Global fintech and funding innovation ecosystem

Global Governance Insights on Emerging Risks

Bleu Azur Consulting | June 17, 2018

Direct and indirect costs of cyberattacks - Global Governance Insights on Emerging RisksA HEIGHTENED FOCUS ON RESPONSE AND RECOVERY

Over a third of directors of US public companies now discuss cybersecurity at every board meeting. Cyber risks are being driven onto the agenda by

  • high-profile data breaches,
  • distributed denial of services (DDoS) attacks,
  • and rising ransomware and cyber extortion attacks.

The concern about cyber risks is justified. The annual economic cost of cyber-crime is estimated at US$1.5 trillion and only about 15% of that loss is currently covered by insurance.

MMC Global Risk Center conducted research and interviews with directors from WCD to understand the scope and depth of cyber risk management discussions in the boardroom. The risk of cyberattack is a constantly evolving threat and the interviews highlighted the rising focus on resilience and recovery in boardroom cyber discussions. Approaches to cyber risks are maturing as organizations recognize them as an enterprise business risk, not just an information technology (IT) problem.

However, board focus varies significantly across industries, geographies, organization size and regulatory context. For example, business executives ranked cyberattacks among the top five risks of doing business in the Asia Pacific region but Asian organizations take 1.7 times longer than the global median to discover a breach and spend on average 47% less on information security than North American firms.

REGULATION ON THE RISE

Tightening regulatory requirements for cybersecurity and breach notification across the globe such as

  • the EU GDPR,
  • China’s new Cyber Security Law,
  • and Australia’s Privacy Amendment,

are also propelling cyber onto the board agenda. Most recently, in February 2018, the USA’s Securities and Exchange Commission (SEC) provided interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents.

Regulations relating to transparency and notifications around cyber breaches drive greater discussion and awareness of cyber risks. Industries such as

  • financial services,
  • telecommunications
  • and utilities,

are subject to a large number of cyberattacks on a daily basis and have stringent regulatory requirements for cybersecurity.

See:  Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don’t)

Kris Manos, Director, KeyCorp, Columbia Forest Products, and Dexter Apache Holdings, observed, “The manufacturing sector is less advanced in addressing cyber threats; the NotPetya and WannaCry attacks flagged that sector’s vulnerability and has led to a greater focus in the boardroom.” For example, the virus forced a transportation company to shut down all of its communications with customers and also within the company. It took several weeks before business was back to normal, and the loss of business was estimated to have been as high as US$300 million. Overall, it is estimated that as a result of supply chain disruptions, consumer goods manufacturers, transport and logistics companies, pharmaceutical firms and utilities reportedly suffered, in aggregate, over US$1 billion in economic losses from the NotPetya attacks. Also, as Cristina Finocchi Mahne, Director, Inwit, Italiaonline, Banco Desio, Natuzzi and Trevi Group, noted, “The focus on cyber can vary across industries depending also on their perception of their own clients’ concerns regarding privacy and data breaches.”

LESSONS LEARNED: UPDATE RESPONSE PLANS AND EVALUATE THIRD-PARTY RISK

The high-profile cyberattacks in 2017, along with new and evolving ransomware onslaughts, were learning events for many organizations. Lessons included the need to establish relationships with organizations that can assist in the event of a cyberattack, such as l

  • aw enforcement,
  • regulatory agencies and recovery service providers
  • including forensic accountants and crisis management firms.

Many boards need to increase their focus on their organization’s cyber incident response plans. A recent global survey found that only 30% of companies have a cyber response plan and a survey by the National Association of Corporate Directors (NACD) suggests that only 60% of boards have reviewed their breach response plan over the past 12 months. Kris Manos noted, “[If an attack occurs,] it’s important to be able to quickly access a response plan. This also helps demonstrate that the organization was prepared to respond effectively.”

Experienced directors emphasized the need for effective response plans alongside robust cyber risk mitigation programs to ensure resilience, as well as operational and reputation recovery. As Jan Babiak, Director, Walgreens Boots Alliance, Euromoney Institutional Investor, and Bank of Montreal, stressed, “The importance of the ’respond and recover’ phase cannot be overstated, and this focus needs to rapidly improve.”

