Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Risk Management > Trends and future developments for risk-management > Flashcards

Trends and future developments for risk-management Flashcards

1
Q

CRIME

What is a crime?

To be convicted of a crime, what 3 conditions must be met?

In the context of business, crime can be classified into what 4 categories?

A

= an unlawful act that merits a punishment, usually in the form of a fine or imprisonment.

To be convicted of a crime, certain conditions must be met:
1. The crime takes the form of an action
2. There is no crime without intent
3. Both act and intent must occur at the same time

(1) Offences against an individual
(2) Offence against property or services
(3) Violation of laws
(4) Other offences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

CRIME - OFFENCES AGAINST AN INDIVIDUAL

Name 3 examples of workplace violence against an individual.

Victims of such violence would generally be entitled to what?

Certain occupations come with a greater risk of such offences occurring, including roles where employees are what? (4)

A
  1. Battery / assault
  2. harassment
  3. intimidation / threatening behaviour

monetary compensation

(1) responsible for money
(2) working in dangerous places
(3) working in places where alcohol is distributed
(4) working during times of day where crime is more likely to occur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

CRIME - OFFENCES AGAINST PROPERTY OR SERVICES

What is theft?

Name 3 examples.

A

Theft: e.g. Larceny, embezzlement, robbery, fraud - involves taking what belongs to someone else and keeping it
(Robbery involves an act of violence, whereas embezzlement is often related to misappropriation of funds)

  1. Cybercrime = a hacker stealing material non-public information for a ransom
  2. employees using stolen property =company computer or time for personal use
  3. forging documents to commit fraud
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

CRIME - VIOLATION OF LAWS

Violations of certain laws can be considered a criminal offence.

Name 4 examples.

CRIME - OTHER OFFENCES

Name 2 other offences.

A
  1. Anti-trust: covers activities that restrain trade and supervises M&A to prevent any one participant dominating the market.
  2. Environmental laws: Inappropriate disposal of waste from manufacturing activities can carry criminal penalties
  3. Food and Drug Act: organisations may face a criminal punishment for misbranding and misrepresenting the benefits of their products and services.
  4. Terrorism Act - The Terrorism Act 2006 creates crime offences for organisations that encourage and support acts of terrorism.

(1) Extortion e.g., blackmail
(2) Bribery =act of crime that involves a wilful corrupt payment (or receipt of such payment) for official action from a public official within the government

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CRIME - COUNTERING WORKPLACE CRIME

Name 6 examples of how to prevent crime in the workplace?

Name 5 ways to prevent cyber crime.

A
  1. Use of external firms to run background checks
  2. Clear policies, checks and procedures
  3. Continuous training
  4. Regular audits (areas that handle money, payments, receipts) to identify early signals
  5. Security cameras
  6. Proper RM to identify vulnerabilities.

(I) password-protected firewalls
(II) up-to-date antivirus software.
(III) Employ specialist firms to help identify and fix weak spots
(IV) Continuous employee training
(V) back-up processes of the key records

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

FINANCIAL CRIME

What is financial crime?

Name 4 examples.

What are the 3 main impacts of financial crime on organisations?

In the UK, what happened in 2017?

A

Financial crime covers any type of criminal conduct that relates to money, financial services or financial markets

Examples:
(1) fraud or dishonesty;
(2) misconduct relating to financial markets and information (e.g. insider trading)
(3) handling the proceeds of crime;
(4) the funding of terrorism

Impact of financial crime:
1. Direct financial loss (e.g. employee or external party committing fraud)
2. Reputation and brand loss,;
3. Legal and regulatory sanctions due to a breach of financial crime laws and regulations

New anti-money laundering (AML) and countering financing of terrorism (CFT) regulation came into force

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

FINANCIAL CRIME - ANTI-MONEY LAUNDERING

Most countries have anti-money laundering laws and regulations. What are they intended to do?

What is money laundering?

Name 2 examples.

What do anti-money laundering laws and regulations require?

What are the consequences of non-compliance?

A

Intended to prevent individuals and organised crime groups from using the monetary proceeds of their illegal activities.

= the concealment of the origins of illegally obtained money

(1) E.g., pay the cash into a bank account OR purchase high value goods, which may then be sold on to make the proceeds appear legitimate

(2)Money could be laundered through a company, whereby over-inflated cash payments are made for goods/services that may/may not exist

Require organisations that fall within the scope of these laws and regulations to use a range of control measures to prevent money from being laundered

Regulated organisations that do not implement compliant controls, or which permit money laundering deliberately or by error or omission, can face serious sanctions = large fines and imprisonment of senior staff and directors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

FINANCIAL CRIME - ANTI-MONEY LAUNDERING

What is the most recent anti-money laundering law in the UK?

