Category Archives: Enterprise Risk Management

Immediate Vault Immediate Access

Automating Risk Functions for Greater Value Creation

Posted on by

Despite recent volatility, more than 60% of risk executives surveyed in a recent PwC US Pulse Survey were optimistic about the global economy, as well as the state of the pandemic recovery. This optimism could stem from a greater alignment between risk functions and the business. Fifty percent of risk management executives reported interacting more with the C-suite, and 42% said they interact more with the board level. Nearly half of respondents said that risk functions and capabilities are now embedded in the business operations that are driving transformations.

Risk functions were once considered tactical and reactive, and often seen as a roadblock to business decisions. Infusing risk management into corporate planning allows an organization to think about compliance responsibilities in a proactive and strategic manner—moving risk and regulatory functions from a back-office cost to a competitive advantage. Staying ahead of uncertainties while also bolstering planning with data helps make companies stronger and more resilient.

Many companies spent the last decade overspending on risk management as they attempted to keep up with compliance and regulatory shifts, frequently lagging behind changes in policy. They often invested heavily in new technologies and data collection, but failed to create efficiencies by integrating those systems across largely siloed business functions. The swift onset of the pandemic made many organizations come to terms with the reality that an entire organization didn’t need to be reimagined in order to implement technological transformations, and that there was still a disconnect between many of the piecemeal systems that had been previously put in place.

Now, executives are increasingly seeing the value of risk management as a strategic advantage. It allows companies to grow in areas with less mature risk management functions, like taking on higher risk clients or entering new geographies. More intelligent monitoring also allows for increased efficiencies and reduced compliance costs.

Integrating AI and automation into the investments that have already been made can help streamline the risk management and compliance processes. Many companies still have room for improvement; only 25% of risk professionals said they were implementing new risk management technologies in 2021 and only 19% said it was a priority to integrate risk management tools onto a single platform.

By automating and enhancing risk management functions, organizations can:

  • Strategize for entering new markets. Make more informed decisions about entering a new market by taking into consideration a shifting regulatory environment and increasingly complex supply chains. Taking on high risk customers relies on analytics and transaction monitoring systems in order to identify potential suspicious activity.
  • Increase speed to respond. Automation and technology-led monitoring of policy and negative news helps position companies to respond more quickly to regulatory bodies and head off negative events before they go viral.
  • Allocate costs efficiently. No longer duplicate costs by operating the departments of your business in a siloed fashion. Leverage case management and workflow systems to aggregate control failures or suspicious activity by customer or focal entity, allowing you to evaluate the root cause and apply analysis across multiple control failures.
  • Enter new business partnerships more confidently. Know the risks of a potential business partnership and get deeper insights into the impact a business partner or vendor’s supply chain could have on your business. Vendor risk management and contract analytics technologies can monitor whether business partners are adhering to their terms and conditions.
  • Reduce the impact of new requirements.  Identify the blind spots and shed light on the potential risks within your enterprise system so you can quickly take action early in the process, allowing your organization to avoid fines when implementing new regulatory requirements.

Regulators and other stakeholders are increasingly calling for the organization of risk management functions under one cohesive point of view. By fixing the disconnects and setting a collaborative tone, you give senior executives more cohesive insights and allow them to adopt more extensive views on the organization’s risk profile.

Women in Risk: Advice for Advancing Female Risk Professionals Beyond Women’s History Month

Posted on by
women in business

“There are more and more courageous conversations happening in business about gender parity and barriers for women in business,” said Tina Gardiner, manager of risk management services for Regional Municipality of York, Canada, and member of the RIMS board of directors. “While women are still underrepresented at the executive level largely due to gender bias, I am pleased to see changes happening at a rate much faster than ever before.”

Indeed, significant challenges remain in gaining true equity and eliminating the gender gap in risk and insurance, but there are also more resources, momentum and mentors than ever before.

