Archive for the 'Risk Management' Category

Crowd-sourced Violence

Published on May 9, 2012 in Reputation Management, Risk Management and Security. 0 Comments

I recently assisted a family that suffered from the actions of a small group of misguided, radical, and dangerously fanatical persecutors who use the Internet as a force multiplier. This campaign degenerated into a violent attack on the children. Fortunately, the family has the support of the employer. The provided security driver got the children to safety before the attackers caused any serious injuries or death.

The family can’t sell their city home because of the risk this would pose to the new owners. Their country property was located by the radicals and the onslaught of harassment, vandalism, and arson started again. After vacating the country property, it must now be guarded around the clock like the vacant city home.

This type of crowd-sourced attack is something that executives and security professionals must deal with before it occurs. People who might be exposed to this risk will have to go through their lives to find the leads that motivated persecutors will use to find them. These leads will have to be removed, made irrelevant, or altered. This is not a small task and it is very difficult to do when things are peaceful. Doing it while under attack might be impossible because the attackers probably possess the data you would seek to remove or obscure.

 

Online Persecutors Must Be Taken Seriously

Published on May 7, 2012 in Reputation Management and Risk Management. 0 Comments

Fanatical persecutors who use the Internet are a real danger. Not just a danger to one’s reputation, but to life itself. Korean Canadian hip hop artist Daniel Lee had his career severely damaged by an orchestrated campaign to cast doubt on his academic career at Stanford.

As a Wired article outlines, one disgruntled person can easily start a dangerous campaign to destroy a person’s reputation and that could lead to violence or dramatically alter the victim’s life as he tries to avoid the virtual lynch-mob that might materialize in real-life.

 

The Bank Act & the PI

Published on December 5, 2011 in Canada, Company Research, Due Diligence, Legislation, Methods, Private Investigator, Risk Management and Sources. 0 Comments

The Bank Act

The Bank Act (1991, c. 46) is an Act of the Government of Canada respecting banks and banking.  The Canadian banking industry includes 20 domestic banks, 24 foreign bank subsidiaries and 22 foreign bank branches operating in Canada.

Canadian Banks & Lending

Canadian Banks have the right to lend money to wholesalers, retailers, shippers and dealers in “products of agriculture, products of aquaculture, products of the forest, products of the quarry and mine, products of the sea, lakes, and rivers, of goods, wares and merchandise, manufactured or otherwise” on the security of such goods or products, and to lend money to manufacturers on their goods and inventories.

The Private Investigator (PI)

When doing a background investigation of a person, the PI will be looking for previously unknown assets, banking and financial arrangements, or corporate affiliations.  When investigating a company, the PI will be looking for previously unknown assets, banking, and financial arrangements.  In both cases, the equity held by the subject in the assets will be of interest.  Searching the Bank Act Security Registry may reveal all of the above.

Bank Act Security Registry

Under S. 427 of the Bank Act, the borrower must sign a document that provides the bank with the first preferential lien on the goods or equipment.  The Bank then registers a ‘Notice of Intention‘ to take the goods as security, to perfect its security interest.

The Bank of Canada offers a Security Registry service which may be searched for registrations.  The search will reveal whether the Bank of Canada has taken security on property that may interest you.  If the Bank does have a claim on the property, then it means that it has loaned the customer money and that it has the right to take possession of and sell the property if the loan is not paid.  This is important for you to know for two reasons.  First, it shows that the person or business is indebted to a Canadian chartered bank and may have equity in the property listed in the security agreement.  Second, it may uncover previously unknown assets, banking and financial arrangements, or corporate affiliations. You will need to provide the name of the person or business being searched.

Years ago, we only did this when we suspected the subject person or company might have an interest in an agricultural business.  Today however, we find more non-agricultural businesses in the Bank of Canada registry. We have online access to the Bank of Canada registry to search for Bank Act Security items. The search results often indicate that a business assigned its inventory to a bank as security under the Bank Act.

A manual search for Notices of Intention filed under Section 427 of the Bank Act are conducted at the agency of the Bank of Canada in the province or territory where the debtor’s place of business is located. For Bank Act searches,  “agency” means, in a province, the office of the Bank of Canada or its authorized representative but does not include its Ottawa office, and in Yukon, the Northwest Territories and Nunavut means the office of the clerk of the court of each of those territories respectively [see S. 427(5)].

 

Money Laundering on the High Seas

Published on October 17, 2011 in Odds & Sods, Private Investigator and Risk Management. 0 Comments Tags: , .

