Risk Roundup for July and August 2018
Our fourth Risk Roundup of the year focuses on some of the major events that occurred this summer. In July and August, we experienced a World Cup, California leading the way in data privacy, a daring cave rescue of a boys’ soccer team in Thailand and a Treasury report that gave the green light to Fintechs everywhere.
FIFA World Cup 2018
The US team didn’t qualify for the World Cup, so you may have tuned out the event won by France in mid- July. It certainly had its share of cyber attacks (25 million) but no cyber attacks on FIFA World Cup 2018 that wreaked havoc. Credit goes to risk management. Players and fans heeded warnings and didn’t use the public Wi-Fi or plug in USB sticks given away. Lesson: The more informed and wary we are, the safer we are.
California’s New Data Privacy Law
The California Consumer Privacy Act of 2018 represents the first state-mandated data privacy regulation in the US. It was passed at the end of June with speculation rampant throughout July and August about this legislation that takes effect in 2020. California’s privacy law is modeled after the EU’s General Data Protection Regulation (GDPR), which protects data and privacy of individuals of the European Union. California’s privacy law will have a huge impact on US citizens who use the Internet and social media as many leading tech companies are based in California.
Thai Cave Rescue
A boys’ soccer team was trapped in the Tham Luang cave in Thailand for two weeks in June and July. Efforts to rescue them from the flooded cave captivated the world with each twist and turn of the story. The rescue mission carried out by special forces was dangerous (one rescuer died) but successful. It brings to mind the importance of reviewing controls, policies and procedures after an adverse event. Closing the cave during the rainy season, for example, could mitigate the risk of such an event from ever happening again.
Risk and Fintech
As we noted in a recent blog, the U.S. Treasury Department released a major report on July 31 that called for “more streamlined and tailored oversight” of innovations in the Fintech sector. Disruption and new technologies mean new risks. Fintechs will need to manage risk, especially information security and data privacy. Banks will have to expand capabilities in managing IT risk and third-party risk as a result of partnering with or outsourcing to technology partners.
That’s it for our September edition of Risk Roundup. We’ll be back in November with a roundup of notable risks from September and October.
NSCC members face a new compliance requirement: cybersecurity confirmation. It sounds easy, complete a form, but risk is high. Here’s guidance.
Compliance departments are seriously challenged these days. As business swirls in response to COVID-19, compliance has taken a back seat. That can lead to trouble—violations, fines or both—due to missing deadlines. Management, in a questionable move, may ask compliance to do something taboo. Instead of reading a half empty glass post designed to help compliance deal with these challenges, they instead get a half full glass post that is brimming with optimism for compliance’s role during COVID-19.
COVID-19 has pushed several risk disciplines into the spotlight, including business continuity, third party risk, cybersecurity, and data privacy. We’ll explore each one and deliver advice and guidance.