Posts Tagged ‘Risk assessment’

The Risky Business of Cybersecurity

Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Wednesday November 5, 2014 at 9:02 am
  • Print
  • email
  • Twitter
Editor’s Note: David A. Katz is a partner at Wachtell, Lipton, Rosen & Katz specializing in the areas of mergers and acquisitions and complex securities transactions. The following post is based on an article by Mr. Katz and Laura A. McIntosh that first appeared in the New York Law Journal; the full article, including footnotes, is available here.

The national and economic security of the United States depends on the reliable functioning of critical infrastructure. Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the Nation’s security, economy, and public safety and health at risk. Similar to financial and reputational risk, cybersecurity risk affects a company’s bottom line. It can drive up costs and impact revenue. It can harm an organization’s ability to innovate and to gain and maintain customers.

—National Institute for Standards and Technology, Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0

In today’s technology driven environment, public companies must constantly confront the challenge of cybersecurity, in its complex, varied, and ever-adapting forms. Cybersecurity breaches regularly fill the headlines, the costs of cybercrime are skyrocketing, and the repercussions of corporate cyber-attacks are felt all the way from chief executives to retail customers. President Barack Obama has stated that “the private sector and the government can, and should, work together to meet this shared challenge,” while FBI Director Robert S. Mueller has described “the critical role the private sector must play in cyber security.” As companies become increasingly dependent on networked technology, and as an expanding number of people conduct transactions and other activities online, cybersecurity will continue to grow in importance for the business community, for the global economy, and for society at large.

…continue reading: The Risky Business of Cybersecurity

Understanding and Implementing the NIST Cybersecurity Framework

Posted by Yaron Nili, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Monday August 25, 2014 at 9:03 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Paul A. Ferrillo, counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation, and is based on an article authored by Mr. Ferrillo and Tom Conkle.

Why the Cybersecurity Framework was created and why it is so important

Despite the fact that companies are continuing to increase spending on cybersecurity initiatives, data breaches continue to occur. According to The Wall Street Journal, “Global cybersecurity spending by critical infrastructure industries was expected to hit $46 billion in 2013, up 10% from a year earlier according to Allied Business Intelligence Inc.” [1] Despite the boost in security spending, vulnerabilities, threats against these vulnerabilities, data breaches and destruction persist. To combat these issues, the President on February 12, 2013 issued Executive Order (EO) 13636, “Improving Critical Infrastructure Cybersecurity.” [2] The EO directed NIST, in cooperation with the private sector, to develop and issue a voluntary, risk-based Cybersecurity Framework that would provide U.S. critical infrastructure organizations with a set of industry standards and best practices to help manage cybersecurity risks.

…continue reading: Understanding and Implementing the NIST Cybersecurity Framework

SEC’s Non-Decision Decision on Corporate Political Activity a Policy and Political Mistake

Posted by John Coates, Harvard Law School, on Friday December 13, 2013 at 8:51 am
  • Print
  • email
  • Twitter

The SEC’s recent decision to take disclosure of political activities off the SEC’s agenda is a policy mistake, as it ignores the best research on the point, described below, and perpetuates a key loophole in the investor-relevant disclosure rules, allowing large companies to omit material information about the politically inflected risks they run with other people’s money. It is also a political mistake, as it repudiates the 600,000+ investors who have written to the SEC personally to ask it to adopt a rule requiring such disclosure, and will let entrenched business interests focus their lobbying solely on watering down regulation mandated under the Dodd-Frank Act and the 2012 securities law statute, rather than having also to work to influence a disclosure regime.

…continue reading: SEC’s Non-Decision Decision on Corporate Political Activity a Policy and Political Mistake

Through the Investor Lens: Perspectives on Risk & Governance

Editor’s Note: Kayla Gillan is leader of the Investor Resource Institute at PricewaterhouseCoopers LLP. The following post is based on the Introduction and Overview of a PwC Investor Survey; the complete publication is available here.

Investors are looking at risks differently than in the past. The financial crisis that affected capital markets across the globe demonstrated that companies—and even whole economies—can be rocked to their core when the connections between lending practices, securitization programs, and capital and funding levels are not clearly understood and monitored.

