Are you prepared to manage an active shooter within your organization or a venue you manage?
Before you discount the possibility of that happening, you should know that the FBI has reported that at least 160 “active shooter incidents” occurred between 2000 and 2013, with an increasing frequency over time. These incidents combined to produce 1,043 casualties including 486 deaths. They occurred in 40 of 50 states, almost always involved a single shooter, and 70% of them were in a commercial or educational venue. … Continue reading
The Office of the Comptroller of the Currency (OCC) is focused on the responsibility of financial institutions—national banks and Federal savings associations—to be responsible for the risk management of business operations whether they are performed internally or through third party vendors.
CIT companies are clearly included in this mandate.
The OCC recognizes that the growing interconnectedness of banks with third party cash management service providers has created new sources of risk due to gaps or inconsistencies of controls that can occur where distinct businesses interface. In everyday terms, this means there can be situations where “no one is in charge.”
Since the OCC is responsible for the security of the overall financial system, it is moving to make banks accountable for the gaps and inconsistencies between them and third party vendors that may pose risk to the system.
This creates specific kinds of difficulties for banks because they can be held accountable for the actions of organizations they do not own. Banks and their third party vendors, including CIT businesses, have different regulatory, standard practice, and incentive profiles, as well as different cultures and assumptions. It will take especially thorough due diligence to write contracts that lay out the important responsibilities and performance expectations for the different parties to get all the entities on the same page.
In these circumstances, monitoring performance takes on greater importance. There is a substantial possibility that unanticipated gaps or inconsistencies will emerge despite careful risk management planning. Banks have a strong incentive to measure performance and find irregularities as quickly as possible. … Continue reading
It’s that time of year when we have resolved to do better. Most business owners or managers have probably resolved to increase revenue and profits in the New Year. We urge you to include improving your risk management performance, too. By identifying and mitigating the risks you face, those bottom line resolutions you make are more likely to come true. You need to reduce losses as well as increase revenue.
First, Have a Risk Management Plan
The first resolution has to be to have a risk management plan, and implement it. We sometimes get so immersed in our own work that we forget that there are managers and companies who do not take adequate steps to identify and manage the risks to their businesses. And others have a mistaken belief that they have a risk management plan just because they bought some insurance.
Some recent research by Chubb Group of Insurance Companies shows that both public and smaller private companies have significant gaps in risk management. A 2012 survey of public companies found that 2 out of three companies still do not have cyber insurance even though an electronic breach of data was seen as the most pressing risk. Similarly, 42% of these companies reported experiencing an employment practices liability event, yet some of them still do not have risk management tactics in place to mitigate this risk.
A related study conducted in 2013 found that smaller private companies may have invested even less in risk management despite the fact that 1/3 of them experienced a loss event in the past 3 years. Those that do take risk mitigation steps, like background screening, often mis-use the tactics. Some key findings from that research include:
Most firms believed their general liability insurance protected them from most of the risks they face, including cyber losses, fiduciary liability, and employment practices liabilities.
42% of the companies had broad exclusionary policies toward criminal backgrounds, exposing them to legal action by the EEOC or other agencies.
68% of companies use social media, but only 12% have usage policies for employees.
Many companies use cloud providers for data storage, but only half of these have plans in place for cyber breaches.