What did this enhance? (4)

A

Sanctions and Anti-Money Laundering Act 2018

Regulation enhanced the rules in relation to:
1. customer due diligence;
2. further limitations on the ability to rely on third-party anti-money laundering controls;
3. the provision of electronic money (crypto-currencies, such as Bitcoin) and pre-payment cards
4. the enforcement of sanctions against non-compliant organisations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

FINANCIAL CRIME - COUNTERING THE FINANCING OF TERRORISM

Growing concerns about terrorism and the funding of terrorist activities have led to enhanced laws and regulations.

Why does terrorism require funds?

How can terrorist gangs finance their activities more easily?

Why is the financing of terrorism difficult to detect?

What is the difference between money laundering and terrorist financing?

A

Terrorism requires funds to plan attacks, purchase equipment and train attackers.

Terrorist gangs can finance their activities more easily if have access to the wider banking and payments system to facilitate the transfer of funds.

Difficult to detect since legitimately earned funds can be used (e.g. donations from sympathizers)

With money laundering, a crime has to occur before the funds enter the banking system, making it easier to link funds to specific crimes.

With terrorist funding, the crime occurs after the funds have been made available via the banking or wider payment system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

FINANCIAL CRIME - COMMON AML AND CFT CONTROLS

What is the risk-management process for anti-money laundering and controlling the financing of terrorism?

In terms of identifying and assessing AML and CFT risks, organisations do what?

How? (2)

A

= a similar process to other types of risk-management = identify, assess, monitor, and control

Organisation determine if and how their products and services could be used to launder money or support the funding of terrorism by:

  1. Identifying the products, services, stakeholders (customers and third parties) and physical locations that are most at risk of money laundering and terrorist financing activities
  2. Assessing the level of exposure (probability X impact)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

FINANCIAL CRIME - COMMON AML AND CFT CONTROLS

In terms of monitoring and controlling AML and CFT risks, organisations do what?

Name 8 examples.

A

Implement controls and monitoring arrangements including:

  1. develop appropriate policies and procedures to co-ordinate control activities;
  2. establish roles and responsibilities e.g., appoint MLRO to oversee AML and CFT activities
  3. report any suspicions of money laundering or terrorist funding activity to the relevant authorities;
  4. establish due diligence arrangements e.g., KYC and identity checks
  5. establishing dual control and segregation of duties controls
  6. Monitor transactions to search for suspicious activity: e.g. accounts used for money laundering may receive occasional large cash payments followed by frequent smaller withdrawals;
  7. Training for employees; and
  8. AML and CFT compliance reviews and internal audits
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

FINANCIAL CRIME - COMMON AML AND CFT CONTROLS

What types of organisation are required to comply with AML and CFT regulations?

Where are AML and CFT regulations most common? (4)

A

A wide variety of organisation types e.g., accountancy firms, banks, estate agents, insurers, lawyers

AML and CFT regulations are most common where organisations:
1. make, receive or facilitate large cash transactions (in the UK and Ireland this means transactions that exceed €10,000);
2. provide credit (such as loans and sometimes trade credit);
3. offer products that provide investment returns; and
4. provide certain types of insurance service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

FINANCIAL CRIME - REPORTING A SUSPICIOUS TRANSACTION OR ACTIVITY

Where money laundering or terrorist activity is suspected, what is submitted and to who?

How?

What information is provided? (5)

What is suspicious activity?

Who do employee report suspicious activity to?

Who is the nominated officer?

Where suspicious transactions or activities are identified, UK authorities have a range of sanctions under the Sanctions and Anti-Money Laundering Act 2018, including what 2 things?

A

Submit a Suspicious Activity Report (SAR) to the National Crime Agency (NCA)

via a secure online system on:
1. nature of the suspicion;
2. date and location of the event;
3. whether the individual is believed to be a suspect or victim;
4. the personal details of the individual engaging in the activity; and
5. the individual’s account details where necessary

Definition of ‘suspicious activity’ is very broad and includes any transaction or related activity that might be considered unusual

Employees should report suspicions to the MLRO/nominated officer who will decide whether to pass on to the NCA

= may be anyone with suitable skills, training or experience = It may be a SM within the compliance function, or cosec/governance professional

Imposing restrictions on where/how money may be transferred and freezing and seizing economic assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

BRIBERY AND CORRUPTION

What did the UK Bribery Act 2010 establish?

Organisations are expected to implement what?

What are the 6 principles?

An organisation that has implemented adequate internal controls prior to the occurrence of an offence can do what?

A

Established a liability for organisations whose employees commit an act of bribery

Organisations are expected to implement internal control mechanisms based on six principles:

  1. Proportionality = Internal controls should reflect the size and the risk profile of an organisation
  2. Top-level commitment = senior management should promote a zero tolerance policy
  3. Risk assessment = Orgs should be proactive in researching and identifying risks
  4. Due diligence = Orgs should also have sufficient knowledge of third-parties who represent and perform services on behalf of them.
  5. Communication = Organisations are responsible for communicating policies and procedures to employees and 3rd parties, including mandatory training
  6. Monitoring and review = organisations should ensure that internal controls framework is adequate, effective and reflective of current and emerging risks

Can shield itself from corporate liability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

POLITICAL RISK

What is a political risk?

