The alarming spread of the new coronavirus and its potential effect on the global business environment can be seen in recent financial market adjustments. The hyper-quick emergence of this risk is likely to spur a number of questions for risk managers whose organizations have international reach:
- What happens if the coronavirus expands and becomes a pan-Asia crisis?
- What do we do if our supply chain in large parts of Asia is threatened?
- Does potential market upheaval have the potential to threaten critical capital projects?
- Will this disrupt R&D that relies on technical research taking place in the region?
As troubling as these questions are, there is a wider view that is potentially even more unsettling.
The curse of living in interesting times
“May you live in interesting times” is a proverb that was supposedly intended as a curse upon enemy states. Recent events demonstrate why that should not be considered a blessing. Houston endured a 500-year flood three years in a row. Preemptive power shutdowns last year in Northern California illustrate the effects of colliding risks (wildfires from extended droughts and inadequate energy infrastructure) on the business environment. Geopolitical risks with far-reaching ramifications (from the unknowns of Brexit to the escalating tensions between the U.S. and Iran) are mushrooming.
Applying a traditional approach to enterprise risk management in such turbulent times could lead to disastrous results. Fortunately, the coronavirus crisis offers three valuable lessons that could help all organizations be much better prepared to face similar challenges.
… read more
Origami Risk users gathered in San Antonio from January 12-16 for our 2020 User Conference. The fifth such event hosted by Origami, this iteration of the conference was the largest to date, with more than 500 people representing organizations from across the risk and insurance industry in attendance.
Collaborative, hands-on learning opportunities led by members of the Origami service team ranged from “boot camps”—introductions to the system for newer users—to instruction on setting up dashboards and reports to more advanced topics such as system administration. Attendees also had the opportunity to meet with an Origami expert for one-on-one sessions for a closer look at specific features or areas of the system they wanted to know more about.
Client co-presenters led sessions covering a wide range of topics including GRC, underwriting, safety, audits, and claims administration, to name just a few. As in previous years, the delivery of actual use cases and the opportunity for those attending sessions to ask questions about the ways in which Origami Risk is being used to address “real world” challenges provided a unique opportunity for peer-to-peer learning. … read more
On January 1, 2020, a new California regulation went into effect that may push many unsuspecting enterprises doing business in the state into costly noncompliance while also introducing reputational risk and threatening their brands. The California Consumer Privacy Act (CCPA) grants new consumer rights related to data storage, use, and protection. Companies failing to comply with these rules can be fined up to $7,500 for each violation. Despite the potential impacts, a recent survey by the IT security firm ESET shows how ill-prepared most enterprises are regarding this new compliance obligation:
- Nearly half of all respondents had never heard of CCPA
- More than 8 in 10 respondents did not know if the law even applied to their business
- A third of executives were unsure if their organizations needed to change how consumer data was stored/processed
- Nearly 1 in 4 respondents “didn’t care” about becoming compliant
- More than half had not performed a risk assessment on cybersecurity within the past year
Given the stakes involved, this broad lack of urgency is concerning but not all that surprising. A DataGrail survey indicated that despite investing thousands of hours and being given a two-year head start, only half of the companies reported achieving compliance with the General Data Protection Regulation (GDPR), a similar data privacy regulation in Europe. Additionally, 70% of enterprises admitted the systems they were currently using to comply would not scale. When the pace of regulatory change is accelerating so rapidly, most enterprises are being caught flat-footed.
… read more