Weekly Operational Risk News Update
The RiskSpotlight Portal is the world's first forward-looking operational risk content service, providing financial service organisations with comprehensive insights into emerging risks, best practices, regulatory updates, and external loss events. By leveraging daily updates from global risk news sources, it enables proactive risk management and informed decision-making across various organisational roles.
Here are some highlights of the emerging operational risks and loss events from the last week taken from the Portal. This is just a glimpse of the detailed analysis and insight available in the Portal. To find out more go to RiskSpotlight-Portal – RiskSpotlight
Emerging Operational Risk Topics
MiCA Framework Reshapes Crypto Regulation in the EU
The Markets in Crypto-Assets (MiCA) framework came into full effect on 30 December 2024, marking a significant milestone for crypto regulation in the European Union. After years of fragmented rules across its 27 member states, the EU now has a unified rulebook. Businesses are viewing MiCA as an opportunity for consistent and transparent operations. Notably, companies such as MoonPay, BitStaete, ZBD, and Hidden Road in the Netherlands have secured MiCA licenses, joining Circle and Socios. However, challenges remain—Coinbase, a U.S.-based crypto exchange, delisted Tether (USDT) due to compliance uncertainties. Meanwhile, in the U.S., President-elect Donald Trump has declared ambitions to make the country the "crypto capital" of the world, with prominent figures like David Sacks and Bo Hines taking advisory roles in AI and crypto. The divergent regulatory approaches in the EU and U.S. may significantly impact the future of digital assets.
Chinese Cyberattacks Highlight U.S. Network Vulnerabilities
In the United States, alleged Chinese-government-backed cyberattacks linked to “Salt Typhoon” exploited backdoors in telecommunications networks meant for law enforcement wiretapping. This revealed critical vulnerabilities in national infrastructure. FBI and CISA officials are now urging Americans to adopt end-to-end encrypted messaging services like Signal or WhatsApp. However, this advice clashes with previous Department of Justice and FTC enforcement trends that stress retaining data for regulatory compliance. Organisations face the challenge of finding enterprise solutions that balance encryption with recordkeeping obligations.
Rising Scams in the UK: Barclays Data Exposes Trends
Barclays has released alarming statistics on scams in 2024. Investment scams accounted for a third of victim claims, while purchase scams dominated scam volumes. Most victims (93%) were approached online, particularly on social media, with 75% of scam types originating there. While 43% of people identified scams in time to avoid losses, 52% of Brits still feel overwhelmed by the diversity of scam tactics. Common methods include fake delivery and tax scams, but newer threats, such as AI cloning scams, are less widely recognised.
Surge in SIM-Swap Fraud Cases in the UK
SIM-swap fraud has nearly doubled in the UK, with over 2,000 reported cases by November 2024, according to Action Fraud. This scam involves criminals collecting personal details, impersonating victims to mobile providers, and transferring the victim’s phone number to a new SIM. The fraud gives scammers access to one-time bank passcodes and other sensitive accounts. Victims often first notice unsolicited texts about an eSIM update or fraudulent calls from supposed fraud teams. The effectiveness of this scam stems from the reliance on text messages for financial and email password resets.
EBA Calls for Systematic ESG Risk Measurement
The European Banking Authority (EBA) has introduced guidelines urging banks to incorporate a 10- year horizon into their analyses of environmental, social, and governance (ESG) risks. This includes focusing on fossil fuel exposures and aligning with net zero transition plans. Banks are also encouraged to test for physical risks, such as flooding, and transition risks. The guidelines reflect a global trend of increasing insured losses from natural disasters and heightened climate activism. While European banks are under pressure to stay aligned, some U.S. banks appear to be retreating from climate commitments.
Preparing ATMs for TR-31 and Quantum Encryption
ATM security is under scrutiny as institutions prepare for TR-31 encryption standards in 2025. Quantum computing, outdated network technology, and compliance requirements are pressing concerns. Banks and ATM operators must implement quantum-resistant encryption, adhere to TR-31 deadlines, and upgrade hardware to support remote key loading and cloud-based workflows. These measures are critical to safeguarding customer information and maintaining trust.
Phishing Surges Beyond Email Platforms
Phishing attacks continue to rise, with phishing link clicks nearly tripling from 2023 to 2024, according to Netskope. Attackers are diversifying their strategies, using search engines, fake ads, and websites to lure victims. Cloud applications like Microsoft services, along with banking and telecom brands, are common targets. Employees often overlook risks associated with search results and banner ads, making them vulnerable to credential-harvesting sites. Encouragingly, many organisations are now implementing data loss prevention controls for generative AI applications, signalling increased vigilance in data security.
