31 December 2011

OPS Risk 2011: A Year of Living Dangerously...

2011 has been a year of living dangerously. Operational Risks have plagued governments, private sector companies and the citizens of local communities across the globe. The continuous threats from people, processes, systems and external events will become substantially more asymmetric in 2012 and volatility will become the new normal.

As professionals plan and budget for the next annual cycle there will be tremendous debate on where to invest in new mitigation and remediation strategies. The economics of austerity programs will now become another threat to consider as infrastructures continue to decay. People are leveraging the power of mobile devices to perpetuate their situational awareness and to wage "Information Warfare" on the brand equity of Fortune 500 companies. Verizon has followed the foot steps of Bank of America. Ylan Mui and the Washington Post explain:

Verizon backed away on Friday from plans to charge customers a $2 fee to pay their bills online or over the phone after receiving thousands of complaints, the latest victory in a wave of consumer activism that has roiled some of the nation’s largest companies.

The announcement came a day after the fee was made public. Consumer advocacy groups derided the charge as “pay-to-pay.” The fee also caught the eye of Verizon’s regulator, the Federal Communications Commission, which had said it would look into the issue. But it was individual consumers — amped up after battles this year with corporate giants such as Bank of America and Target — that the company said tipped the scale.

Corporate brand managers and CEO's have little tolerance to an erosion in brand equity. This is counter to the politicians who are continuously operating at an approval rating hovering at 50%. How different the behavior remains in the public vs. private sector. Look for this to change in 2012 as an election year takes hold in the United States.

The systemic impacts from failed banking institutions and nation states will not be under estimated any longer. Will the rise of democratic states in the Middle East increase the risk to your organization? Think about the new risks that are yet to be discovered as a result of the death of Usama bin Laden. al-Qa'ida's so called new American recruits suggests a pattern to be debated and includes:

  • Omar Hammami
  • Daniel Boyd
  • Carlos Bledsoe
  • David Headley
  • Michael Finton
  • Hosam Smadi
  • Betim Kaziu
  • Terek Mehanna
  • Jaime Paulin-Ramirez

Today's radicalization process is domestic to the U.S. and can take only months. It is decentralized and is taking place on the Internet, not in churches, synagogues, mosques or other locations of religious worship. The face of terrorism has morphed to people born in the USA, educated here and who have never left the homeland. They are invisible.

The number of supply-chain disruptions that have occurred over the course of 2011 is undetermined due to the sensitivity of the information and the implications to a business market share or stock price. Suffice it to say that the multi-headed hydra unleashed from the Macondo Gulf Oil Disaster is still being calculated even as new criminal charges are being considered by the Justice Department. Consider the possibility of some of the insurance industries scariest risks from Willis:

In the energy industry, the unthinkable has perhaps already happened: the $40 billion in losses associated with the Macondo well that blew out last year were utterly unprecedented. Most of that risk was uninsured, so the energy market got off relatively lightly in this case. But as the drive to drill wells similar to Macondo continues, the nightmare scenario for the energy market is the “perfect storm” of another blowout of a similar nature combined with a Gulf of Mexico windstorm on the scale of a Katrina, Rita or Ike. That would almost certainly lead to underwriting losses that would be sufficient to prompt a potential capacity crisis.

The point is that the attacks will continue and the defenses will never be high enough or wide enough to protect your assets from loss and harm. Then if this is the case, what have you planned for 2012 that will encompass the business resiliency doctrine? Who is your Chief Continuity Officer and how will they be investing in your continuous survival next year?

Operational Risks in 2012 will trend higher for organizations because there are decision makers who will continue to ignore the factors of resiliency. The mind set associated with resiliency takes the point of view that you will be attacked by cyber marauders, that your supply chain will suffer a catastrophe of epic proportions from a natural phenomenon, that you will suffer the consequences of a significant employee-based litigation. And the list goes on...

Which risk is scariest for your business?

  • Terrorism (14%)
  • Environmental Unknowns (8%)
  • Death of Innovation (8%)
  • Data Breach (8%)
  • Supply Chain Disruption (8%)
  • Not Understanding Risk (8%)
  • Italian Default (7%)
  • Chinese Pandemic (5%)
  • Exploding Health Care Costs (5%)
  • Macondo Mach II (5%)
  • Mass Real Estate Disruption (5%)
  • Systemic Risk (3%)
  • Coal-tastrophe (3%)
  • New Frontiers in Renewables (2%)
  • D&O Insolvency (2%)
  • Middle East Oil Prices (2%)
  • Blackout Britain (2%)
  • Aerospace Fuel Prices (2%)
  • Credit Price Hikes (0%)
  • Solvency II (0%)
  • Obstetrics (3%)
Finally, we want to thank you for raising this blog to the #2 link on Google when searching for Operational Risk and Operational Risk Management. We agree that Wikipedia should remain #1. In 2012, look for more topics and expanded investigative reporting. And one of these days, perhaps it will be time to create the best of our over 1,000+ posts to create an e-book for your Kindle.

