Trends and future developments for risk-management Flashcards
1
Q
1- emerging risk trends
A
- Crime, including financial
- Bribery and corruption
- Political risk
- Corporate gifts
- People/Behavioural risks
- Climate change risks
- Asymmetric risk
- Resilience to mitigate reputation losses of emerging risks
- Convergence between tangible and intangible risk
- Shareholder activism
2
Q
4 categories of crime:
A
- Offence against an individual
- Offence against property or services
- Violation of laws
- Other offences
3
Q
Crime - offences against an individual - 2 types which may be present in workplace
A
- Battery or assault
- Harassment or intimidation
4
Q
There is a greater risk of offences against an individual where employees have specific roles, such as: (4)
A
- Responsible for money
- Working in dangerous places
- Working in places where alcohol is distributed
- Working during times of day where crime is more common
5
Q
Crime - offences against property or services - 2 types which may be present in workplace
A
- Theft (including fraud)
- Cyber crime
6
Q
Crime - Violation of Laws - Violation of certain laws can be considered a criminal offence, including: (4)
A
- Anti-trust laws
- Environmental laws
- the Food and Drug Act
- the Terrorism Act
7
Q
Crime - Other offences - 2 other criminal offences to note
A
- Extortion
- Bribery
8
Q
Crime - 4 measures employed by orgs to prevent/reduce crime
A
- Employment of specialist firms to run extensive background checks (including criminal) on new applicants
- Implementation of policies, checks, procedures
- Provision of training
- Use of technology such as surveillance cameras
9
Q
Crime - 4 measures employed by orgs to prevent/reduce cyber crime
A
- Installation of password-protected firewalls
- Installation of up-to-date antivirus software
- Employment of specialist firms to identify and manage weak spots
- Continuous employee training
10
Q
4 examples of financial crime:
A
- Fraud or dishonesty
- Misconduct relating to financial markets and information
- Handling the proceeds of crime
- Funding terrorism
11
Q
3 main impacts of financial crime risks on an org:
A
- Direct financial loss (such as from fraud)
- Reputation and brand loss (from adverse publicity)
- Legal and regulatory sanctions due to a breach
12
Q
Financial crime: (2)
A
- Historically only applied to financial institutions but scope has now broadened to any org
- Any incorporated company may be exposed to market misconduct risks, and all face fraud and dishonesty risks
13
Q
What is the intention of AML laws and regs?
A
Prevent individuals or organised crime groups from using the monetary proceeds of their illegal activities
14
Q
What is the aim of money laundering?
A
Making illegitimate cash appear legitimate
15
Q
3 common ways to ‘launder’ cash
A
- Paying it into a bank account
- Purchasing and then reselling high value goods
- Through a company (overinflating revenues)
16
Q
AML regulation includes enhanced rules in relation to: (5)
A
- Customer due diligence
- Limitations on ability to rely on third-party AML controls
- Provision of electronic money and pre-payment cards
- Improving financial transparency of beneficial trusts
- Enforcement of sanctions against non-compliant orgs
17
Q
Why is it more difficult to identify financing of terrorism than money laundering?
A
With money laundering, a crime has already occurred before funds enter banking systems, etc.
With terrorist funding, the funds will have been transferred prior to a crime being committed
18
Q
Common controls and monitoring arrangements for AML and CFT (countering financing of terrorism) : (5)
A
- Establishing roles and responsibilities (such as an MLRO)
- Reporting any suspicions to MLRO & relevant authorities
- Establishing due diligence arrangements including KYC arrangements
- Training for employees so that they are aware and compliant
- AML and CFT compliance reviews and internal audits
19
Q
Relevant authority to report money laundering or terrorist financing suspicions to
A
the National Crime Agency (NCA)
20
Q
Method of contact of suspicions to the NCA
A
a Suspicious Activity Report (SAR)
21
Q
To whom should suspicious activity be reported initially?
A
The nominated officer (often the MLRO)
22
Q
Once the nominated officer has received a report of suspicion, they must decide: (2)
A
- Whether to pass it on to the NCA for investigation
- Whether to suspend the activity or transaction, if considered safe to do so
23
Q
A SAR will include information on: (5)
A
- Type and nature of suspicion
- Date and location of event
- Personal details of individual engaging in activity
- Whether individual is believed to be suspect or victim
- Individual’s account details where necessary
24
Q
Following identification of suspicious transactions or activities, sanctions that can be imposed by UK authorities include: (4)
A
- Restrictions on where money may be transferred
- Restrictions on how much money can be transferred
- Freezing economic assets
- Seizing economic assets
25
the UK Bribery Act 2010 established...
a liability for organisations whose employees commit an act of bribery of public officials or business-to-business bribery anywhere in the world
26
Re. bribery and corruption, orgs are expected to implement internal control mechanisms based on six principles:
- Proportionality (reflecting size and risk profile of org)
- Top-level commitment (zero- tolerance policy actively promoted by senior management)
- Risk assessment (proactive in researching and identifying risks)
- Due diligence (on third parties who represent and perform services for org)
- Communication (to employees and third parties who represent and perform services for org)
- Monitoring and review (to ensure adequacy, effectiveness, and reflection of current and emerging risks)
27
Political risk refers to...
the risk an organisation may face as a result of political changes or a political instability in a country
28
Political risks: (2)
- Hard to predict (cannot really predict based on political freedom either as authoritarian gov countries can be very stable)
- Hard to manage, as insurance may not be available
29
2 categories of political risk and brief explanation
Macro risks - not org-specific and will affect whole country
Micro risks - specific to an org or an org's project
30
Corporate gifts
- Have always been a part of corporate life, but ethics have been questioned in recent years
- Bribery Act 2010 places significant restrictions on value and timing of corp gifts and hospitality
- Some orgs completely prohibit or significantly limit client hospitality spending due to reputational risks attached
31
Behavioural risk-management is focussed on...
