Monthly Archives: April 2012

Check AML crypto online: USDT AML check BTC, ETH and 65+ coins. Receiving funds of illegal origin could lead the risk of having your funds frozen. The USDT is being tested for scams, mixers, darknet market, ransom, gambling and other crimes.

RIMS 2012 Opening Reception Recap

Posted on by

If you were lucky enough to be at the opening reception for the RIMS 2012 Conference & Exhibition in Philadelphia, then you probably channeled your inner child for a good portion of the night.

The reception, held at the Please Touch Museum, offered guests access to not only delicious food, drink and networking opportunities, but also to the entire museum, which features nostalgic play spaces that brought back countless childhood memories. The 2012 conference is officially underway — let the fun begin!

Check back for daily updates from the RIMS 2012 Conference & Exhibition in Philadelphia, and don’t forget to follow us on Twitter.

Digital Book Wars

Posted on by

A piece I wrote for the upcoming May issue of Risk Management:

In 1999, the Department of Justice found that Microsoft had violated the Sherman Antitrust Act. It had essentially created a monopoly in the market for operating systems designed to run on Intel-compatible PCs, claimed the government. In a settlement, Microsoft was ordered to share its programming interfaces with third-party companies, a punishment that only recently expired. United States vs. Microsoft was arguably the most closely watched corporate legal case in recent history. Now, one may eclipse it.

On April 11, the DOJ filed suit against Apple and five large, traditional publishing houses, alleging that they committed antitrust and price-fixing violations in the e-book market. According to the allegations, Apple, HarperCollins, Hachette Book Group, Macmillan, Penguin Group Inc. and Simon & Schuster Inc. conspired to increase digital book prices and force Amazon to abandon its discount sales strategy.

As the first real player on the e-book scene, Amazon was able to dictate pricing to publishers, and it frequently sold digital books below cost to boost sales of its Kindle reader. Though book publishers largely opposed the practice, they didn’t have much choice since there were few other viable options for publishing and selling e-books at the time.

But when Apple came along with its iPad and got wind of publishers’ unhappiness with Amazon, the tech company decided to make a move. Apple introduced an agency pricing model under which the publishers set digitial book prices and Apple received 30% of the sale. For publishers, this was obviously a more attractive option than Amazon’s pricing strategy. And eventually, as more publishers threatened to withhold their titles from Amazon, the retailer adopted the agency pricing model as well.

The new model allowed Apple to gain a toehold in the potentially lucrative e-book market. And just as when it debuted the iPod and iTunes in the same year, the company was now positioned to profit from sales of both iPad hardware and content, rather than just from the hardware alone. “This would be sound commercial logic,” said Frances McLeod, managing partner at Forensic Risk Alliance, “but all commercial
activities must take place within the bounds of the law.”

The DOJ is not the first to question Apple’s influence on e-book pricing. The alleged conspiracy to raise e-book prices was the subject of a class action lawsuit filed against the same parties in a California district court last year. And in December 2011, the European Commission opened a formal antitrust probe for similar reasons.

So what does all of this mean to the parties involved? While publishers are likely pleased with the move away from Amazon’s discount pricing, it is their investors who will be keeping a close eye on the legal proceedings. “The actions of the DOJ will also have been observed by shareholders and by those who feel they have been wronged, raising the possibility that owners and litigants may also act to investigate alleged bad behavior,” said McLeod.

As for the retailers, Amazon has already made a few other enemies in the book publishing industry. Scott Turow, best-selling author and president of the Author’s Guild, has called the retail giant “the Darth Vader of the literary world,” suggesting that the company’s tactics will unfairly undermine brick-and-mortar booksellers and, ultimately, the publishing industry itself.

Apple is not faring much better. For a company that prides itself on its reputation and ability to understand consumers, its customers could turn on the tech giant if they believe that it is Apple’s fault that they are now paying more for digital books. In fact, after the price war began, Amazon was forced in some cases to raise e-book prices as much as 50% from its initial consumer-friendly $9.99 price point.

The DOJ lawsuit has already led to other changes. HarperCollins, Simon & Schuster and Hachette settled with the government, agreeing to grant retailers the ability to reduce prices. Under the agreement, the three publishers will also be forced to create new contracts with Apple and other e-book sellers.

But this story is far from over. The DOJ is vigorously pursuing claims against Apple, Macmillan and Pearson, all of which opted not to settle. States including Texas and Connecticut—and let’s not forget Europe—are also seeking separate litigation against the involved companies.

Ultimately, many players in the market still have unfinished business. It seems one thing is finished for good, however: the agency pricing model.

Crisis Management in the Age of Cybercrime

Posted on by

[The following is a guest post by Richard S. Levick, Esq, president and chief executive officer of Levick Strategic Communications. You can Follow Richard on Twitter @RichardLevick where he comments daily on risk management and crisis management.] 

Immense as it may be, the March 30 Global Payments data breach that dominated headlines is only the latest in a series of events that made this current crisis eminently predictable. If there are any illusions that this breach was anomalous, consider the extent to which high-profile data breaches similarly dominated headlines in 2011.

Sony suffered over a dozen data breaches stemming from attacks that compromised its PlayStation Network, losing millions and facing customer class action lawsuits as a result. Cloud-based email service provider Epsilon suffered a spear-phishing attack, reportedly affecting 60 million customer emails. RSA, whose very business related to on-line security, experienced an embarrassing and damaging theft of information related to its SecureID system, necessitating an expenditure of more than $60 million on remediation, including rebuilding its tattered reputation.

And the list goes on.

Right now, just about all businesses face cyber risks. The worst include intellectual property losses due to economic espionage — by far the greatest risk to companies — as well as data breaches and ideological “hacktivists.” And the growth rate of those risks often exceeds a company’s ability to fight them.

Over the last decade, companies have experienced exponential increases in the volume and type of their digital assets along with an explosion in the types of storage devices that house them. With enterprise resource planning software, email, cloud computing, laptops, iPads, smart phones, and other portable devises, companies may have data storage systems that number in the hundreds. Managing and securing critical information has become a commensurately more daunting task.

As the situation grows worse, many boards and senior management now take a head-in-the-sand approach to cyber-threat management. A recent survey from Carnegie Mellon University’s CyLab analyzed the cyber governance policies of the Forbes Global 2000. Its findings are troubling. “Boards and senior management are still not exercising appropriate governance over the privacy and security of their digital assets,” states the report. Less than one-third undertake even the most basic cyber-governance responsibilities.

These findings are supported by an in-depth look at cyber-crime published by PricewaterhouseCoopers late last year. According to the survey, which polled nearly 4000 executives from 78 countries, while cybercrime ranks as one of the top four economic crimes (falling just after asset misappropriation, accounting fraud, and bribery/corruption), 40% of respondents reported that they had not received any cyber-security training. A quarter said that their CEOs and boards do not conduct regular, formal reviews of cyber-crime threats, and a majority reported either that their company does not have – or they do not know whether their company has – a cyber crisis-response plan.

Welcome to the risk management officer’s worst nightmare.

According to the Ponemon Institute’s most recent statistics, the average cost of a data breach is $7.2 million with the average cost per compromised record coming in at $214. But the damage done by a cyber-breach goes well beyond the initial information loss. Real costs from business interruption, intellectual property theft, lost customers and diminished shareholder value due to reputation damage all can — and do — inflate those figures. In fact, for 40% of respondents in the PwC study, it is the reputational damage from cybercrime that is their biggest fear.

As cyber-risks continue to grow, companies must therefore focus on reputation as well as strengthening the mechanisms with which data is secured. A few things are imperative.

Boards and senior management must take responsibility for crisis response. Their objective must be to crystalize the company’s crisis instincts – to make crisis response part of the institutional DNA.

Crisis plans are actually counter-productive if they are created simply to be put on a shelf and read only when they are needed. Particularly in the context of cyber-crime, a realm in which new risks seem to emerge almost daily, the need to revisit and revise the plans is exigent. Regular rehearsals, refinements, discussions and additions transform the culture into one rooted in not the possibility but, rather, the expectation of crisis.

Education of employees is imperative. Employees often assume that securing company information is solely the responsibility of company IT specialists – an assumption fraught with risk. Every employee in an organization has the responsibility and the means to protect company data.

In addition to education, the key for companies is to keep less information in the first place, according to Paul Rosenzweig, Esq., founder of Red Branch Law & Consulting, PLLC. Backing up data on the other end is also vital. And while there are attendant costs involved, they are well worth it, he says. “In a world in which the bottom line is everything and the benefit of your expenditure may be recaptured only over years, if ever, this is hard,” said Rosenzweig. “It may well seem like all cost and no benefit in the beginning – that is, until the day it is all benefit and no cost.”

Companies must also designate a response team and ensure that all participants understand their roles. During a crisis, the response team must make critical decisions with too little notice and too little information. Regular meetings ensure that team members understand their individual responsibilities and develop trust in one another. Periodic crisis team exercises allow companies to capture what goes right and what goes wrong in each simulation. The lessons learned are critical when a real crisis is at hand.

When a data breach does occur, companies must make full disclosure as quickly as possible and let stakeholders know how they plan to remediate the situation so that it will not recur. Focusing on corrective future initiatives can restore trust.

With the advent of new technologies, the risks for companies are now greater than ever. Companies’ ability to recognize this moment and transform the way they think about their information is key to long-term sustainability and brand value.

When Risk Management Hits Closer to Home

Posted on by

(The following is a guest post by Marcus Cree, vice president of risk solutions for SunGard’s capital markets.)

A couple of weeks ago, there was a house fire at my home (no one was hurt, and the house is now in a restoration stage). Afterward, it occurred to me that I write, speak and consult exclusively on the subject of risk management, so this raises an interesting set of questions. How well do I internalize the risk management mindset, and do I apply the principles I espouse in the most important environment I know: my own home?

With this in mind, I decided to move away from strict financial firm risk management and instead apply the same kinds of tests to myself. In a risk strategy assessment, I would normally look at a range of indicators, so I decided to assess the recent situation with the same criteria:

  • Early warning of impending crisis
  • Contingency tactics for immediate reaction to the crisis
  • Post crisis, effect mitigation
  • Buy in across the team to the crisis management strategy

Early warning of impending crisis
In a typical financial institution, an “early warning system” would involve the risk management team understanding the level of risk that was deemed acceptable, and understanding what factors feed into this risk metric. This enables tail analysis to be done in order to understand what negative effects are hiding in the extremes of possible immediate spikes in the risk factors as they are being observed now. If the limits are set in accordance with the risk policy, then while the firm is taking active risks, these should be within the boundaries of management risk tolerance.

In a home and family situation, it is not much different. Understanding the potential sources of risk, such as wood burning stoves, electrical wiring, etc., and establishing the accepted level of risk is critical. A home needs to be heated in the winter, and the risk that this poses in terms of fire has to be offset by the need to maintain a reasonable house temperature. That said, appreciating the risk of fire has to be taken into account, and mitigated to the extent to which it can by regular maintenance of the chimneys and stoves. It is also vital to have a warning system in place.

In this case, most likely a smoke alarm system.

Contingency tactics for immediate reaction to the crisis
This is the second most important aspect of risk management. Once the emergency (or financial crisis) is underway, the situation (or losses) need to be held under as much control as can be expected.

In banking terms, this could be seen as liquidity reserves. How long can we survive as an institution under stressed conditions, and how do we make the most of the liquidity that we have? It is here that liquid assets, collateral and re-hypothecation of that collateral come under scrutiny

In the home fire situation, it is more a matter of evacuation. Does each room have at least two viable exits? Do all members of the family know the exit strategy, meeting points, etc.? It is important to understand that a fire is most unlikely on a sunny afternoon, with everyone wide awake. It is far more likely that smoke could be filling the exit corridors while everyone has been sleeping soundly until the moment of crisis.

In many ways, this is the same kind of problem faced by risk managers, who report on VaR numbers based on normal market conditions, only to be faced with a collapsing market and generalized confusion and panic across the market. Indeed, it is the stressed vs. normal assumptions that have caused a lot of criticism of the VaR based risk reporting.

Post crisis, effect mitigation
This stage is really covering the failure contingency, or hedging effects. In banking terms, this typically takes the form of credit default swaps, diversification and market hedges. Stressing these relationships and running disaster scenarios should be a routine job of a risk department. In the home situation, it comes down to insurance, and protection of key documents needed to activate that insurance.

Buy-in across the team to the crisis management strategy
I regularly speak and blog about risk culture and how the true risk managers in a bank are the traders and portfolio managers. The role of the risk department itself, in my view, is to facilitate communication of the risk appetite and the risk position between the senior management (who create the appetite) and the risk takers (who assume it).

In the home situation, the same thing applies. A fire evacuation plan is only good if it is understood by all who may be affected. Smoky 4:00 a.m. darkness is not an environment to start communicating about what needs to be done to prevent or survive a fire. The family has to recognize the smoke alarms, know to call 911, understand the exit options – including how to select the best one, and then know where to meet safely outside.

Ultimately there are risk management trade-offs to be made in order to achieve levels of reward or comfort. This is as true at home as it is within a Wall Street firm. I would rather not have tested my own “micro” risk culture in this way, but since it was tested, I now believe it can improved.