I never underestimate the creativity of crooks.  This ingenious scheme illustrates how crooks are always looking for a weakness to exploit.  In this case, the criminals insured a marine vessel and then they made a claim against that policy each month.  The claim was always lower than the premium, and the insurance company did not become aware of the fraud as they were making a profit.

The crooks had found a sure-fire way to launder money.

Risk & Reality

Published on September 19, 2011 in Risk Management. 0 Comments

I am often surprised how poorly most people evaluate risk.

If you ask someone what is the greatest risk in their daily life, you will get all manner of poorly conceived answers about the risks we face daily. (The greatest and most  persistent risk is eating and its concomitant risk of food-borne illness.)

If you ask someone what was the largest killer in the last century, you will get a bewildering array of answers. (Of course, the real answer is government tyranny.)

Now you know why mere inconveniences become disasters, and real risks are ignored.

Credit Scores

Published on September 16, 2011 in Odds & Sods, Private Investigator and Risk Management. 0 Comments

Experian, Equifax and TransUnion Scores on consumer credit reports:

  • Poor: 301-600
  • Good: 600-700
  • Excellent: 700-849

Hurricane Irene Devastates the East Coast’s Economy

Published on September 2, 2011 in Business Continuity, Economics and Risk Management. 0 Comments Tags: .

The recent destruction of Hurricane Irene on the East Coast left many Americans underwhelmed. The carnage and destruction of Hurricane Katrina were not as present for Irene, but billions of dollars worth of damage and flooding are still wreaking havoc on the eastern seaboard. In the already sluggish economy, Irene is hitting the pocketbooks of most Americans in a serious way.

The event was downgraded from a hurricane to a tropical storm, but because of the lack of emergency infrastructure, damage was more widespread and costly than if a more devastating hurricane were to hit a prepared Florida coast. If the storm became any stronger, it could have caused serious damage to all of the glass in the Manhattan skyscrapers or cause permanent damage to all of the towns by rivers and ponds in Vermont.

Many retailers and businesses were relying on decision analytics and a busy back to school weekend in order to optimize sales. For operations such as grocery, drug, and home improvement stores; the weekend was a huge success because of the need to stock up on emergency supplies. For outlets like department stores, clothing chains, and movie theaters; the weekend was a bust because of evacuations and the fear of leaving shelter. A family was more likely to purchase something like a power generator or an emergency supply of freeze dried food rather than a new wardrobe to show off at college.

In an AP article, market researcher Ken Perkins said that the $300-500 people spend on fixing their homes would be lost to discretionary spending and could be taken back from the back to school business. With the economy already in a bad state of being, it will be even harder for most retailers to recover from missing the second biggest shopping season of the year.

For those with hurricane insurance, there claims might not cover all of the damages incurred by the storm. As reported by The Christian Science Monitor, most Americans do not participate in the National Flood Insurance Program. Since most of the damage caused by Irene was through flooding and not wind, people will find a hard time getting compensation for damaged goods and property.

While the immediate impact of Hurricane Irene may seem less severe than other highly publicized natural disasters of the past; its effects will linger through the economy and infrastructure of the area for years to come.

Risk Management Techniques

Published on August 12, 2011 in Risk Management. 0 Comments

Risk Management Techniques

All risk management techniques fall into one or more of these four major categories:

  • Avoidance (eliminate)
  • Reduction (mitigate)
  • Transfer (outsource or insure)
  • Retention (accept and budget)

Risk Avoidance

Avoidance may seem the answer to all risks, but avoiding risks also means avoiding potential gain.

Risk Reduction

This involves the methods to reduce the severity of the loss or the likelihood of the loss from occurring. For example, sprinklers may reduce losses from a fire. However, sprinklers may cause a greater loss due to water damage. Halon systems may mitigate that risk, but may cost more than the fire and water damage risks warrant.

Risk Transfer

The purchase of insurance is often described as a “transfer of risk.” However, technically speaking, insurance is more accurately described as a post-event compensatory mechanism. The risk still lies with the policy holder while the insurance policy simply provides that if the event occurs, then some compensation may be payable to the insured commensurate to the suffering/damage within the terms of the insurance contract.

Risk Retention

Risk Retention is accepting the loss if it occurs. Self insurance falls in this category. This is a viable for minor risks where the cost of insuring against the risk would be greater than the total losses sustained. All risks that are not avoided or transferred are retained by default. This includes catastrophic events that cannot be insured against, such as war.