Investors today are expecting that those who manage the businesses that rely on their capital will exercise greater care over this expanded concept of “risk.” Of course, investors also seek steady returns, so risks cannot be eliminated. But this is when disclosure—information that provides necessary nourishment to an efficient market—becomes so important.

…continue reading: Through the Investor Lens: Perspectives on Risk & Governance

The Future in Law and Finance

Posted by R. Christopher Small, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Wednesday July 3, 2013 at 9:30 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Alessio Pacces, Professor of Law and Finance at the Erasmus School of Law in Rotterdam. The post is based on Professor Pacces’ inaugural lecture for the Chair in Law and Finance at the Erasmus School of Law in Rotterdam. The full text of the lecture is available here.

Traditionally, law and finance has been concerned with investor protection. That would be enough if the future were predictable. However, because the future is in fact uncertain and unpredictable, the prices of financial assets are flawed and in the short run they may result in serious mistakes, if not widespread crises. Although these mistakes are corrected in the long run, a lot of harm may occur in the meantime. Drawing on the experience from the global financial crisis, I argue that financial law should be concerned not only with investor protection, but also with mitigating the temporary excesses of markets in allowing or restricting access to finance.

The challenge of this goal is to remedy market malfunctioning without undermining market discipline. This is possible if central banks backstop banks’ illiquidity during a crisis, provided that regulation preserves the central banks’ incentives to distinguish illiquidity from insolvency. Moreover, in order to prevent the backstop from resulting in moral hazard by financial institutions, regulation should police the incentives of both managers and shareholders. On the one hand, bank managers should not be allowed to cash in the profit of short-term success. On the other hand, corporate law should allow shareholders to commit to the long term via takeover restrictions, granting bankers private benefits of control to complement the deferral of performance pay.

…continue reading: The Future in Law and Finance

Basel Developments: Credit Risk Mitigation Transactions and Regulatory Capital Arbitrage

Editor’s Note: Barnabas Reynolds is head of the global Financial Institutions Advisory & Financial Regulatory Group at Shearman & Sterling LLP. This post is based on a Shearman & Sterling client publication by Mr. Reynolds, Donald Lamson, David Portilla and Azad Ali.

Transactions that reduce regulatory capital requirements for banks have recently come under media and regulatory scrutiny. The New York Times characterized them as a “trading sleight of hand.” The Basel Committee on Banking Supervision has proposed limiting the ways in which capital requirements can be reduced by such transactions. This post discusses the new Basel proposals in light of prior guidance published by Basel and the Federal Reserve. As banks seek ways to meet heightened capital requirements and surcharges that are being implemented, they may find greater difficulties in reducing their exposures.

…continue reading: Basel Developments: Credit Risk Mitigation Transactions and Regulatory Capital Arbitrage

Bank Regulation with Private-Party Risk Assessments

Posted by R. Christopher Small, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Wednesday February 20, 2013 at 9:16 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Milton Harris, Professor of Finance at the University of Chicago; Christian Opp of the Department of Finance at the University of Pennsylvania; and Marcus Opp of the Finance Group at the University of California, Berkeley.

Triggered by the recent financial crisis, the regulation of banks has gained new traction among academics, regulators, and politicians. One of the key challenges in effective regulation is time inconsistency of regulation. While a regulator would like to commit not to bail out banks in order to set the right ex-ante incentives, this threat is generally not credible since the government does not follow through in the event of a crisis. Banks therefore have an incentive to expose themselves to risk that is partially insured by the government.

To mitigate this problem, regulators attempt to reduce the likelihood of banking crises by regulating both banks’ asset side and liability side. While there has been a recent push to focus on the liability side by mandating higher equity capital requirements, the very nature of a deposit-taking institution implies that leverage is an integral part of the business model of banks, unlike for other firms. In this paper, we therefore focus on the regulation of banks’ asset holdings. The starting point of our paper is the natural assumption that a regulator cannot directly observe the riskiness of assets, but needs to rely on an external (private) assessment of risk. Since the introduction of the Basel I framework, credit ratings have played an important role in bank regulation as “objective” measures of credit risk. This role has been confirmed in the Basel III (2011) guidelines, which still rely on credit ratings as measures of creditworthiness.

