Category Archives: Governance, Risk & Compliance

RIMS ERM Conference 2021: A Case-Study Approach to “Solve Any DEI Issue in One Hour”

Posted on by

At today’s RIMS ERM Conference 2021, a hybrid event with in-person experiences in New York City and virtual content online, many of the presenters focused on the intersection of ERM (enterprise risk management) with other mission-critical three-letter topics, including ESG (environmental, social and governance) and DEI (diversity, equity and inclusion).

In one of the afternoon’s sessions, “Identify and Solve Any Organizational DEI Issue In One Hour,” presenter Layne Kertamus, professional in residence of risk management and insurance at Utah Valley University, explored “new ways to talk about what needs to be said, and what needs to be listened to.”

“Most organizations that I’m aware of have moved past the idea that they have to do something on [DEI] issues for our stakeholders—it has moved on to ‘We cannot afford to not have some real results in these arenas’ and that should be motivation enough, if we needed any motivation,” Kertamus said. “The issue will not go away and it will evolve. Hopefully we can find a way to make this not just a prompt for change, but a real asset.”

Kertamus noted the particular challenges of the “frozen middle” in implementing meaningful DEI initiatives. Middle management feels pressure from both above and below to take DEI action, and “may react to hearing these goals with concern or dread—for example, thinking ‘My status and opportunities may now be more limited than they were before.’”

With the “why” and other background largely established, Kertamus focused the session on one approach to the “how” of DEI-related change. While many DEI discussions start with general open forums and reminders about being respectful and open, he noted that some of these approaches may lead to inauthentic or surface-level outcomes. To really get into an authentic plan that gains acceptance, Kertamus said, “sometimes we need to create environments where we can talk the way we need to talk.”

He proposed that organizations adopt a case study method to facilitate some of these discussions, outlining the “one hour” from his session’s title:

  • With this method, a “case presenter” brings their concern, challenge or passion to present a large-scale DEI-related issue in the workplace that impacts other stakeholders. A facilitator should be selected and need not be an expert, but must bring an open mind and a willingness to enforce time limits. A group of “peer consultants” is then gathered from across the company, perhaps at different levels or in different departments.
    online pharmacy lexapro with best prices today in the USA

  • First, the group listens to a five minute presentation from the case presenter, and then spends 10 minutes asking fact-based questions directed through the facilitator.
    online pharmacy flomax with best prices today in the USA

    It is critical that the questions are directed and perhaps even pointed, but be focused on facts and not opinions or defenses.
    online pharmacy cozaar with best prices today in the USA

  • The largest segment of the process is a group diagnostic session, spending 20 minutes examining what, if anything, the presenter may have left out, may have ignored as a result of their own lived experience, or other gaps in the issue. It is critical not to jump to solutions in this phase—you may get “answers,” but the purpose here is true diagnosis.
  • The next 10 minutes should be spent on group action brainstorming, brainstorming solutions for the presenter, embracing all perspectives and bringing personal experience, values, and insight to the table. “Be willing to give the presenter bad news, if necessary,” Kertamus urged. For example, you may need to acknowledge that there is no solution, or that they missed a strategic opportunity along the way. The presenter should remain quiet and listen during this step.
  • Next, the presenter gets 10 minutes to respond to the discussion, speaking candidly and asking questions after listening to the group’s brainstorming session. “This can be a defensive time, they may feel beat up, but it can also be an opportunity for real connection, understanding, and for making agreements and commitments moving forward,” he said.
  • If agreements are made, one question is critical before adjourning: “When will you move forward using action steps recommended today?” This can be a critical moment in advancing concrete plans and changes in attitude or approach to DEI in the workplace.

While this approach can be used with a wide range of issues as the focus “case,” Kertamus noted it is particularly useful with “problems where someone cannot just use their authority to impose a change or solution,” for example, a leader who has tried to implement changes and build equity and inclusion as values in a department but keeps meeting resistance. “This is really for instances where you accept the mission of the organization and want to make it real or palpable, but cannot just impose it, you need to open other dialogues,” he said.

If you are not attending the RIMS ERM Conference 2021 live this week, “Identify and Solve Any Organizational DEI Issue In One Hour” and other sessions from the event will be available to stream online during the event or later on-demand.

New York City’s New Biometric Information Law Governs Collection and Use of Consumer Health Data

Posted on by

For risk professionals, the COVID-19 pandemic has increased the importance of ensuring customer and employee safety measures are incorporated into operations, processes and future strategies. As many businesses reopen from pandemic shutdowns or return from remote work arrangements, some enterprises are now exploring both the effectiveness and the risks associated with conducting health screenings that collect biometric information and other personal health data.

This month, New York City released the Biometric Information Law, a new measure that goes into effect on July 9 and imposes disclosure requirements on businesses that collect consumer biometric information.

online pharmacy ciprodex with best prices today in the USA

It also sets parameters on what they can do with that information, most importantly, prohibiting the exchange of biometric information for anything of value.

As detailed in recent client notice from the law firm Reed Smith, highlights from the law include:

  • The measure requires a business that “collects, retains, converts, stores or shares biometric identifier information of customers” to place a “clear and conspicuous sign” near all consumer entrances that, in plain language, discloses the collection, retention or sharing of biometric information.
  • It stipulates that it is unlawful to “sell, lease, trade, share in exchange for anything of value or otherwise profit from the transaction of biometric identifier information.”
  • It establishes “an ‘aggrieved’ consumer’s private right of action,” meaning that “[a]ny person who is aggrieved by a violation by this chapter is entitled to commence an action to enforce its protections.”

There are key exclusions, however, as “governmental agencies, employers, or agents” are expressly excluded from compliance with any provision.

New York is not the only state to enact a law attempting to govern how organizations can use biometric information. Arkansas, California, Illinois, Texas and Washington have also set guidelines for businesses.

online pharmacy tenormin with best prices today in the USA

Indeed, the recent Risk Management Magazine article “Preparing for Biometric Litigation from COVID-19” addresses the imminent and critical questions businesses must answer when collecting and handling such data.

Sensitivities surrounding the confidentiality of biometric and other health information are not new in certain industries, such as healthcare. Further, even before COVID-19, risk professionals were already grappling with the risks associated with new biometric technologies and the data collected, especially with regard to facial recognition, wearables and even the rise in popularity of telehealth.

Now, with every organization on high alert about infectious diseases and how quickly they can interrupt business, health and safety have become top priorities for every risk professional in every sector.

online pharmacy xtandi with best prices today in the USA

As risk professionals look to new technology for help with these concerns, monitoring the emerging regulation and security risks around health and biometric technology will become increasingly critical in balancing benefit and risk to their organizations.
Online Pharmacy https://galenapharm.com/ no prescription
Data security will continue to remain a significant threat, but New York’s Biometric Information Law should serve as a reminder that what the organization does with that data can also have a lasting impact on the enterprise’s reputation and consumer trust.

For more information to help risk professionals manage new health technology and data, check out these articles from Risk Management Magazine:

Automating Risk Functions for Greater Value Creation

Posted on by

Despite recent volatility, more than 60% of risk executives surveyed in a recent PwC US Pulse Survey were optimistic about the global economy, as well as the state of the pandemic recovery. This optimism could stem from a greater alignment between risk functions and the business. Fifty percent of risk management executives reported interacting more with the C-suite, and 42% said they interact more with the board level. Nearly half of respondents said that risk functions and capabilities are now embedded in the business operations that are driving transformations.

Risk functions were once considered tactical and reactive, and often seen as a roadblock to business decisions. Infusing risk management into corporate planning allows an organization to think about compliance responsibilities in a proactive and strategic manner—moving risk and regulatory functions from a back-office cost to a competitive advantage. Staying ahead of uncertainties while also bolstering planning with data helps make companies stronger and more resilient.

Many companies spent the last decade overspending on risk management as they attempted to keep up with compliance and regulatory shifts, frequently lagging behind changes in policy. They often invested heavily in new technologies and data collection, but failed to create efficiencies by integrating those systems across largely siloed business functions. The swift onset of the pandemic made many organizations come to terms with the reality that an entire organization didn’t need to be reimagined in order to implement technological transformations, and that there was still a disconnect between many of the piecemeal systems that had been previously put in place.

Now, executives are increasingly seeing the value of risk management as a strategic advantage. It allows companies to grow in areas with less mature risk management functions, like taking on higher risk clients or entering new geographies. More intelligent monitoring also allows for increased efficiencies and reduced compliance costs.

Integrating AI and automation into the investments that have already been made can help streamline the risk management and compliance processes. Many companies still have room for improvement; only 25% of risk professionals said they were implementing new risk management technologies in 2021 and only 19% said it was a priority to integrate risk management tools onto a single platform.

