The RIMS Conference 2023, one of the most anticipated events in the risk management industry, brought together professionals from around the world. This year’s conference witnessed a strong return of attendees, fostering insightful conversations on the influence of technology and AI, the hardening market in some sectors, promising lead generation, and the topic of reevaluating values at risk. As risk managers grapple with the complexities of today’s economy, the conference shed light on innovative approaches to asset valuation, business interruption coverage, and risk assessment. In this blog, we will delve into five key takeaways from RIMS 2023.

1. Attendance at RIMS was Back Full Force

The RIMS Conference 2023 saw a remarkable resurgence in attendance, with professionals from diverse industries coming together to exchange knowledge and best practices. The strong turnout highlighted the industry’s commitment to continuous learning, networking, and staying updated on emerging trends in risk management. This renewed enthusiasm served as a testament to the importance of conferences like RIMS in fostering professional growth and collaboration within the field.

2. Conversations Influenced by Technology and AI

Technology and artificial intelligence (AI) took center stage at the conference, captivating attendees with their potential impact on the risk management landscape. Participants engaged in discussions on leveraging advanced analytics, machine learning algorithms, and data-driven insights to make more informed risk management decisions. The integration of technology and AI was identified as a crucial enabler for identifying emerging risks, enhancing risk assessment processes, and developing effective risk mitigation strategies.

3. Market Hardening and Cost Pressures

The prevailing market conditions, marked by increasing inflation and supply chain disruptions, led to a hardening of the insurance market in some sectors. This hardening brought forth new challenges for risk managers, necessitating a comprehensive evaluation of their risk transfer strategies. With rising costs and limited coverage options, risk managers explored innovative solutions to mitigate their organizations’ exposure, while ensuring optimal protection against potential losses. Adaptability and agility emerged as critical attributes in navigating the evolving market landscape.

4. Networking and Unique Challenges

The conference presented valuable networking opportunities, with risk managers from prominent organizations seeking assistance in asset valuation and business interruption coverage. The complexities of today’s economy have compounded the challenges faced by risk managers in assessing their true exposures. Our conversations at the conference emphasized the need for specialized services such as physical assessments, business interruption studies, drone imagery for risk assessments, and cyber risk evaluations to help organizations better understand, manage and mitigate their risks.

5. Revamping Risk Management Strategies for Values at Risk

The concept of values at risk emerged as a hot topic of discussion at the conference. Risk managers recognized the need to rethink traditional approaches to valuing physical assets, particularly large-scale industrial equipment that is difficult to source. Furthermore, the assessment of business interruption values to protect against lost profits requires a fresh perspective in light of evolving market dynamics. The conference urged risk managers to revamp their risk management strategies, embracing innovative methodologies to adapt to the current environment effectively.

The RIMS Conference 2023 served as a hub for risk management professionals to share insights, discuss industry trends, and explore solutions to pressing challenges. Attendees returned to their organizations armed with a wealth of knowledge on harnessing technology and AI, navigating a hardening market, generating promising leads, and reevaluating values at risk. As the risk management landscape continues to evolve, it is imperative for professionals to remain proactive, adaptable, and forward-thinking in their approaches. The RIMS Conference proved once again to be an indispensable platform for industry leaders.

Interactive Teller Machines (ITMs) offer new business opportunities to banks, and therefore to CIT carriers. A significant side benefit to the CIT carrier is the chance to take on an even bigger role in cash management in partnerships with banks. But with the larger role comes a larger responsibility to manage the risks that go with a deeper integration into the financial institution.

Here are 7 key components of a program where CIT carriers evaluate risks and then develop and implement procedures to address them.

1. Risk Assessment

The first step in ITM risk mitigation is a risk assessment. CIT carriers need to review the entire process of cash-in-transit from beginning to end to identify the places where losses might occur, estimate a likelihood for each, and determine cost-benefit priorities. Crew and bystander safety will always be of paramount importance, but many characteristics of the routes such as cash transitions, surveillance capabilities, and communication security will be analyzed.

Carriers will be familiar with many of the ITM issues because they have been servicing ATMs, but there will be differences. Evaluated risks can be addressed in a number of ways.

2. Policies and Procedures

The risk mitigation policies a carrier sets up for ATMs may serve as a template for ITM policies, with additional or different elements incorporated as needed. For instance, the over-the-road assessment and policies to manage exposure due to timing and environmental conditions will be a basis for further development for ITMs, if the machines are co-located or if the ITMs replace ATMs.

Policies will cover over-the-road exposures, procedures for handling cash (which is more complex for the ITM), handling multiple machines in a single setting (especially important if several ITMs are serviced in sequence), maintenance issues, vehicle control issues, and reporting or sign-offs. Basic controls like dual control and separation of duties will be included. These policies constitute best practices for the specific carrier to manage cash with security.

3. Internal Audits

The aim of internal audits is to implement a running account of transactions and cash balances at key points in a route to maintain control of the disposition of cash. Audits performed by the carrier may use a variety of methods and they may be scheduled and routine by design, random or intermittent. In all cases, the policy should be communicated to affected staff to set expectations that the audits will occur.

4. External Audits

Audits performed by external agencies give a strong, credible check on internal procedures, adding a strong layer of security. Insurers and other third parties may require these audits as a condition of contract. The value of an external audit is that it can find failures in the system where employees and/or accomplices have intentionally voided internal controls. Random or unannounced audits may be especially effective in detecting fraud early.

5. Personnel Screening and Testing

CIT carrier crews require a special kind of employee. They must be detail oriented, persistently thorough in performing routines, yet able to respond creatively and independently when extreme events occur—they manage risks in real time. Employees like this are rare at any event, but in a tight labor market like today’s, it’s very challenging to find them. Employers need to resist the temptation to loosen background screening and testing criteria, perhaps ramping up the level of effort in recruitment instead.

In addition, an important risk management tool is to interview and/or screen current employees on a regular basis to find changes in life circumstances or attitude that could signal a disaffected employee. Finally, training and testing are essential to help front line people recognize and cope with emergent threats.

6. Access Controls

Access controls including keys, passwords, combinations and alarms should be monitored for operational effectiveness, and changed often enough to reduce the possibility of being defeated. Again, the essential interactive capability of ITMs increases the danger of these controls being breached, so a broader view of “access” is required. Controls based on environmental design or structure are harder to change, but it may be possible to make big risk improvements with relatively small changes.

7. Physical Security

Hardening a target to protect physical security is a classical response to risk, such as in a vault or armored truck. However, it is in the spaces between these hardened targets, where cash is carried that a clever larcenist will look to find weakness. The ITM can exacerbate these weaknesses because of its relatively long service interval, putting a premium on how surveillance, environmental design, and communication can be used to supplement the physical security of the ITM.

For a more comprehensive introduction to managing risk in ITM servicing, download our latest whitepaper on the topic, A CIT Carrier’s Guide to Building Your ITM Program.

To stay prepared, organizations must expect the unexpected. Business Continuity Planning (BCP) addresses the need to have contingency plans in place to deal with potential threats that can turn an organization on its head. Continuity planning is a necessary part of coming out on top in the face of the most challenging circumstances such as a natural disaster, a significant market crash, or a serious hit to a company’s brand or reputation.

As a risk manager, CEO, or any party responsible for the long-term success of an organization, you need to have a plan in place to clearly outline what you would do if the worst were to happen tomorrow. Here are four phases to putting your BCP in place.

1. Business Impact Analysis (BIA)

The first step to building your company’s BCP is to consider the potential impact of each type of disaster or risk event that your company may face. For example, a company in the finance industry may consider the role of the stock market, data breaches, or the possibility of a fraud scandal. The BIA helps you discern which processes are the most critical to recover or initiate in a state of a disaster and assigns a monetary value to the protection of assets involved in specific business processes.

Key goals of the BIA should include:

1. Identifying the impact of uncontrolled events
2. Prioritizing critical functions
3. Establishing maximum tolerable outages

2. Risk Assessment

Upon identifying the impact of the risks facing various functions across your business, the next step is to determine the potential magnitude of these risks. This is a critical assessment to perform, as it helps establish which risks should be most emphasized in the BCP. Priorities can be established by looking at which risks are most likely to occur to determine the breadth of coverage for your company’s BCP. To do this, you can run a gap analysis to compare your company’s current contingency plans against that of the proposed risks to identify any holes you need to fill. With knowledge of these gaps, you can analyze various threats to identify their respective impact.

To aid in this process, it is helpful to work from a list of potential emergencies or viable threats as well as the likelihood and impact of such events such as to personnel, assets, or monetary impact. These can help formulate different scenarios to plan for, such as natural disasters or terrorist threats, as well as minor events such a power outage.

A best-practice risk assessment report should cover the following:

• Summary of Business Operations
• Risk & Vulnerability Analysis
• Critical Support Infrastructure
• Physical Environment
• Recovery Time Objectives
• Business Recovery Strategies & Priorities

3. Business Continuity Plan Preparation

During this step, the BCP is developed, taking into account the likelihood, magnitude, and potential impact of the risks that were identified in the previous step. The BCP preparation stage will take it a step further by documenting strategies and procedures to maintain, recover, and resume critical business functions as quickly as possible. Part of this preparation will entail a list of procedures to address priorities for critical and non-critical functions, services, and processes.

The BCP should include:

• Business Operations
• BCP Organization
• Plan Activation & Operation
• Preparation & Readiness Checklists
• Emergency Operations
• Facility Restoration & Relocation
• Emergency Communications
• Emergency Forms & Terms
• Incident-Specific Response Checklists

4. Business Continuity Plan Testing and Table Top Exercises

Once a plan is established, it’s time to put it to the test with table top exercises. During this final step, key staff members and management will come together to simulate their response to various emergency situations that were identified as likely risks. Using the procedures outline in the BCP, these exercises will identify gaps in the plans to improve them in a controlled setting. This process can also help establish the different roles and responsibilities across team members.

When it comes to risk mitigation, hope for the best but plan for the worst. Take your risk planning to the next level by getting started with your Business Continuity Plan. Talk to a risk mitigation expert today.

Risk practitioners tend to categorize risks based on the level of knowledge about the occurrence (known or unknown) and the level of knowledge about the impact (known or unknown).[1]  Known risks can be prioritized by level of impact and likelihood of occurrence and a plan forms accordingly. … Continue reading