NCFAs innovation and funding ecosystem

Global Governance Insights on Emerging Risks

Bleu Azur Consulting | June 17, 2018

Direct and indirect costs of cyberattacks - Global Governance Insights on Emerging RisksA HEIGHTENED FOCUS ON RESPONSE AND RECOVERY

Over a third of directors of US public companies now discuss cybersecurity at every board meeting. Cyber risks are being driven onto the agenda by

  • high-profile data breaches,
  • distributed denial of services (DDoS) attacks,
  • and rising ransomware and cyber extortion attacks.

The concern about cyber risks is justified. The annual economic cost of cyber-crime is estimated at US$1.5 trillion and only about 15% of that loss is currently covered by insurance.

MMC Global Risk Center conducted research and interviews with directors from WCD to understand the scope and depth of cyber risk management discussions in the boardroom. The risk of cyberattack is a constantly evolving threat and the interviews highlighted the rising focus on resilience and recovery in boardroom cyber discussions. Approaches to cyber risks are maturing as organizations recognize them as an enterprise business risk, not just an information technology (IT) problem.

However, board focus varies significantly across industries, geographies, organization size and regulatory context. For example, business executives ranked cyberattacks among the top five risks of doing business in the Asia Pacific region but Asian organizations take 1.7 times longer than the global median to discover a breach and spend on average 47% less on information security than North American firms.

REGULATION ON THE RISE

Tightening regulatory requirements for cybersecurity and breach notification across the globe such as

  • the EU GDPR,
  • China’s new Cyber Security Law,
  • and Australia’s Privacy Amendment,

are also propelling cyber onto the board agenda. Most recently, in February 2018, the USA’s Securities and Exchange Commission (SEC) provided interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents.

Regulations relating to transparency and notifications around cyber breaches drive greater discussion and awareness of cyber risks. Industries such as

  • financial services,
  • telecommunications
  • and utilities,

are subject to a large number of cyberattacks on a daily basis and have stringent regulatory requirements for cybersecurity.

See:  Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don’t)

Kris Manos, Director, KeyCorp, Columbia Forest Products, and Dexter Apache Holdings, observed, “The manufacturing sector is less advanced in addressing cyber threats; the NotPetya and WannaCry attacks flagged that sector’s vulnerability and has led to a greater focus in the boardroom.” For example, the virus forced a transportation company to shut down all of its communications with customers and also within the company. It took several weeks before business was back to normal, and the loss of business was estimated to have been as high as US$300 million. Overall, it is estimated that as a result of supply chain disruptions, consumer goods manufacturers, transport and logistics companies, pharmaceutical firms and utilities reportedly suffered, in aggregate, over US$1 billion in economic losses from the NotPetya attacks. Also, as Cristina Finocchi Mahne, Director, Inwit, Italiaonline, Banco Desio, Natuzzi and Trevi Group, noted, “The focus on cyber can vary across industries depending also on their perception of their own clients’ concerns regarding privacy and data breaches.”

LESSONS LEARNED: UPDATE RESPONSE PLANS AND EVALUATE THIRD-PARTY RISK

The high-profile cyberattacks in 2017, along with new and evolving ransomware onslaughts, were learning events for many organizations. Lessons included the need to establish relationships with organizations that can assist in the event of a cyberattack, such as l

  • aw enforcement,
  • regulatory agencies and recovery service providers
  • including forensic accountants and crisis management firms.

Many boards need to increase their focus on their organization’s cyber incident response plans. A recent global survey found that only 30% of companies have a cyber response plan and a survey by the National Association of Corporate Directors (NACD) suggests that only 60% of boards have reviewed their breach response plan over the past 12 months. Kris Manos noted, “[If an attack occurs,] it’s important to be able to quickly access a response plan. This also helps demonstrate that the organization was prepared to respond effectively.”

Experienced directors emphasized the need for effective response plans alongside robust cyber risk mitigation programs to ensure resilience, as well as operational and reputation recovery. As Jan Babiak, Director, Walgreens Boots Alliance, Euromoney Institutional Investor, and Bank of Montreal, stressed, “The importance of the ’respond and recover’ phase cannot be overstated, and this focus needs to rapidly improve.”

Directors need to review how the organization will communicate and report breaches. Response plans should include preliminary drafts of communications to all stakeholders including customers, suppliers, regulators, employees, the board, shareholders, and even the general public. The plan should also consider legal requirements around timelines to report breaches so the organization is not hit with financial penalties that can add to an already expensive and reputationally damaging situation. Finally, the response plan also needs to consider that normal methods of communication (websites, email, etc.) may be casualties of the breach. A cyber response plan housed only on the corporate network may be of little use in a ransomware attack.

Other lessons included the need to focus on cyber risks posed by third-party suppliers, vendors and other impacts throughout the supply chain. Shirley Daniel, Director, American Savings Bank, and Pacific Asian Management Institute, noted, “Such events highlight vulnerability beyond your organization’s control and are raising the focus on IT security throughout the supply chain.” Survey data suggests that about a third of organizations do not assess the cyber risk of vendors and suppliers. This is a critical area of focus as third-party service providers (e.g., software providers, cloud services providers, etc.) are increasingly embedded in value chains.

More:  The growing cost of cybersecurity

FRUSTRATIONS WITH OVERSIGHT

Most directors expressed frustrations and challenges with cyber risk oversight even though the topic is frequently on meeting agendas. Part of the challenge is that director-level cyber experts are thin on the ground; most boards have only one individual serving as the “tech” or “cyber” person. A Spencer Stuart survey found that 41% of respondents said their board had at least one director with cyber expertise, with an additional 7% who are in the process of recruiting one. Boards would benefit from the addition of experienced individuals who can identify the connections between cybersecurity and overall company strategy.

A crucial additional challenge is obtaining clarity on the organization’s overall cyber risk management framework. (See Exhibit 1: Boards Need More Information on Cyber Investments.) Olga Botero, Director, Evertec, Inc., and Founding Partner, C&S Customers and Strategy, observed, “There are still many questions unanswered for boards, including:

  • How good is our security program?
  • How do we compare to peers?

There is a big lack of benchmarking on practices.” Anastassia Lauterbach, Director, Dun & Bradstreet, and member of Evolution Partners Advisory Board, summarized it well, “Boards need a set of KPIs for cybersecurity highlighting their company’s

  • unique business model,
  • legacy IT,
  • supplier and partner relationships,
  • and geographical scope.”

Nearly a quarter of boards are dissatisfied with the quality of management-provided information related to cybersecurity because of insufficient transparency, inability to benchmark and difficulty of interpretation.

EFFECTIVE OVERSIGHT IS BUILT ON A COMPREHENSIVE CYBER RISK MANAGEMENT FRAMEWORK

Organizations are maturing from a “harden the shell” approach to a protocol based on understanding and protecting core assets and optimizing resources. This includes the application of risk disciplines to assess and manage risk, including quantification and analytics. (See Exhibit 2: Focus Areas of a Comprehensive Cyber Risk Management Framework.) Quantification shifts the conversation from a technical discussion about threat vectors and system vulnerabilities to one focused on maximizing the return on an organization’s cyber spending and lowering its total cost of risk.

Cyber risk management process - Global Governance Insights on Emerging Risks

See:  FSB warns of third-party FinTech risk

Directors also emphasized the need to embed the process in an overall cyber risk management framework and culture. “The culture must emphasize openness and learning from mistakes. Culture and cyber risk oversight go hand in hand,” said Anastassia Lauterbach. Employees should be encouraged to flag and highlight potential cyber incidents, such as phishing attacks, as every employee plays a vital role in cyber risk management. Jan Babiak noted, “If every person in the organization doesn’t view themselves as a human firewall, you have a soft underbelly.” Mary Beth Vitale, Director, GEHA and CoBiz Financial, Inc., also noted, “Much of cyber risk mitigation is related to good housekeeping such as timely patching of servers and ongoing employee training and alertness.”