Key Operational Risk Loss Events Update
Multistate Regulators Fine Bayview Asset Management for Cybersecurity Lapses
Fifty-three state financial regulators have taken coordinated action against Bayview Asset Management LLC and its affiliates, levying a $20 million fine for inadequate cybersecurity practices and non-cooperation following a data breach that exposed the information of 5.8 million customers. Spearheaded by regulators from California, Maryland, North Carolina, and Washington State, the multistate investigation concluded that the companies' IT and cybersecurity measures failed to meet both federal and state requirements.
UnitedHealth Group Penalised for Misleading Practices
Three insurance companies owned by UnitedHealth Group have been ordered to pay $165 million in damages in Massachusetts for violating consumer protection laws. The companies were found to have misled customers by misrepresenting agents as impartial and bundling unnecessary supplemental health insurance with major medical plans. The penalty includes $50 million in consumer restitution and $115 million in civil penalties. UnitedHealthcare has announced plans to appeal the decision.
Commonwealth Bank of Australia Faces Scrutiny Over Account Migration
The Commonwealth Bank of Australia (CBA) transitioned over a million customers from Complete Access Accounts to Smart Access Accounts without formally notifying Australia's prudential regulators, ASIC and APRA. This change, announced in early December, has led to some customers incurring fees to access cash at branches. Freedom of Information requests revealed that neither ASIC nor APRA has records of CBA consulting them on the issue during 2024.
Weekly Round Up of RiskSpotlight’s Posts
Day 12 of "31 Days of Emerging OpRisks": GenAI Powered Phishing
Day 11 of "31 Days of Emerging OpRisks": Navigating Polycrisis Threats
Day 10 of "31 Days of Emerging OpRisks": Escalating Climate Events
Day 9 of "31 Days of Emerging OpRisks": Increasing Cloud Regulations
Day 8 of "31 Days of Emerging OpRisks": The Great Exhaustion
Day 7 of "31 Days of Emerging OpRisks" by RiskSpotlight: Quantum Computing
Day 6 of "31 Days of Emerging OpRisks" by RiskSpotlight: Anti-ESG Movement
领英推荐
Thought Provoking - Have your Say
JPMorgan Chase disables employee comments after backlash over mandatory return-to-office policy impacting 300,000 employees.
Webinar - Master Emerging Operational Risks in 2025 - looking forward to seeing you all TODAY ( if you can't join sign up for the slides)
Are you prepared for the operational risks that 2025 will bring? Join us for an exclusive free webinar designed for operational risk professionals in the financial services industry, where Michael Rasmussen (the “Father of GRC”) and Manoj Kulwal (Chief Risk & AI Officer at RiskSpotlight) will share actionable strategies to help you navigate the evolving operational risk landscape.
Webinar Details
?? Date: 14th January 2025
? Time: 2:00 PM - 3:40 PM (UK Time)
?? Format: Online (Microsoft Teams)
??? Cost: Free (Registration required)
?? Register Here - https://lnkd.in/ecyYyvXv
Training Courses
??Introducing the World’s First Microsoft Copilot Course for Second-Line Operational Risk Management Stakeholders??
??Course Duration: 3 hours
???Course Format: Online or Classroom
???Course Fee: £3,800 (up to 20 attendees)
Learn More: https://lnkd.in/gaazfN5W
Email [email protected] to inquire about this course or schedule it for your 2nd line stakeholders.
Connect with us
We hope you find this newsletter informative. If so, please subscribe to receive weekly. Also follow RiskSpotlight’s LinkedIn page for further valuable operational risk content https://www.dhirubhai.net/company/riskspotlight-limited/
For further information regarding RiskSpotlight’s services visit our website RiskSpotlight
RiskSpotlight Portal
Are you and your team finding it challenging to stay on top of emerging risks?
If so, why not take a no-obligation trial of RiskSpotlight’s Portal—the first operational risk intelligence service designed to help you proactively navigate future risks.? This newsletter is produced from our news portal and represents a fraction of the content available.
Key benefits include:
Forward-Looking Risk Intelligence: A future-oriented approach that identifies emerging operational and technology threats before they materialise, unlike other platforms focused just on past risks and loss events.
Continuous Horizon Scanning: Real-time insights on industry best practices, regulatory updates, and major external events impacting risk landscapes.
Monthly Deep Dives: In-depth, subscriber-driven analyses on critical, evolving topics to keep you updated on high-impact risks.
OpRisk Radar Dashboard: A real-time, visual tool for identifying and prioritising emerging risks. Content is updated daily.
Comprehensive Risk Libraries: Organised resources covering 126 core risks, detailed scenarios, and over 60,000 curated articles for broad risk research.
Value-Focused, Competitive Pricing: More content and value per pound than competitors, making it an affordable choice for robust risk management resources for all sized businesses.
To request a demo please contact [email protected] or contact RiskSpotlight via LinkedIn
Disclaimer:
The content provided in this newsletter is intended for informational purposes only and reflects the best efforts of RiskSpotlight to deliver accurate and relevant information. However, as this content may include insights generated or assisted by AI, we cannot guarantee the absence of errors or omissions
?