Directors need to review how the organization will communicate and report breaches. Response plans should include preliminary drafts of communications to all stakeholders including customers, suppliers, regulators, employees, the board, shareholders, and even the general public. The plan should also consider legal requirements around timelines to report breaches so the organization is not hit with financial penalties that can add to an already expensive and reputationally damaging situation. Finally, the response plan also needs to consider that normal methods of communication (websites, email, etc.) may be casualties of the breach. A cyber response plan housed only on the corporate network may be of little use in a ransomware attack.

Other lessons included the need to focus on cyber risks posed by third-party suppliers, vendors and other impacts throughout the supply chain. Shirley Daniel, Director, American Savings Bank, and Pacific Asian Management Institute, noted, “Such events highlight vulnerability beyond your organization’s control and are raising the focus on IT security throughout the supply chain.” Survey data suggests that about a third of organizations do not assess the cyber risk of vendors and suppliers. This is a critical area of focus as third-party service providers (e.g., software providers, cloud services providers, etc.) are increasingly embedded in value chains.

More:  The growing cost of cybersecurity

FRUSTRATIONS WITH OVERSIGHT

Most directors expressed frustrations and challenges with cyber risk oversight even though the topic is frequently on meeting agendas. Part of the challenge is that director-level cyber experts are thin on the ground; most boards have only one individual serving as the “tech” or “cyber” person. A Spencer Stuart survey found that 41% of respondents said their board had at least one director with cyber expertise, with an additional 7% who are in the process of recruiting one. Boards would benefit from the addition of experienced individuals who can identify the connections between cybersecurity and overall company strategy.

A crucial additional challenge is obtaining clarity on the organization’s overall cyber risk management framework. (See Exhibit 1: Boards Need More Information on Cyber Investments.) Olga Botero, Director, Evertec, Inc., and Founding Partner, C&S Customers and Strategy, observed, “There are still many questions unanswered for boards, including:

  • How good is our security program?
  • How do we compare to peers?

There is a big lack of benchmarking on practices.” Anastassia Lauterbach, Director, Dun & Bradstreet, and member of Evolution Partners Advisory Board, summarized it well, “Boards need a set of KPIs for cybersecurity highlighting their company’s

  • unique business model,
  • legacy IT,
  • supplier and partner relationships,
  • and geographical scope.”

Nearly a quarter of boards are dissatisfied with the quality of management-provided information related to cybersecurity because of insufficient transparency, inability to benchmark and difficulty of interpretation.

EFFECTIVE OVERSIGHT IS BUILT ON A COMPREHENSIVE CYBER RISK MANAGEMENT FRAMEWORK

Organizations are maturing from a “harden the shell” approach to a protocol based on understanding and protecting core assets and optimizing resources. This includes the application of risk disciplines to assess and manage risk, including quantification and analytics. (See Exhibit 2: Focus Areas of a Comprehensive Cyber Risk Management Framework.) Quantification shifts the conversation from a technical discussion about threat vectors and system vulnerabilities to one focused on maximizing the return on an organization’s cyber spending and lowering its total cost of risk.

Cyber risk management process - Global Governance Insights on Emerging Risks

See:  FSB warns of third-party FinTech risk

Directors also emphasized the need to embed the process in an overall cyber risk management framework and culture. “The culture must emphasize openness and learning from mistakes. Culture and cyber risk oversight go hand in hand,” said Anastassia Lauterbach. Employees should be encouraged to flag and highlight potential cyber incidents, such as phishing attacks, as every employee plays a vital role in cyber risk management. Jan Babiak noted, “If every person in the organization doesn’t view themselves as a human firewall, you have a soft underbelly.” Mary Beth Vitale, Director, GEHA and CoBiz Financial, Inc., also noted, “Much of cyber risk mitigation is related to good housekeeping such as timely patching of servers and ongoing employee training and alertness.”

Boards also need to be alert. “Our board undertakes the same cybersecurity training as employees,” noted Wendy Webb, Director, ABM Industries. Other boards are putting cyber updates and visits to security centers on board “offsite” agendas.