Name an example.

What are the 2 categories of political risk?

How are political risks managed? (4)

A

Political risk = a risk an organisation may face as a result of political changes/instability
e.g., Country sanctions

(1) macro risks - The consequences will affect the whole country.
(2) micro risks - specific to an organisation or a project carried out by an organisation.

Managed by:
1. defining the appetite for such risks
2. conducting appropriate cost benefit analysis of political risks
3. Risks that cannot be mitigated (through insurance, for example) should be monitored and regularly reviewed
4. Communicate and enforce political related policies and procedures and deliver training

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

CORPORATE GIFTS

How does the Bribery Act 2010 help ensure that a corporate gift is not a bribe?

How do organisations deal with corporate gifts? (2)

A

Bribery Act 2010 guidance put restrictions on the value and timing of corporate gifts to ensure that it does not constitute a bribe

  1. Some organisations completely prohibit or significantly limit the amount an employee can spend on client hospitality (because of reputational risk attached)
  2. Organisations should have a relevant policy, training and monitoring processes in place to mitigate the risk of employees receiving inappropriate gifts
17
Q

PEOPLE RISK - BEHAVIOURAL RISK

What is behavioural risk management focused on?

What does behavioural risk management target?

What does behavioural risk management promote?

What can behaviours be influenced by? (5)

Behavioural risk (AKA conduct risks in sectors like financial services) arise from what?

Name 4 examples.

A

Behavioural RM is focused on managing the individual and collective behaviour of an organisation’s employees.

It targets: Attitudes, Perceptions and Relationships of an organisation’s employees

Promotes ‘good’ behaviours that help the organisation to achieve its objectives and preventing ‘bad’ behaviours that can lead to a variety of risks.

Behaviours can be influenced by:
1. culture
2. education
3. upbringing
4. professional training
5. personal attitudes/perceptions

Arise from negative employee behaviours, including
(1) negligence and criminal behaviours
(2) aggression and bullying
(3) lack of concern for H&S or environmental protection
(4) ignoring policies and procedures

18
Q

PEOPLE RISK - COMMON SOURCES of BEHAVIOURAL RISK

What are the 5 common sources of behavioural risks?

Name 4 examples of Negligence.

Name 4 examples of criminal activity.

A

(1) Bullying = may involve physical and psychological threats

(2) Negligence:
1. refusing to follow a policy or procedure;
2. neglecting assigned duties and responsibilities;
3. a general lack of care and attention and concern for others and their needs; and
4. not following the instructions of a line manager or other figure of authority

(3) Information leaks = can be accidental, but employees may decide to leak information to damage the reputation of the organisation or for personal financial gain

(4) Criminal activity
i. H&S or environmental non-compliance;
ii. fraud;
iii. theft; and
iv. the facilitation of financial crime, inc. money laundering and terrorist financing

(5) May be the result of employee dissatisfaction/personal problems/pressures from organised criminal gangs

19
Q

PEOPLE RISK - EFFECTS OF BEHAVIOURAL RISK

Bad employee behaviours can result in a wide range of risk events and effects. What are the 4 common categories?

A
  1. Financial loss = theft and fraud can cost significant amounts of money = Compliance breaches can lead to large fines
  2. Legal and regulatory compliance breaches = court cases, supervisory intervention, the loss of an operating licence, fines and criminal sanctions
  3. Damage to employee morale = bullying can be especially damaging to employee morale
  4. Reputation = High profile behavioural risk events can lead to extensive adverse media attention = Stakeholders may be reluctant to engage with organisations that allow bad behaviours in bullying, financial crime or health and safety management
20
Q

PEOPLE RISK - MANAGING BEHAVIOURAL RISK

How can behavioural risks be controlled?

What are the 3 common practices?

Name 4 examples of risk culture controls that can influence employee behaviours.

A

= using a range of common risk controls including training, segregation of duties or whistleblowing arrangements

  1. Recruitment controls = reduce the potential for recruiting employees likely to exhibit bad behaviours
    E.g., References and criminal record checks, Probation periods
  2. codes of conduct = communicate the standards of behaviour that are expected
    *Non-compliance = may lead to disciplinary action /dismissal.
  3. risk culture = risk culture controls include
    (1) the tone from the top,
    (2) disciplinary and grievance processes
    (3) performance reviews, which focus on behaviours as well as operational performance; and
    (4)training initiatives that look to influence employee behaviours.
21
Q

CLIMATE CHANGE RISK

As per the Bank of England view, climate change presents financial risks which can impact organisations through what 2 main channels?

