Global Featured Wired

Getting Practical With Emerging Risks

BRINK News -

Yesterday’s BRINK article on the outlook for global risks depicted a fractured and fractious world, characterized by the confluence of far-reaching technological disruptions and seismic shifts in political and geopolitical imperatives. The extraordinary velocity of change that is spurring many companies to question not just their basic resilience, but also their fitness for purpose in the new world order is also influencing expectations of risk management.

If robust finances were the major corporate concern during and after the financial crisis, the key issue these days is market positioning. If back then the risk management buzzwords were prudence and controls, now they are business case support and responsive agility. Staying out of—or exiting—certain markets for fear of an unwelcome shift in the political climate might prove expensive, not least if competitors are more bullish. Likewise, the pressure for adopting new technologies is intense, even where near-term performance benefits are uncertain and longer-term ecosystem effects unclear.

As our new report contends, risk leaders should devote more resources to grappling with emerging threats. While this doesn’t mean tasking teams with predicting the future, it does call for a stronger role in challenging prevailing assumptions and giving shape to key uncertainties in a way that illuminates the impact of plausible scenarios and informs senior management decisions. It involves recognizing not just that new risks are appearing on the horizon, but that operational risks may become strategic risks, known risks may become unknown, controllable risks may become uncontrollable, and risks assumed to be acceptable may acquire “fat tails.”

From Identification to Action

Three things are essential if work on emerging risks is to remain true to the messiness of these issues and also be truly integrated into corporate decision processes. These are: creatively exploring the sources of risk; embedding a thorough risk characterization in impact analyses; and being able to justify potential responses.

The search for emerging threats requires looking beyond the issues that can immediately and easily be anchored to business performance. Unpack hot risk topics and trends to see how different—often non-market—forces might surge or collide in problematic ways. Tease out pockets of volatility or uncertainty in the firm’s commercial ecosystem. Apply a fresh lens to the firm’s strategic and institutional vulnerabilities.

It’s often unwise to dismiss possible risk topics too early—they may combine with other ideas and be useful later. And don’t worry at the outset whether something is a risk, a driver or a consequence—that can be resolved in due course. A preparedness to challenge “house truths” is vital, as is not constraining discussions by views on probability (“the chances of that happening are tiny”).

A thorough characterization of the top emerging risks involves assessing what’s shaping each risk, their likely trajectory and its potential consequences, with a view to determining where it might touch the firm, the types of impact and the time profile of the damage. This helps clarify the materiality of each risk, and provides an initial steer for response planning.  

Quantified scenarios that give shape to plausible alternative futures are useful for exposing hidden tensions between commercial ambitions and corporate risk appetite. They can be used not just for stress-testing finances, but also for challenging strategic goals and rehearsing crisis management preparedness. Although scenario narratives and quantification exercises for emerging risks shouldn’t be constrained by historic data and risk relationships, acceptance of the results will depend on the degree to which key stakeholders have appreciated the validity of the inputs.

John Drzik on the Global Risks Report

Management levers that address a range of top-tier emerging risk concerns may present a more compelling business case than multiple action plans targeting individual issues. However, overly generic recommendations will encounter pushback from company leaders as they will be unable to articulate what they will deliver and the (opportunity) cost of doing so. The threshold for mandating action is that much higher than for familiar risks, given the high levels of uncertainty, especially with regard to preemptive responses.

Investment decisions regarding solutions for emerging risks should also take into account residual risk exposures (“are they acceptable?”), any significant knock-on consequences, the lead-in time required to implement the measures, and the speed with which precautionary measures can be unwound should they no longer be needed. Sometimes, aggressive market plays and investment in research and development are more appropriate than defensive mitigation measures. Contingency planning may strengthen resilience against fast-onset risks, where precautionary action has been deemed unviable.

The search for emerging threats requires looking beyond the issues that can immediately and easily be anchored to business performance.

A New Boldness for Risk Teams

With new risks swinging into view, senior-level demands changing, and new technological capabilities emerging, this is an exciting time for risk leaders to reframe their function for the new era.

