WEBINAR: Emerging technology and its impact on Governance, Risk and Compliance (GRC)


Published on

LexisNexis & the Australasian Compliance Institute Webinar

Did you know that only 6% of GRC professionals felt satisfied that their company’s governance processes and controls are keeping pace with technological change?

What risks lie ahead in the mobile and data-driven future? Are you in control of technological change?

Click here to download the white paper or view the webinar (http://www.lexisnexis.com.au/registrationforms/randcwhitepaper.aspx)

Stay in touch with the latest legal industry updates, white papers, research and special offers via our Twitter feed: http://twitter.com/LexisNexisAUS or LinkedIn http://www.linkedin.com/groups?gid=4632029&trk=myg_ugrp_ovr

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

WEBINAR: Emerging technology and its impact on Governance, Risk and Compliance (GRC)

  1. 1. Emerging technologyand its impact on GRCLexisNexis Risk & ComplianceFebruary 22, 2013 www.lexisnexis.com.au/riskandcompliance LexisNexis Risk & Compliance 0
  2. 2. Today’s Agenda Introduction to guest presenters & housekeeping Emerging Technology & Impact on GRC Emerging Technology Spotlight • Surveillance and Monitoring • New Payment Technology • Bring Your Own Device (BYOD) • Big Data • Cyber Security • IP Protection & Information Privacy The future of GRC – delivering ROI in times of increased risk: New KYC Paradigm and GRC technology Questions www.lexisnexis.com.au/riskandcompliance LexisNexis Risk & Compliance 1
  3. 3. Today’s Presenters Matthew Lawrence Matthew is a technology product strategist with 15 years’ experience in software development, product marketing, project management and technology strategy. Currently Matthew works in product innovation for LexisNexis Pacific. His most recent product, LexisNexis Red, was recognised in the 2012 BRW 30 Most Innovative Companies in Australia list. Mark Dunn Mark is the Market Planning Manager, LexisNexis Risk & Compliance, and was a pioneering developer of the LexisNexis Know Your Customer (KYC) application, used by banks, law firms and accounting firms to conduct enhanced customer due diligence for anti-money laundering compliance, and by global institutions for anti-bribery and corruption investigations. Anthony Quinn Anthony is an independent management consultant with more than 17 years experience as a Program and Project Manager, responsible for running large scale transformation change programs for many investment and retail banks in Australia, Europe the U.K. and U.S. Anthony is currently the Program Manager for FATCA for a Sydney based investment bank and also runs www.financialcrimesconsulting.com which offers financial crime prevention solutions. www.lexisnexis.com.au/riskandcompliance LexisNexis Risk & Compliance 2
  4. 4. Housekeeping • Presenters will introduce key technology themes • Discussion after each theme • Please send in any questions you have via Go-To chat and we will have the panel address them • There should be time for a Q&A at the end www.lexisnexis.com.au/riskandcompliance LexisNexis Risk & Compliance 3
  5. 5. Emerging Technology & Impact on GRC 58% of audit Technology is changing the way businesses and individuals professionals are interacting, communicating and sharing information. identified risk around information data • Nearly a billion people used Facebook in June 2012 privacy & security as • Twitter generates over 200 million tweets per day causing them the • 100 billion searches are generated each month via Google most angst • The volume of business data worldwide doubles every 1.2 years 28% identified social media What challenges are GRC professionals facing? (impact on reputation & customer strategy) Key governance concerns include: • Accelerating global regulations – FATCA, FOFA, Code of Banking Practice, Financial Claims Scheme, Basel III and AML, ABC • Governance, processes & control • IT Risk and emerging technologies – new payment methods • Information Privacy/Security and Cyber-Security 6% felt satisfied that their company’s governance process and controls are keeping pace with technological change. Sources: Deloitte Bribery & Corruption Survey, AU & NZ, 2012; Is Governance Keeping Pace? KPMG, Audit Committee Institute 2012 www.lexisnexis.com.au/riskandcompliance LexisNexis Risk & Compliance 4
  6. 6. Emerging Technology Spotlight • Surveillance and Monitoring • New Payment Technology • Bring Your Own Device (BYOD) • Big Data • Cyber Security • IP Protection & Information Privacy www.lexisnexis.com.au/riskandcompliance LexisNexis Risk & Compliance 5
  7. 7. Surveillance & Monitoring CONTEXT REDUCING THE RISK • Omnipresent technology connected to the web is the • Deploying state of the art transaction monitoring systems – ultimate panopticon configuration of rules by subject matter experts and extensive • Almost everyone carries a device which constantly sends tuning / fine tuning information about that person’s location (via GPS), activities • Regular review of TMP effectiveness – which rules have fire and interactions and never fired • Growing adoption of employee monitoring tools: keystroke • Ensuring compliance with policies and procedures – breach monitoring, email logs, web activity, etc monitoring and • Ongoing oversight and independent reviews • Using social media monitoring tools to detect insurance fraud • Effective due diligence – KYC/KYE CASE ∙ Use of data analytic tools to mine data to STUDY support criminal investigations – corporate THREATS & RISKS collapses such as Enron, email analytics between main players • Millions of transactions occurring each day; need sophisticated transaction monitoring systems to identify unusual or suspicious behaviour • Internal monitoring – emails and internal trading to ensure compliance with trading blackouts etc • Surveillance is most likely restricted by law – but often the legal framework is ambiguous. • Surveillance may be required by law! • Significant risk of breaching employee privacy • Impact on employee morale www.lexisnexis.com.au/riskandcompliance LexisNexis Risk & Compliance 6
  8. 8. New Payment Technology CONTEXT REDUCING THE RISK• New technology emerging with contactless payment systems • Know your limits such as credit cards and debit cards, key fobs, smartcards or • Be app savvy other devices that use radio-frequency identification (RFID) • Put security measures in place for making secure payments • Wipe your old phone• According to RBA statistics, there are an estimated $470 million dollars in cash transactions under $35 moving through the Australian economy each day, or around $170 billion per year• Technology to be adopted by businesses in 18-24monthsForms:• Contactless cards – go money and pay wave• Peer to peer payment via mobile phone CASE• Kaching STUDY Use of digital currency account to facilitate Internet THREATS & RISKS fraud and money laundering A young person, acting as a nominee, opened a digital currency account to enable him to receive the proceeds of Internet• The RFID chip feature comes switched on, and cant be banking thefts from an offshore associate. He then attempted to switched off. The consumer has no choice - the card redeem the value of the digital currency account by requesting comes with the functionality the digital currency exchanger to provide him with postal money orders. In an effort to conceal his identity he informed the cash• No authentication is performed of the authority of the dealer that he had lost his passport and requested that the person to use the card (i.e. no signature, no PIN). exchanger call a money service business and inform them that a• Transactions may or may not involve visual notification to person matching his description would present himself to collect the cardholder, who may or may not notice any such the money orders at a particular time. It is believed that he was not going to send money offshore but would keep the proceeds display for himself. He has been arrested and prosecuted.• Data privacy concerns (over-collecting information) www.lexisnexis.com.au/riskandcompliance LexisNexis Risk & Compliance 7
  9. 9. Bring Your Own Device (BYOD) CONTEXT REDUCING THE RISK • BYOD refers to employees bringing their own computing • Remote locking / deleting of devices – wiping iPhones remotely devices – such as smartphones, laptops and PDAs – to the • Mobile Device Management (MDM) workplace for use and connectivity on the corporate network • Education • BYOD is about a mobile and flexible working environment which offers significant productivity enhancements for “on- site” GRC tasks (e.g. OH&S, food safety, environmental inspections, etc.) • 80% of employees used own devices at work • 53% of companies condone BYOD • 63 % of employees believe BYOD positively influences their view of the company CASE THREATS & RISKS 2011: Eighteen months ago a financial services STUDY firm (Blackstone) allowed employed to use iPads. Today, there are some 600 iPads among nearly 2,000 • Data loss or leakage (assuming a device is stolen/lost without employees that tap the corporate network for confidential being backed up and secured) documents and emails. Most of them are privately owned • Data held on personal devices might be discoverable. (When BYOD devices. Issues around how to slove IP security. Problem solved through central mobile device management someone participates in a BYOD program everything an such as Mobileron and WatchBox. employee does on her personal iPhone, for example, could be used as evidence in a lawsuit against her employer.) • Whos responsible for Repetitive Stress Injuries from the use of a BYOD device? • Shared devices – how secure is corporate data from an employee’s partner or housemate? • Unsafe disposal of devices (i.e. hard drive tossed without being wiped) • Impact on individual’s content (e.g. personal photos) if device is wiped by action of another company employee www.lexisnexis.com.au/riskandcompliance LexisNexis Risk & Compliance 8
  10. 10. Big Data CONTEXT REDUCING THE RISK • Big data is a collection of data sets so large and complex that • Governance! it becomes difficult to process using on-hand database • Obtain consents management tools or traditional data processing • Anonymise applications • Identify and avoid or secure “toxic data”. E.g. credit card numbers “It’s important to recognise that this is an information • Third part content (copyright) revolution more than a technology revolution” • Data handling policies and policing KPMG Audit Committee Institute Report, 2012 • Effective due diligence process - KYE • Big data will be a key driver of innovation, productivity, competition and transparency CASE THREATS & RISKS STUDY ∙ Wikileaks – published tens of thousands of classified military documents • Tools which enable more sophisticated data mining and ∙ Industrial espionage – stealing trade secrets and designs etc. pattern analysis mean that it is possible to identify ∙ Facebook has hundreds of millions of users and ‘interesting’ information that was previously unattainable sensitivities of data loss • Wasting money ∙ Kim Dotcom – piracy of documents via Megaupload • Databases are not free – how to ensure ROI on Big Data projects? • Privacy breaches • Copyright infringement www.lexisnexis.com.au/riskandcompliance LexisNexis Risk & Compliance 9
  11. 11. Cyber Security CONTEXT REDUCING THE RISK • Information security as applied to computers and networks • Ensuring firewalls are in place to protect data • The 2012 Cyber Crime and Security Survey • Email blockers for filtering out spam emails Report, commissioned by CERT Australia, revealed that cyber • Ensuring employees are unable to download software files from attacks are now more coordinated and targeted for financial unknown sources gain • Preventing employees from accessing certain websites • Cost of cybercrime $5bn per year and growing • Informing customers of the importance of protecting their • SMEs reported individual loss of $650m due to cybercrime identities • 44% of attacks originating from within organisations • Deploying state of the art transaction monitoring systems – • Effective due diligence – KYC/KYE/KYS THREATS & RISKS • Regular review of TMP effectiveness – which rules have fire and never fired • Most common form of cyber security issue is actually • Ensuring compliance with policies and procedures – breach theft/vandalism by current/former employees monitoring • Cloud based storage raises additional risk as data is held by • Ongoing oversight and independent reviews a third party and potentially stored in a foreign jurisdiction • Using social media monitoring tools to detect insurance fraud (the US Patriot Act has raised concerns in the Pacific Region) • Denial of service attacks can be problematic for businesses with heavy online presence or critical business functions CASE SEPT 2012: CERT Australia receives calls from more using a web interface STUDY than 25 organisations being targeted by ransomware. • Breach of confidentiality information > The attacks encrypted files on the compromised • Millions of transactions occurring each day; need system and/or locked victims out of the desktop environment. sophisticated transaction monitoring systems to identify > The attacks also encrypted files in the system backups. unusual or suspicious behaviour The victims were then asked by the attacker to pay a fine using • Internal monitoring – emails and internal trading to a payment or money transfer service, to obtain the codes that ensure compliance with trading blackouts etc. would unlock the computer and/or decrypt the data. DATA MINING: Use of data analytic tools to mine data to support criminal investigations – corporate collapses such as Enron, email analytics between main players www.lexisnexis.com.au/riskandcompliance LexisNexis Risk & Compliance 10
  12. 12. Intellectual Property & Information Privacy CONTEXT REDUCING THE RISK • Intellectual Property (IP) Protection and Information Privacy • Block USB ports to reduce data loss are closely linked • Monitoring emails that employees send to ensure data • IP is an important asset in todays knowledge economy and remains secure should be strategically managed • Force change of password regularly • Educate staff on not sharing passwords • User access reviews to ensure password • Ensure data protection / data destruction policies are THREATS & RISKS followed • Effective due diligence: KYC/KYE/KYS/KYSS • Not differentiating between personal information that is required by law to be collected and information that is CASE not ∙ Wikileaks – published tens of thousands STUDY of classified military documents • A collection notice is not provided (as is required by ∙ Industrial espionage – stealing trade secrets Australian law) and designs etc. • Sensitive information is collected but is not recognised as ∙ Facebook has hundreds of millions of users and being sensitive sensitivities of data loss ∙ Kim Dotcom – piracy of documents via Megaupload • Risk of legal noncompliance if information is used for ∙ Aaron Schwartz – indicted for computer fraud and another purpose or disclosed without authority downloading documents from JSTOR with the • Risk of privacy complaints if there is legal noncompliance intention to share on web.. or the public is surprised by a use for another purpose or a disclosure • The most commonly stolen IP is customer databases www.lexisnexis.com.au/riskandcompliance LexisNexis Risk & Compliance 11
  13. 13. The Future of GRCDelivering ROI in time of increased risk:The New KYC Paradigm & GRC Technology www.lexisnexis.com.au/riskandcompliance LexisNexis Risk & Compliance 12
  14. 14. Due diligence dynamics evolvingIt’s no longer all about ‘KYC’ Real GDP Growth IMF Data Mapper (September 2011) Countries that attract the greatest investment carry the greatest risk Regulatory Drivers • Anti-money laundering • Anti-Bribery & corruption • Financial services standards Transparency International Corruption Perceptions Index (December 2012) Business Drivers • Emerging market investment • Business reputation management • Ethical codes and standards • Avoiding fines and penalties • Ongoing business process efficiency LexisNexis Risk & Compliance 13 13
  15. 15. Due diligence dynamics evolvingIt’s no longer all about ‘KYC’ Anti-Bribery & Corruption Other Regulation Sanctions Regime Know Your Know Your Know Your Know Your Customer’s Customer Supplier Employee Customer AML Procurement Corporate Fraud Security Compliance Risk Legal Strategy Credit Product Operations Finance/Tax LexisNexis Risk & Compliance 14 14
  16. 16. Due diligence dynamics evolvingIt’s no longer all about ‘KYC’ AML / ABC Fraud Audit Strategy Procurem Corpora Corporate Credit Fraud Audit Strategy Procurement Credit AML ent Security te Security Watchlist checks Company M&A Employeedue diligence ID due diligence screening verification Credit reference Sanctions Supplier Investigations checks Reputation due diligence checks Transaction Country Sales agent monitoring Conflicts risk due diligence PEP checking checks LexisNexis Risk & Compliance 15 15
  17. 17. Towards a consistent due diligence processBenefits of consolidating key due diligence tasks Regulatory Reputational Business Financial LexisNexis Risk & Compliance 16
  18. 18. Towards a consistent due diligence processBenefits of consolidating key due diligence tasks • Helps demonstrate robust ABC and sanctions compliance and adherence to associated industry standards & best practice • Helps implementation and ongoing maintenance of a consistent Regulatory risk-based approach scaled to company size • Enables indication of clear risk flags and maintenance of comprehensive audit trail • Enables more discipline and control to be implemented through hard coded role profiles, permission settings, incident escalation and approvals to support ‘four eyes’ check LexisNexis Risk & Compliance 17
  19. 19. Towards a consistent due diligence processBenefits of consolidating key due diligence tasks • Helps protect hard earned brand and business reputations through comprehensive and consistent due diligence process to mitigate AML, ABC and other risks Reputational • Helps business maintain strong ethical standards and adhere to codes of conduct • Helps demonstrate and promote robust processes and controls to customers and business partners LexisNexis Risk & Compliance 18
  20. 20. Towards a consistent due diligence processBenefits of consolidating key due diligence tasks • Effective and consistent due diligence process improves speed of execution and competitive edge in key high risk developing markets Business • Efficient and streamlined onboarding experience enhances both external and internal customer and other third-party service levels • Helps Compliance and associated teams reinforce benefits and emphasise positive contribution to business success through improved service levels and provision of more effective management intelligence to support Board engagement LexisNexis Risk & Compliance 19
  21. 21. Towards a consistent due diligence processBenefits of consolidating key due diligence tasks • Helps mitigate regulatory fines, financial penalties and contract debarment • Prompts regular review and audit of due diligence research Financial resources to address content overlap and cost duplication thereby reducing cost of sale etc • Consistent process enables business to easier test and benchmark cost efficiencies and other associated benefits LexisNexis Risk & Compliance 20
  22. 22. Emerging GRC Solutions & Tools High Outsourced Risk Advisors Aggregated Subscription Services RISKASSESSMENT Individual Subscription Services Low High DUE DILIGENCE RESOURCES www.lexisnexis.com.au/riskandcompliance LexisNexis Risk & Compliance 21
  23. 23. Special Offer for Webinar Attendees• All webinar attendees are entitled to a 15% discount on Lexis® Diligence until 31 March 2013.- Lexis Diligence is one of the most advanced, intuitive and end-to-end KYC screening solutions available in the market, to help mitigate increased technological risk.- Register for a free demonstration via this link or call LexisNexis Customer Relations on 1800 772 772. http://www.lexisnexis.com.au/riskandcompliance/ demo.aspx- Use Discount Code: ACIWEBINAR- For more information about LexisNexis Risk & Compliance solutions, visit www.lexisnexis.com.au/riskandcompliance*General terms and conditions and terms of trade apply. www.lexisnexis.com.au/riskandcompliance LexisNexis Risk & Compliance 22
  24. 24. QuestionsLexisNexis Risk & CompliancePresenter: Aaron Cleavely-MillwoodEmail: aaron.cleavely-millwood@lexisnexis.com.auWebsite: http://www.lexisnexis.com.au/riskandcompliance/Join the conversation: http://www.linkedin.com/groups?gid=4632029&trk=myg_ugrp_ovr www.lexisnexis.com.au/riskandcompliance LexisNexis Risk & Compliance 23