No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

3 Reality Checks for Compliance and Risk Management in 2017

by Sam Abadir
January 4, 2017
in Risk
GRC predictions for 2017

As the transition to a new Presidential administration unfolds, uncertainty abounds. Predictions made about the regulatory landscape made before November may not ring as true, as Republicans look to make good on promises about smaller government and regulatory reform, particularly in banking and finance. Likewise, the potential repeal of the Affordable Care Act and significant changes to Medicare will make waves in health care regulation. In times characterized by dramatic change and unpredictability, it’s important to refocus on what you know, what you can control and how you can create a more resilient business.

It’s important not to lose perspective: while many federal agencies (and their mandates) will be reshaped by new leadership or directed to change their priorities, state and industry regulations may not shift – or may react in opposition. Enterprise risk profiles and existing threat conditions may not be markedly affected by changes at the federal level. Organized cybercrime syndicates, for example, probably don’t care much about who’s in the White House.

Organizations that have been working to strengthen their cybersecurity stance, manage risk and protect customer data and privacy have no reason to pull back on those efforts; in fact, they should work to optimize their governance, risk and compliance programs as organized defense against threats to their goals and trusted status.

The following are some forward-looking statements that will help guide regulated enterprises through the transition and beyond.

Billions will be spent on cybersecurity by thousands of companies.  Only a fraction of those companies will get the full value from their investments.

Governments, insurance agencies and consumers are turning up the pressure on those responsible for protecting data security and privacy. In response, organizations are spending more and more on cyber tools such as SIEMs, vulnerability scanners, penetration tests and threat feeds. Other companies are responding by building robust governance frameworks and ensuring their policies address risks, legal concerns, contractual obligations and best practices. Each element of cybersecurity is important and required for a successful cybersecurity program, but better integration among components will strengthen the enterprise.

The duplicative and separate efforts required to manage all the tools, feeds, workflows and other components of a cybersecurity program with manual processes in spreadsheets and email are often overlooked and lead to wasted resources and gaps in protection. This extra and unnecessary burden will slow down efforts, make reporting inefficient and ineffective and add unnecessary complications and delays that ultimately render security programs costlier and less secure. Centralizing and integrating security, compliance and risk management in a comprehensive governance, risk management and compliance (GRC) platform ensures a better return on investments of time, effort and money. It also brings greater visibility into the effectiveness of controls and processes across the enterprise. Advanced analytics, automation and streamlined reporting increase accountability and collaboration.

Governments will increasingly mandate stronger cyber risk management, beginning with regulated industries, but eventually reaching all types of businesses.

Cybercriminals are not going away.  They will continue to hack into sensitive data of businesses, celebrities, politicians, financial institutions, health care organizations and more. If there is value in the data, the criminals will try to capture it and leverage it for financial gain, power plays or larger exploits. We have already seen rapid evolution in cybersecurity and data privacy regulations in industries such as health care and financial services. Regulators are somewhat removed from partisan politics and often set rules outside of federal legislative processes.  We should expect more industry regulators to focus on cybersecurity initiatives.

States will also step into the void, pushing laws that require industries to protect their cyber assets and customers. This is likely to happen at an industry level first; many states have a handful of dominant industries to protect and oversee. We will see more states developing laws that are stronger or slightly different than federal regulations and laws, leading to extra compliance-related work and costs for organizations in those industries of focus. New York’s newly proposed cybersecurity requirements for financial services firms (23NYCRR Part 500), planned to take effect in January 2017, are a prime example. Integrating risk management processes is the best way to prepare for multiple, evolving layers of regulation.

Third-party risk management practices will extend to customers as vendors are fined more for violations related to the customers they support.

The continued effort to reduce risk will lead to greater focus on organizations’ customers and suppliers. As companies deepen their knowledge of operational and compliance risks, they will learn how suppliers and customers add to their risks. By now, everyone has heard the cautionary tale of the HVAC vendor that was partially responsible for the massive breach at Target. It makes sense that material suppliers can impact the overall quality of goods manufacturers make. Customers’ actions can likewise expose the organizations that supply them goods and services to various threats and vulnerabilities. For example, internet and cloud service providers may need to assess customers on their propensity to download illegal content and to enforce sanctions against customers that use the internet to perform illegal actions. As organizations get wiser about risk and how customers and vendors impact it, they will start taking specific protective and preventative measures: monitoring key performance indicators and key risk indicators and performing risk assessments of vendors and customers.

Instead of wasting energy speculating about the incoming administration’s next move, regulated enterprises should use the next several months to focus on cybersecurity best practices, review and assess risk profiles across the enterprise and improve compliance and policy management processes by integrating these efforts in a comprehensive GRC platform. Pay attention to the details of process and execution; commit to a higher degree of accountability and collaboration; and plan strategically for multiple scenarios. Optimized and streamlined governance, risk and compliance programs that are integrated across the enterprise will strengthen the business overall and build more agile response capabilities, key to success in periods of uncertainty.


Previous Post

Overtime Rules in Overtime

Next Post

M&A in the Age of Data

Sam Abadir

Sam Abadir

Sam Abadir is Vice President of Industry Solutions at Lockpath. Sam has over 20 years of experience helping companies realize value through improving processes, identifying performance metrics and understanding risk. Early in Sam’s career, he worked directly with financial institutions and manufacturing companies to help them realize institutional value. As a Senior Manager at Deloitte, he focused on improving processes and increasing value for Global 2000 companies. In the past seven years, Sam has worked with software companies like Lockpath to build the tools that help companies manage risk and create value that enhance performance in a structured and efficient manner.

Related Posts

supply chain

Only 1 in 4 Manufacturers Have High Confidence in ESG Readiness of Their Supply Chains, Survey Finds

by Staff and Wire Reports
January 27, 2023

Ever-evolving regulatory requirements, consumer demand and investor expectations are all forcing manufacturers to increase the transparency of their supply chain,...

cco pressure

Survey: CCO Pressure High, Resources Low

by Staff and Wire Reports
January 27, 2023

Too few organizations are embracing compliance culture, according to a survey by FTI Consulting and Ethico, which found that while...

growth what next

Growing Pains: Mid-Sized Auditing Firms Are Seeing an Influx of New Clients, But at What Cost?

by Jey Purushotham
January 25, 2023

The era of exponential growth among mid-tier accounting firms is upon us, driven largely by the trend of top-tier firms...

board tech purchase

Directors: Don’t Approve a Tech Purchase Without Asking These Questions

by Jean Hill
January 25, 2023

Board directors don’t need to be able to fix a broken server, but they do need basic technology competence, which...

Next Post
Preventing cybersecurity issues around M&As

M&A in the Age of Data

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT