Mastering the Dynamics and Interrelationships of Financial and Cyber Risk Exposures

CFO Alliance members recently gathered in Chicago to discuss and exchange ideas with CFO peers and risk management experts Adil Kassam, Managing Director - OTC FX and Rates at INTL FCStone Inc, and Jay Shelton, SVP of Risk Assurance, focused on understanding and effectively managing key risk exposures that can impact company performance. The conversations in Chicago focused on financial and cyber security risk.

The discussions on financial risk focused in the areas of interest rate and FX risk exposure. Adil shared many compelling ideas which stimulated conversation around what is driving financial risk exposures at a macro-level, and how and CFOs can develop the right strategies in understanding and effectively managing exposures at their companies.  Adil offered many compelling insights before the conversation turned to specific financial risk exposures including:

• CFOs in today’s world are asked to walk a tightrope between opportunity and risk, and that the innovation required to deliver growth comes with risk exposures. CFOs should not fear risk exposures, but endeavor to identify them as they emerge, and leverage tools (i.e., insurance, derivatives) and tactics (take advantage of natural hedges) to mitigate them so that risk exposure levels align with their company’s risk tolerance.
• CFOs can take advantage of variability in financial markets by using vehicles (options) that protect against downside risk and allow CFOs to participate in markets when certain variables (interest rates, FX rates) move in favorable directions.
• Interest Rates & FX market volatility are intertwined in today’ s economy. If Interest rate risk matters to your company then you should not turn a blind eye to volatility in global currency markets.
• Effective risk management increases business agility. The ability to effectively identify and respond to challenges, and to take advantage of the right opportunities at the right times.
• Risk mitigation tools arm companies with ammunition to protect margins against volatility in global markets. 

Adil introduced us to a graph that impacts the decision making of central banks around the world use in controlling interest rates within their market domains, the five-year, five-year forward break even inflation graph. The graph depicts the 5-year forward implied inflation rate at a point in time based on 5 and 10 -Year Treasury Inflation Protection Securities (TIPS) markets. The reason this graph deserves attention from CFOs is that is happening with inflation and inflation expectations drive central bank actions relative to interest rate movements. Adil also advised us that companies would do well not to make decisions based on information that is already priced into a market, we should consider multiple strategies in managing known risk exposures, and that options are often the way CFOs lean to avoid downside risk and participate in upside market volatility when their employers are not focused on risk exposure elimination. 

Jay Shelton led attendees through a compelling discussion of the landscape of cyber security risk exposures and how companies do well in having a program to mitigate exposures, and a comprehensive breach response plan to mitigate the costs of a data breach, which quickly put a company on the path to bankruptcy if allowed to go un-checked (a company has no breach response plan). Key take-aways from the discussion led by Jay include: 

• CFOs would do well to be involved with IT in doing a formal assessment, best case in in conjunction with a third party, to identify cyber risk exposures from internal (employees) and external sources
• Employee education as to how their actions can create data breach exposures is an extremely cost effective technique to mitigate cyber risk exposures
  • Understand the warning signs of suspicious e-mail- question first, ask IT before opening any questionable e-mail are the cornerstones of the right e-mail culture
  • If you see suspicious activity within your e-mail account, let IT know immediately
  • Using a memory stick/external drive should be done with caution, never use one you just find, and it is best to only use those that have been screened or issued by IT
  • Educate employees as to social engineering scams including those designed to mine passwords, transfer funds and/or obtain approval for wire transfers,
• Companies need to focus much more on how to mitigate the costs of a breach by investing in a comprehensive breach response plan. The plan should be aligned with the company’s business continuity plan.
• Cyber Risk policies do exist to help mitigate the costs of a beach, however, the often exclude social engineering and should not provide any company a false sense of security 

Unfortunately, in the realm of cyber security, even companies with the proper risk culture who use the latest and greatest tools to prevent a data breach from occurring can experience a data breach.  Jay shared with us a very compelling case study in which a company with a quality breach response plan that is executed once suspicious activity relative to a breach is reported to the right internal parties can save millions of dollars and mitigate any damage to an extremely valuable company asset, its brand.

If you would like to discover insights and key-take aways from other CFO roundtables held across the country focused on Raising Your Company’s Risk IQ across the Enterprise as the CFO, read THE CFO ALLIANCE BLOG.

For more information relative to effective Cyber risk management,   View the “Technology Risk Management: Integrating Cyber Security and Business Continuity Planning” WEBINAR RECORDING.