Stop for a minute and think about the flow of cash in the American economy. You almost certainly have some in your pocket or purse right now, and at some point in the day, or the near future you will use it to buy something. Even if you rely mainly on plastic, you will sometimes tap an ATM for cash. Billions upon billions of cash dollars circulate every single day. Most importantly, you, and all parties concerned can easily access just the right amount of cash for their needs.
This miraculous flow of cash does not happen by accident. The Cash-in-Transit (CIT) system—a.k.a. the cash management industry—has evolved to manage cash efficiently and securely. This huge system is ubiquitous, yet many people have never heard of anything beyond “armored cars.” The system actually includes a large assortment of cash management businesses, some of them specialized and others offering a fully integrated package of services that help to keep commercial and retail markets liquid.
The CIT system serves banks, including the Federal Reserve, by providing the transportation, storage, processing, accounting, and other services that financial institutions need to ensure the right amounts of cash get to where they are needed. With the extensive geographic dispersion of branch banks and ATMs, it is no longer cost effective for each and every bank to provide all the cash management services it needs. Today, third party businesses in the cash management system can support multiple banks, including providing a level of risk management the industry demands. … Continue reading
The phrase “Due diligence” sounds complicated but in reality, it is simply the process of doing your homework before you make a major commitment, either on a business or personal level. Due diligence can be as simple as just asking the proper questions and making sure that a situation is “not too good to be true.” This idea of checking into the facts behind a transaction to ensure it is fairly valued is the source of the old adage, “let the buyer beware.”[i]
Most of us practice due diligence even though we may not think of it that way. For example, most people these days will do some research on the internet before making a major purchase, like buying a car. We scan websites to get an idea of a fair price, the dealer cost, and any low interest financing deals so we can be prepared to counter the ”rock bottom price” offered by the car salesman. In this process, we are doing our “due diligence” to get the best deal possible.
Due Diligence as a Defense
There are important legal uses of the term “due diligence.” It began as a term describing a legal defense in the Securities Act of 1933. Its purpose in that Act was to give broker-dealers a defense against an accusation that they had not disclosed information in a securities transaction. If they had performed “due diligence” in researching the company, they could not be held liable for information they did not discover.[ii] … Continue reading
You’ve seen the data before: Organizational fraud is a huge annual cost. Managers want to reduce the costs, so the real questions are to learn why fraud occurs and what to do about it.
The most compelling explanation for organizational fraud is the Fraud Triangle, as summarized in our recent infographic. Frauds occur when there is opportunity, one or more employees are under perceived financial pressure (incentives exist), and they can rationalize their fraudulent behavior. These 3 factors correspond to the legs of the triangle.
Control the Opportunities to Reduce the Chances of Fraud
In our experience, organizations can reduce the probability of organizational fraud by just removing one of those legs of the triangle. There are things you can’t control, such as employees’ spending habits, but if you remove the opportunity for employees to get their hands on an asset without the potential of getting caught, then you’ve reduced that probability by 50 percent. … Continue reading
It’s that time of year when we have resolved to do better. Most business owners or managers have probably resolved to increase revenue and profits in the New Year. We urge you to include improving your risk management performance, too. By identifying and mitigating the risks you face, those bottom line resolutions you make are more likely to come true. You need to reduce losses as well as increase revenue.
First, Have a Risk Management Plan
The first resolution has to be to have a risk management plan, and implement it. We sometimes get so immersed in our own work that we forget that there are managers and companies who do not take adequate steps to identify and manage the risks to their businesses. And others have a mistaken belief that they have a risk management plan just because they bought some insurance.
Some recent research by Chubb Group of Insurance Companies shows that both public and smaller private companies have significant gaps in risk management. A 2012 survey of public companies found that 2 out of three companies still do not have cyber insurance even though an electronic breach of data was seen as the most pressing risk. Similarly, 42% of these companies reported experiencing an employment practices liability event, yet some of them still do not have risk management tactics in place to mitigate this risk.
A related study conducted in 2013 found that smaller private companies may have invested even less in risk management despite the fact that 1/3 of them experienced a loss event in the past 3 years. Those that do take risk mitigation steps, like background screening, often mis-use the tactics. Some key findings from that research include:
Most firms believed their general liability insurance protected them from most of the risks they face, including cyber losses, fiduciary liability, and employment practices liabilities.
42% of the companies had broad exclusionary policies toward criminal backgrounds, exposing them to legal action by the EEOC or other agencies.
68% of companies use social media, but only 12% have usage policies for employees.
Many companies use cloud providers for data storage, but only half of these have plans in place for cyber breaches.
A recent article by A-J Secrist of Parker Poe Adams & Bernstein examines the relationship between risk management and compliance. Some analysts distinguish between these two things, with risk management more a strategic concern and compliance an operational one driven by regulatory oversight. Others might go in the opposite direction and confuse a compliance program with performing risk management.
There is no doubt that there is a distinction between risk management and compliance, simply because the functions may be performed by different people within an organization, and at different levels. However, as Secrist points out, “In essence, noncompliance is a type of risk.”
Compliance is a key element of a comprehensive risk management plan. … Continue reading