Taking advantage of the new opportunities requires a shift of emphasis in three areas:

  1. Better alignment with business priorities: Risk teams need to demonstrate strong business or commercial acumen and engage more intensely with the company’s strategic ambitions and major investments. This will sharpen their ability to develop valuable insights into emerging concerns and help scope innovative risk mitigation solutions.
  2. More flexible deployment of resources: Revised analytical methodologies, including the introduction of new data science and automation techniques, should free up capacity in risk teams for more project-based (as opposed to routine) risk work and the provision of advice to business and functional leaders.
  3. Greater dynamism in stakeholder engagement: A more creative lens with regard to emerging risks will enable risk teams to engage with institutional and individual biases and blind spots and help build an appreciation of threats for which evidence may be limited or conflicting.

To take this forward, some risk leaders may need to expand their comfort zone. But those who can mesh strategic vision, influencing skills, and technological fluency on top of their core risk-management expertise will be best positioned to help their firms negotiate dynamic risk environments laden with potential shocks and disruption.

Tribute to Keith Jackson and Breakthrough Strategies in Compliance

FCPA Compliance & Ethics -

Keith Jackson died last week. He was universally recognized as the Voice of College Football and announced college football games for over 40 years. According to his obituary in the New York Times (NYT), Robert A. Iger, the chief executive of the Walt Disney Company, said of Jackson “For generations of fans, Keith was college [...]

The post Tribute to Keith Jackson and Breakthrough Strategies in Compliance appeared first on Compliance Report.

Compliance into the Weeds-Episode 66, the Salary Penalty for Misconduct

FCPA Compliance & Ethics -

In this episode Matt Kelly and I take a deep dive into a fascinating paper from Harvard Business School. Boris Groysberg and George Serafeim, worked with a global recruitment firm, to study more than 2,000 executive-level job placements from 2004 to 2011, examining a wide range of job placements and pay data since 2004. They [...]

The post Compliance into the Weeds-Episode 66, the Salary Penalty for Misconduct appeared first on Compliance Report.

Webinar: How to Implement an Effective Internal Investigation Program

Corruption, Crime & Compliance Blog -

Webinar: How to Implement an Effective Internal Investigation Program

Tuesday, February 6, 2018, 12 noon EST


An effective ethics and compliance program depends on an efficient internal investigation function. Corporations have to design and implement an internal investigation system that is fair, timely and reliable. To do so, companies need to identify risks, assign resources, monitor investigations and mete out disciplinary actions. A company has to maintain a system that adheres to organizational justice in order to make sure that employees trust the company’s commitment to respond to employee concerns.

Join Michael Volkov, CEO of The Volkov Law Group, as he discusses how companies should implement effective internal investigation programs.

The post Webinar: How to Implement an Effective Internal Investigation Program appeared first on Corruption, Crime & Compliance.

IDG Contributor Network: Of clouds and compliance: DLP + UEBA are back in the spotlight

CSO Online -

As CTO and co-founder of a company that specializes in user and entity behavior analytics, it’s no surprise that I’m bullish on the prospects of this technology; but this optimism is increasingly substantiated by a pair of accelerating trends.

The continued and overwhelming momentum of cloud adoption, along with related evolution of compliance requirements in the form of the EU General Data Protection Regulation (GDPR), have elevated user and entity behavior analytics back into the spotlight, particularly related to the use of data loss prevention (DLP) technology.

Behavior analytics had existed in some form for over a decade, first developed in the digital advertising domain, then adapted to serve the needs of a context-hungry IT security audience.  However, the overwhelming sentiment related to its use has often been one of skepticism; specifically, that deployment of behavior analytics tools represented a complex science project that created more work than results.

To read this article in full, please click here

Day 17 of 31 Days to a More Effective Compliance Program-Managing Your Third Parties

FCPA Compliance & Ethics -

The building blocks of any compliance program lay the foundations for a best practices compliance program. For instance, in the lifecycle management of third parties, most compliance practitioners understand the need for a business justification, questionnaire, due diligence, evaluation and compliance terms and conditions in contracts. However, as many companies mature in their compliance programs, [...]

The post Day 17 of 31 Days to a More Effective Compliance Program-Managing Your Third Parties appeared first on Compliance Report.

Preparing C-Level Employees to Address Risk

Risk Management Monitor -

As risks associated with technology and cybersecurity have increased in the last decade, it is more imperative than ever that corporations undertake the proper protocols to protect themselves.

When it comes to implementing risk management processes, many assume C-level executives head up these efforts, involving key departments throughout their organizations. According to a recent study conducted by NC State’s Poole College of Management, however, 80% of organizations surveyed from all over the world have no formal risk training for executives.
A quick look at recent headlines shows how quickly a cybersecurity incident can damage a corporate brand. Many companies that have recently experienced data breaches also have been exposed by the media because of ineffective or nonexistent integrated risk management strategies. This can be for a variety of reasons, from executives trying to hide the breach to the belief that they can resolve the issue before it grows into something larger or, possibly the worst of the options, they are not aware that the breach is even occurring.

So how do we make risk a priority for executives? In my opinion, it comes down to properly re-framing the mindset of executives around risk through effective education and training.

Educate executives on risk types
When it comes to business, the term “risk” generally produces negative connotations, causing many to avoid addressing the phrase—and the issues—altogether. From workplace injuries, data breaches and even social media nightmares, risks tend to mean trouble for executive teams. The reality, however, is that not all risk is bad. Thus, executive teams must be able to distinguish good risk from bad risk.

What constitutes good risk? Simply put; proactive risk choices that benefit the company. These can include exploring emerging markets and growth opportunities, expanding operations into new product areas and even partnering with new vendors. While these risks can produce negative results, given that they are actively pursued by leadership teams shows that they are intended to better the company and its employees.

Executive teams need to understand the differences in positive and negative risks and their larger impact to their organizations. Specifically, understanding multiple risk types exist can change the approaches your management team takes to recognize and address risks, which will echo throughout your organization.

Train executives on how to address negative risks
Executives must realize negative risks are unavoidable. Because negative incidents will happen, executive teams must learn how to bring proactive approaches to managing these speedbumps in daily operations. Thus, formal training programs should be implanted to educate executives on proper risk management.

Training programs should include internal and external communications strategies, both with positive and negative risks, remediation strategies for negative risks and provide tips on how leadership teams can be risk thought leaders throughout the organization.

Remember, an executive team that places value on proper risk management planning and training will produce a similar culture, enterprise wide.

This will allow organizations to more proactively manage risks before they snowball into larger issues, ensuring long-term success.

Consider creating risk committees
Since all C-level executives are crunched for time, risk management often falls to the back burner. In many situations, I’ve found it beneficial for the C-suite to create corporate risk committees. Designed to reduce the burden on corporate executives by providing an advisory board to report on risks, corporations can benefit from dedicated professionals examining risks throughout the organization in areas including IT and operations.

These committees serve as an extension of the C-suite and can create better transparency, while providing informed insights to help leadership teams make better, more educated decisions.
Remember the importance of a top-down approach
No matter what approach you take to educate your executive team and get them more involved in risk management, corporations must remember enterprise risk management requires working from the top down. As risk professionals, we must do our best to gain leadership buy-in and conduct enterprise-wide training to stay ahead of risk. If NC State’s study has taught us anything, it’s that we still have a lot to learn.

Reconciling Opportunity and Resilience in Changing Times

BRINK News -

The world’s major countries have been enjoying solid economic growth over the past few months, and this recovery clearly creates opportunity for expansion and innovation. However, the operating risk for companies in today’s global environment should not be underestimated. Building resilience against a wide and expanding array of potential shocks is required for sustainable success.

In 2017 we experienced instability stemming from a range of sources: intensifying societal polarization; assertive nationalism and a weakening commitment to multilateralism; numerous geopolitical flashpoints; and far-reaching cyberattacks, both state-sponsored and financially motivated. There are few signs that these challenges will reverse this year.

Global Risks of Highest Concern

The Global Risks Report, prepared by the World Economic Forum with the support of Marsh & McLennan Companies and other partners, evaluates the major threats facing the world over the next decade. It draws on survey data provided by nearly 1,000 members of the risk community, spanning business, government, academia and nongovernmental organizations.

The survey revealed deep pessimism about the direction of international relations. Ninety-three percent of survey respondents expect that political and economic confrontations between major powers will increase in 2018. There were high levels of concern about an increase in state-on-state conflicts that may draw in other countries. Western respondents also highlighted growing concern about economic protectionism.

Technological risks are seen as a rising global threat. Business leaders in advanced economies consider large cyberattacks to be the No. 1 risk for doing business in their respective countries, and respondents in most parts of the world anticipate these attacks will get worse in 2018. Societal risk emanating from the increase in media echo chambers and fake news is also expected to grow.

On a longer-term horizon, environmental risks ranked highest in both likelihood and impact. Extreme weather and failure to adapt to climate change showed the greatest leap in concern since last year’s report, perhaps reflecting the hurricanes, earthquakes and wildfires suffered during September when the survey was open. However, even before the devastating events of 2017, apprehension in this area was strongly reflected in this survey.

Greater Scope for Geopolitical Conflict

Recent European elections revealed continuing dissatisfaction with mainstream parties, with far-right, nationalist and populist parties gaining ground in Germany, Austria and Spain. Italy, Hungary and Sweden go to the polls next year. Moreover, disagreements between countries over Brexit, immigration and further integration issues are becoming more acute at a time when greater coordination in response to potential crises is needed.

Regional players and smaller states—especially those across Asia and the Middle East—are struggling to seize opportunities and avoid being sidelined or crushed. Among major powers, an increased preparedness for confrontation has disturbed traditional alliances, facilitated proxy conflicts and created worrisome levels of brinkmanship. Given this geopolitical climate, serious conflicts could arise from accidents or missteps.

With national sovereignty paramount, commitment to international institutions and multilateral agreements is fragile. Trade agreements are unraveling, and the functionality of the World Trade Organization has been undermined; the Paris Agreement now lacks the U.S. as a signatory; and various nuclear nonproliferation agreements, including that with Iran, are under threat. The deployment of so-called “sharp power,” focused on pressuring and manipulating opinion to gain influence, is on the rise.

Escalating Cyber Challenges

Cyber breaches recorded by businesses are escalating, having nearly doubled since 2012. Attackers have become more sophisticated and persistent, and there have been more incidents with systemic ripple effects. The takedown of a single cloud provider could cause as much economic loss as Hurricane Katrina, and the aggregated cost of cybercrime to business is projected to be $8 trillion over the next five years.

Two trends make cyber an even more challenging risk. First, cyber exposure is growing sharply as companies become more dependent on technology. For example, the explosive growth in interconnected devices, from 8.6 billion today to an estimated 20 billion by 2020, and the increasing use of artificial intelligence expand the attack surface significantly. Second, state-sponsored attacks are likely to escalate given the changes in the geopolitical climate. Cyber-risk management may be improving, but firms will have to invest significantly more to counter the growing threat of well-resourced attackers with objectives that range from simple theft and disruption to economic espionage, reputational damage and the crippling of key infrastructure and services.

Environmental Degradation

2017 included the most extreme month on record for the intensity and duration of Atlantic storms and the most expensive hurricane season ever. Economic losses from Harvey and Irma were an estimated $175 billion. The challenges posed by Hurricane Maria’s damage to Puerto Rico proved extremely demanding, with huge swaths of the island’s infrastructure out for months. Wildfires in California, Chile and Portugal also caused significant loss of life and economic damage.

Extreme weather is by no means the only environmental challenge to many centers of population and commerce. According to the World Health Organization, indoor and outdoor air pollution are together responsible for more than one tenth of all deaths globally each year. Large emerging market cities such as New Delhi endured particularly difficult spells, but pollution spikes in places such as London and Paris have also resulted in significant health impacts.

The new Global Risk Report reveals deep pessimism about the direction of international relations. Ninety-three percent of survey respondents expect confrontations to increase.

With the climate continuing to change—2017 was the hottest non-El Niño year on record—weather patterns will become ever less predictable, with impacts on biodiversity and food security. A simultaneous failure of corn (maize) production in the world’s two main growers, China and the United States, has recently been assessed as a one-in-twenty chance per decade. Progress in both regulation and disclosure requirements is needed to reduce the probability of the worst-case climate scenarios. Businesses should take proactive measures in anticipation of the structural changes in the economy that will likely come from tightening policy requirements.

No Room for Economic Complacency

Positive growth in recent months shouldn’t blind us to potential economic fragilities. The debt-to-equity ratio of the median S&P 1500 company (excluding financials) has almost doubled since 2010 and is now well above pre-financial crisis levels. Asset prices in some sectors are at historically high levels. Global debt has risen to a record $233 trillion, and at 318 percent, the global debt/GDP ratio remains near its all-time high.

