The coronavirus crisis is already shaping up to be one of the biggest threats to businesses in living memory. Alongside the number one priority of keeping employees safe and minimising the spread of the virus, beleaguered c-suites around the world have many other challenges to consider as they evaluate their risk management strategies.

What will the impact be on the business with most of the workforce working from home? Oxial is set-up and structured to be fully operational with our teams working from home, but others might not be. Many corporate Financial Services (FS) firms still reply on personal relationships, will this still work over the phone without face-to-face contact?

As a global business, with customers and partners all over the world, we wanted to address the main topic on the minds of individuals and businesses right now – coronavirus.

Oxial is a company that has always been supportive of flexible working. Our employees can work just as effectively from other locations as they can from the office and in accordance with government stipulations and World Health Organization guidelines, all Oxial employees are now working from home.

Data security is something that most organisations would claim publicly to take extremely seriously. New regulation such as the European Union’s (EU) General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) have helped ensure that customer data privacy and security are higher on the corporate agenda than ever.

Organisations have seen the size of the fines for non-compliance with GDPR (and the size of the companies that are being fined) and also noted the potential size of CCPA fines for later in 2020. They are including such regulatory compliance in their operational risk management strategies and investing in risk management software to help mitigate this risk.

As you will have no doubt seen or heard over the past month or so, the world is currently in the grip of a coronavirus pandemic. As the time of writing (March 2020), Italy has gone into complete lockdown, Spain has closed its parliament, major sporting and business events are being cancelled or postponed all over the world and most people are in a state of confusion as to what the true risk is.
The same is as true for enterprises as much as it for consumers. There has been so much information about what to do / what not to do, that it is very hard to assess and mitigate risk. Company bosses would want to keep employees safe and uninfected as a priority, but they also must factor in how this would affect productivity, efficiency and overall risk management.

Digital technology has changed many aspects of our personal and working lives over the past decade. Yet there are certain elements of the business world that have remained relatively untouched by digital transformation – one of those is the risk management function.
For Financial Services (FS) firms especially, the regulatory compliance landscape has become more complex since the financial crisis of 2008 and a logical move would be for organisations to digitise risk management and / or an overarching GRC department. There’s also an increasing expectation from customers and partners that businesses will be fully digital.

Wells Fargo crisis

Wells Fargo is one of the largest banks and most recognisable Financial Services (FS) brands in the world. In 2019 it was the world’s fourth-largest bank by market capitalisation and with operations in 35 countries serving more than 70 million customers globally, it would appear to be the model of a well-run and successful business.
Yet earlier this month (21 February 2020) it was announced that Wells Fargo had settled with the United States Department of Justice (DOJ) and the United States Securities and Exchange Commission (SEC) to resolve investigations into Wells Fargo’s sales practices.

For anyone working in cybersecurity, risk management or just in business generally, it can feel like the volume and variety of cyberattack is constantly growing. Just when an organisation feels like it has got on top of one type of cyberattack, then there is a new and potentially more damaging threat to manage.

At the start of the year (2020) we wrote about the Travelex ransomware attack, which saw the foreign exchange company held to ransom by attackers and its online presence affected for almost two weeks. But a new breed of cyberattack only heightens the needs for more effective risk management software.

operational risk management

CEOs, COOs and the rest of the c-suite will always talk a good game when it comes to operational risk management and how their organisation manages, mitigates and prioritises risk. They know that risk is everywhere in 2020 and broadly speaking, they are prepared to invest in the risk management software that is required to manage risk effectively.
Yet how seriously does the average c-suite in a mid-sized or larger business, really take risk management? For many organisations, operational risk management is still perceived as a somewhat defensive business function, there to prevent bad events from impacting the company more than it has to.

More than three years after the initial referendum to decide whether or not the UK should remain part of the European Union (EU), and around one year since the original deadline to leave was set, the UK finally left the EU on 31 January 2020.

Anyone in the UK or Europe expecting significant and immediate change after Brexit however, would have been left most disappointed. There is a transition period until the end of December 2020 when all EU rules still apply in the UK. This means there remains much to discuss, especially in terms of Financial Services (FS) and how issues such as passporting will be addressed in the long-term.

Recent analysis by law firm DLA Piper has revealed that since the General Data Protection Regulation (GDPR) came into force on 25 May 2018, more than 160,000 data breach notifications have been made to authorities.
As of 28 January 2020, this equates to approximately 263 data breach notifications every single day – an astonishing amount, given the time and resource that has been spent preparing organisations across the world for GDPR. Firms have invested in risk management software, cybersecurity systems, GRC software and a whole range of other IT GRC tools, but what this volume of breaches indicates is the need for smart and accurate risk mapping.