Continue to the full article --> here

 

Click for News:

latest news - Global Governance Insights on Emerging Risks

 

Report | Jun 18, 2024 Summary of 2024 Risk Survey for Financial Institutions and Insights for Fintechs The Bank Director's 2024 Risk Survey highlights numerous rising risks and issues that banks and financial institutions are facing as a result of developing regulatory and economic situations. Below are some important areas of concern applicable to the financial sector for review 1. Regulatory and Compliance Risks Increased regulatory requirements are a major worry for financial organizations. Over 75% of executives are concerned about regulatory risks, compared to 66% last year. New restrictions and monitoring, like the Community Reinvestment Act, have significantly contributed to this worry. 2. Margin Pressures and Profitability Net interest margins (NIMs) have tightened dramatically, with 78% of bank leaders reporting lower profits, up from 26% the previous year. Rising funding costs are creating profitability issues, particularly for community banks. NIMs decreased by 10 basis points to 3.17%, putting pressure on profitability. The ratio of unprofitable community banks increased to 5.2% at the end of 2023, up from 3.5% the previous year. 3. Deposit Retention and Liquidity Management Rising interest rates have caused some deposit losses, with 59% of banks reporting low to moderate affects on their funding base. Banks ...
2024 Risk Survey Bank Director report - Global Governance Insights on Emerging Risks
Payments Regulation | Jun 18, 2024 The Bank of Canada has announced new supervisory policies around enforcement On June 17, 2024, the Bank of Canada implemented various new regulatory measures around enforcement aimed at improving oversight of payment service companies. See:  BoC Speech: Essence of the New Retail Payment Activities Act These policies centre on: Administrative Monetary sanctions (AMPs): Implementing new penalties for noncompliance. Enforcement Process and instruments: Streamlining enforcement procedures and instruments. Public Notice of Decisions: Developing guidelines for providing public notices of enforcement actions. Governor's Review: Defining the process for examining the Governor's decisions. Executive Roles: Clarifying the roles and responsibilities of the Executive Director and the Managing Director. Significant Adverse Impact: Managing problems with considerable negative consequences. They also updated their Glossary of Terms about retail payment supervision. Resource:  BoC Update for PSPs: New Registration Guide and Supervisory Policies Available Review this comprehensive page hosted by the Bank of Canada around Retail Payments Supervision - Policies and Guidelines. Conclusion The introduction of these policies comes at an important time, as digital payments continue to expand fast. NCFA Canada emphasizes the importance of staying informed to ensure compliance in order to maintain the payment ecosystem's integrity. The National ...
Freepik payments - Global Governance Insights on Emerging Risks
Jun 18, 2024 Many businesses in the sports betting industry compete for customers. Today, user experience is seen as crucial because it differentiates one company from another and also spurs expansion. Good odds and a wide range of bets are not sufficient; businesses must ensure that customers have an easy, enjoyable, and trustworthy betting experience to succeed in this dynamic industry. The Essence of User Experience in Sports Betting User experience encompasses every interaction a bettor has with a sports betting platform, from the moment they land on the website or app to the completion of a bet and beyond. It includes the design and functionality of the platform, ease of navigation, responsiveness across devices, clarity in presenting information, and the overall satisfaction derived from using the service. An enhanced UX leads to higher customer satisfaction and has a positive impact on important indicators like customer acquisition, retention, and lifetime value. That’s why companies like Altenar b2b igaming provider pay attention to the user experience in their sports betting platforms, ensuring intuitive layouts that make it easy for bettors to find relevant information and place bets quickly. Driving Growth Through Enhanced UX Acquisition of New Customers: Intuitive Design: A user-friendly ...
Freepik krakenimages.com sports betting soccer - Global Governance Insights on Emerging Risks
Reg A | Jun 17, 2024 Crowdfunding Pioneer Sherwood Neiss responds to the WSJ's critique of Regulation A As reported on Crowdfund Insider, on June 13, 2024, Sherwood Neiss, a pioneering voice in the investment crowdfunding field, responded to a Wall Street Journal (WSJ) piece criticizing Regulation A (Reg A) crowdfunding. The WSJ story raised concerns about Reg A's effectiveness and honesty, which Neiss strongly defended, citing the regulation's role in democratizing access to capital. Understanding Regulation A/A+ Regulation A provides an exemption from registration for public offerings. Regulation A has two offering tiers: Tier 1, for offerings of up to $20 million in a 12-month period, and Tier 2, for offerings of up to $75 million. Companies with offers of up to $20 million can choose to proceed under Tier 1 or Tier 2 standards. See:  Insights and Challenges of Raising Capital via Reg A+ This rule enables corporations to offer and sell securities to the public without meeting the stringent standards of a full public offering, making it an appealing choice for startups and small businesses.  Among the many checks and balances, companies who use this exemption to raise capital, to fuel the launch or growth of their ...
Freepik rawpixel.com money - Global Governance Insights on Emerging Risks
CBDC | Jun 17, 2024 Saudi Arabia Joins BIS-Led Central Bank Digital Currency Project As reported by Reuters, Saudi Arabia has become a member of the BIS-led, China dominated, project mBridge, creating a cross-border payments platform using digital currencies (CBDCs) that is managed by many central banks. The goal of this project is to improve the speed, affordability, and transparency of international transactions involving China, Hong Kong, Thailand, and the United Arab Emirates. With Saudi Arabia involved, the transition away from the US dollar and toward the "petroyuan" foreshadowing the adoption of CBDCs for oil transactions, particularly with China. A Change in International Oil Trade According to Rich Turrin, Saudi Arabia would be able to sell oil to China and create the petroyuan through instantaneous, low-cost cross-border cash transactions made possible by Project mBridge. This change is a part of a larger trend that uses CBDCs from BRICS and other countries in the global south, which may lessen the US dollar's dominance in international trade. See:  SWIFT Launching CBDC Solution Within 2 Years (to Compete with BRICS) IMF Working on Global CBDC Platform to Revolutionize Global Remittances and Trade Project mBridge, launched by the BIS in 2021, aims to revolutionize ...
Freepik nuraghies oil - Global Governance Insights on Emerging Risks
BIS | Jun 17, 2024 The Bank for International Settlements (BIS) and the Bank of Canada Launch the BIS Toronto Innovation Centre The BIS Toronto Innovation Centre was officially inaugurated by the Bank of Canada and the Bank for International Settlements (BIS). This Toronto location is the first BIS Innovation Hub in the Americas, a major international centre for finance and innovation. The centre seeks to build the fundamental infrastructure needed to enable emerging financial technologies such as open finance, regulatory tech and oversight (suptech), and close accessibility gaps in financial services.  The innovation centre will serve all central banks across the Americas and encourage the development of innovative solutions that benefit the public. See:  WEF Insights On Coordinating Global Crypto Regulation The centre will be overseen by Miguel Díaz together with a group of experts and advisors. Through innovation, experimentation, and cooperation with other organizations, the BIS Toronto Innovation Centre is positioned to play a significant role in improving the global financial system. Tiff Macklem, Governor of the Bank of Canada: "Fostering innovation has never been more crucial; that's as true for central bankers as it is for business leaders. As the financial sector continues to evolve, we need ...
BIS Miguel DIaz Head of the Toronto Innovation Centre - Global Governance Insights on Emerging Risks
Jun 17, 2024 Artificial intelligence has experienced unprecedented growth in the last few years, turning what was once a sci-fi concept into reality. This technology has been injected into almost every industry to streamline processes and automate tasks, and the fintech sector is no exception. Modern financial systems have always relied on technological advances to bolster security and introduce new features. With AI opening new avenues, many are wondering: will AI change fintech security? AI in Fintech In its simplest form, the answer to this question is that AI has already changed the face of fintech security. Many companies within the sector have already employed AI to beef up security and help identify risks before hackers or thieves act. There are numerous ways in which AI is being used, with those listed below being the most common. Know Your Customer (KYC) Verifications One of the most basic security measures in fintech transactions is customer verification. Often called Know Your Customer, this process involves verifying the information provided by a client by cross-referencing it with official identity documents. AI is often equipped with optical character recognition (OCR), which enables the AI to read scanned documents. This streamlines the process of verifying ...
Freepik Fintech security - Global Governance Insights on Emerging Risks
