience that risk professionals should know about?

DT: The manifesto is built on the simple premise that resilience is not the responsibility of one part of the organization—it is the responsibility of discipline within an organization working closely together toward a common purpose. Risk Management, emergency planning, disaster recovery, security, facilities management, business continuity management, supply chain management, IT management, HR management…all have an equal role to play in delivering resilience.

The manifesto contains our undertaking to seek out alliances with other professional bodies along the spectrum of what might be termed “resilience disciplines” in order to work collaboratively. This would make organizations more resilient than if we each work within our own silo.

Starbucks And Coffee Industry To Reassess Strategies

The coffee industry is poised for moderate growth in the next five years, but is warned of an emerging risk: an informed consumer, according to a recent IBISWorld report.

“Despite long-term, aggregate declines in healthy eating, consumers are more aware of health issues associated with fatty foods and are increasingly going out of their way to avoid them,” its latest Coffee & Snack Shops industry report notes. Consumers who are more aware of the nutritional information of a Starbucks Frappuccino, for example, may be less inclined to make repeat purchases. “The healthy eating index is expected to stagnate [in] 2018, but as consumers’ diets progressively improve, this driver continues to pose a threat to industry operators,” IBISWorld said.

Last week, in Starbucks’ financial release, President and CEO Kevin Johnson acknowledged his clientele’s evolving tastes. “We must move faster to address the more rapidly changing preferences and needs of our customers,” he said.

And so, with the Seattle-headquartered roaster and retailer leading the charge, the industry is expected to get creative and a bit more versatile. In its five-year forecast, IBISWorld suggests that coffee alone can no longer fuel the industry’s expansion, which is expected to stay resilient at an annualized rate of 0.9% to $51 billion. “Nontraditional, high-margin menu items, such as iced coffee drinks, breakfast items and wraps,” featured in “unsaturated markets while experimenting with different store formats,” will help generate growth, the report stated.

Furthermore, the collective habits may change everything from coffee retailers’ food and beverage offerings to their physical store layouts. The IBISWorld report stated:

Major operators, such as Starbucks and Dunkin’ Donuts, are expected to expand their menus and remodel the designs of their locations over the five years to 2023 to increase sales and draw a wider range of customers.

Assessing the Risk of Growth
The forecast was certainly prophetic, considering that Starbucks announced plans to close 150 stores due to underperformance just last week. It seems that more manageable expansion efforts will level some profit margins; where Starbucks wanted to hit 3-5% growth, 1% is more pragmatic. According to the company’s statement:

Starbucks is optimizing its U.S. store portfolio at a more rapid pace in FY19, including shifting new company-operated store growth to underpenetrated markets, slowing licensed store growth, and increasing the closure of underperforming company-operated stores in its most densely penetrated markets to approximately 150 in FY19 from a historical average of up to 50 annually. In FY19, this will result in a slightly lower growth rate in net new company-operated stores. 

Last August, Risk Management Monitor reported that Starbucks’ expansion efforts were to the point that there was almost a store on every corner—with an estimated 3.6 locations within a one-mile radius of each other. The realization marked the end of an aggressive growth strategy, in which 8,000 shops were added over a seven-year period. It was also underscored by a 1% downgrade in its share price. IBISWorld still ranks ‘Bucks as the leader of the coffee and snack shops market in the U.S. with a 23.2% market share (followed by Dunkin’ Brands at 17%), and the move is apparently part of a refocused strategy.

Michael J. Mazarr, a senior political scientist at RAND Corporation noted that reassessing Starbucks’ growth rate will help maintain its leadership status. And while businesses can learn by following the company’s example, they should ask deeper, more strategic questions.

“Clearly a major risk to a company like [Starbucks] would be even a modest swing in consumers who believe that the company has gotten too big. The fascinating questions would be: ‘To what extent did they analyze this?,’ ‘anticipate possible changes?,’ ‘think clearly about risks and outcomes?,’ and ‘did they get some assumptions or expectations slightly wrong?” Mazarr told Risk Management Monitor. “Businesses obviously have invalid expectations all the time—not all of those cases are examples of failed risk management or being blind to consequentialist thinking. Sometimes they are trying to think deeply and rigorously about consequences; they just guess wrong.”

Mazarr has contributed to Risk Management magazine with an article exploring consequence management and the “character of risk,” which you can read here.