Boards also need to be alert. “Our board undertakes the same cybersecurity training as employees,” noted Wendy Webb, Director, ABM Industries. Other boards are putting cyber updates and visits to security centers on board “offsite” agendas.

Continue to the full article --> here

 

Click for News:

latest news - Global Governance Insights on Emerging Risks

 

Market Insider | Shalini Nagarajan | Oct 19, 2021 The Securities and Exchange Commission published a long-awaited report on Reddit darling GameStop's retail-trading frenzy on Monday, saying the phenomenon was caused by a rapid rise in investor accounts betting on the stock. "Whether driven by a desire to squeeze short sellers and thus to profit from the resultant rise in price, or by belief in the fundamentals of GameStop, it was the positive sentiment, not the buying-to-cover, that sustained the weeks-long price appreciation of GameStop stock," the regulator said. In its 44-page report, the SEC debunked the theory that a "short squeeze" may have sent shares of GameStop and other meme stocks soaring. While many short sellers were forced to cover their short positions, the agency said, there is no evidence that this narrative was a major factor. See:  GameStop Testimony: When Short Sellers, Social Media, and Retail Investors Collide How to Revolutionize the Private Capital Markets GameStop purchases by those covering their short positions were a "small fraction of overall buy volume," and the share price continued to stay high after the direct effects of such covering would have waned, the SEC said. Here are 5 takeaways from the ...
Read More
gamestop - Global Governance Insights on Emerging Risks
ComplianceX | Jack J. Kelly | Oct 18, 2021 The U.S. Justice Department is creating a national cryptocurrency enforcement team to tackle investigations and prosecutions of criminal misuses of cryptocurrency and to recover the illicit proceeds from these crimes, Deputy Attorney General Lisa Monaco said Wednesday. The creation of the National Cryptocurrency Enforcement Team, which would be under the supervision of Assistant Attorney General Kenneth Polite Jr., will focus on crimes committed by virtual currency exchanges and mixing and tumbling services, the DOJ said in a statement. The team also would help trace and recover assets lost to fraud and extortion, the DOJ said. A virtual currency “mixer” or “tumbler” charges customers a fee to send cryptocurrencies to a designated address in a manner designed to conceal the source or owner of the currency. See:  SEC Empowers Enforcement Staff To Take Immediate Actions To Combat Emerging Potential Problems | Hester Pierce Calls For Clear Regulations Top US regulator tells crypto exchanges they need to ‘come in and talk to us’ NCET would strengthen DOJ’s capacity “to dismantle the financial entities that enable criminal actors to flourish—and quite frankly to profit—from abusing cryptocurrency platforms,” Ms. Monaco said. “As the technology advances, ...
Read More
national crypto enforcement team - Global Governance Insights on Emerging Risks
Sifted | Amy Lewin  | Oct 20, 2021 If you want to know what it really feels like to run a startup, there are a handful of people you need to speak to — and they’re not founders. They’re the founders’ coaches.  They hear it all — cofounder skirmishes, nightmare investors, even founder fetishes — although they rarely name names.  And the reason they get to know so much? “Founders have literally no-one to talk to” says Julius Bachmann, a Berlin-based coach who works with dozens of startup founders at any one time. “They sit in the centre of an organisation they have built themselves, and every stakeholder around them has a specific interest. Their investors, employees and cofounders are all in the same tunnel and have their own problems. Founders’ life partners have their own lives — and want to be listened to as well. And the founders’ families… they gave up trying to understand what they’re actually doing 10 years ago.” The coaching phenomenon Coaching has been a thing in Silicon Valley for some time and is now “quite trendy” in Europe too, says Gillian Davis, a UK-based coach who’s worked with startups like WeTransfer, MessageBird, Spotify and ...
Read More
Founder loneliness - Global Governance Insights on Emerging Risks