Operational Risk & Lawfare

Published on July 29, 2011 in Company Research, Competitive Intelligence, Private Investigator, Reputation Management and Risk Management. 0 Comments Tags: , .

Recently, I have been involved in a series of jobs involving Operational Risk.

Operational Risk arises from:

  • inadequate or failed processes and controls,
  • people
  • systems
  • external events
  • contractual obligations
  • compliance issues
  • lawfare

Lawfare is the most interesting aspect of this type of work. Lawfare is a form of asymmetric warfare that is waged via the courts with the intention of damaging the firm. Special interest groups, radicals, and competitors will use this to create financial damage and create ill will towards the targeted company.

The Investigator’s task is usually to identify the funding sources and relationship of the plaintiff to individuals and groups who would benefit from the use of this tactic.

Asymmetric Warfare & Business Continuity

Published on June 16, 2011 in Business Continuity, Communication, Encryption, Espionage, Industrial Espionage, Intellectual Property Rights, Intelligence Services, Privacy and Risk Management. 0 Comments

In a previous article, I wrote about a system that created a single point of failure. In a strategic sense, computers and IT as a whole have become a single point of failure in both government and industry.

Chinese military leaders call automation the great equalizer, since its enemies heavily depend upon computers. An effective attack upon their enemy’s IT infrastructure provides an immediate and disproportionate impact which is the core concept of asymmetric warfare.

This asymmetry benefits the attacker, regardless of his motives or methods.

CPIC Not Updated in a Timely Fashion

Published on June 13, 2011 in Canada, Risk Management and Security. 0 Comments Tags: , , , .

The most recent Auditor-General report reveals some problems at the RCMP that I have suspected for years. Auditor-General reports going back to 2000 have criticized the CPIC system (see 7.86) regarding timely delivery of criminal record data.

The problem we encounter most often is the backlog of criminal records that has seen the updating of some records taking 3 years.

The Auditor-General estimates that the RCMP takes an average of 14 months to update an English criminal record in CPIC. The French updates take an average of 36 months. The stated goal is updating a record in 24 hours. Unfortunately, reality is an average time of 334 working days (see 5.60).

At some point this is going to result in tragedy. Even more unfortunate, is the fact that the RCMP and the government is judgment-proof for this negligent behaviour. The investigation company used by employers and  their insurance companies aren’t as lucky. Even if a claim is rejected by the courts, the legal expenses may destroy the company for reporting in good faith what was on CPIC.

How will this play out when a sex offender is hired to work with vulnerable people. What will happen when that same offender follows his natural instincts and victimizes someone.

It is also conceivable that this situation will also thicken our border with the U.S.A. as  their authorities start to act upon their distrust of CPIC. Frequent border-crossers, such as truck drivers, will be subjected to additional delays. If that extends to airports we can expect more security searches, questioning, and delays.

The problems we see with CPIC should be a warning about all supposedly trusted and sole source systems. All such systems break-down!

When we are forced to trust one system, especially a critical system, and that system fails, we are all vulnerable. It doesn’t matter it is health care or CPIC, without reliable alternatives, people will be hurt.

New Madrid Seismic Zone

Published on March 18, 2011 in Business Continuity and Risk Management. 0 Comments

In light of the Japanese earthquake and it devastating consequences, other developed countries should look closer to home and start planning.

One of North America’s most dangerous fault zones lies in the U.S. Midwest. The New Madrid fault line, named after the small town in southeast Missouri and covering areas of Illinois, Missouri, Arkansas, Kentucky, Tennessee and Mississippi, was responsible for several earthquakes in the early 19th century. Although several minor quakes have occurred along the New Madrid fault over the years, the last major disruption was in the 1811-1812 winter when a succession of four earthquakes over three months famously caused the Mississippi River to temporarily flow backward and had aftershocks travel as far as Boston and Toronto. These were estimated to be as large as 8.0.

In a report filed in November 2008, The U.S. Federal Emergency Management Agency warned that a serious earthquake in the New Madrid Seismic Zone could result in “the highest economic losses due to a natural disaster in the United States,” further predicting “widespread and catastrophic” damage across Alabama, Arkansas, Illinois, Indiana, Kentucky, Mississippi, Missouri and particularly Tennessee.

Two hundred years ago this area was sparsely populated, today’s population density will make such an earthquake devastating, especially since the area does not possess appropriate building codes to reduce earthquake damage.  FEMA’s poor performance after Katrina leaves only one response possible. Whether you are a private citizen or large company, begin planning and preparations now, before you need them.