"Operational Risk will continue to be a major focus for Boards of Directors in 2009 and for good reason. Governance Strategy Execution, Information and Records Management and Legal Risk are all in need of a critical review and a robust injection of new resources. We are at the beginning of a new "S" curve cycle on the down slope just as we saw in late 2001 post 9/11 and the "Dot Com" era, Higgins said."
"This requires a renewed and substantial commitment to keeping our code of practice guidance and implementation advice narrowly focused on several key areas of the corporate enterprise:"
Here are some of the top cases to review for OPS Risk lessons learned in 2008:
- Organizational Security
- Information Security Infrastructure: Cooperation between organizations
- Appropriate contacts with law enforcement authorities, regulatory bodies, information service providers and telecommunications operators shall be maintained.
- Asset classification and control
- Information Classification: Information labelling and handling
- A set of procedures shall be defined for information labelling and handling in accordance with the classification scheme adopted by the organization.
- Personnel Security
- Responding to security incidents and malfunctions: Reporting security weaknesses
- Users of information services shall be required to note and report any observed or suspected security weaknesses in, or threats to, systems or services.
- Communications and operations management
- Operational procedures and responsibilities: External facilities management
- Prior to using external facilities management services, the risks shall be identified and appropriate controls agreed with the contractor, and incorporated into a contract.
- Exchanges of information and software: Security of electronic mail
- A policy for the use of electronic mail shall be developed and controls put in place to reduce security risks created by electronic mail.
- Access Control
- Monitoring system access and use: Monitoring system use
- Procedures for monitoring the use of information processing facilities shall be established and the result of the monitoring activities reviewed regularly.
- Business Continuity
- Aspects of Business Continuity Management: Testing, maintaining and re-assessing BCP
- Business continuity plans shall be tested regularly and maintained by regular reviews to ensure that they are up to date and effective.
- Compliance with legal requirements: Collection of evidence
- Where action against a person or organization involves the law, either civil or criminal, the evidence presented shall conform to the rules for evidence laid down in the relevant law or in the rules of the specific court in which the case will be heard. This shall include compliance with any published standard or code of practice for the production of admissible evidence.
01/04/08 - Detroit: Eleven Indictments in International Illegal Spamming and Stock Fraud Scheme - Eleven individuals were indicted in a wide-ranging international fraud scheme which manipulated stock prices through illegal spam e-mail promotions.
02/15/08 - Washington: DOD Employee Arrested in Chinese Espionage Case - Gregg William Bergersen, a Weapons Systems Policy Analyst at the Defense Security Cooperation Agency, Department of Defense, was arrested for passing classified documents to the People’s Republic of China.
02/22/08 - Miami: Five Individuals Indicted for $200 Million Hedge Fund Fraud - Michael Lauer, founder of Lancer Group Hedge Fund, and four others were indicted on conspiracy and wire fraud charges in a $200 million hedge fund fraud.
02/29/08 - Houston: Chinese Chemist Indicted for Theft of Trade Secrets - Qinggui Zeng, aka Jensen Zeng, a legal permanent resident from China, was indicted and charged with theft of trade secrets and computer fraud.
03/14/08 - Cincinnati: Financial Enterprise Executives Found Guilty in $3 Billion Fraud Scheme - Five former executives of National Century Financial Enterprises were found guilty of conspiracy, fraud and money laundering in a $3 billion security fraud scheme.
05/16/08 - Washington: Guilty Plea in Espionage Charge Involving China - Tai Shen Kuo pled guilty to conspiracy to deliver national defense information to the People’s Republic of China.
06/20/08 - Operation Malicious Mortgage Nets 406 Individuals - Charges in Operation Malicious Mortgage, a nationwide takedown of mortgage fraud schemes which inflicted approximately $1 billion in losses, were brought in every region of the country.
10/17/08 - FBI Coordinates Global Effort to Nab “Dark Market” Cyber Criminals - A two year undercover operation, Dark Market, which joined forces with international law enforcement, resulted in 56 arrests and $70 million in economic loss prevention.
11/28/08 - Dallas: Holy Land Foundation and Leaders Convicted - The Holy Land Foundation of Relief and Development and five of its leaders were found guilty of illegally funneling at least $12 million to the Palestinian terrorist group, Hamas.
12/12/08 - Chicago: Illinois Governor Arrested - Governor Rod R. Blagojevich and his Chief of Staff John Harris were arrested on federal corruption charges including conspiring to trade or sell the Illinois’ Senate seat vacated by President-elect Barack Obama.
Beyond the Bernie Madoff fraud scheme that rocked the Hedge Fund universe the real systemic risks to deal with in 2009 will continue to be tied to the housing and mortgage sector:
- Recent statistics suggest that escalating foreclosures provide criminals with the opportunity to exploit and defraud vulnerable homeowners seeking financial guidance.
- Perpetrators are exploiting the home equity line of credit (HELOC) application process to conduct mortgage fraud, check fraud, and potentially money laundering-related activity.