Daily Archives: 15/09/2014

Institute of Risk Management launches revised International Diploma

The Institute of Risk Management has issued its revised International Diploma in Risk Management, the content of which is specifically designed to tackle complex real world risks.

With 50% of US and European banking and capital market firms reporting a lack of skilled compliance staff, and nearly 40% recording an increase in the size of their risk teams, the hunt for qualified risk professionals is very much on.

The Institute of Risk Management’s (IRM) revised International Diploma is based on the latest global risk standards and core competencies, equipping risk managers with the skills they need to work at the highest level in today’s modern business environment.

“Since the original Diploma was created 25 years ago,” explained Dr Lynn Drennan (the IRM’s education programme director), “globalisation has become a reality, cyber risk is the new ‘normal’ and once-experimental industries are now mainstream. Our revised International Diploma ensures risk professionals are qualified to deal with today’s complex realities.”

The Institute of Risk Management has launched its revised International Diploma in Risk Management to tackle complex real world risks

The Institute of Risk Management has launched its revised International Diploma in Risk Management to tackle complex real world risks

Current Diploma student Adam Skene agrees that the demands of the profession are changing. “A university degree is no longer enough for a risk-related career,” stated Skene. “You need to be able to demonstrate that you have the right knowledge and qualifications. It’s a win-win for my company. I’ve used concepts, processes and ideas from the Diploma to add value to our client deliverables.”

New emphasis placed on risk management

Regulatory reforms such as the Dodd-Frank Act, Basel III and Solvency II have seen a new emphasis placed on risk management. Basel III requires organisations to address firm-wide governance and risk management, while Solvency II requires staff to have the skills, knowledge and expertise to fulfil their responsibilities.

Against this backdrop, the IRM commissioned research into risk management competencies across the world, establishing an expert global Education Advisory Board to agree the new programme in conjunction with existing module leaders and examiners.

While the revised International Diploma incorporates core components of the previous syllabus, it also introduces additional topics including risk appetite, risk culture, resilience and future risk.

International Certificate in Risk Management

The final module of the Diploma, ‘Crises, Resilience and Future Risk’, will provide risk managers with the skills they need to operate in today’s risk environment where major risk events – from natural disasters through to the latest global cyber attacks and health pandemics such as the Ebola crisis – frequently overlap.

The revised International Diploma comprises six modules that are generally completed over three years. Successful completion of the first two modules of the Diploma leads to the award of the International Certificate in Risk Management, providing a seamless transition for those wanting to further their knowledge and expertise by studying for the Diploma.

Full details of the revised International Certificate and Diploma of Risk Management are available at: http://www.theirm.org/qualifications/international-diploma-in-risk-management/course-content/

The IRM is the leading international professional body for risk management. It’s an independent, not-for-profit organisation that champions excellence in managing risk and helps improve organisational performance. The IRM does this by providing internationally recognised qualifications and training, publishing research and guidance and raising professional standards across the world.

The organisation’s members work in all industries, in all risk disciplines and across the public, private and not-for-profit sectors.

Leave a comment

Filed under Risk UK News

Growing risk of online crime threatens London’s business reputation

The capital’s reputation as a safe place in which to do business is under threat unless firms are better prepared against the rising threat of online crime.

A new report from the London Chamber of Commerce and Industry (LCCI) argues that, despite efforts from Government and law enforcement, London firms – particularly small and medium-sized enterprises (SMEs) – are still largely oblivious to the ever-more sophisticated methods cyber criminals are using to steal valuable information.

Cyber crime costs UK companies alone at least £21 billion per year. The costs of a security breach experienced by smaller organisations are rising, with the average cost of the worst attacks now between £65,000 and £115,000 (up from £35,000 to £65,000 a year ago).

The LCCI report – entitled: ‘Cyber Secure: Making London Business Safe Against Online Crime’ – finds that:

*Over 50% of London firms had experienced a cyber breach
*Cyber crime numbers and costs could be far higher due to widespread under-reporting of online fraud to Action Fraud
*A lack of awareness of cyber threats and the high costs of protection remain significant barriers to firms implementing stronger security measures
*Smaller firms are becoming increasingly targeted by cyber criminals as their systems are generally easier to access and they provide an open door to larger companies via supply chains
*Government initiatives to improve awareness and resilience (and to reduce the costs of security) are welcome, but often use overly complex and technical language which renders them inaccessible to the average SME

The capital’s reputation as a safe place to do business is under threat unless firms becomes more prepared against the rising threat of online crime

The capital’s reputation as a safe place to do business is under threat unless firms becomes more prepared against the rising threat of online crime

Creating a single ‘landing pad’ of resources

The LCCI calls on the Government to create a single ‘landing pad’ of cyber security resources aimed at business, making it simpler for companies to know where to go for advice. The Mayor of London can complement this resource for the capital’s firms through the proposed London Business Resilience Centre.

