Risk Roundup 2019 Year in Review
As 2019 comes to a close, we look back to the year that was and cast an eye toward 2020. It was another banner year for risk. But after further review, risks throughout the year coalesce into a handful of similar risks that we interpret as trends for 2020.
Data privacy regulations front and center
This time last year, we labeled 2019 as the year of the data breach. It kicked off in January with Google’s $57 million fine for GDPR violations and punctuated by Facebook’s $5 billion settlement for data privacy violations in July.
Events like Facebook’s breach lead to more data privacy regulations. On January 1, 2020, the California Consumer Privacy Act (CCPA) takes effect. California is the first state in the union to create a law protecting the data privacy of its residents. Other states will follow in 2020.
Laura Clark Fey, a privacy law specialist who served as a panelist for our 2020 Risk Trends and Predictions webinar, offered the best advice for the fluid nature of data privacy regulations in 2020.
“Given the number of laws to comply with, we see many organizations taking a principle-based approach to data privacy,” said Clark Fey.
Expect the unexpected
If 2019 taught us anything, it’s to expect the unexpected. There was last winter’s federal shutdown that made travel riskier with examples like a shortage of TSA agents. Or consider the case of the Boeing 737 Max that led to a loss of life and disrupted flights. It went from grounding the plane to suspending production that could slow the US economy—all occurring in 2019.
From a risk management perspective, how can you lower the risk of the unexpected in 2020? A good place to start is ensuring you have a business continuity plan. Another strategy is to take advantage of taxpayer-funded reports like the GAO’s reports. There is much to glean from their reports that would aid risk management and help prevent the unexpected from happening. Case and point, one GAO report found 16 federal agencies unprepared for cyber risk and offered guidance on how to shore up cyber defenses.
Actions can have far-reaching consequences
In 2019, risk was frequently notable for its Domino effect—one risk event set off a chain of associated events. An example of this was the spring, early summer floods in the Midwest. It’s not just flooded fields and damaged crops that impacted farmers. Corn is a major ingredient in over 4,000 products, ranging from cereals, sodas, and sweeteners to plastics, textiles, and biofuels. The event, flooding, had far-reaching consequences across the supply chain in multiple industries.
The same is true with the current administration’s tariffs. They don’t just impact listed industries; they endanger global networks and long-standing vendor relations. For example, tariffs led to an increase in the risk of fraud with Chinese products labeled as from Vietnam.
To manage risks that, at first glance, don’t impact the organization, you need to be able to connect the dots, anticipate the chain reaction, and engage continuity plans to protect the business.
Brexit was in the news all year long. In February, it was about delaying Brexit. In December, Parliament approved Prime Minister Boris Johnson’s plan calling for a split from the European Union on January 31st. Even so, there will be a transition period. This article sums up what’s next and the long road ahead.
“Britain appears headed for at least another 12 months of potentially tortuous negotiations over the terms of its departure from the European Union.”
The point for risk management is that uncertainty is bad for both business and consumer confidence. There are too many unknowns. That said, unknown can favor risk-taking. If leadership wants to accomplish goals in the UK, governance, risk management, and compliance must coordinate and collaborate on initiatives that manage risk and protect the organization.
That’s our roundup of notable risks for 2019. As we look to a new year and a new decade, we expect the dynamic, ever expanding, ever evolving nature of risk to continue unabated. We’ll be back in 2020 to round up the risks and share our thoughts on how to manage them.
While the coronavirus has dominated news cycles, other notable events occurred around a number of new rules, regulations and guidance, from California’s data privacy regulation to NIST data privacy framework and SEC guidance on cybersecurity for financial service firms.
We see a trend that would unify compliance and risk management under the same umbrella and help address the new risk landscape. It’s a principled, ethical approach to governance. Good governance guides organizations to do the right thing.
UK banks must now comply with the Senior Managers and Certification Regime, known as SMCR. Learn SMCR’s major requirements, top challenges, and best practices for compliance.