Risk Roundup for January and February 2019
Our first Risk Roundup of 2019 kicks off with two major regulation fines impacting the tech and energy industries. Then it’s off to Washington for a federal shutdown and across the pond for a Brexit update. All together, these Jan-Feb events reflect the power and influence of regulations and governments on risk.
Google fined nearly $57 million for GDPR violations
In January, France’s data protection regulator, CNIL, issued Google the largest-to-date fine for failing to comply with GDPR. In so doing, Google became the first major tech company fined for violating the EU regulation designed to protect individuals’ data privacy. In its statement, CNIL said Google showed users personalized ads without properly obtaining consent.
NERC jolts energy company for NERC-CIP infractions
The North American Electric Reliability Corporation (NERC) recently fined an energy company $10 million for over 100 violations to the regulatory authority’s Critical Infrastructure Protection (CIP) standards. It’s the biggest fine NERC has ever handed out for CIP violations. Hopefully, this news is a wakeup call for all energy firms to revisit how they manage compliance and risk, whether it’s NERC-CIP or another regulation.
Federal shutdown makes business riskier
The longest government shutdown in U.S. history disrupted the operations of federal agencies and furloughing federal workers. How does this impact business risk? Imagine taking commercial flights and arriving late to meetings because of a shortage of TSA agents at security check-in. There was also the case of businesses experiencing payment delays from government contractors. Depending on the operational impact of delayed payments, a company might have to take on additional risk like lowering standards for new customers.
In late February, the UK government made its first announcement that it is considering options for delaying Brexit. A March 13 vote to approve the UK leaving the EU without a deal on March 29 will decide the delay’s fate. An approval leads to Brexit; disapproval opens the door to a delay. Either way, uncertainty is bad for consumer confidence and bad for business. Negative ratings could force companies into higher interest payments or restrict them from financial instruments that require high credit ratings.
That’s it for this edition of Risk Roundup. We’ll be back in May with a roundup of notable risks from March and April.
COVID-19 has pushed several risk disciplines into the spotlight, including business continuity, third party risk, cybersecurity, and data privacy. We’ll explore each one and deliver advice and guidance.
In many ways, global supply chains are in the crosshairs of the global pandemic. We share three strategies you can pursue now to be ready for when business starts to recover.
While the coronavirus has dominated news cycles, other notable events occurred around a number of new rules, regulations and guidance, from California’s data privacy regulation to NIST data privacy framework and SEC guidance on cybersecurity for financial service firms.