McMillan | Darcy Ammerman, Mitch Koczerginski, Robbie Grant, Anthony Pallotta | Oct 12, 2021 Privacy and Open Banking Since open banking is predicated on the free flow of information, privacy is key to an open banking system. In its February 2019 Review into the Merits of Open Banking, the Committee said “[t]he trust needed to allow the digital economy to flourish, and the social license that organizations will need from Canadians to innovate with their personal data, hinges on having an appropriate legal framework in place that puts at the forefront key privacy issues.” In its January 2020 review of stakeholder submissions, the Committee observed that all stakeholders considered privacy to be a significant risk of open banking. In its own submission to the Committee, the Office of the Privacy Commissioner of Canada (“OPC”) called for several privacy reforms to support an open banking system. Many of those reforms are already making progress. Before the election was called, the government had introduced a substantive overhaul to Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), in the form of Bill C-11, which would have enacted the Consumer Privacy Protection Act (“CPPA”) (we summarized the proposed changes in a previous bulletin) ...
Read More
privacy implications of open banking in Canada - Global Governance Insights on Emerging Risks
Guest Post | Oct 19, 2021 Have you been wondering about the differences between managers and leaders? What makes a great manager and a great leader? Do most managers have valuable leadership skills? How about teams and employees who are being managed? Even though expanding businesses need to hire managers, people don’t like to be managed. Especially Millennials who were born from the early 1980s until roughly the end of the 1990s. This doesn’t make managers’ work-life any easier. These youngsters adapt to changes much faster than the members of their former generations. They have also been raised and socialized in an environment that approves of job-hopping. But before they change the workplace, chances are, a boss or a significant coworker thought they were self-centered, uninspired, entitled, stubborn, lazy, and disloyal. Even if they did their work a bit faster and more effectively than others. But if you think about it, generation Y is taking up half of the entire world’s workforce today. And they are raised to be fast-thinkers, independent, go-getters, and game-changers. This mix of characteristics often makes them move on. See:  Bracing For Change In The Era Of The Augmented Workforce If you are a Millennial, you ...
Read More
informal outdoor meeting - Global Governance Insights on Emerging Risks
Forkast | Adi Ben-Ari | Oct 19, 2021 Recent intervention by regulators in the U.S. and China has made for difficult times for the decentralized finance DeFi sector, but it highlighted again the need to communicate the value that DeFi brings to business and finance, and to allay concerns about the risks. DeFi is an exciting, rapidly growing corner of the cryptocurrency and blockchain world. It aims to remove human involvement from financial services by using smart contracts that democratize financial services, lower costs and improve access. Its popularity is growing sharply as organizations ranging from startups to traditional banking institutions recognize the value it brings. Yet, as with all financial services, DeFi is accompanied by risk. The question is: how risky is DeFi and is that risk any greater than elsewhere in the financial services sector? See:  Decentralized Finance—Risks, Regulation, and the Road Ahead The regulators evidently see risk. Last month, the U.S. Securities and Exchange Commission (SEC) blocked a new digital asset product from Coinbase called Lend, having determined that it is a security and therefore under its regulatory authority. Later in the month, the People’s Bank of China cracked down on cryptocurrencies and crypto exchanges, declaring that ...
Read More
DeFi at crossroads - Global Governance Insights on Emerging Risks
IMF Annual Meetings (2021 Washington DC)| Oct 18, 2021 Overview of IMF Seminar 'Digital Money Revolution' Digital finance innovations—central bank digital currencies, private eMoney, stable coins, or cryptoassets—may bring changes in the way we lead our lives. This seminar reviews the implications of this transformation for the international monetary system. See:  The Impact of Fintech on Central Bank Governance Moderator:  Martin Wolf is chief economics commentator at the Financial Times, London. Speakers: Kristalina Georgieva is the Managing Director of the International Monetary Fund (IMF). Benoît Cœuré was appointed Head of the BIS Innovation Hub in 2020. Eswar Prasad is the Tolani Senior Professor of Trade Policy and Professor of Economics at Cornell University. Continue to the full article --> here The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, ...
Read More
IMF Seminar Digital Money Revolution - Global Governance Insights on Emerging Risks