Persistent low commodity prices continue to rattle exporter countries and their neighbors, with political and societal implications. Structural issues such as income inequality, rising health care costs and diminishing long-term retirement security also show little sign of being resolved.

Against this backdrop, how will investor and corporate confidence fare in the event of a major geopolitical altercation, an aggravated trade standoff or a technological catastrophe—none of which is implausible?

A Business Lens

Corporate lifespans are dramatically shortening. The average time companies spend in the S&P 500 index was 61 years in 1958 versus 12 years today. Given the rapid changes in the global environment, the pressure to define a strategy with both ambition and resilience against major shocks has never been higher.

CEOs and their leadership teams need to reconcile growth and innovation opportunities with risk and security considerations and rigorously assess the value of potential initiatives in a wide range of scenarios. A dual focus on prevention and response—given the increased velocity of new and unpredictable risks—is needed.

The Global Risks 2018 report provides rich commentary on complex challenges and potential surprises, but also significant context for charting an aggressive growth strategy.

McKinsey, South Africa and the FCPA

FCPA Compliance & Ethics -

Do you recall the boycott of South Africa from the 1970s and 1980s as a lexicon of the global fight against apartheid? The boycott extended from business to sporting events and everything in between. The campaign was one of the key reasons for the fall of the white minority government. Now a new campaign fighting [...]

The post McKinsey, South Africa and the FCPA appeared first on Compliance Report.

Legal Privilege in Internal Investigations: an Update from Switzerland

Global Compliance News -

As previously reported (link), the Swiss Federal Supreme Court in a 2016 decision (1B_85/2016) took a rather narrow approach to the scope of legal privilege in connection with anti-money laundering investigations, suggesting that no privilege could be claimed with respect to a bank’s internal monitoring, controlling and documentation duties arising as a matter of prudential regulation, namely in relation to politically exposed persons (“PEPs”). To the extent that external lawyers are instructed to carry out such investigations on behalf of a bank, they are, according to the 2016 decision, deemed to exercise an “atypical” activity which, like asset management activities or director roles, is not protected by legal privilege. In passing, the Federal Supreme Court also suggested that pure fact-finding activities should anyway not qualify as legal advice covered by legal privilege. The latter observations in particular caused a bit of a stir in the legal and compliance community in Switzerland, as it is generally considered that fact-finding activities required to identify and analyze potential breaches of law must be, and are according to established practice in fact, fully protected by legal privilege.

This traditional understanding has now been confirmed by the Appeals Chamber of the Swiss Federal Criminal Court, i.e. by the judicial body in charge of appeals against procedural decisions and coercive measures (cf. Decision of September 4, 2017, BE.2017.2). In this case, the Federal Department of Finance had opened an administrative investigation based on suspicions that a bank had failed to make an anti-money laundering notification in connection with a potential fraud case involving an external asset manager. In the context of this investigation, the Federal Department of Finance requested the disclosure of an internal investigation report, which the bank had commissioned from a law firm. The bank objected to the disclosure request, arguing that the investigation report and the supporting documentation were protected by legal privilege.

The Federal Criminal Court shared the bank’s argumentation, holding in essence that the report was the basis for, and included, legal advice rendered by external lawyers. Referring to the prior decision of the Federal Supreme Court, the Federal Criminal Court noted that the investigation in question was aimed at obtaining an ex-post legal analysis of whether the bank had met its statutory compliance obligations . Unlike in the previous case, there was no suggestion that the bank had outsourced the execution of compliance measures that it had been required to apply at the outset, and in the course, of the client relationship. The Court also clarified that fact-finding activities for purposes of obtaining legal advice are generally covered by privilege, as they constitute a necessary prerequisite for any legal analysis by external lawyers.

While being in line with established Swiss case law on the scope of legal privilege, this new decision provides a welcome clarification, confirming that legal privilege is as a matter of principle available to lawyers admitted to practice in Switzerland in investigations concerning suspected breaches of law. As results from the Federal Supreme Court’s 2016 decision, exceptions may apply with respect to the specific due diligence obligations which banks have to undertake when engaging in a client relationship with PEPs, but these exceptions are to be understood narrowly. In any case, as regulators or prosecutors today regularly try to rely on internal investigations to collect information for administrative or criminal proceedings, it is strongly recommended to carefully define the investigation mandate in accordance with the specific requirements of the jurisdictions in which such proceedings are likely to take place.

