Sears Suppliers Wary as Shares Plummet

Sears Holding Corps’ “going concern” filing has vendors and their insurers running for cover as the venerable American department store appears heading for bankruptcy or some other final disposition.

In a filing this week with the U.S. Securities and Exchange Commission, Sears Holding Corp. told investors and observers that, “substantial doubt exists related to the company’s ability to continue as a going concern.” The company is parent to Sears stores and sister retailer Kmart.

The filing sent Sears shares down as much as 16% to $7.60 in New York trading, the company’s biggest intraday drop since October 2014. Prior to the drop, shares had gained some 60% since Feb. 9, according to Bloomberg.

As a result, Sears’ suppliers are changing business terms with the troubled retailer, in some cases cutting back inventory or insisting on faster payment terms, in order to mitigate the downside associated with doing business with Sears.

One such supplier, a textile maker in Bangladesh, has sharply cut back on the amount of goods it manufactures for Sears. “We have to protect ourselves from the risk of nonpayment,” the textile maker’s managing director told Reuters. “So far there was only speculation that they would declare bankruptcy in 2017. But now they are acknowledging it, which definitely complicates our relationship with them and our decision to accept future orders from Sears.”

Bloomberg Intelligence analyst Noel Hebert noted, “They’ve got all kinds of issues.” Sears has enough cash to get through 2017, he said, but its declining payables-to-inventory ratio shows that vendors have been increasingly reluctant to keep the retailer stocked.

Although Sears posted a smaller loss than expected in the fourth quarter, the company has lost some $10 billion over the past few years, according to Bloomberg.

“Whatever vendors continue to support them are now going to put them on even more of a short string. That means they’ll ship them smaller quantities and demand payment either in advance or immediately upon delivery,” Mark Cohen, the former chief executive of Sears Canada and director of retail studies at Columbia Business School in New York City, said in the Reuters piece. “Sears stores are pathetically badly inventoried today and they will become worse.”

Insurers that supply coverage against the nonpayment of goods are also looking to limit their exposure to what appears to be a worsening situation by backing away from business with Sears as it sinks.

“We tried to hang in as long as we could,” said Doug Collins, regional director for risk services at Atradius Trade Credit Insurance, who added that his firm has stopped providing insurance to Sears’ vendors. “Vendors may try to get a few more cycles in before the worst happens, and then it just depends if they’re lucky or not,” he said.

The situation is complicated by the personal involvement of billionaire owner Edward Lampert, who has poured hundreds of millions into Sears from his other business interests, using some of Sears’ assets as guarantees against the loans. This has resulted in a complex, even byzantine ownership structure which may complicate or preclude assets sales which could generate cash, according to some observers.

Sears’ cash position has crashed to just $286 million at the end of 2016 from a high of $1.7 billion in 2009, according to the Street.com, which added that the company hasn’t generated cash flow from its operations since 2006. “With negative news like this, it’s never good for confidence on the company,” Moody’s vice president, Christina Boni said. Earlier this year, Moody’s downgraded Sears’ credit rating to Caa2 from Caa1 to reflect the accelerating negative sales performance of its business and risk of possible default.

Increasing Risk Complexity Outpaces ERM Oversight

More organizations are recognizing the value of a structured focus on emerging risks. The number of organizations with a complete enterprise risk management (ERM) program in place has steadily risen from 9% in 2009 to 28% in 2016, according to the N.C. State Poole College of Management’s survey “The State of Risk Oversight: An Overview of Enterprise Risk Management Practices.”

Yet this progress may lag behind the increasingly complicated risks that need addressing. Of respondents, 20% noted an “extensive” increase in the volume and complexity of risks the past five years, with an additional 38% saying the volume and complexity of risks have increased “mostly.” This is similar to participant responses in the most recent prior years. In fact, only 2% said the volume and complexity of risks have not changed at all.

Even with improvements in the number of programs implemented, the study—which is based on responses of 432 executives from a variety of industries—found there is room for improvement. Overall, 26% of respondents have no formal enterprise-wide approach to risk oversight and currently have no plans to consider this form of risk oversight.

Organizations that do have programs continue to struggle to integrate their risk oversight efforts with strategic planning processes. “Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks facing the entity especially as it relates to coordinating these efforts with strategic planning activities,” the researchers found.

According to the study:

Many argue that the volume and complexity of risks faced by organizations today continue to evolve at a rapid pace, creating huge challenges for management and boards in their oversight of the most important risks. Recent events such as Brexit, the U.S. presidential election, immigration challenges, the constant threat of terrorism, and cyber threats, among numerous other issues, represent examples of challenges management and boards face in navigating an organization’s risk landscape.

Key findings include:

8 Steps to Stronger Passwords Enterprise-Wide

Passwords remain one of the most critical security controls widely used to protect and secure company infrastructure and data. While the need for strong passwords has long been discussed, they continue to be the difference between a secure infrastructure and a potential cyber catastrophe.

