Risk

With almost every FCPA enforcement action involving third party misconduct in one form or another, shouldn’t companies devote more resources than ever to due diligence and third-party risk management systems? There’s no magic formula to implementing an effective system. It just takes two things: commitment and common sense. Every company knows how to do it. But not every company commits...

The BSA/AML risk assessment will allow you to have a better understanding of your overall risk. The risk assessment should be comprehensive and well-documented. When complete, an effective risk assessment should enable the MSB to establish policies, procedures and internal controls to develop the company’s BSA/AML compliance program.

Compliance with regulatory requirements can get complicated when companies in highly regulated industries take to social media. Subject matter expert Joanna Belbey offers five steps to ensure that when your company posts, they do so purposefully, knowledgeably and well within the bounds of the law.

Rather than segregating risk management responsibilities into their own silo, making them the purview of only a select few, companies would benefit greatly from an integrated approach in which every person in the organization is responsible to some extent in managing risk. Jim DeLoach presents a method involving five distinct lines of defense. Read on for details.

Earlier this month the New York State Department of Financial Services announced proposed anti-money laundering and terrorist financing regulations. If adopted, the proposed rules will subject investment advisers to Bank Secrecy Act requirements for financial entities. Regulatory and private scrutiny of compliance programs is expanding, as is the cost of compliance...

Data control risk is one of executives' top concerns, especially in light of the fact that the government's growing role in controlling data flows could lead to resistance among foreign partners and investors. The recent passage of the Cybersecurity Information Sharing Act only exacerbates this risk. So what can companies do to manage data control risk amid this rapid increase...

The importance of due diligence on third parties – vendors, suppliers, their vendors and suppliers, and so on – cannot be overstated. When news breaks of a vendor using child labor or doing business in countries well-known for their human rights violations, it won’t matter much to the public exactly how removed the connection is from the corporation itself. The...

Prevention and vigilance are your best defenses against threats to cloud security. Just ask JPMorgan Chase, Bank of America or Target: when your organization experiences a security breach or loss of confidential data, the damage can be immense. Here are some of the most common occurrences in recent years and a few suggestions on how to avoid them.

Companies must be preparing for the eventuality of a data breach; it’s not a matter of if, but when a breach will occur. And, as we’ve seen with the biggest corporate cyber hacking scandals, the damage is immense in scope and the reputational harm that comes as a result isn’t easy to recover from. The old ways of thinking of...

We’ve established that it’s prudent to keep an eye on your top performers for the sake of risk management , but they’re not the only staff you ought to be watching. There are plenty of contributors who fly under the radar yet play highly important roles in the organization. Do you know which are the “trust positions” in your organization?

Reputational harm can do as much damage to a company's bottom line as nearly any other crisis. A proactive plan is essential to protect the organization should it come under fire. Silicon Valley based Theranos has found this out the hard way. The company's recent fall from grace is testament to the importance of a plan in the event of...

The violence perpetrated on innocent civilians in Paris last week stunned the world. Unfortunately, these acts of terrorism have become far more frequent in recent years. Consequently, the conversation around risk management is shifting. How do we -- as professionals charged with minimizing risk -- respond when the unthinkable happens?