Executive Risk: Attestations of Systems and Controls
Regulators and legislators are concerned with a series of high-profile business failures and, in some instances, are considering making it easier to pursue claims. Senior management, especially of large organisations, used to be able to rely on courts to assess the question of their culpability by reference to the requirement on them to “exercise due skill, care and diligence.” The landscape has now changed.
The UK Financial Conduct Authority for example now routinely requires senior executives within the regulated sector to make quite sweeping statements or “attestations” up front concerning the regulatory compliance of their firm’s systems and controls. These are then filed away and may be used as evidence in an action concerning a subsequent business failure of the very failure to exercise due skill, care and diligence.
Security: There’s no Escaping the Violence
We have seen that sometimes despite our best efforts, there just is no escape from the many faces of risk. For those of us who attempt to manage its effects, 2013 has been another tumultuous year. Power outages at the Super Bowl, acts of terror in Boston and Kenya, more incidents of senseless workplace violence in DC and school New Mexico, devastating weather events in the Philippines, which claimed the lives of thousands, to recent cyber breeches against major retailers potentially impacting millions. All of these events which we’ve witnessed across the risk landscape in 2013 and in years past, have made one lesson painfully clear for 2014 and beyond: “those who fail to plan, plan to fail.”
Employment Law: Social Media
It can make or break an individual or an organization. In the workplace, between employees, it can be fraught with challenges for employers. With many cases just now wending their way through the courts and with the fast pace of evolution in the types and uses of social media, keeping up with the rate of change in corporate policies can seem problematic [example: 3 words from 2013: the Harlem Shake]. When you factor in competing privacy and free-speech concerns, the balancing act can be daunting.
Supply Chain Risks: Lack of Capacity for Recovery
In light of the challenging economic environment felt over the last few years, many companies have shut down or mothballed their manufacturing operations to reduce costs. As demand for goods starts to increase, companies are finding that it is not that simple to bring their machinery back “to life” overnight and kick-start their operations to satisfy higher levels of customer demand. A typical case in point is the UK’s house-building industry, which is currently suffering a supply shortage of bricks due to lack of capacity. Without bricks, houses and conversions cannot be completed on time thereby creating a degree of instability in the market place.
Intellectual Property: Cyber Risk of Third-Party Suppliers
Cyber attacks affecting third-party suppliers can cause a company extensive damage, especially if intellectual property is wrongfully disclosed. Whilst the disruption to operations as a result of unreliable manufacturing software and hardware can be disruptive and lead to delays in the supply of goods, the loss of IPR constitutes a serious supply chain issue particularly in sectors such as aerospace, defence, and life sciences. In these sectors, IPR is a key driver for competitive supremacy and for guaranteeing future revenue flows. It is a major challenge for companies to provide assurance that their third-party suppliers have the right controls in place to prevent theft or loss of data. It is also fair to say that though the level of risk will vary from one sector to another, all the signs indicate that this is a long-term threat, which will increase over the next few years.
Terrorism: A New Breed of Terrorists
Regional conflicts, unemployment, urbanization and marginalization of populations will drive a new breed of terrorist extremists. This could result in a growth of lone wolf attacks targeting population centers. Recent events such as the incident at the Westgate shopping center show a shift from not only targeting property but also looking to inflict mass casualties.
Cyber Risk: Breach Backlash
If 2013 was the year of the mega-breach, expect 2014 to be the year of the breach backlash. With so many breaches reported each day, and more organizations purchasing cyber insurance, cyber carriers are increasingly paying losses. Look for market impacts such as deductibles/retentions, premium rates, and insurer appetite to evolve. Expect governments and industry associations to intensify their focus on best practices in security and penalties for non-compliance. 2013’s larger breaches have awoken consumer anxieties, which could shift consumer attitudes towards various organizations.
Benefits: Balancing Cost and Employee Satisfaction in Health Care Reform Era
For many employers, 2014 might be the time they start to wonder if participation in Health Care Reform is worth it. With exchanges offering coverage to all individuals, employers may decide that there is no compelling reason to continue providing medical coverage for employees? Making that assumption is risky. Employees value employer-provided medical plans. Now that problems with the public exchanges have become so visible, they value their employer plan coverage even more! In a time when employers are facing heightened challenges around finding, recruiting and retaining the best talent, they need to seriously consider the risk of ending the benefit that is, perhaps ironically, becoming even more valuable to employees.
Global Risk: Global Events Wreaking Local Havoc
There can be a negative side to globalization, as evidenced by the worldwide tumult created by the economic uncertainties of the European Union as one example. The reality of globalization is that no crisis is truly distant anymore. Increasingly we find that what happens in Germany, China or Mexico has a broader implication to our own lives in terms of economic, financial and political fallout. Managing this new reality from a corporate standpoint is, for me, a key emerging risk that will remain at the forefront of the new realities of risk management for 2014.
Financial Services: The Rise of the Machines
Finance has a love-hate relationship with technology. But communication devices create particular problems for financial institutions. How can firms protect data when cameras are built into employees’ personal phones, and how can you prevent traders from colluding when there are chat rooms or conference calling on your iPhone? How can a financial institution respond to mandatory discovery requests when traders start using SnapChat to hide their tracks? There are no easy answers. We can’t demand employees give up their phones and computers. However it is vital that financial institutions be aware of the latest trends in communication devices and working to create a practical policy to mitigate the risk – before the machines take over.