“One of the biggest barriers I faced as a young woman starting a career in risk management was operating in an environment where there wasn’t really the benefit of high-level female role models or mentors,” said Carrie Cannataro, senior vice president of client services at Gallagher Bassett, noting the dramatic evolution since she entered the space in the mid-’80s. As more women have earned senior leadership roles, female risk professionals are increasingly strengthening both the risk profession itself and the prospects of other women fighting for a seat at the table. As Cannataro noted, “We can only be successful if we immerse ourselves within a network of collaborative and positive influences.”

To that end, I recently put out a call on social media asking women in risk to share their best advice for others who are trying to advance in the risk profession and who identify as female. Originally, the goal was to celebrate Women’s History Month by spotlighting women in risk and insurance in March, and it has been wonderful to see initiatives to highlight and advocate for women across the industry for the past 31 days. Equity and excellence from half the population should span far more than a month, however.

In that spirit, here’s some of the valuable insight of women advancing risk management year-round, and their advice to fellow female risk professionals looking to advance their careers in risk:

“There are tremendous opportunities for women in risk management. However, to reach your potential and really excel in this field, women can’t be afraid to speak up. We must ask for the resources we need and seek out opportunities that might take us out of our comfort zones but that also offer a platform for us to share our knowledge and expertise.”
Kristen D. Peed, CPCU, RPLU, CRM, AIC, ARM-E, corporate director of risk management and insurance at CBIZ, Inc. and member of the RIMS board of directors

“In my experience I have found women in risk management are strong in their support and encouragement of each other through networking, mentoring, celebrating and sharing stories about career journeys. We need to keep investing in each other by pushing boundaries and comfort zones in the positions we apply for, the salary levels we expect, the credentials we earn and the workplace environment we demand. We need to actively engage in the socialization of gender equality, inclusivity, combating imposter syndrome and workplace flexibility for shared family responsibilities. The future we want and deserve is ours to create for each other.”
Tina Gardiner, B.Sc., CRM, CIP, manager of risk management services for the Regional Municipality of York

“I’m committed to supporting women in the workplace and believe it’s crucial that we pave the way for future generations. I’d offer the following advice: 1) Own your development and invest in yourself. 2) Establish a personal growth/career goals, including strategies and tactics on how to achieve them and timelines. Review regularly to monitor progress and celebrate wins. 3) Create a personal board of directors and mentors, and seek feedback from them. 4) Give back and gain valuable experience via joining a non-profit board. 5) Network, network, network.”
– Soraya Wright, RIMS-CRMP, vice president of strategic initiatives at RIMS, and founder and chief risk officer of SMW Risk Management Consulting LLC

“Women have been the cornerstone of this profession since its inception. I applaud all of those who came before us and laid a foundation for us to grow and succeed, as well as those inspiring women who are determined to leave their own mark on this profession. For women to succeed in risk management, we must support each other. We must create opportunities for others to demonstrate their knowledge and capabilities, achieve their goals and advance professionally.”
Penni L. Chambers, CPRM, CIC, CRM, ARM, vice president of risk management for Hillwood, a Perot Company, and member of the RIMS board of directors

“One of my biggest pieces of advice for women working in risk is that working hard by yourself is not the answer. We need to seek out relationships that inform and support our advancement. Whether it’s a mentor, coach or other professional network, there are plenty of ways we can seek help in defining rewarding and realistic career opportunities and put those opportunities within our reach.”
Carrie Cannataro, senior vice president of client services at Gallagher Bassett

“Persistence and communication. Not everyone hears information the same way. Think about your audience as you communicate fact-based information and gut instincts. If you’re not heard the first time, don’t give up! You may need to change your wording, timing, or examples in order to get your point across.”
– Katherine Gledhill, MBA, vice president of finance and accounting at RIMS and CFO of Spencer Educational Foundation