By automating and enhancing risk management functions, organizations can:

  • Strategize for entering new markets. Make more informed decisions about entering a new market by taking into consideration a shifting regulatory environment and increasingly complex supply chains. Taking on high risk customers relies on analytics and transaction monitoring systems in order to identify potential suspicious activity.
  • Increase speed to respond. Automation and technology-led monitoring of policy and negative news helps position companies to respond more quickly to regulatory bodies and head off negative events before they go viral.
  • Allocate costs efficiently. No longer duplicate costs by operating the departments of your business in a siloed fashion. Leverage case management and workflow systems to aggregate control failures or suspicious activity by customer or focal entity, allowing you to evaluate the root cause and apply analysis across multiple control failures.
  • Enter new business partnerships more confidently. Know the risks of a potential business partnership and get deeper insights into the impact a business partner or vendor’s supply chain could have on your business. Vendor risk management and contract analytics technologies can monitor whether business partners are adhering to their terms and conditions.
  • Reduce the impact of new requirements.  Identify the blind spots and shed light on the potential risks within your enterprise system so you can quickly take action early in the process, allowing your organization to avoid fines when implementing new regulatory requirements.

Regulators and other stakeholders are increasingly calling for the organization of risk management functions under one cohesive point of view. By fixing the disconnects and setting a collaborative tone, you give senior executives more cohesive insights and allow them to adopt more extensive views on the organization’s risk profile.

Six Considerations Impacting Strategic Regulatory Change Management

Posted on by

Regulatory change management (RCM) is one of the most important risk and compliance related domains in 2021, thanks to two key drivers. First, the shift from Republican deregulation to Democratic control and an expected uptick in regulatory requirements. Second, similar to the 2008 crash, the pandemic-induced economy and focus on Paycheck Protection Program (PPP) loans caused many banks to relax their regulatory exams and requirements, while regulators gave companies extra runway for transitioning processes and policies for remote/work-from-home models.

Sometimes regulatory changes are significant enough to change business strategy. In 2021, chief risk officers must be prepared to quickly adapt and react to a historically volatile risk management environment.

buy advair online dentalhacks.com/wp-content/uploads/2023/10/jpg/advair.html no prescription pharmacy

When thinking about an updated, strategic regulatory change management program, here are six considerations for chief risk officers:

1. Lax compliance during the pandemic in 2020 may have introduced hidden risk for activities that normally would have had deeper oversight. 
Sometimes rule changes can also introduce new risks or eliminate a previous risk that needed to be managed, such as potential new default rates around extensions, forfeiture and other things. For example, historically low interest rates present a vexing risk for banks dealing with less profit but just as many loans to process.

buy xenical online dentalhacks.com/wp-content/uploads/2023/10/jpg/xenical.html no prescription pharmacy

What kind of new risk may be found within those loans?

2. When communicating change across the enterprise, establish responsibility to manage it.
Once you understand which regulations have changed, prioritize those that present the most risk, identify what department’s products and processes are impacted, and determine who is responsible for managing those policies. Having a secure central repository for communicating, storing and managing compliance documentation, versus relying on employees storing information on devices outside corporate servers, is ideal.
buy proscar online dentalhacks.com/wp-content/uploads/2023/10/jpg/proscar.html no prescription pharmacy

 

3. If conducting quarterly testing of compliance requirements, it may be challenging to identify key areas in advance that could slip, such as controls around IT/cybersecurity.
When the risk portfolio changes, the controls to manage those risks must be updated accordingly. Firms that may now be less dependent on management oversight and more dependent on confirmations that processes are being followed should put automated controls in place to verify those activities.

4. Companies should shift to best practice or common checklists that can be standardized and shared across the enterprise. 
Assessment checklists are a great way to ensure that all requirements are being met for a wide variety of business processes. Once checklists have been updated, cloud-based software systems can track who has access and can also notify when changes happen. 

5. Historically done manually in-house by visible teams, monitoring and testing for compliance purposes will be conducted remotely. 
The visibility of those tests presents significant challenges, and it is critical to determine how errors and issues will progress and be communicated to the remote testing teams, management, and the organization at large. 

6. Verifying and certifying online training for remote employees can be daunting. 
Creating courses formalized for online training represents a major compliance and process change, particularly for companies in industries with limited work-from-home models, such as financial services. Training materials will need to be updated for new employees, while previously trained employees will need to be retrained.