About Morgan O'Rourke

Morgan O’Rourke is editor in chief of Risk Management magazine and director of publications for the Risk & Insurance Management Society (RIMS).
Immediate Gains Immediate Vault Immediate Access

Managing Sanctions Risk from Russia’s War on Ukraine

Since Russia began attacking Ukraine on February 24, thousands of people have been killed and over a million people have had to flee their homes, presenting one of the largest refugee crises Europe has ever experienced. In addition to the tragic human losses, the Russian invasion of Ukraine has triggered wide-ranging economic impacts. Among them, the European Union, United Kingdom, United States, Canada, Japan and others have enacted sweeping financial sanctions on Russia in an effort to pressure President Vladimir Putin to end the conflict. These sanctions have targeted Russia’s financial system and its international financial connections by restricting transactions between Russian banks and those in other countries, most notably through the SWIFT global financial network.

The economic impacts of these sanctions will likely affect many industries around the world, whether organizations deal with Russia directly or indirectly through third countries. In a briefing yesterday, global risk consultancy Control Risks discussed some of the risk management considerations and steps companies need to take as the sanctions landscape continues to evolve. According to panelist Henry Smith, partner and head of business intelligence and due diligence in EMEA at Control Risks, there are five key areas risk professionals should focus on to address the risk facing their companies as a result of these sanctions:

  1. What are your nexuses to Russia (including outside Russia)? Organizations need to look at their touchpoints with Russia, including investors and shareholders, lenders and banks, direct and indirect clients, contractual counterparties, and goods and services sourced directly or indirectly from Russia.
  2. Which sanctions apply to your organization? The applicability of sanctions will vary based on your sector, the nationality of the people within the organization, and the currencies you use. It is helpful to note that, currently, there is greater consensus among various sanctions regimes so you may not have to parse through conflicting degrees of severity—consistent sanctions against Russia are being imposed, at least across most Western countries.
  3. What risks are you exposed to? Conduct a risk assessment around which sanctions you are exposed to and whether there are any business activities, relationships or practices you need to end or change in some way. This involves regularly screening Russian counterparties against sanctions lists and undertaking detailed analysis of higher-risk relationships.
  4. How do you respond? Review the implications of any decisions on employees and on contractual obligations, both with direct and third-party clients. Consider any impact winding down activities in one area may have on other business areas. Be sure to engage with regulators, enforcement agencies, banks and insurers for guidance.
  5. What do you do as sanctions regimes evolve? Sanctions will change in response to security and political developments over the coming weeks and months, so it is important to stay informed of any communications from authorities. Review and read guidance from regulators, enforcement agencies, banks and insurers, and benchmark with industry peers to make sure you can still operate effectively.

Overall, when deciding whether to continue doing business with Russia, companies will need to consider both reputational and ESG-based perspectives as well as practical issues around your ability to do business, such as maintaining the working capital required to continue operations and ensuring that goods and services can still move through the supply chain.

Experts expect that the Russia-Ukraine crisis will have a long-term impact on the global economy and many effects of these sanctions may not be felt for weeks or months. Companies will need to remain vigilant in order to stay ahead of the risks.

RIMS TechRisk/RiskTech: Using Cyberrisk Analytics to Improve Your Cyber Insurance Program

As ransomware continues to spread and payment costs increase, cyber insurance rates have gone up exponentially. As a result, it is more important than ever for companies to understand their cyber vulnerabilities and exposures so they can ensure they are properly covered. One way to do this is through analytics. In a presentation at the RIMS TechRisk/RiskTech virtual event, Scott Stransky, managing director and head of the Cyber Risk Analytics Center at Marsh McLennan, outlined some of the key data that can help companies get a full view of their risk.

According to Stransky, there are five categories of data that are most important to determining your risk profile. Much of this data is in publicly available datasets that insurers already consult, so it is important that you have a handle on this information as well so you know how underwriters and other outsiders are viewing you:

  1. Firmographics: company demographics like revenue, employee count, industry, location, and company hierarchy
  2. Historical incidents: past breaches and insurance claims
  3. Technographics: a company’s external cybersecurity posture including the presence of firewalls, open ports, frequency of system patching, as well as internal cybersecurity practices like password management and data encryption
  4. Scoring: combines firmographics, historical incidents and technographics into a single number that designates the level of vulnerability
  5. Loss modeling: brings all elements together to predict the likelihood and cost of an event

Armed with this data, companies can take steps to make it easier to access optimal cyber insurance coverage and better insurance pricing. These could include improving your security and claims posture by addressing potential cybersecurity gaps, updating incident response plans, and identifying vendor partners to help improve security posture or respond to incidents. Companies can also explore policy structure options in terms of different program components (limits, attachment, coverage, risk retention, etc.) and consider alternative terms and conditions. Finally, it is important to provide robust underwriting data by using assessment tools to minimize the need for supplemental applications, preparing for additional questions from underwriters, and highlighting significant cybersecurity updates and improvements over the past year.

In particular, companies should focus on what Stansky called the top 12 cybersecurity controls for risk mitigation, resilience and insurability:

  1. Multifactor authentication (MFA)
  2. Endpoint detection and response
  3. Secured, encrypted and tested backups
  4. Privileged access management
  5. Email filtering and web security
  6. Patch and vulnerability management
  7. Cyber incident response planning and testing
  8. Cybersecurity awareness training
  9. Hardening techniques, including remote desktop protocol mitigation
  10. Logging and monitoring/network protection
  11. End-of-life system replacement
  12. Vendor/digital supply chain risk management

For those that missed RIMS TechRisk/RiskTech, you can register and access the virtual event here. Sessions will be available on-demand for the next 60 days.

Brief Q&A on Rybelsus

Сan Rybelsus be dangerous?

The most serious risk associated with taking Rybelsus is the worsening of diabetic retinopathy in patients already diagnosed with the condition. Moreover, the increased risk of developing complications of diabetic retinopathy is especially increased in patients who receive therapy simultaneously with insulin and semaglutide for subcutaneous use. Rybelsus is an oral medication, and data on its effects on the eyes indicate that it is less harmful for patients with diabetic retinopathy. However, such patients should be under constant medical supervision and treated in accordance with clinical guidelines. Rapid improvement in glycemic control was associated with temporary worsening of diabetic retinopathy, but other causes for this scenario cannot be ruled out. In general, long-term glycemic control reduces the risk of developing diabetic retinopathy. Like any other drug used in the treatment of type 2 diabetes, Rybelsus should be taken under the supervision of a physician. Sharp increases or decreases in dose, as well as rapid cessation of treatment should be avoided. To avoid the development of diabetic ketoacidosis, you should not quickly stop insulin administration or reduce its dose when starting treatment with semaglutide. There is no therapeutic experience with the use of Rybelsus in patients who have undergone bariatric surgery, so the use of this medicine is not recommended for such people. Rybelsus can cause quite serious gastrointestinal adverse reactions, including severe diarrhea, which can lead to dehydration, which in rare cases can lead to deterioration of kidney function, especially in elderly patients. Patients receiving Rybelsus therapy should be advised of the potential risk of dehydration and the need to take precautions to avoid water loss.

Can resistance to Rybelsus develop?

When considering the immunogenicity of Rybelsus, it should be taken into account that due to the potential immunogenic properties of protein and peptide drugs, antibodies to the drug may appear in some patients. Approximately 0.5% of patients demonstrate antibodies to Rybelsus after a sufficiently long period of treatment, but none of them have yet been found to have neutralizing antibodies to semaglutide to date.

Can Rybelsus Not Be Suitable for the Patient?

Sometimes the patient’s body does not tolerate the increased dosage of Rybelsus to 7 or 14 mg. For example, after taking the drug at a dosage of 3 mg for 2 months, the patient felt satisfactory and observed a positive effect from taking the medication, but after increasing the dosage, the severity of side effects intensified and began to worsen the quality of life – for example, the patient began to experience constant nausea or drowsiness. In such cases, in the absence of vital indications for taking the medication, the dosage is not increased, maintaining it at the level at which the adverse reactions were moderately expressed. In this regard, when purchasing Rybelsus for the first time, it is better to limit yourself to a dosage of 3 mg, because there is a chance that you will not need tablets with a higher dosage. Rybelsus is a high-price medicine, but you can save on average up to 25% of the cost of this medicine if you buy Rybelsus online.

RIMS ERM Conference 2021: Lloyd’s Chairman on the Vital Role of Risk Management in Fighting Climate Change

With climate change quickly becoming one of the most important issues facing the world, Lloyd’s Chairman Bruce Carnegie-Brown stressed the importance of ESG initiatives to address the threat, as well as the vital role of risk managers, in today’s keynote address at the RIMS ERM Conference 2021 in New York City.

As evidenced by the increasing number of weather and climate-related natural disasters in recent years, the stakes couldn’t be higher for organizations and communities around the world, according to Carnegie-Brown. “Disruption, poorly managed, could destabilize our economy,” he said. “Delay could destroy our ecosystem.”

Failing to take action on the climate change threat is not a sustainable strategy and will only exacerbate the damage in the future, Carnegie-Brown warned. In the face of these threats, risk managers have an important role to play in helping their organizations embrace ESG and become more resilient. “A business’s risk operations are an essential component of building ESG into the organization—often they are the driving force.” he said. “Executives rely on their insight to power their decisions and navigate the pitfalls of new challenges. Like insurance, it enables braver decisions and more courageous action. Communicated effectively, that insight can establish a permanent place at the table for risk management.”

To be most effective, Carnegie-Brown suggested that risk managers play close attention to how they are perceived and how they interact with the rest of the organization. “If risk managers are perceived as being reactive, we need to make sure we are on the front-foot in understanding and assessing these emerging issues,” he said. “If we’re perceived as operating in the shadows, we need to be transparent in our methodology and in our motives. And if we’re perceived as obstructive, we should consider a flexible approach that allows our organizations to act innovatively and with an awareness of the potential risk.”

While it represents a daunting challenge, Carnegie-Brown saw an opportunity for risk managers to demonstrate their value by taking on the difficult task of developing organization-wide plans to address climate change. “Those plans must account for the multifaceted nature of environmental risk, they must employ the best of our skills and technologies to communicate the risk to our stakeholders, and they must be built to facilitate and orderly and urgent transition,” he said. “Achieving this will allow us to carve out a pioneering role for risk management in the fight against climate change, while helping our organizations to become more inviting to investors, more attractive to prospective employees, and more likely to last sustainably in the decades to come.”