RSS subscription

Recent commentary

Risk News

4/24/2015
Federally-run Indian schools are in rough shape because of a broken bureaucracy

"The U.S. Bureau of Indian Education spends nearly 56 percent more money than American public schools on each student, but many Native Americans learn in facilities that are languishing in poor condition, according to federal auditors."

Annie's take:

Methodically addressing these gaps early and in the school system will reduce a range of challenges for Native Americans. Let's get on this right now.

4/23/2015
Deutsche Bank to Pay $2.5 Billion Fine to Settle Rate-Rigging Case

"Deutsche Bank will pay a $2.5 billion penalty to United States and British authorities to settle accusations that it helped manipulate the benchmarks used to set interest rates on trillions of dollars in mortgages, student loans, credit cards and other debt, officials said on Thursday."

Annie's take:

A big fine, but Deutsche Bank will still be profitable in the next quarter. Many who participated in the rate rigging have been fired or have left the bank. The most significant change the bank has made lines up with the COSO concept of a segregation of duties. Here, those who make trades will be separated from those who "submit information" on rates used in the benchmarks.

4/22/2015
McConnell introduces bill to extend NSA surveillance

"Senate Majority Leader Mitch McConnell introduced a bill Tuesday night to extend through 2020 a controversial surveillance authority under the Patriot Act."

Annie's take:

Here's another example of dysfunction. There has been a bipartisan group working to modify the legislation that is completely ignored in this latest move. Why is so much time wasted with this type of maneuvering?

4/21/2015
Data Is the New Middle Manager

"Something potentially momentous is happening inside startups, and it’s a practice that many of their established competitors may be forced to copy if they wish to survive."

Annie's take:

A trend to track, and not just in startups.

4/20/2015
Volcker calls for U.S. financial regulation shakeup

"The U.S. financial regulatory system is outdated and riddled with loopholes, former Federal Reserve Chairman Paul Volcker said on Monday as he offered an overhaul plan to make watchdogs more effective."

Annie's take:

Even before he finished speaking, I would guess that the jungle drums and lobbyists had started work. Volker's proposals are practical and would bring the industry into the 21st century. His comments on non-banking institutions are particularly appropriate.

4/19/2015
Technology That Prods You to Take Action, Not Just Collect Data

"The bookshelves in Natasha Dow Schüll’s office at the Massachusetts Institute of Technology are punctuated here and there with kitchen timers: a windup orange plastic device, an egg-shaped stainless steel mechanical timer, a digital hourglass with falling pixels in lieu of sand."

Annie's take:

How much are we willing to cede to technology? Self-knowledge or self-absorption? The risks seem to me to be quite high here if we place most of our reliance on monitoring and intervention.

4/18/2015
As police body cameras catch on, a debate surfaces: Who gets to watch?

"The debate in the nation’s capital and across the country over whether police should wear body cameras has quickly evolved into a new and perhaps more difficult question: Who gets to see the video?"

Annie's take:

A complicated subject, and one that will be discussed at the 2015 iAffiliates Day at the Seattle Public Library, one a panel I'm leading, that includes Bryce Newell (Seattle PD and body cameras, Washington State Law), Jim Loter (IT director at the library, discussing issues of infomation risk around access and technology), and Aaron Weller (head of data privacy at PriceWaterhouseCoopers, who'll be talking on risks around Big Data).

4/17/2015
Abolish the TSA

"If the past 10 years have taught us anything, it’s that, one way or another, the TSA is going to get at your crotch."

Annie's take:

I like the combination of passion and irony that the author exhibits in this fact-filled article.

4/16/2015
Target Reaches $19 Million Settlement with MasterCard Over Data Breach

"Target Corp. said Wednesday that it reached a settlement with MasterCard International Inc. to reimburse financial institutions for costs incurred after the retailer’s 2013 data breach that compromised 40 million credit and debit card accounts."

Annie's take:

The legal costs of this breach must be astronomical. I am still trying to run down whether or not Target's insurance company is covering any of the costs.

4/15/2015
Google faces antitrust charges by European regulators

"Europe’s top antitrust czar slapped Google with an official complaint Wednesday that accuses the Internet giant of violating fair competition rules by directing users of its Web search to the company’s own products."

Annie's take:

Just 24 hours since my last post on this topic. As I indicated earlier, whatever comes from this particular ruling will also affect matters in this country.

4/14/2015
EU Digital Chief Urges Regulation to Nurture European Internet Platforms

"The European Union should regulate Internet platforms in a way that allows a new generation of European operators to overtake the dominant U.S. players, the bloc’s digital czar said, in an unusually blunt assessment of the risks that U.S. Web giants are viewed as posing to the continent’s industrial heartland."

Annie's take:

The regulators lead the way in Europe, and encouraging this competition would seem to be a good thing -- as well as a challenge for large U.S. technology giants.

4/13/2015
The Delicate Balance Between Trust and Surveillance

"We learned via Bloomberg recently that JPMorgan Chase is going to roll out a program that attempts to predict rogue behavior before it takes place, using a variety of inputs."