17 December 2011

Integrity & Ethics: Whistleblower Risk...

Operational Risk Management in your organization may be in need of a more robust awareness campaign.  Malfeasance and ethical wrongdoing is continuously perpetuated in the workplace when those who are victims or witnesses refuse to speak up. Many fear the retaliation by supervisors or other co-workers. This study emphasizes the issue at hand:

Labaton Sucharow LLP yesterday announced the results of its nationwide Ethics & Action Survey. Conducted by ORC International between November 17-20, the survey questioned 1,000 Americans on their knowledge of wrongdoing in the workplace and willingness to come forward and report it. With significant financial rewards and strengthened anti-retaliation and anonymity protections offered under Dodd-Frank, an overwhelming 78% of respondents indicated they would report wrongdoing in the workplace if it could be done anonymously, without retaliation and result in a monetary award. In fact, more than one-third (34%) of respondents knew about wrongdoing in the workplace. However, 68% were unaware that the Securities and Exchange Commission (SEC) has a new Whistleblower Program designed to protect and reward individuals who report violations of the federal securities laws.

This kind of Operational Risk doesn't have to involve insider trading or the SEC to be an issue.  Do you have a controlling boss or a bully in the organization who uses their position of power to get what they want at any cost or to force you to look the other direction?  What kind of facts point to their behaviors and the actions by others that contribute to a caustic and toxic work place setting or to further perpetuate the situation?  Whether it is your Fortune 500 public company or your tiny 501(c)3 non-profit does not matter.  When over one-third of the respondents of the ORC Ethics and Action Survey knowingly ignore or are afraid to report incidents of wrongdoing or ethics violations the culture is broken and in need of repair.  The people who have the fiduciary duty to see that this kind of behavior is deterred also have the responsibility to provide the tools and the mechanism for those being victimized and those who are observing the malfeasance to anonymously defend themselves.

So what should you do as an Operational Risk professional to make sure this doesn't happen to the people in your respective organization?  Here is a good start:

Many corporations have internal compliance programs for corporate misconduct. These programs are, in theory, designed to provide an audience for workers who want to report unethical or illegal corporate conduct. Whether to utilize internal compliance reporting procedures is not an easy question to answer. As a general proposition, some believe that where the wrongdoing is pervasive—as in the case of securities fraud—an internal compliance program will not provide an adequate means of redress. Some believe that where the issue involves massive overbilling to the Government, or an allegation that a corporation is receiving significant dollars in unlawful revenue through fraudulent conduct, the internal compliance system will not work.

It's imperative that you also become aware of and communicate to employees and volunteers what their rights are outside the formal processes that are in place within the organization. Sometimes the nature of the ethics violations will not easily fall into the category for the internal compliance department.

So even "A Decade After the Fall of Enron" the laws and the rules provide us with a false sense of security from the corporate and workplace malfeasance that so many U.S. citizens are being subjected to on a daily basis.  And based upon the current-state-of-play around the beltway in Washington, DC you can expect that the coordination and cooperation is increasing by the minute.

The increased collaboration among the alphabet soup of enforcement and regulatory agencies is also due to a collateral effect of the current financial crisis: declining agency budgets. In the current downward budget cycle, agencies are working in concert more than ever before. This trend is exacerbated by a change in the mission of the FBI in the post-Sept. 11, 2001, world, shifting resources to counterterrorism and creating a need for other agencies to play an increased role. The overarching lesson from this increased collaboration is clear: Gone are the days that inside or in-house counsel can assume that the state or federal agency with whom they are dealing is acting alone; it is increasingly likely there are additional state or federal agencies involved, resulting in overlapping criminal, civil or regulatory exposure.

If you are charged with the position of the Senior Operational Risk professional in your organization, this topic of wrongdoing in the workplace can not be overlooked any longer.  It is not too late to create a "Defensible Standard of Care" and to turn the word "Integrity" into a cultural pursuit for all to aspire to, before it is too late.