“Growth and comfort do not always happen at the same time. You have to get comfortable doing things that are out of your comfort zone. This is where you’ll really grow, when you challenge yourself beyond what you think is possible. As women, we must build each other up and constantly look for ways to learn from and support one another. I’d also strongly encourage women to consistently assess their values and take the time to prioritize them throughout their careers. This will lead to sustainable happiness and success in both your personal and professional life.”
– Grace Grant, executive director at Gamma Iota Sigma

“Pick an area that interests you and become an expert. Being an expert takes time, but once you have this knowledge, no one can take it away. You must always continue to learn and expand your knowledge base. A solid foundation will support and allow you to take chances that a generalist cannot. You can gain this expertise by moving within one company/industry, one line of business, or geographically—just be clear on what your focus is. Women are often undermined or challenged on technical issues. However, if you have developed the needed expertise, you are more likely to challenge confidently with fact and figures. As you build your career, you will learn that people trust and respect experts, as experts understand their business better and can predict trends and drive the business more effectively.”
Ciara Brady, global head of liability for Allianz Global Corporate & Specialty

On Data Privacy Day, Catch Up on These Critical Risk Management and Data Security Issues

Posted on by

Happy Data Privacy Day! Whether it is cyberrisk, regulatory risk or reputation risk, data privacy is increasingly intertwined with some of the most critical challenges risk professionals face every day, and ensuring security and compliance of data assets is a make or break for businesses.

buy prevacid online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/prevacid.html no prescription pharmacy

In Cisco’s new 2021 Data Privacy Benchmark Report, 74% of the 4,400 security professionals surveyed saw a direct correlation between privacy investments and the ability to mitigate security losses. The current climate is also casting more of a spotlight on privacy work, with 60% of organizations reporting they were not prepared for the privacy and security requirements to manage risks with the shift to remote work and 93% turning to privacy teams to help navigate these pandemic-related challenges. Amid COVID-19 response, headline-making data breaches and worldwide regulatory activity, data privacy is also a critical competency area for risk professionals in executive leadership and board roles, with 90% of organizations now asking for reporting on privacy metrics to their C-suites and boards.

“Privacy has come of age—recognized as a fundamental human right and rising to a mission-critical priority for executive management,” according to Harvey Jang, vice president and chief privacy officer at Cisco. “And with the accelerated move to work from anywhere, privacy has taken on greater importance in driving digitization, corporate resiliency, agility, and innovation.”

In honor of Data Privacy Day, check out some of Risk Management’s recent coverage of data privacy and data security:

CPRA and the Evolution of Data Compliance Risks

Also known as Proposition 24, the new California Privacy Rights Act (CPRA) aims to enhance consumer privacy protections by clarifying and building on the expectations and obligations of the California Consumer Privacy Act (CCPA).

Frameworks for Data Privacy Compliance

As new privacy regulations are introduced, organizations that conduct business and have employees in different states and countries are subject to an increasing number of privacy laws, making the task of maintaining compliance more complex. While these laws require organizations to administer reasonable security implementations, they do not outline what specific actions should be taken. Proven security frameworks like Center for Internet Security (CIS) Top 20, HITRUST CSF, and the National Institute of Standards and Technology (NIST) Framework can provide guidance.

Protecting Privacy by Minimizing Data

New obligations under data privacy regulation in the United States and Europe require organizations not only to rein in data collection practices, but also to reduce the data already held. Furthering this imperative, over-retention of records or other information can lead to increased fines in the case of a data breach.

buy ocuflox online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/ocuflox.html no prescription pharmacy

As a result, organizations are moving away from the practice of collecting all the data they can toward a model of “if you can’t protect it, don’t collect it.”

3 Tips for Protecting Remote Employees’ Data

As COVID-19 continues to force many employees to work from home, companies must take precautions to protect sensitive data from new cyberattack vulnerabilities. That means establishing organization-wide data-security policies that take remote workers into account and inform them of the risks and how to avoid them. These three tips can help keep your organization’s data safe during the work-from-home era.