Despite the Government’s designation of Action Fraud as the first point of contact for cyber crime victims, many businesses are not aware of the service’s existence. Minimising the information required from companies and better promotion would help increase reporting rates for vital intelligence.

More also needs to be done to make it easier for firms to recover the costs of cyber crime, and in particular those acts of criminality perpetrated in the UK.

The Government should encourage Internet Service Providers (ISPs) and banks to use the cover of existing laws to release data that could result in faster and more decisive action being taken against criminals.

Some simple guidance to help firms navigate the civil or criminal legal system would also be of valuable assistance.

Growing menace of cyber crime

Colin Stanbridge, CEO of the LCCI, said: “The growing menace of cyber crime is costing business dear in financial, data and intellectual property loss terms. SMEs often have very limited resources they can allocate to cyber security so the Government and Mayor of London must be more targeted in their approach to reaching smaller firms with helpful information, and focus on providing easy–to-adopt online security solutions.”

Stanbridge continued: “Unless more is done to help smaller firms understand and put in place at least basic security measures, the reputation of London as a major global centre for business is vulnerable. The authorities need to work together to make the process of online protection simpler, quicker, easier and cheaper for the smaller firm such that the health of the economy and the reputation of the capital is not undermined.”

Stephen Greenhalgh (Deputy Mayor of London for Policing and Crime) added: “The advance of technology has shifted criminal activity from the streets to the PC. The LCCI cyber security report paints a determined picture of a strong will from Government and law enforcement to protect businesses, but a confused landscape in terms of fragmented initiatives and policy responses. This report should galvanise the effort and make this confusing landscape easier for the business owner to navigate, from the online SME right through to the multinational. MOPAC looks forward to working with the LCCI to raise awareness and simplify the plethora of initiatives out there, particularly for SMEs, through single hubs like the London Business Crime Resilience Centre.”

City of London Police Commander Steve Head, who is also the Police National Co-ordinator for Economic Crime, explained: “Cyber crime is estimated to be costing UK companies at least £21 billion every year, but the reality of the situation is that this huge figure would be even higher if all businesses reported to the authorities when they had fallen victim to an offence committed through the Internet or via other emerging technologies.”

Head also stated: “It’s therefore vitally important that SMEs who fall victim to an online crime contact Action Fraud which, in May, became part of the City of London Police and now sits directly alongside the force’s National Fraud Intelligence Bureau. Working together, they are improving the service provided to small companies whose security has been breached by cyber criminals with, most importantly, the arrival of bulk reporting for industry just around the corner.”

City of London Police Commander Steve Head

City of London Police Commander Steve Head

In conclusion, Head opined: “The past year has also seen a significant rise in crime disseminations to UK forces for investigation and a huge rise in the disruption of criminal enablers. However, it’s only by having the full picture of how cyber crime is targeting industry to hand that law enforcement and Government can put in place the resources and measures required to combat what has very quickly become a massive threat to the sustainability and profitability of companies operating the length and breadth of the land.”

Leave a comment

Filed under Risk UK News

Customers urged to be vigilant as card fraudsters increase scam attacks

New figures released by Financial Fraud Action UK show that card and remote banking fraud increased during the first six months of 2014. The intelligence behind the figures reinforces recent trends, which have seen the growth of deception crimes seeking to persuade consumers to part with their personal and financial information, as well as criminals’ use of computer viruses. As a result, customers are being warned to remain vigilant and aware of the key warning signs of scams.

Fraud losses on UK cards totalled £247.6 million between January and June 2014, an increase of 15% from £216.1 million during the same period in 2013. Fraud as a proportion of card purchases has remained flat at 7.4 pence for every £100 spent, the same proportion as the industry reported at the end of 2013.

Losses on remote banking fraud rose to £35.9 million, up 59% from £22.6 million in 2013. Within this total, online banking fraud losses rose to £29.3 million, a growth of 71% from £17.1 million in 2013. Telephone banking fraud rose to £6.6 million, up 20% from £5.5 million. Intelligence suggests criminals are targeting business accounts which typically allow higher value fraudulent transactions.

Losses due to remote card purchases (those made online, over the telephone or by mail order) rose to £174.5 million in the first six months of 2014, up 23% from £142 million in the same period in 2013.

