Embed Size (px)
Citation preview
Presented By:
Tool Kit for Crisis Management and Risk Assessment
October 29, 2016
Presented By:
The Speakers
Michele Beasley, Esq.• General Counsel, Americas and
EMEA Utility and Global Wind
• SunEdison
Kathleen Barlow• Senior Vice President• Marsh USA, Inc.
Hayley Chang, Esq.• General Counsel and Chief
Compliance Officer• StreetShares
Suzan Charlton, Esq.• Special Counsel• Covington & Burling LLP
Presented By:
Agenda• Tool Kit:
– Managing change in the regulated world• Keeping up with industry, regulations, and crisis response
• Developing a risk profile
– Practical advice and illustrations• risks to property and life/safety• cyber security• government investigations
– Leveraging your insurance broker
Presented By:
MANAGING CHANGEIN THE REGULATED WORLD
Presented By:
OverviewI. Current regulatory landscape
II.Constant change
III.Compliance lawyer’s tool kit
Outline
Presented By:
I. REGULATORY LANDSCAPE
Presented By:
Federal Regulations
• U.S. executive branch agencies issue a few thousand rules per year
• CFR = 175,000 pages– With regs by 438 federal agencies– … or more?
Presented By:
Presented By:
State Regulations
• 50 states + DC• And local regulators• Sometimes, they work together
– Ex: NASAA and securities notice filings• Other times, they’re wildly inconsistent
– Ex: commercial lending laws
• Even conflicting
Presented By:
State bureaucracies
Presented By:
Global Compliance Issues• International regulatory framework
– Global capital flow– 24/7, worldwide operations– Labor mobility– Instant, real time communication– Patchwork of myriad and conflicting regulations
• simultaneous compliance with differing regimes by a unitary work force
• drive to remove silos may inadvertently increase regulatory risk
Presented By:
II. CHANGE IS THE ONLY CONSTANT
Presented By:
ALTERNATIVE FINANCE OVER THE PAST DECADE
2005 2007 2009 2011 2013 2015 2006 2008 2010 2012 2014
JOBS Act
R.506(c)
Reg A+
Treasury RFI
Goldman Sachs Report
IPO
Example: Financial Services
Presented By:
• Rules change– Trying to keep up with new industries– Crisis response– Regulatory reform
• Risks change– Cyber – Emerging markets– Political risks
Change
Presented By:
Change• Business must constantly transform to keep up
– Always “on” • 24/7 operations• Instantaneous, real‐time communication
– Always moving• Labor mobility• Advances in technology• Changes in U.S. and international regulatory framework• Corporate mergers, acquisitions, restructuring, etc.
– Everywhere• Competition
Presented By:
III. COMPLIANCE LAWYER’S TOOLBOX
Presented By:
A. TRACKING TRENDS
Presented By:
• Keep apprised of current legal developments‐ Industry publications‐ Set up news alerts
• Spot coming trends‐ Stay close to your business‐ Listen to the non‐legal team
Presented By:
B. RISK PROFILE DEVELOPMENT
Presented By:
What is a Risk Profile?
• Evaluation of 1. willingness to take/assume risks2. threats to your organization
Greater risk greater required return
• Risks must be accurately assessed in order to be adequately priced
Presented By:
Managing Risk• 3 ways to manage risk
1. Assume• No insurance; high SIR’s• “Cost of doing business”
2. Reduce/Avoid• Quality control• Safety
3. Transfer• Third Party Contractual Assumption of Risk• Indemnities• Insurance
Presented By:
Developing a Risk Profile
• Risk assessment• Risk tolerances
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
• Threat assessment• Countermeasures
Presented By:
C. SYSTEMS ARE YOUR FRIEND
Presented By:
Usefulness of Systems• Use the “least necessary” approach to compliance system development
• USE TOOLS! – Automate!
• Provides for consistency• Reduces human error• Creates a record• Humans are bad at consistency over more than a handful of people
– Insert analytic and logic into tools so users are focused on just the facts (e.g., derivatives, suitability and Know Your Customer programs)
• Make an audit trail and USE IT
Presented By:
Necessity of Systems
If it isn’t documented…. it didn’t happen
Presented By:
PRACTICAL ADVICE: RISK AND CRISIS MANAGEMENT SCENARIOS
Presented By:
Practical Advice: Risks
• Human Life/Safety• Property and liability risks• Developing markets• Cyber security• Government investigations
MEB1
Slide 27
MEB1 not sure this slide adds anything new??Michele E. Beasley, 10/21/2015
Presented By:
Human Life/Safety Risks• Threats?
• Inherently dangerous business activities• Travel (security, medical and kidnap/extortion risks)• Inadequate procedures/training/reporting
• Risk assumption/transfer– Hard to insure for– How much to self‐insure?
Presented By:
Property/Liability Risks• Threats?
• Business interruption• Tort liability• Product recalls
• Risk assumption/transfer• Supplier indemnities• How much to self‐insure?
• Other insurance considerations• AI coverage• D&O coverage
Presented By:
Developing Markets
• Risks the company is willing to take:– How do you know what you don’t yet know?
• Security Assessments (internal/external); Anti‐corruption analysis and safeguards
• International regulatory settings—figuring out the rules of the road for new roads
• Insurance considerations: – beyond property and casualty – currency, inflation, expropriation, political risk, others
Presented By:
31
Cyber Security
Risks/Threats:
• Management awareness lags behind threats– Little understanding of impact of cyber events– Inadequate security programs & incident response planning
–No data on impact: cyber business interruption & loss exposures
– Lack of governance structure, defined roles & responsibilities
Presented By:
How Data Incidents Occur
Lost Devices & Inadvertent Publication of
Data
Disgruntled Employees
Vendors & Subcontractors
Hackers & Unsecured Websites
Inter
nal
Exter
nal
Accidental Intentional
Presented By:
33
Presented By:
Cyber Risk Assessment• Internal and external vulnerabilities, weaknesses in existing framework
• Relevant threats, including threats from third‐party entities
• Impact/harm– What do regulations require? – What do shareholders and customers require?
• Likelihood that harm will occur• Ability to transfer risk through insurance
Presented By:
35
*Net Diligence, 2014 Cyber Claims Study (December 2014)
Cyber Threat AssessmentUS Cyber Insurance Claims by Industry*
Presented By:
Government Investigations
• Types of investigations– environmental– Anti‐corruption– whistleblowers/qui tam– other compliance issues
• FCA cases (FY 2014):– 700+ whistleblower suits– >$5 billion to U.S. DOJ in qui tam litigations
Presented By:
Government Investigations
• Is an investigation a crisis? – Routine compliance or allegations of wrongdoing?
• Do you have insurance for it? – Understand what your policies actually cover– Timing: notice of “claim” or “circumstances”
• Best practices– Flag government inquiries early
• Train employees to report
– Preserve coverage by noticing “circumstances”
Presented By:
LEVERAGING YOUR INSURANCE BROKER’S SERVICES
Presented By:
I. Insurance as part of a Risk Management Assessment
II. Using your insurance “advisor” effectively
Presented By:
Key Business Objectives
• Insurance as part of Risk Management Assessment
• Financial protection against – Direct loss (caused by harm to own business)– Liability loss (caused by harm to others)– Financial and reputational protection to key company management personnel
– Damage to company reputation and relationships– Business continuity
40
Presented By:
Insurance Risk Assessment• Insurable risks
– What is at risk? Is everything covered?
– Who is at risk? Is everyone covered? • Affiliates, subs, indemnified companies, merged companies?
• Sufficient amount of coverage?• Legal issues arising from policy language?• How do the insurance policies in the portfolio
interact? Are there gaps? • Are there non-insurance mechanisms to avoid
and spread risk?
41
Presented By:
GC’s and Risk/Insurance• Changing Role of the Legal Department in Risk Management and Insurance – More focus on risk management– GC involvement in financial and professional lines
• D&O— importance to board and “C Suite”• Cyber liability – data breach, compromise of employee information, evolving daily
• E&O/Professional liability — outside of “cyber” or integral to?
– Company risk management philosophy• Teamwork? or not (power play)?• Legal, Finance, Risk Management, HR, Facilities, etc.
42
Presented By:
43
• Who is ultimately responsible for ensuring that the company’s most significant risks are addressed?
GC’s and Risk/Insurance
Presented By:
Why My Department?• Why Should You and Legal Department Be Involvedin Risk Management and Insurance Issues?– Managing rising litigation costs– Evaluate need for new insurance if available
• FCPA violations• Wage and Hour violations• Cyber Liability
– Because your CEO will expect you to be prepared to jump into crisis and risk – be proactive
– Professional development• Carve out a role in legal department that is yours and impacts all other departments
44
Presented By:
Using Your BrokerBeyond renewals….• What the broker knows:
– Risk; impacts and likelihood– Insurance markets; new insurance coverages
• Who the broker knows:– Brokers may have relationships with insurers, which can facilitate future claims handling
• What (else) the broker can do:– Keep positive relationship between policyholder and insurer; affect claim assessment and resolution
– Who is your “claims advocate” at the broker?
45
Presented By:
Using Your Broker
• Caveat: – No Attorney‐Client relationship with Broker – No privileged conversations
46
Presented By:
“And for what we don’t cover, there’s insurance insurance.”
Presented By:
Key Take‐Aways
Two things everyone in the room can do to advance their organization’s risk management efforts: 1. Today, after this
seminar2. Next week