The post Legal Privilege in Internal Investigations: an Update from Switzerland appeared first on Global Compliance News.

AML Regulation and Compliance Trends

Corruption, Crime & Compliance Blog -

Regulators and enforcement agencies continue to pursue aggressive regulations and requirements for financial institutions (a very broad definition under Title 31 of the US Code and regulations).  The new administration does not show any signs of altering the course of agency priorities.  Money laundering, sanctions and securities enforcement has continued at a straight-forward pace from the Obama Administration.

The most significant upcoming development is FinCEN’s new Customer Due Diligence rule, which is effective in May 2018.  This new rule targets beneficial owner requirements and is long overdue since the United States is behind many other countries in requiring such disclosures.

FinCEN also has expanded its geographic targeting orders (GTOs) to additional jurisdictions to ensure that title companies report suspicious cash transactions to purchase real estate in high-risk cities and areas.  Eight cities (and additional New York City boroughs) are now on FinCEN’s GTO list. (Here is related FinCEN advisory on GTOs).

As to other priorities, Bank Secrecy Act and AML compliance has experienced increased focus on Suspicious Activity Report filing requirements.  The SEC and FINRA have devoted significant efforts to enforcing these requirements, especially against broker-dealers.  The banking agencies continued their focus on BSA and AML compliance and reviewing AML compliance program functions and elements.

Over the last few years, the New York Department of Financial Services has become a force to regulatory and enforcement force against national and global banks that maintain branches in New York.  The NYDFS requires certifications as to compliance with AML transaction monitoring and filtering programs.

Financial regulators also have converged compliance with cybersecurity and AML requirements.  The NYDFS issued in 2016 cybersecurity regulation requirements.  Meanwhile, on the federal side, banking regulators have mandated that compliance programs address AML and cybersecurity risks.  The SEC has pushed companies to enhance their cybersecurity disclosures as a further means to prod companies into addressing cybersecurity risks.  The BSA SARs filing requirements now incorporate cybersecurity issues as well.

De-risking is another hot topic in the AML regulatory arena which occurs when financial institutions withdraw from certain business lines or countries that the institutions find are too risky.  This particular concern arises when financial institutions operate foreign correspondent bank accounts.  In response to high compliance costs and regulatory scrutiny, banks have withdrawn from correspondent banking in high-risk countries.  Regulators have clarified certain requirements in this area – first, that there is no expectation that US banks conduct due diligence on the customers of the foreign financial institution and that AML and OFAC enforcement regime is not zero tolerance when it comes to customers of foreign financial institutions.

U.S. depository institutions are required to assess the money laundering risk presented by their foreign correspondent accounts by addressing: (1) the nature of the FFI’s business and the markets it serves; (2) the type, purpose, and anticipated activity of the account; (3) the nature and duration of the account relationship; (4) the supervisory regime of the jurisdiction in which the FFI is licensed; and (5) information about the FFI’s AML record.  Although there is currently no requirement for U.S. depository institutions to conduct due diligence on an FFI’s customers, banks should consider whether the due diligence information provided by their FFI customers is sufficient to fully assess the AML and sanctions risks posed by the foreign correspondent banking relationship. U.S. depository institutions often have to request additional information about the underlying activity in an FFI’s account in order to satisfy their risk-based obligations.

The post AML Regulation and Compliance Trends appeared first on Corruption, Crime & Compliance.

The New Voice of The Whistleblower

The Network Inc. GRC Blog -

Seven years after the launch of the U.S. Securities and Exchange Commission’s (SEC) whistleblower program, the voice of the whistleblower is starting to sound very different. It’s a little stronger, a little bolder, and a little louder. Learn what the landscape of modern whistleblower reporting looks like in 2018.

The New Voice of The Whistleblower

Ethics & Compliance Matters™ by NAVEX Global -

Seven years after the launch of the U.S. Securities and Exchange Commission’s (SEC) whistleblower program, the voice of the whistleblower is starting to sound very different. It’s a little stronger, a little bolder, and a little louder. Learn what the landscape of modern whistleblower reporting looks like in 2018.