…continue reading: Bank Regulation with Private-Party Risk Assessments

Strategic Risk Management: A Primer for Directors

Posted by Matteo Tonello, The Conference Board, on Thursday August 23, 2012 at 9:23 am
  • Print
  • email
  • Twitter
Editor’s Note: Matteo Tonello is managing director of corporate leadership at the Conference Board. This post is based on an issue of the Conference Board’s Director Notes series by Mark L. Frigo and Richard J. Anderson, director and professor of strategic risk management, respectively, at DePaul University. This Director Note was based on a book authored by Dr. Frigo and Mr. Anderson, available here.

As noted by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), “In the aftermath of the financial crisis, executives and their boards realize that ad hoc risk management is no longer tolerable and that current processes may be inadequate in today’s rapidly evolving business world.” [1] However, especially for nonfinancial companies that may be relatively new to these topics, enhancing risk management can be a somewhat daunting task.

This article focuses on two key aspects of the relationship between risk and strategy: (1) understanding the organization’s strategic risks and the related risk management processes, and (2) understanding how risk is considered and embedded in the organization’s strategy setting and performance measurement processes. These two areas not only deserve the attention of boards, but also fit closely with one of the primary responsibilities of the board — risk oversight.

…continue reading: Strategic Risk Management: A Primer for Directors

The Blurring Line Between SEC Examinations and Enforcement

Posted by Mark K. Schonfeld, Gibson, Dunn & Crutcher LLP, on Wednesday March 28, 2012 at 10:53 am
  • Print
  • email
  • Twitter
Editor’s Note: Mark Schonfeld is a litigation partner at Gibson, Dunn & Crutcher LLP and co-chair of the firm’s Securities Enforcement Practice Group. This post is based on a Gibson Dunn client alert by Mr. Schonfeld, available here; this alert was originally prepared for the Practising Law Institute’s “Hedge Fund Registration and Compliance 2012″ conference.

I. Introduction

The most significant impact of SEC registration on private fund advisers is that the adviser becomes subject to inspection by the SEC’s Office of Compliance Inspections and Examinations (OCIE). The greatest risk arising from an examination is that the inspection staff decides to refer finding from an inspection to the Division of Enforcement for an investigation. This article discusses the risks of an examination becoming an investigation and strategies for anticipating and mitigating those risks. [1]

II. The Risk That an Examination Results in a Referral to Enforcement

Asset managers are particularly vulnerable to collateral consequences of a government investigation. Particularly in the wake of recent cases, many investors have little tolerance for fund managers who are subject to an investigation, thus making flight of capital a real risk for advisers under investigation. Stark examples of this played out over the last year when the F.B.I. executed search warrants in November 2010 on four hedge funds. Of the four funds raided, three ceased doing business even in the absence of criminal charges. [2]

…continue reading: The Blurring Line Between SEC Examinations and Enforcement

What Audit Committees Don’t Know

Posted by Robert C. Pozen, Harvard Business School, on Thursday March 3, 2011 at 8:45 am
  • Print
  • email
  • Twitter
Editor’s Note: Robert Pozen is Chairman of MFS Investment Management and a Senior Lecturer of Business Administration at Harvard Business School.

During the financial crisis, investors learned the hard way about financial liabilities of many institutions that were not previously disclosed. For example, many banks had large contingent liabilities to off balance sheet entities that they had sponsored. The extent of these liabilities surprised investors when the banks were forced in late 2007 and 2008 to take on their books these off balance sheet entities.

Outside directors on the audit committees of these banks were also surprised by the scope and size of these off balance sheet liabilities. To paraphrase Donald Rumsfeld, these directors did not know what they did not know. Their blissful ignorance shows that the SOX reforms for audit committees have not been effective and that a different approach is needed.

…continue reading: What Audit Committees Don’t Know

Next Page »
  •  » A "Web Winner" by The Philadelphia Inquirer
  •  » A "Top Blog" by LexisNexis
  •  » A "10 out of 10" by the American Association of Law Librarians Blog
  •  » A source for "insight into the latest developments" by Directorship Magazine