What to Do After the EU-US Privacy Shield Ruling

It was previously thought that the EU-US Privacy Shield aligned with the EU’s General Data Protection Regulation (GDPR), but following the CJEU’s recent ruling, the Privacy Shield no longer provides a mechanism for legitimizing cross-border data flows to the United States. This has far-reaching consequences for all organizations that currently rely on it. In light of the new ruling, risk professionals must help their organizations to reevaluate data strategies and manage heightened regulatory risk going forward.

The Risks of School Surveillance Technology

Schools confront many challenges related to students’ safety, from illnesses, bullying and self-harm to mass shootings. To address these concerns, they are increasingly turning to a variety of technological options to track students and their activities. But while these tools may offer innovative ways to protect students, their inherent risks may outweigh the potential benefits. Tools like social media monitoring and facial recognition are creating new liabilities for schools.

2020 Cyberrisk Landscape

As regulations like CCPA and GDPR establish individuals’ rights to transparency and choice in the collection and use of their personal data, one can expect to see more people exercise these rights.

buy doxycycline online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/doxycycline.html no prescription pharmacy

In turn, businesses need to ensure they have formal and efficient processes in place to comply with such requests in the clear terms and prompt manner these regulations require, or risk fines and reputation fallout. These processes will also need to provide sufficient documentation to attest to compliance, so if businesses have not yet already, they should be building auditable and iterative procedures for “data revocation.”

Data Privacy Governance in the Age of GDPR

As personal information has become a monetizable asset, risk, compliance and data experts have increasingly been forced to address the regulatory and operational ramifications of the rapid, mass availability of personal customer and employee data circulated both inside and outside of organizations. With new data protection regulations, Canadian and U.S. companies must reassess how they process and safeguard personal information.

Key Features of India’s New Data Protection Law

Among the new data protection laws on the horizon is India’s Personal Data Protection Bill. While the legislation has not yet been approved and is likely to undergo changes before it is enacted, its fundamental structure and broad compliance obligations are expected to remain the same. Companies both inside and outside India should familiarize themselves with its requirements and begin preparing for how it will impact their data processing activities.

After COVID, Cyberrisks Top Agenda for Risk Professionals in India, Marsh and RIMS Report

Posted on by

For risk professionals in India, the COVID-19 pandemic has underscored the critical need to build business resilience and develop mature yet flexible business continuity plans to address both short- and long-term threats. In the new Marsh and RIMS report Excellence in Risk Management India 2020, Spotlight on Resilience: Risk Management During COVID-19, 63% of risk professionals in India said a new pandemic or continued fallout from COVID-19 was a top risk facing their organization, followed by cyberattacks (56%), data fraud or theft (36%), failure of critical infrastructure (33%), fiscal crises (31%), and extreme weather events (25%).

This mix of top risks illustrates the critical task before risk professionals heading into 2021: ensuring capability and procedures to respond to fast-emerging disasters, while not losing sight of the critical work to boost baseline resilience against foreseeable risks across the enterprise.

“Organizations need to balance their focus between longstanding and emerging risks,” said Sanjay Kedia, country head and CEO of Marsh India. “While there has long been an awareness of weather-related risks, low-frequency risks generally receive less attention. The pandemic has underlined the need for risk managers to keep all perils on their radar.”

Indeed, Marsh and RIMS found risk assessment and modeling are critical gaps for India-based risk professionals to focus on to mature their risk management programs. “As businesses recover from COVID-19, many senior leaders are shifting attention to questions of resilience.

buy nizoral online greendalept.com/wp-content/uploads/2023/10/nizoral.html no prescription pharmacy

But, as our survey shows, the use of advanced risk management techniques in India remains limited—for example, more than one-fifth of respondents do not assess or model emerging risks,” the report noted.