Gerry Zack on What Led Him to The Society of Corporate Compliance and Ethics & Health Care Compliance Association [Video Podcast]

The Compliance & Ethics Blog -

By Adam Turteltaub On October 16, 2017 Gerry Zack was named as the Incoming CEO of the SCCE/HCCA.  Take a look at these videos (or listen in to the audio-only versions) to get to know Gerry. Part 1 In Part 1 he discusses his background in audit, fraud, and compliance.  He also shares his […]

Day 16 of 31 Days to a More Effective Compliance Program-the Third-Party Risk Management Process

FCPA Compliance & Ethics -

As every compliance practitioner is well aware, third parties still present the highest risk under the Foreign Corrupt Practices Act (FCPA). The Department of Justice Evaluation of Corporate Compliance Programs devotes an entire prong to third party management. It begins with the following: Risk-Based and Integrated Processes – How has the company’s third-party management process [...]

The post Day 16 of 31 Days to a More Effective Compliance Program-the Third-Party Risk Management Process appeared first on Compliance Report.

Annual Data Privacy Day to Focus on Safeguarding Data

Risk Management Monitor -

Last year was certainly a turning point in the history of online privacy and cyber security. Between ransomware attacks, the Equifax breach and the Federal Communication Commission’s vote to repeal net neutrality regulations—just to name a few high-profile incidents in the United States—businesses and citizens have more reasons than ever to safeguard their information.

To address this important issue, the annual Data Privacy Day (DPD) will be held Jan. 28, with online and in-person events leading up to it now that celebrate individual users’ rights to privacy and aim to prevent cyber theft and risk. DPD has been led by the National Cyber Security Alliance (NCSA) in the U.S. since 2011 and “highlights our ever-more connected lives and the critical roles consumers and businesses play in protecting personal information and online privacy,” said NCSA Executive Director Michael Kaiser.

DPD was created to commemorate the 1981 signing of Convention 108 by the Council of Europe and is observed by more than 47 countries. It was the first legally binding international treaty dealing with privacy and data protection and officially recognized privacy as a human right. NCSA also co-hosts National Cybersecurity Awareness Month and the Department of Homeland Security’s Stop.Think.Connect. campaign, which aims to increase the public’s understanding of cyber threats.

“Our personal information and our habits and interests fuel the next generation of technological advancement, like the Internet of Things, which will connect devices in our homes, schools and workplaces,” Kaiser said. “Consumers must learn how best to protect their information and businesses must ensure that they are transparent about the ways they handle and protect personal information.”
On Jan. 25, LinkedIn will live-stream an event from its San Francisco office exploring the theme of “Respecting Privacy, Safeguarding Data and Enabling Trust.” The broadcast will feature TED-style talks and panel discussions with experts focusing on the pressing issues that affect businesses and consumers. Additional DPD happenings include Twitter chats and networking gatherings to maintain a dialogue about the importance of privacy rights.
The relevance does not end on Jan. 29, noted Richard Purcell, DPD advisory board member and chief executive officer of Corporate Privacy Group. He has witnessed the event’s evolution and its impact on risk management and privacy professionals.

“The community of privacy professionals is not made up of private people. They want to share information,” noted Purcell, who was named Microsoft’s first corporate privacy officer in 2000. “They initiate a dialogue that the officers bring back to their companies. I have seen how it has stimulated events inside corporations and universities that were inspired by Data Privacy Day networking discussions. The professional development aspects of the day are profound.”
Newly released information from NCSA demonstrates how privacy is impacted in both personal and professional environments—from healthcare and retail to social media, home devices and parenting. Some statistics include:

  • In 2016, 2.2 billion data records were compromised and vulnerabilities were uncovered in internet of things products from leading brands.
  • 41% of Americans have been personally subjected to harassing behavior online and nearly one in five (18%) has been subjected to particularly severe forms of harassment online, such as physical threats, harassment over a sustained period, sexual harassment or stalking.
  • Nearly one-third of consumers do not know that many of the “free” online services they use are paid for via targeted advertising made possible by the tracking and collecting of their personal data.
  • About 78% of respondents to a recent survey of healthcare professionals said they have had either a malware and/or ransomware attack in the last 12 months.

Customs Fraud, Wildlife Crime, and the Value of Whistleblowers

Whistleblower Protection Blog -

In late 2017, federal prosecutors in the Southern District of New York (considered one of America’s most important judicial districts) settled a case against Notations, a garment wholesaler. In a case originally brought by a qui tam relator (a.k.a. a whistleblower), Notations admitted to ignoring repeated warning signs that its Chinese importer was lying about the value of its imported goods to avoid paying customs fees. As a result, Notations has agreed to pay $1 million in fees.

While the Department of Justice did not release the portion of the award that went to the whistleblower, under the False Claims Act a whistleblower plaintiff is entitled to somewhere between 15% and 30% of the total reward.

The principles of this case can and should be applied to the wildlife crime context. As Stephen M. Kohn, Executive Director of the National Whistleblower Center, explained in his award-winning article, expanded use of wildlife whistleblowing could be a boon to animals and the environment. Criminal networks that import wildlife have been known to falsely label their animal products when they enter the country. This is a crime. Customs officials need to be trained to detect such fraud and prosecutors should seek to bring more wildlife crime cases.

The False Claims Act and other laws with whistleblowers provisions like the Lacey Act have the potential to be powerful tools for unearthing wildlife crime. NWC, as a part of its mandate as a Grand Prize Winner of the Global Crime Tech Challenge, is promoting the existence of these reward laws and has a global wildlife program to inform wildlife whistleblowers of their rights.

The Notations case demonstrates how falsified customs documents, whistleblowers, and the False Claims Act intersect. The next frontier for such cases should be wildlife crime.

Read the full DOJ press release here.

Delaware’s Prudent Approach to the Cleansing Effect of Stockholder Approval

The Harvard Law School Forum on Corporate Governance and Financial Regulation -

Posted by William Savitt, Wachtell, Lipton, Rosen & Katz, on Tuesday, January 16, 2018 Editor's Note: William Savitt is a partner at Wachtell, Lipton, Rosen & Katz. This post is based on a Wachtell publication by Mr. Savitt, Ryan A. McLeod, and Anitha Reddy, and is part of the Delaware law series; links to other posts in the series are available here.

In Corwin v. KKR Financial Holdings LLC, 125 A.3d 304 (Del. 2015), the Delaware Supreme Court held that a non-controlling stockholder transaction approved by informed, unaffiliated stockholders is protected by the business judgement rule and that any lawsuit challenging such a transaction should be dismissed absent well-pleaded allegations of corporate waste. Recognizing that today’s sophisticated stockholder body can and does protect its own interests, Corwin held that in the great run of cases, stockholders—rather than plaintiffs’ lawyers or courts—should have the last word.



Subscribe to Hong Kong Loss Prevention Association 香港防損協會 aggregator - Global Featured Wired

HKLPA (@the_hklpa) Tweets

RT @mikevolkov20: Episode 14 - What Every Compliance Officer Needs to Know About Data Privacy and the EU's GDPR - Corruption, Crime &… 2 weeks 3 days ago
RT @ComplianceXprts: What You Need To Know About Auditing And Risk Management In The Transport Industry 3 weeks 6 days ago
RT @EthicalSystems: Our 2017 End of Year Letter from @JonHaidt and @azishf "This is the time for the business… 4 weeks 1 day ago
RT @ComplianceXprts: Inspection of Facilities and Sporting Venues - Due Diligence 4 weeks 1 day ago
RT @ComplianceXprts: 14 Essentials For Your Compliance Management System 1 month 2 weeks ago
RT @ComplianceXprts: Our focus is on what people don't want to do. #ce 1 month 2 weeks ago
RT @mikevolkov20: ISO 37001: Board, Top Management and Anti-Bribery Compliance Responsibilities (Part III of V) - 3 months 1 day ago
RT @RSAFraud: 1 in 4 retailers state loyalty #fraud is one of the most detrimental threats to their e-commerce business… 3 months 3 weeks ago
RT @ComplianceXprts: FTAs, Risk Management and The Transport Industry #riskmanagement 3 months 3 weeks ago
RT @ComplianceXprts: How To Navigate Audit Road Blocks : Part II Avoid Challenges To The Audit Scope 4 months 1 day ago