Within this total, the e-commerce fraud loss is estimated to be £110 million, up 23% from an estimated £89.5 million in the first half of 2013. While significant, this rise needs to be viewed in the context of the increase in Internet shopping by British consumers, with spending up from an estimated £40.5 billion in the first half of 2013 to an estimated £47 billion in the same period in 2014 (according to IMRG). Card payments are the main driver of online spending growth as they provide the most effective way to pay online.

Card fraud rises, but as a proportion of spending remains flat at 7.4 pence for every £100 spent during the first half of 2014

Card fraud rises, but as a proportion of spending remains flat at 7.4 pence for every £100 spent during the first half of 2014

Growth of deception crimes

A key driver for the rise in fraud losses has been the growth of deception crimes aimed at individuals and businesses. A combination of Chip and PIN and advanced fraud screening detection processes used by the banks drove a long-term decline in card fraud up to 2012. This is illustrated by the 72% decline in High Street fraud losses between 2004 and 2013. In response, fraudsters are increasingly concentrating their efforts on obtaining personal and financial details from individual customers rather than attacking the security systems used by the banks.

An increasing problem has been criminals telephoning people at home while posing as the bank, police or representatives of other trusted organisations such as Government departments. These cold calls typically involve the fraudster tricking their victim into revealing personal or financial information, such as their four-digit PIN or online banking details, transferring money to another account or accepting a courier into their home to pick up their card.

Once details have been compromised, they are then used to commit fraud through both remote (telephone or online) banking channels and via shopping online.

Commonly, fraudsters target retailers who have not introduced adequate Internet shopping protections. Research conducted by the ICM for Financial Fraud Action UK (FFA UK) showed that a quarter (25%) of customers do not take steps to challenge the identity of a cold caller, with this figure rising to 34% of 18-24 year-olds. To stop these scams, police and fraud experts are highlighting the key warning signs.

Your bank will never:
*Call you and ask for your four-digit PIN or your full online or telephone banking security codes over the phone
*Ask you to withdraw money to hand over to them, or to transfer money to another account (even if they say the account is in your name)
*Come to your home to collect your cash, payment card or cheque book
*Ask you to purchase goods using your card and then hand them over for safe keeping

Intelligence also shows criminals are using computer viruses to steal personal and financial information which is then used to commit fraud. FFA UK strongly endorses last month’s ‘Call to Action’ by the National Crime Agency for consumers to download and update security software. Free software is often available for customers to download from their banks’ website.

Distraction thefts: driver of fraud

Distraction thefts in shops and at ATMs have been identified as a driver of fraud on lost or stolen cards, which has increased by 3% to £29.2 million from £28.2 million in the first half of 2013.

Meanwhile, mail non-receipt fraud has increased by 10% to £5 million, up from £4.6 million, with fraudsters targeting multiple occupancy residences to intercept cards and personal details from post boxes.

Counterfeit card fraud rose by 4% in the first six months of 2014 to £24.2 million, up from £23.3 million in 2013. The key driver for this modest rise is that stolen card details in the UK are being used to create counterfeit cards for use overseas in countries which have not yet implemented Chip and PIN.

Fraud on contactless cards continues to be negligible at £51,000 over the first six months of the year, which is just 0.007% of contactless card spending. Cheque fraud losses fell by 34% to £10.5 million in the first half of 2014, from £15.8 million in January to June 2013. The continued success of improved fraudulent cheque detection methods and enhanced prevention controls is the driver for this long-term decline.

The industry is tackling fraud through enforcement, information sharing, technological advances and awareness campaigns. The industry fully sponsors a specialist police unit, the Dedicated Cheque and Plastic Crime Unit (DCPCU), which identifies and targets the organised criminal gangs responsible for payment fraud. Since its inception in 2002, the DCPCU has achieved an estimated £800,000 per week in savings from reduced fraud.

Through FFA UK, the card and retail banking industry securely shares intelligence on emerging threats and identifies patterns in fraud which protect consumers and strengthen the industry’s defences.

Banks use a range of increasingly sophisticated fraud screening detection tools to prevent fraudulent transactions. FFA UK will shortly be launching a ‘vishing’ awareness initiative aimed at increasing customer vigilance over such scams.

Detective Chief Inspector Perry Stokes, head of the DCPCU, said: “Be very suspicious of phone calls, texts or e-mails which come out of the blue asking for personal or financial details, regardless of who the person on the other end of the line claims to represent. Be aware of the warning signs. Your bank will never ask you for your four-digit PIN, to transfer or withdraw money or to give your card to a courier. We’re asking members of the public to pass this information on to any family and friends who may be unaware, and echo recent calls made by the Commissioner of the City of London Police for a national awareness-raising campaign led by Government.”

View the full 2014 half year fraud figures

Leave a comment

Filed under Risk UK News