AI | Jun 14, 2024 Revolutionizing Privacy in AI Interactions The well-known privacy-focused search engine DuckDuckGo just released 'AI Chat' (with a twist), their latest feature. This service offers customers a unique, privacy-focused method of interacting with AI chatbots by enabling them to access well-known chatbots while being completely anonymous. See:  Financial Privacy: SEC Launches Enormous Database Compiling All Stock Trades This project is well aligned with the growing concern in the digital era about data security and privacy. DuckDuckGo offers useful AI services while addressing the challenge of protecting personal data by guaranteeing anonymous interactions. When interacting with AI chatbots, no personal information is gathered or shared thanks to DuckDuckGo AI Chat. Remember, in the AI sector, this level of privacy protection is unheard of so time to pay attention. Without revealing their identity, users can interact with several AI chatbots on a single platform. This facilitates easier and safer access to a variety of AI technologies. Users have complete control over their data, which reduces the risks privacy, data breaches, and illegal data use. This feature will probably persuade other tech firms to make privacy a top priority, which could result in more changes to the way AI ...
Freepik rawpixel.com data privacy - Global Governance Insights on Emerging Risks
Digital Assets | Jun 13, 2024 The ESMA DLT Pilot Regime: One Year On and Its Future with MiCA The Distributed Ledger Technology (DLT) Pilot Regime was introduced by the European Securities and Markets Authority (ESMA) on March 23, 2023. This effort provides a regulatory framework for trading and settling transactions using crypto-assets that meet MiFID II's definition of financial instruments, with the goal of integrating blockchain technology within the EU's financial markets. After a year of the regime, instead of publishing it's annual update report, ESMA has released a 4 page letter outlining difficulties and recommendations that must be taken to ensure success. Slow Traction The adoption of the DLT Pilot Regime has been slower than expected as of April 2024. Four official applications have been filed, according to ESMA, and the corresponding National Competent Authorities (NCAs) are presently reviewing them. Eight additional applications are anticipated throughout the year as well. One major explanation for the regime's sluggish adoption has been attributed to its novelty. Creative Approaches to Cash Settlement ->  Cash settlement procedures are more difficult without central bank digital currencies (CBDCs). While tokenized commercial bank money or e-money tokens can be used by DLT market infrastructures, applicants ...
ESMA DLT Pilot Regime - Global Governance Insights on Emerging Risks
Crypto Enforcement | Jun 13, 2024 Terraform Labs Settles SEC Fraud Case with $4.55 Billion Penalty One of the biggest fines in SEC history, $4.55 billion, will be paid by Terraform Labs and its creator, Do Kwon, as part of a settlement with the Securities and Exchange Commission (SEC) on fraud charges. Do Kwon launched Terraform Labs, which created the stablecoin TerraUSD. The stablecoin crashed in May 2022, causing an estimated $40 billion in damages for investors. The SEC charged Terraform Labs with misrepresenting the dangers to investors and offering unregistered securities while making false claims regarding the stability of TerraUSD. See:  SEC Scrutinizes Terraform’s $166M Transfer to Dentons A $420 million civil punishment for Terraform and a $80 million civil fine for Do Kwon are included in the $4.55 billion settlement, along with $4.05 billion in disgorgement and interest. In accordance with the resolution, Terraform must also shut down operations and apply for approval of a Chapter 11 liquidation plan. A trustee will be chosen to oversee any residual assets and make payments to investors and creditors. The need for cryptocurrency companies to adhere to financial regulations, transparency and truthful portrayal of financial products and services to prevent deceiving ...
Pixabay WilliamCho Justice scales - Global Governance Insights on Emerging Risks

 


NCFA Jan 2018 resize - Global Governance Insights on Emerging RisksThe National Crowdfunding & Fintech Association of Canada (NCFA Canada) is a cross-Canada non-profit actively engaged with cryptocurrency, blockchain, crowdfunding, alternative finance, fintech, P2P, ICO, STO, and online investing stakeholders globally. NCFA Canada provides education, research, industry stewardship, services, and networking opportunities to thousands of members and subscribers and works closely with industry, government, academia, community and eco-system partners and affiliates to create a strong and vibrant crowdfunding and fintech industry. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: ncfacanada.org

Leave a Reply

Your email address will not be published. Required fields are marked *

eight − 7 =