For risk professionals, the COVID-19 pandemic has increased the importance of ensuring customer and employee safety measures are incorporated into operations, processes and future strategies. As many businesses reopen from pandemic shutdowns or return from remote work arrangements, some enterprises are now exploring both the effectiveness and the risks associated with conducting health screenings that collect biometric information and other personal health data.
This month, New York City released the Biometric Information Law, a new measure that goes into effect on July 9 and imposes disclosure requirements on businesses that collect consumer biometric information.
online pharmacy ciprodex with best prices today in the USA
It also sets parameters on what they can do with that information, most importantly, prohibiting the exchange of biometric information for anything of value.
The measure requires a business that “collects, retains, converts, stores or shares biometric identifier information of customers” to place a “clear and conspicuous sign” near all consumer entrances that, in plain language, discloses the collection, retention or sharing of biometric information.
It stipulates that it is unlawful to “sell, lease, trade, share in exchange for anything of value or otherwise profit from the transaction of biometric identifier information.”
It establishes “an ‘aggrieved’ consumer’s private right of action,” meaning that “[a]ny person who is aggrieved by a violation by this chapter is entitled to commence an action to enforce its protections.”
There are key exclusions, however, as “governmental agencies, employers, or agents” are expressly excluded from compliance with any provision.
New York is not the only state to enact a law attempting to govern how organizations can use biometric information. Arkansas, California, Illinois, Texas and Washington have also set guidelines for businesses.
online pharmacy tenormin with best prices today in the USA
Indeed, the recent Risk Management Magazine article “Preparing for Biometric Litigation from COVID-19” addresses the imminent and critical questions businesses must answer when collecting and handling such data.
Sensitivities surrounding the confidentiality of biometric and other health information are not new in certain industries, such as healthcare. Further, even before COVID-19, risk professionals were already grappling with the risks associated with new biometric technologies and the data collected, especially with regard to facial recognition, wearables and even the rise in popularity of telehealth.
Now, with every organization on high alert about infectious diseases and how quickly they can interrupt business, health and safety have become top priorities for every risk professional in every sector.
online pharmacy xtandi with best prices today in the USA
As risk professionals look to new technology for help with these concerns, monitoring the emerging regulation and security risks around health and biometric technology will become increasingly critical in balancing benefit and risk to their organizations. Online Pharmacy https://galenapharm.com/ no prescription
Data security will continue to remain a significant threat, but New York’s Biometric Information Law should serve as a reminder that what the organization does with that data can also have a lasting impact on the enterprise’s reputation and consumer trust.
For more information to help risk professionals manage new health technology and data, check out these articles from Risk Management Magazine:
Today’s enterprises operate in a complex digital ecosystem that connects customers, vendors and partners and through which data is shared and transactions are processed. Because much of this is done through outsourcing of systems and services to third parties, many enterprises have dramatically increased the scale and complexity of their risk surface.
While companies are reliant on third and fourth parties to do business and often benefit from using such external services, these relationships also pose a risk to the enterprise’s sensitive data. Enterprises rely on these third parties to fulfill essential services and often expect them to secure the enterprise’s data in the process. Unfortunately, this does not always happen.
According to a survey by RiskRecon, a Mastercard company, and the Cyentia Institute, third-party risk practitioners said that 31% of their vendors could cause a critical impact to their organization if breached, while 25% claimed that half of their entire network could trigger severe impacts.
Recent catastrophic cybersecurity incidents like the SolarWinds case demonstrate that cyberrisk can come from supply chain layers beyond the company’s immediate third parties. These multi-party cyber breaches create a ripple effect and threaten to have a far greater impact than those affecting single companies.
Business leaders, third-party risk practitioners, and cybersecurity professionals are well aware of the potential impacts of third-party risk, yet many struggle to keep up. In fact, research shows that only 14% of third-party risk professionals are confident that vendors are capable of meeting third-party security requirements. Managing vendor risk can seem like an impossible problem, but the key is having greater visibility into your digital supply chain and monitoring the external parties that pose the greatest risks to your firm.
Traditional Risk Assessments vs. Continuous Third-Party Monitoring
Traditional risk assessment processes cannot fully address today’s dynamic cyberrisk landscape, as they can be difficult to validate, take a long time for both the vendor and the organization to process, and are pinned to a single point in time. Without a valid, current assessment, security teams are forced to prioritize vulnerabilities blindly, which ultimately compromises risk mitigation, and limits their value as an accurate barometer of third-party risk.
It can be easy and tempting to complete a third-party risk assessment in one month and then forget about it for another year, but third-party risk management is not a once-a-year project—it requires an ongoing program with ongoing monitoring. This may appear to be overwhelming, confusing and time-consuming. While there will always be more vendors to find, a well-structured and continuous third-party monitoring program can help your security team to prioritize.
It is also important to take action on the vulnerabilities these critical vendors produce and gain visibility into how to remediate these issues. Continuous third-party monitoring can not only help you identify and remediate risk, but can also serve as a helpful tool in communicating your organization’s security hygiene to board members or executive leadership.
Below are practical steps that cybersecurity teams and risk professionals can take to better manage their organization’s third-party cyberrisk:
Ask the right questions: Build and collect security questionnaires that ask important questions about how a vendor is handling the company’s data. To better manage risk, security teams need insight into the technologies that are being used internally and externally by third parties, fourth parties, and beyond.
Assign a risk rating: Based on the answers to the questionnaires, assign the vendor a risk rating. By having a clear understanding of a vendor’s security posture, the security team can then rank vulnerabilities in order of priority, so they know which issues to tackle first.
Take action: Create custom-fitted risk action plans so you can immediately start engaging with your vendors on remediation. If a vendor’s cyber risk degrades or an element falls out of policy, you will be notified instantly. By having accurate visibility into supply chain risk, security teams can then use that information to make decisions about whom to share data with moving forward.
By utilizing these best practices, organizations can better manage their third-party risk, further reduce overall risk, increase cyber visibility, and improve the quality of vendor and supplier networks.
Despite recent volatility, more than 60% of risk executives surveyed in a recent PwC US Pulse Survey were optimistic about the global economy, as well as the state of the pandemic recovery. This optimism could stem from a greater alignment between risk functions and the business. Fifty percent of risk management executives reported interacting more with the C-suite, and 42% said they interact more with the board level. Nearly half of respondents said that risk functions and capabilities are now embedded in the business operations that are driving transformations.
Risk functions were once considered tactical and reactive, and often seen as a roadblock to business decisions. Infusing risk management into corporate planning allows an organization to think about compliance responsibilities in a proactive and strategic manner—moving risk and regulatory functions from a back-office cost to a competitive advantage. Staying ahead of uncertainties while also bolstering planning with data helps make companies stronger and more resilient.
Many companies spent the last decade overspending on risk management as they attempted to keep up with compliance and regulatory shifts, frequently lagging behind changes in policy. They often invested heavily in new technologies and data collection, but failed to create efficiencies by integrating those systems across largely siloed business functions. The swift onset of the pandemic made many organizations come to terms with the reality that an entire organization didn’t need to be reimagined in order to implement technological transformations, and that there was still a disconnect between many of the piecemeal systems that had been previously put in place.
Now, executives are increasingly seeing the value of risk management as a strategic advantage. It allows companies to grow in areas with less mature risk management functions, like taking on higher risk clients or entering new geographies. More intelligent monitoring also allows for increased efficiencies and reduced compliance costs.
Integrating AI and automation into the investments that have already been made can help streamline the risk management and compliance processes. Many companies still have room for improvement; only 25% of risk professionals said they were implementing new risk management technologies in 2021 and only 19% said it was a priority to integrate risk management tools onto a single platform.
By automating and enhancing risk management functions, organizations can:
Strategize for entering new markets. Make more informed decisions about entering a new market by taking into consideration a shifting regulatory environment and increasingly complex supply chains. Taking on high risk customers relies on analytics and transaction monitoring systems in order to identify potential suspicious activity.
Increase speed to respond. Automation and technology-led monitoring of policy and negative news helps position companies to respond more quickly to regulatory bodies and head off negative events before they go viral.
Allocate costs efficiently. No longer duplicate costs by operating the departments of your business in a siloed fashion. Leverage case management and workflow systems to aggregate control failures or suspicious activity by customer or focal entity, allowing you to evaluate the root cause and apply analysis across multiple control failures.
Enter new business partnerships more confidently. Know the risks of a potential business partnership and get deeper insights into the impact a business partner or vendor’s supply chain could have on your business. Vendor risk management and contract analytics technologies can monitor whether business partners are adhering to their terms and conditions.
Reduce the impact of new requirements. Identify the blind spots and shed light on the potential risks within your enterprise system so you can quickly take action early in the process, allowing your organization to avoid fines when implementing new regulatory requirements.
Regulators and other stakeholders are increasingly calling for the organization of risk management functions under one cohesive point of view. By fixing the disconnects and setting a collaborative tone, you give senior executives more cohesive insights and allow them to adopt more extensive views on the organization’s risk profile.
“There are more and more courageous conversations happening in business about gender parity and barriers for women in business,” said Tina Gardiner, manager of risk management services for Regional Municipality of York, Canada, and member of the RIMS board of directors. “While women are still underrepresented at the executive level largely due to gender bias, I am pleased to see changes happening at a rate much faster than ever before.”
Indeed, significant challenges remain in gaining true equity and eliminating the gender gap in risk and insurance, but there are also more resources, momentum and mentors than ever before.
“One of the biggest barriers I faced as a young woman starting a career in risk management was operating in an environment where there wasn’t really the benefit of high-level female role models or mentors,” said Carrie Cannataro, senior vice president of client services at Gallagher Bassett, noting the dramatic evolution since she entered the space in the mid-’80s. As more women have earned senior leadership roles, female risk professionals are increasingly strengthening both the risk profession itself and the prospects of other women fighting for a seat at the table. As Cannataro noted, “We can only be successful if we immerse ourselves within a network of collaborative and positive influences.”
To that end, I recently put out a call on social media asking women in risk to share their best advice for others who are trying to advance in the risk profession and who identify as female. Originally, the goal was to celebrate Women’s History Month by spotlighting women in risk and insurance in March, and it has been wonderful to see initiatives to highlight and advocate for women across the industry for the past 31 days. Equity and excellence from half the population should span far more than a month, however.
In that spirit, here’s some of the valuable insight of women advancing risk management year-round, and their advice to fellow female risk professionals looking to advance their careers in risk:
“There are tremendous opportunities for women in risk management. However, to reach your potential and really excel in this field, women can’t be afraid to speak up. We must ask for the resources we need and seek out opportunities that might take us out of our comfort zones but that also offer a platform for us to share our knowledge and expertise.” – Kristen D. Peed, CPCU, RPLU, CRM, AIC, ARM-E, corporate director of risk management and insurance at CBIZ, Inc. and member of the RIMS board of directors
“In my experience I have found women in risk management are strong in their support and encouragement of each other through networking, mentoring, celebrating and sharing stories about career journeys. We need to keep investing in each other by pushing boundaries and comfort zones in the positions we apply for, the salary levels we expect, the credentials we earn and the workplace environment we demand. We need to actively engage in the socialization of gender equality, inclusivity, combating imposter syndrome and workplace flexibility for shared family responsibilities. The future we want and deserve is ours to create for each other.” – Tina Gardiner, B.Sc., CRM, CIP, manager of risk management services for the Regional Municipality of York
“I’m committed to supporting women in the workplace and believe it’s crucial that we pave the way for future generations. I’d offer the following advice: 1) Own your development and invest in yourself. 2) Establish a personal growth/career goals, including strategies and tactics on how to achieve them and timelines. Review regularly to monitor progress and celebrate wins. 3) Create a personal board of directors and mentors, and seek feedback from them. 4) Give back and gain valuable experience via joining a non-profit board. 5) Network, network, network.” – Soraya Wright, RIMS-CRMP, vice president of strategic initiatives at RIMS, and founder and chief risk officer of SMW Risk Management Consulting LLC
“Women have been the cornerstone of this profession since its inception. I applaud all of those who came before us and laid a foundation for us to grow and succeed, as well as those inspiring women who are determined to leave their own mark on this profession. For women to succeed in risk management, we must support each other. We must create opportunities for others to demonstrate their knowledge and capabilities, achieve their goals and advance professionally.” – Penni L. Chambers, CPRM, CIC, CRM, ARM, vice president of risk management for Hillwood, a Perot Company, and member of the RIMS board of directors
“One of my biggest pieces of advice for women working in risk is that working hard by yourself is not the answer. We need to seek out relationships that inform and support our advancement. Whether it’s a mentor, coach or other professional network, there are plenty of ways we can seek help in defining rewarding and realistic career opportunities and put those opportunities within our reach.” – Carrie Cannataro, senior vice president of client services at Gallagher Bassett
“Persistence and communication. Not everyone hears information the same way. Think about your audience as you communicate fact-based information and gut instincts. If you’re not heard the first time, don’t give up! You may need to change your wording, timing, or examples in order to get your point across.” – Katherine Gledhill, MBA, vice president of finance and accounting at RIMS and CFO of Spencer Educational Foundation
“Growth and comfort do not always happen at the same time. You have to get comfortable doing things that are out of your comfort zone. This is where you’ll really grow, when you challenge yourself beyond what you think is possible. As women, we must build each other up and constantly look for ways to learn from and support one another. I’d also strongly encourage women to consistently assess their values and take the time to prioritize them throughout their careers. This will lead to sustainable happiness and success in both your personal and professional life.” – Grace Grant, executive director at Gamma Iota Sigma
“Pick an area that interests you and become an expert. Being an expert takes time, but once you have this knowledge, no one can take it away. You must always continue to learn and expand your knowledge base. A solid foundation will support and allow you to take chances that a generalist cannot. You can gain this expertise by moving within one company/industry, one line of business, or geographically—just be clear on what your focus is. Women are often undermined or challenged on technical issues. However, if you have developed the needed expertise, you are more likely to challenge confidently with fact and figures. As you build your career, you will learn that people trust and respect experts, as experts understand their business better and can predict trends and drive the business more effectively.” – Ciara Brady, global head of liability for Allianz Global Corporate & Specialty