Behavioural risk-man targets...
... managing the individual and collective behaviour of an organisation’s employees
... the attitudes, perceptions and relationships of an organisation’s employees, promoting ‘good’ behaviours that help the organisation to achieve its objectives, and preventing ‘bad’ behaviours that can lead to a variety of risks
32
5 factors influencing employee behaviours:
- Culture
- Education
- Upbringing
- Professional training
- Personal attitudes
33
Behavioural risk arises from negative employee behaviours, which include: (5)
- Negligence and criminal behaviours
- Aggression and bullying
- Lack of concern for H&S / environmental protection
- Focus on short-term over long-term
- Pursuing personal objectives at the expense of org's objectives
34
4 common sources of behavioural risks
- Bullying (physical or psychological)
- Negligence (refusing to follow policy or procedure, or neglecting assigned duties and responsibilities)
- Information leaks
- Criminal activity
35
4 common effects of behavioural risk & example(s)
- Financial - costs of threat and fraud, fines from compliance breaches
- Legal and compliance - court cases, loss of license, sanctions
- Morale of employees - damaged moral through bullying
- Reputation - adverse media attention as a result of risk events
36
3 common risk controls that can be used to manage behavioural risk
&
3 controls specific to behavioural risk (with short explanation)
- Training
- Segregation of duties
- Whistleblowing arrangements
---
- Recruitment controls - reducing potential for recruiting employees likely to exhibit bad behaviours, such as through psychometric tests which test certain tendencies
- Codes of conduct - to provide clarity on expected standards of behaviour
- Risk culture - ensuring org culture supports good behaviour
37
Climate change risk - two main channels causing financial risk (through losses or costs)
- Physical risks, such as through droughts / rising sea-levels
- Transition risks in adjusting towards a lower-carbon approach
38
An org's strategic response to climate change risk should include: (3)
- Research into org-level exposures to physical and transitional risks
- Stress testing and business model analysis
- Relevant disclosures
39
What is asymmetric risk?
The risk of an asymmetric attack, which is a low resource attach with large consequences, such as a cyber attack
40
Asymmetric risk: (3)
- Asymmetric cyber-attacks have become more frequent and common due to low cost and readily available equipment
- Organisations using more technology has increased the threat they face
- Vulnerabilities should be monitored, and mitigating strategies and contingency plans created
41
Why is building resilience a trend in risk-man?
Due to emerging risks which cannot be anticipated and controlled effectively due to insufficient information - building resilience is the alternative
42
What is the aim of resilience re. emerging risks?
Reduction (perhaps to zero) rather than prevention
43
Resilient organisations: (5)
- Accept that they cannot anticipate every risk event, especially emerging risks
- Prepare for unexpected by designing crisis management and business continuity arrangements
- React quickly when surprised by new events
- Invest in effective reduction controls, including public relations management (in recognition of importance of reputation management)
- Learn from past events, and their own successful and failures in mitigating these
44
Convergence between tangible and intangible risk
- Growing recognition that intangible risk (eg. loss of reputation) can trigger a series of tangible risks (eg. fines) and intangible risks (eg. loss of talent)
- Orgs are beginning to pay more attention to intangible risks, and are incorporating assessments of intangible risk as part of their risk-man frameworks
45
Shareholder activism refers to...
a range of activities by one or more of a publicly traded organisation’s shareholders that are intended to result in some change in the organisation
46
4 types of investors that may participate in shareholder activism - and what they tend to be most concerned with
- Traditional asset managers - ESG topics
- Hedge funds - org strategy
- Pension funds - ESG topics
- Individuals - ESG topics
47
6 examples of activism-related changes that a shareholder activist may desire:
- Changes to board's governance policies or practices
- Changes to board's composition
- Changes to executive remuneration
- Change to oversight of certain functions
- Change to organisational behaviour (such as re. environment)
- Changes to share buyback and share dividend programmes
48
Common factors that may increase risk of shareholder activism: (5)
- a low market value relative to the book value
- prolonged underperformance relative to peers
- excessive cash on hand that has not been re-invested
- parts of the business that do not align with the overall strategy
- failure to meet basic corporate governance and ESG practices
49
Role of board in relation to activist stakeholders: (3)
- Board should actively engage with key stakeholders, rather than reactively respond to activism
- Board should be capable to understanding and clearly articulating org strategy and performance relative to peers
- Well-handled activist campaigns will maintain credibility of the board in face of negative publicity