Last year was extremely busy in cybercrime, with more than 3 billion credentials and passwords stolen and disclosed on the internet. That works out to a rate of 8.2 million credentials and passwords each day or 95 passwords every second.

Passwords have always been a good security control, but password strength and how they are processed make a major difference in how secure they really are. For example, it is critical to choose an easy password to remember, keep it long, and use some complexity and uniqueness. In addition, how the password is processed and stored in an encrypted format plays a major role in password security.

Here are eight easy steps to get in control and ensure passwords are strong and secure:

  1. Go with encryption: Passwords cannot be left in plain text ever and especially not in an Excel document. Always store passwords with encryption.
  2. Escape complexity: Focus on teaching your end users to use longer and more easily remembered passwords, like password phrases. Don’t let them get bogged down with having to remember special character requirements.
  3. Teach employees: Continued training is critical and is the most important step in implementing your policy. Make sure your users understand their role, prepare quarterly reviews, and make it fun with incentives.
  4. Size matters: The longer the password, the harder for a hacker to break. Make human passwords at least eight characters long and systems passwords 12-50 characters.
  5. Trust no one: Two-factor authentication is a must! No matter the size of your organization, there are two-factor options for you, like RADIUS tokens, DUO, or Google Authenticator.
  6. Omit duplicates: Use a unique password for each of your accounts. The same password should never be used more than once!
  7. No cheating: Remembering a long password can be difficult, but don’t allow password hints. These just make it easier for hackers to get in.
  8. Get a vault: Start using a trusted password manager to enforce strong password best practices. This way, users can always generate long and complex passwords, never have to remember all their passwords and, if you use a vault for your IT team, you can find one that automatically changes your admin passwords. When it comes to IT, automation is key to preventing a breach.

For more information on what’s expected in relation to security and passwords, check out Thycotic’s recent report on the current and future state of password security.

RIMS Conference Veterans Offer Advice to First Time Attendees

Last week a member of the RIMS Opis online community asked an important question: “What advice can RIMS Annual Conference & Exhibition veterans give to someone attending the show for the first time?” Luckily, the risk management community rushed in with some sage advice.

First and foremost, several people pointed out how helpful the First Time Attendee Orientation (4:30 p.m. on Sunday, April 23) is. Aside from getting the conference layout, attending the orientation is a great opportunity to meet and get to know people, as “networking is a huge benefit—perhaps the biggest benefit—of attending the conference.”

Here are some other tips from previous attendees to get the most out of the conference:

  • Download the RIMS app. The app will help to keep you on schedule. “I love this app because you can add your own events, see who is attending and plan your schedule. It even has a map!”
  • Leave the uncomfortable shoes at home. The Pennsylvania Convention Center in downtown Philadelphia is massive, and attendees will be doing a lot of walking. That said, don’t opt for flip-flops either, as most attendees are in business formal or business casual attire. One commenter shared this helpful system, “I can’t emphasize comfortable shoes enough! I log 25,000+ steps each day of RIMS and it is non-stop from morning to night. I bring a backpack and carry dressier shoes if I need to put them on for a specific meeting during the day.”
  • Take advantage of free food. “If you work this out right, you won’t buy any meals (except the occasional),” one commenter said. “There are many opportunities to eat for free at a RIMS Annual Conference, and that’s just on the tradeshow floor!” There are also several evening events hosted by underwriters and brokers, some of which splurge on impressive entertainment.
  • Get organized, but stay flexible. There are more than 150 education sessions, tradeshow floor activities and general sessions to attend. Before you get to Philadelphia, make note of the sessions you would like to attend, and put holds on your calendar along with location information. That way you won’t feel overwhelmed and flustered when you’re on site. There will inevitably be things that pop up when you’re at RIMS 2017—your plans will change, and that’s OK.
  • Find a show veteran to tag along with. Doing this can help with maneuvering the Exhibition Hall and to learn how to “work” the tradeshow floor.
  • Talk to the people around you. This can’t be emphasized enough. During down time before or after education sessions, during meals and at parties, be sure to meet new people and collect their business cards. Many business deals and careers have received big boosts from new connections made at the annual conference.
  • Bring a very tall stack of business cards!

Finally, a RIMS member advised attendees who don’t want to leave their healthy habits at home amidst all of the activity and parties, to “embrace wellness” with these tips:

  • Take part in the 5K Fun Run. This event will take place on Tuesday morning, before the start of educational sessions. It’s a great way to network, raise money for Spencer Educational Foundation (which supports the next generation of rising risk professionals), and experience the host city with an early morning perspective.
  • Visit the Wellness ZENter. The ZENter will be located centrally in the RIMS Marketplace Exhibit Hall.
  • Drink plenty of water. In addition to the health-conscious choices available at RIMS meals, look for other options, such as infusers and water bottles, in vendor handouts and giveaways.