This is particularly the case with emerging cyberrisks. Cyberattacks and data loss or theft ranked among the top three threats, and the pandemic escalated the already rising number of cyberthreats to companies in India with the shift to remote work, online business, and ransomware attacks. Indeed, the report noted that the pandemic led to a surge in cyberattacks against Indian companies, with New Delhi among the top 10 most often attacked cities with regard to ransomware in 2020, and more than a third of Indian respondents to a June survey by Microsoft reporting they had fallen prey to a pandemic-related phishing email. Yet only a third of respondents to the Marsh/RIMS report said they model potential cyber loss scenarios, and only 26% plan to do so in the next year. Key cyberrisk management measures and the rate of implementation among Indian companies include:

Whether it is phishing attacks on employees or internet outages interrupting operations in the supply chain, the report notes that the next major event for Indian companies could well be a cyberattack. Focusing on building cyber resilience was one of the report’s four key recommendations, noting “organizations should shift their focus from solely trying to prevent an attack to accepting the inevitability of a cyber event and taking action to mitigate its effect.”

The report’s other top recommendations for risk professionals in India were:

  • Regularly review existing business continuity plans – “Companies should carefully review and refine their business continuity plans. They should ensure their plans enable them to respond effectively to threats that bring short-term pain and long-term and widespread challenges, as is the case with COVID-19.”
  • Embrace the changing working environment – “Lockdowns intended to stem the spread of COVID-19 required many companies to quickly move to remote working, change their business models, and implement new safety measures upon return to the workplace. Other perils, like a natural disaster, could necessitate and precipitate such shifts, even if shorter in duration. Businesses should invest in structures that allow employees to work remotely effectively, efficiently, and safely and should educate employees on new ways of working under changing circumstances.”
  • Remap and remodel your supply chain – “The COVID-19 pandemic emphasizes the need to re-examine supply chains regularly, with special focus on understanding the resilience and reliance of vendors. Companies would benefit from understanding their vendors’ ecosystems; both to provide a clearer view of how they could be affected by different risks and to review contracts to better understand liabilities.
    buy inderal online greendalept.com/wp-content/uploads/2023/10/inderal.html no prescription pharmacy

Moving forward, there is considerable room for risk professionals to be more involved in scenario analysis and strategy

In December, RIMS introduced additional resources specifically for risk professionals in India looking to elevate their risk practice. The report was released around the recent RIMS Virtual Risk Forum India 2020, which brought together hundreds of risk and insurance professionals from across India and around the world. Soon thereafter, the risk management society also announced the official formation of a RIMS India Chapter.

“The exchange of knowledge and experience drives the risk management profession, allowing practitioners to more effectively enhance corporate decision-making, strengthen resiliency and leverage new and exciting opportunities for their organizations,” said Roop Kumar, chief of risk at SBI Life and inaugural president of the India chapter’s board of directors. “RIMS India Chapter will quickly become an exceptional resource for all business leaders. We look forward to delivering cutting-edge risk management insight to support our members as they advance their programs and their careers.”

Other members of the inaugural board of the India chapter include: Keerthana Mainkar, head ERM at Infosys; Amol Padhye, head of market risk at HDFC Bank; Amber Gupta, head legal and corporate secretary at Birla Sunlife Insurance; Anand Shirur, CEO of Digitangle Consulting PVT, Ltd; Steward Doss, associate professor at National Insurance Academy; Monika Mittal, professor at BIMTECH; Shibyanshu Sharma, vice president of risk management at SBI Life; and Yogesh Ghorpade, head of ERM and insurance lead at Thermax Industries.

“RIMS India’s Board of Directors truly represent a cross-section of the country’s risk management community,” said Gopal Krishnan K S, head of RIMS India Operations. “The Society looks forward to learning from their unique experiences and welcoming others to contribute so that, together, we can develop the highest standard of risk management education to address corporate India’s biggest concerns.

buy cozaar online greendalept.com/wp-content/uploads/2023/10/cozaar.html no prescription pharmacy