Name examples for both.

What should organisations do in response?

What should this include?

What does the Bank of England expect?

A

Bank of England view = climate change presents financial risks which can impact organisations through 2 main channels:

  1. Physical risks = rise from changing climate conditions and extreme weather events (hurricanes, droughts, floods, storms and sea-level rises) can potentially result in large financial losses for organisations, especially if not insured.
  2. Transition risks = rise from the process of organisations adjusting towards a greener (lower-carbon) state

Organisations should form a strategic response to the financial risks arising from climate change to ensure their financial stability now and in the long run

Should include research into organisational-level exposures to physical and transitional risks, including stress testing

The BoE expects organisations to identify a SM with responsibility for managing the financial risks posed by climate change, with clear board-level engagement

22
Q

ASYMMETRIC RISK

What is an asymmetric threat?

Name an example.

Why are organisations more exposed to the risk of an asymmetric attack than they were in the past? (2)

How are asymmetric threats treated and managed?

A

The asymmetric threat is a low resource attack that has large consequences.

E.g., A cyber security attack launched by one person or a small group of individuals that causes a significant operational disruption for a target (organisation) = the perpetrator has an unfair (asymmetric) advantage over its victim

Due to the twin trends of:
1. utilising different information sharing processes while
2. shifting large chunks of highly sensitive data to cloud storage solutions

Treated and managed in a similar way to natural disasters = organisations should assess and monitor their vulnerabilities, then create mitigating strategies and contingency plans

23
Q

REPUTATION AND RESILIENCE

Much risk-management activity is focused on anticipating risk events/causes/effects, with the aim of reducing their probability and impact.

Where risks cannot be anticipated, the alternative is to what?

A resilient organisation is able to do what?

What do resilient organisations do? (5)

What is a key part of resilience?

Name the relevant case study.

A

Build resilience.

A resilient organisation is able to respond to unanticipated risk events to help mitigate/reduce their effects.

Resilient organisations:
1. accept that they cannot anticipate every risk event;
2. prepare for the unexpected by designing effective crisis management and business continuity arrangements;
3. react quickly, taking action immediately;
4. invest in effect reduction tool = public relations management; and
5. learn from past events

A key part of resilience is effective reputation management = how the organisation reacts to the event can have a significant effect on its reputation

Case study = 2017 WannaCry ransomware virus attack on NHS caused cancelled and disrupted appointments = led to negative media coverage and reputation

24
Q

TANGIBLE AND INTANGIBLE RISKS

What does the the 2018 Wells Fargo scandal demonstrate?

Why are companies paying more attention to intangible risks?

What are more organisations now doing?

A

Demonstrates intangible risk (loss of reputation) can trigger a series of tangible (fines, balance sheet growth constraints) and intangible risks (loss of talent)

As companies have become globalised, technologically agile and services-driven, intangible assets have become more valuable than physical assets

More organisations are now incorporating intangible risk assessments as a part of their RM frameworks, with in-depth discussions happening at both senior management and board level

25
Q

SHAREHOLDER ACTIVISM

What is shareholder activism?

The extent of requested changes is driven by what?

Name 5 examples of activism-related changes.

A

= refers to a range of activities by shareholder(s) that are intended to result in some change in the organisation.

The extent of requested changes is driven by the type of the activist shareholder

Examples of activism-related changes include changes to:
1. the board’s governance policies or practices
2. board composition (such as increasing board diversity or replacing a specific board member);
3. executive remuneration plans;
4. organisational behaviour (such as environmental and climate change practices and disclosures)
5. share buyback and share dividend programmes

26
Q

SHAREHOLDER ACTIVISIM

To prepare for shareholder activism, organisations need to do what?

What are the common risk factors? (5)

A

To prepare for shareholder activism, organisations need to better understand whether they are at risk of an activist event

Common risk factors include:
1. a low market value relative to the book value;
2. prolonged underperformance relative to peers;
3. excessive cash on hand that has not been re-invested;
4. parts of the business that do not align with the overall strategy;
5. failure to meet basic corporate governance and ESG practices (such as lack of board diversity, lack of environmental disclosures).

27
Q

SHAREHOLDER ACTIVISIM - THE ROLE OF THE BOARD

Why is it important for a board to be well-advised and well-informed? (2)

What should board members be? (2)

A
  1. well-advised and well-informed boards will take a less reactive response when dealing with activist shareholders, finding opportunities to better control the overall process and leverage their key stakeholders
  2. well-handled activist campaigns will maintain the credibility of the board in the face of often negative publicity

It is crucial that the board members:
(1) are engaged with the executive team and key stakeholders

(2) be capable of understanding and clearly articulating the organisation’s strategy and performance relative to its peers

Risk Management (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions