$375,000 fine for data loss
Whilst the ICO in the UK has recently announced the maximum fines it can impose have increased from £5,000 to £500,000, in the US, FINRA has hit DA Davidson with a $375,000 fine for failing to safeguard confidential client information. A group of criminals hacked into the firm’s computer and got access to data for approximately 192,000 customers. Despite the fact that after the breach, DA Davidson contacted and cooperated with authorities, they now must pay a $375,000 fine to FINRA because of their failure to protect client information.
Chief Executives to focus on Risk
CEOs are intending to upgrade their enterprise-wide risk management capability according to the PwC 13th Annual Global CEO Survey. The study involved a survey of 2,000 executives across 50 countries.
Risk is not only moving up the corporate agenda in response to the financial crisis, but is seen as something that needs to be embraced by the organisation as a whole. That one in five say their board of directors is ‘significantly more engaged’ in assessing strategic risk indicates that for many, approaches to risk are moving beyond controls-based risk management to corporate strategy and financial management.
The higher level of involvement by directors is not only taking place in the financial sector, where risk standards are actively changing, but across all sectors.
Attention is being focussed on both internal and external factors.
Of those CEOs who said they plan some change or significant change to their approach to managing risk – and 89% of those interviewed are – slightly more said they plan to integrate risk management capabilities into business units. They are assigning risk functions to business heads, a process that aligns risk with strategic business planning.
‘We learned that we must further strengthen our internal controls and risk management capabilities. The financial crisis has made it clear that all enterprises must be better prepared against future risks’, said Huang Tianwen of Sinosteel Corporation.
ICO Penalties Increase
New rules from the Information Commissioners Office (ICO) take effect from 6th April 2010. The most significant change is that maximum financial penalty for non-compliance with the Data Protection Act is increased from £5,000 to £500,000.
The ICO state that there are still problems with unencrypted portable media devices, poor governance and lack of risk assessment.
Global Risks 2010, a World Economic Forum Report, sets out the 36 major risks relating to Economic, Geopolitical, Environmental, Societal and Technological issues. The 2010 Report reveals that there has been a dramatic increase in the level of recognition that global risks are now tightly interconnected even if the impact differs at local level. In addition there is a higher level of systemic risk (interconnections among risks) that demands an integrated approach to risk management.
To obtain a copy of the full report click here
May 2009 – Solvency II
In September 2008, the FSA published Discussion Paper (DP) 08/4 Insurance Risk Management: The Path to Solvency II.
The purpose of the DP was to highlight and explain the key elements of the Solvency II regime, with the aim of stimulating and helping UK insurers’ preparations.
One of the key changes is to move from the Individual Capital Adequacy Standards (ICAS) to Own Risk and Solvency Assessment (ORSA). This is not merely a change to capital calculations but about organisational change utilising Enterprise Risk Management principles. Companies need to have in place a risk management function, an actuarial function, a compliance function and an internal audit function. It is necessary to demonstrate there is an adequate and transparent organisation structure with responsibilities clearly allocated and appropriately segregated. All employees must share the responsibility for risk and the Directors must demonstrate that the awareness is across the whole organisation.
On 5 May 2009 the Solvency II Directive was officially adopted.
The implementation date for Solvency II is now definitely set at 31 October 2012 and it is essential for the UK insurance industry to fully engage now in preparing for the new regime. If firms are yet to do so, senior management should consider now the implications for their business and start planning immediately to ensure compliance with the new rules.
Firms should have completed or be in the process of completing a detailed gap analysis to identify any shortfalls in expected compliance with the emerging Solvency II requirements to enable appropriate actions to be taken on a timely basis.
To obtain a copy of the full report click here