Annie's take:

In this month's column, I examine a set of new tools being put in place by one global bank to reduce operational costs, particularly in the legal and regulatory realm.

4/13/2015
Citigroup sharpens focus on risk and compliance

"Citigroup is scrapping a two-year experiment in combining the oversight of risk, audit and compliance, in a move likely to sharpen the focus on risk of chief executive, Mike Corbat."

Annie's take:

Checks and balances as well as the three lines of defense appear to be back in place at Citigroup after a troubling year.

4/12/2015
As encryption spreads, U.S. grapples with clash between privacy, security

"For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?"

Annie's take:

Not a simple set of issues. One could make arguments for both privacy advocates and security experts. It remains to be seen what will be recommended to President Obama.

4/11/2015
JPMorgan Algorithm Knows You’re a Rogue Employee Before You Do

"Wall Street traders are already threatened by computers that can do their jobs faster and cheaper. Now the humans of finance have something else to worry about: Algorithms that make sure they behave."

Annie's take:

Investing in training for managers at JPMorgan Chase does not seem to have significantly reduced compliance issues. It was only as matter of time before software developers found ways to monitor employees in new ways. Traders have been subject to scans of outgoing emails for some years now, but this is a different approach to the challenge of compliance and the identification of rogues at early stages. I heard John Coates speak in Amsterdam in February, and am now reading his book, "The Hour Between Dog and Wolf: Risk Taking, Gut Feelings and the Biology of Boom and Bust." It's relevant to what is being trapped for now at JPMorgan Chase.

4/10/2015
Postal Service called to defend its actions after massive staff data breach

"Imagine the anxiety if all the residents of San Francisco had their personal information — including Social Security numbers — stolen by cyber thieves."

Annie's take:

Another example of a breach where details are largely unexplained. I'll be speaking next month at the Puget Sound Data Management Association meeting, looking at Target, Anthem Blue Cross and JPMorgan Chase. The topic is "If You Don't Know Where Your Data Is, How Can You Run Your Business?"

4/9/2015
Video of Walter Scott Shooting Reignites Debate on Police Tactics

"Nothing has done more to fuel the national debate over police tactics than the dramatic, sometimes grisly videos: A man gasping “I can’t breathe” through a police chokehold on Staten Island, a 12-year-old boy shot dead in a park in Cleveland. And now, perhaps the starkest video yet, showing a South Carolina police officer shooting a fleeing man in the back."

Annie's take:

Cameras, whether worn by officers or utilized by bystanders, seem likely to change the basis of our discourse on some matters. How that will wrangle out in the courtroom with the rights of all respected has yet to be determined.

4/8/2015
In Rise of Yik Yak App, Profits and Ethics Collide

"Or is the bottom line the only thing that matters when it comes to investing?"

Annie's take:

An interesting set of questions around an app most of us have never used or even heard of.

4/6/2015
Policy Publication of New Internet Rules to Prompt Cheers and Challenges

"For those who have spent more than a decade fighting for stricter regulation of the Internet, the official publication of the rules in the Federal Register, expected as early as Monday, will give reality to their latest victory."

Annie's take:

Publication of the rules is expected today.

4/5/2015
S.E.C. Fires Warning Shot About Confidentiality Agreements

"A sound that delights regulators and strikes fear in corporations — employees’ blowing the whistle on wrongdoing — is poised to become louder."

Annie's take:

The penalty is relatively small ($130,000), but the point is clear here: you cannot require pre-notification of company before filing a whistleblower complaint. Many firms will want to look again at the content of their confidentiality agreements.

4/4/2015
Daily Report: Regulators in Europe Take Aim at American Tech Giants

"It is not a good week to be a giant American tech company in Europe, Mark Scott reports."

Annie's take:

Regulatory decisions made in Europe will ripple across the waters sooner or later, especially those involving privacy.

4/3/2015
How Facebook knows who all your friends are, even better than you do

"Last week, a Redditor named easyjet decided to (very belatedly) join the global party that is Facebook."

Annie's take:

In painstaking detail, the author explains how Facebook knows so much about you -- and shows, that in nearly every case, you gave them the information or the tools to get the information.

4/2/2015
FEMA Requests Feedback on National Preparedness Goal

"FEMA is coordinating a refresh of the first edition of the US National Preparedness Goal and is seeking comments on proposed updates by April 16th 2015."

Annie's take:

Please read through the material and if you have suggestions or recommendations, make them by April 16th.

4/1/2015
U.S. establishes sanctions program to combat cyberattacks, cyberspying

"President Obama on Wednesday signed an executive order establishing the first sanctions program to allow the administration to impose penalties on individuals overseas who engage in destructive attacks or commercial espionage in cyberspace."

Annie's take:

Treating cybercriminals with such tools when they threaten the critical infrastructure of the country seems quite appropriate -- it's an adaptation of strategies used with drug lords and other such criminal elements.