CSA | Release | Oct 18, 2021 Calgary and Toronto – The Canadian Securities Administrators (CSA) today published for comment proposed climate-related disclosure requirements. The proposed requirements address the need for more consistent and comparable information to help inform investment decisions. They also demonstrate the CSA’s commitment in favour of the growing international movement toward mandatory climate-related disclosure standards. The requirements contemplate disclosure largely consistent with the Task Force on Climate-related Financial Disclosures (TCFD) recommendations. They will improve the comparability of the information issuers disclose and help investors make more informed investment decisions by enhancing climate-related disclosure. The requirements are also intended to address costs associated with reporting across multiple disclosure frameworks, improve access to global markets and facilitate an equal playing field for issuers. See:  The evolution of ESG: Corporate sustainability leaders in the financial services sector are taking on new responsibilities “We recognize some issuers already share certain climate-related information,” said Louis Morisset, CSA Chair and President and CEO of the Autorité des marchés financiers. “Our proposed requirements will bring those disclosures into a harmonized framework benefitting investors and issuers alike and aligning Canadian capital markets with the global movement towards consistent and comparable standards.” The proposed requirements ...
Read More
climage change disclosures - Global Governance Insights on Emerging Risks
Financial Post | Jamie Golombek | Oct 14, 2021 Where, exactly, is your cryptocurrency located? It's complicated If you hold foreign property whose total cost exceeds $100,000 at any point in a tax year, you’re required to file Form T1135. The form covers the obvious things, such as your Swiss bank account or Cayman offshore investment portfolio, but it’s also required for foreign stocks, such as Apple Inc., Microsoft Corp. or Google owner Alphabet Inc., that are held in a Canadian, non-registered brokerage account. The penalty for filing late is $25 per day to a maximum of $2,500, plus arrears interest. There have been at least 20 reported cases in which taxpayers have been assessed a late-filing penalty since the 1998 introduction of Form T1135. Is cryptocurrency considered foreign property? Those questions were discussed in a recent article by William Musani and Ashvin Singh of Felesky Flynn LLP, a boutique tax law firm with offices in Alberta and Saskatchewan. They analyzed whether cryptocurrency falls under the technical definition of “specified foreign property” in the Income Tax Act, which includes “intangible property situated, deposited, or held outside Canada that is not used or held exclusively in the course of carrying on ...
Read More
Crypto taxes - Global Governance Insights on Emerging Risks
Bloomberg | Jesse Westbrook | Oct 15, 2021 Tether will pay US$41 million to settle allegations it lied in claiming its digital tokens were fully backed by fiat currencies, putting a major compliance headache behind the world’s biggest issuer of stablecoins even as regulatory scrutiny intensifies. For years, Tether told customers and the broader cryptocurrency market that it had US$1 in reserve to back every token, the Commodity Futures Trading Commission said in a Friday statement. That claim was wildly misleading, according to the agency. For instance, from June to September 2017, there was never more than US$61.5 million backing Tether, even as more 442 million coins were circulating at one point. Read:  Tether banned on Canada’s first 2 licensed digital currency exchanges “This case highlights the expectation of honesty and transparency in the rapidly growing and developing digital assets marketplace,” said acting CFTC Chairman Rostin Behnam. Tether is widely used to trade Bitcoin and other tokens, making it pivotal to the crypto market. That’s because the coin allows quick transactions and because it’s designed to be largely immune to volatile price swings -- a function of its one-to-one peg to fiat currencies. But many traders have long been skeptical ...
Read More
Tether fined 41M - Global Governance Insights on Emerging Risks

 


NCFA Jan 2018 resize - Global Governance Insights on Emerging RisksThe National Crowdfunding & Fintech Association of Canada (NCFA Canada) is a cross-Canada non-profit actively engaged with cryptocurrency, blockchain, crowdfunding, alternative finance, fintech, P2P, ICO, STO, and online investing stakeholders globally. NCFA Canada provides education, research, industry stewardship, services, and networking opportunities to thousands of members and subscribers and works closely with industry, government, academia, community and eco-system partners and affiliates to create a strong and vibrant crowdfunding and fintech industry. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: ncfacanada.org