Wednesday, April 12, 2017

Rites of Passage and Reputational Risk Examples

Welcome back to me.  I've neglected this blog for many months, as other activities ate my time.

I will try to do better going forward.

Seattle had a hard winter and and is still in the midst of a cold and rainy spring.  I chalked up two long rounds of bronchitis, then took a fall that hurt my back.  I'm 90% back now, and the possessor of a Teeter inversion board from which I can hang upside down three or four times a day.

 I've been walking more and working again with my personal trainer twice a week.  Through the winter and into the spring, I've continued to teach my classes and interact with my students.

This quarter I'm teaching an introductory operational risk and information seminar.   We have a court-side seat to any number of operational risks, but the one I'm amazed by this week is reputational risk.  United Airlines has once again managed to get featured on social media (the video) and traditional journalism as well.  When we think about why we're upset, it's not just the horrific treatment of the doctor who did not want to give up his seat -- no, it's also because we have now had a lesson in what an airline ticket contract looks like, and we realize absolutely that "it could have been me."  Jimmy Kimmel's video that emulates the oily marketing tone that United uses has it just right.  Like thousands of others, I won't be flying United again, no matter how cheap the ticket.

The other reputational risk story appeared a few hours ago in the Wall Street Journal, and discusses how KPMG has had to fire five partners, including the head of its audit practice for a breach in the confidentiality of which KPMG audits would be examined by its regulator, the Public Company Accounting Oversight Board.  Along the way in reading the article, we find that KPMG was Wells Fargo's auditor and never uncovered any wrongdoing in its sales practices. 

How do institutions like United and KPMG recover from such episodes?  How is our confidence in each affected by such news?  I'll be talking more about this topic in another couple of days when I write more about conduct risk in general.




Wednesday, October 26, 2016

Day 2 Executive Womens Forum Conference

Those of us who wanted to engage in such a discussion began at breakfast with an honest conversation on how to support and promote women of color in our professions.  Ours was an especially lively conversation featuring women from Bloomberg, the Santa Fe Institute, from the Department of Energy, from Wells Fargo, JPMorgan Chase, and from Fannie Mae, among others.

Breakfast was followed keynote address by Susan Keating fro the National Foundation for Credit Counseling, who went back to her days as a CEO in banking to describe risk architectural components in a large trading loss: people, processes, systems, data and reporting, and culture.

Now I'm listening to a marvelous panel on e-discovery, which features two jurists as well as an interactive "You Be the Judge" exercise.  Just excellent.

The panel I'm on this afternoon features Patty O'Boyle from Wells Fargo and CEO Galina Datskovsky.  Can't wait to hear what they have to say.

I'll add to this blog later this afternoon after I hear others speak.  But it's clear this is an excellent conference.

Tuesday, October 25, 2016

Three Days of Women Talking Risk, Infosec and Cyber

Something happened to the rest of my summer.  I never got back here to blog on volatile issues like both political conventions, or the natural disasters across the country that must be connected to climate change, or even to talk about the long chapter on root causes of conduct that I finished.

But I've stepped away for a few days from home and the university, to spend time with about 400 senior women who are immersed in risk, security, privacy issues -- and who are increasingly concerned with what were just called "digital vortexes."

There's a lot of laughter too -- witness a discussion on pseudo-anonymization of data, which deteriorated when one panelist pointed out there were two different styles of trust -- the older panelist left her purse at the table, the younger panelist brought her purse with her to the stage.

I'll be back later to report on some of the other sessions here at the conference.  As a speaker just said, "We compartmentalize but also collaborate better than the other half of the planet."''

Monday, August 1, 2016

Can the center hold?


The world just seems to get more unstable every day. Here's the opening of my column for The Risk Universe magazine this month:


  “Turning and turning in the widening gyre
    The falcon cannot hear the falconer;
    Things fall apart; the centre cannot hold;”

             William Butler Yeats, “The Second Coming” (1919)


"These first three lines of a poem that Yeats wrote after the first world war resonate with us today, and have been referenced in American political debate – and perhaps also around the Brexit vote as well.  Going it alone or going it together with other countries appears at least to be the question as discord and violence present themselves more regularly, in no small part because of the technology now available to us."

The level of political discourse has never been more base; and the level of trust for either U.S. political candidate seems to be at an all time low.

Some of us fancy we know that we are at a critical turning point in our history.  Others seem so filled with irritation and rage at the current environment that they cannot see the shape of things unfolding.

I plan to continue not to use the current election as fodder for risk-based speculations.  But I will continue to speak out when employee safety and situational awareness issues are at stake.

Wednesday, June 15, 2016

Thoughts on Domestic Terrorism

Eiffel Tower, Paris, France
City Hall, Brussels, Belgium

In our American history, only twice before have so many citizens been murdered at a single time -- first, at Wounded Knee, where 150-300 Native Americans were gunned down by the U.S. Army; and then of course on 9/11, when even more of our fellow citizens were killed by terrorists recruited to Al-Qaeda.  This is not to say that there have not been other episodes of domestic terrorism since 2001.  Since early 2015 alone, we’ve witnessed such acts in Charleston, Chattanooga, Merced, Colorado Springs, San Bernardino, Philadelphia and Columbus.  

I had a remarkable briefing on terrorism last week, before the Orlando nightclub murders took place.   Since then, as a more detailed picture of the terrorist is painted, I marvel at how closely the profile as described of a domestic terrorist align.


Photo courtesy CNN.
Research indicates that the average age of what are primarily young men is in the 20s.  The terrorist is usually already known by law enforcement; and has often tried to join either the military or a police department.  Most are converts to Islam, a conversion made easier by ISIS' presentations on the web and the graphic violence embedded in them.

Though there are subtle differences with this terrorist, in that he was a Muslim and apparently attracted to others of the same sex -- grounds in Mideastern countries for death by stoning, being dropped from a great height, or beheading -- there are enough similarities to see how sophisticated ISIS has become at appealing to alienated, ostracized and perhaps bullied, lone wolves.

At this time, we have no civil society mechanism to identify in advance and take care of such individuals in something like a diversionary program.  It is well worth thinking about what such a program would include if we could identify them before they caused such enormous damage to our society -- not just to the families and friends, but to our anxiety levels as well.  It is worthwhile for members of the community to come forward to identify dangerous citizens before they act -- this is evidently one of the hardest communications for law enforcement whether working with, say, a militia group, or a religious group.  We still have strong familial and community  loyalties and notions of "tattle tale" that get in our way, no matter how Americanized we have become.

It is inappropriate to blame the FBI for having investigated but released the murderer for lack of "reasonable cause."   In fact, as I have just explained to a good friend from France, it is that very definition of reasonable cause that protects all of us from unreasonable encroachments by law enforcement.

I won't spend a lot of time here on the topic of gun control, except to note that it is time for Congress to stand up to the NRA and pass legislation that prohibits the sale of assault weapons, to authorize background checks and forbids sales of weapons to those on the U.S. watch list.

My heart goes out to the LGBT community, the direct target of these and other such acts of late.  Just a year ago, the community won a legal battle to marry.  To have such violence and hatred spewed in this particular way, in a club that was considered a safe space, is especially wrenching.  We are better than this.

Please practice situational awareness as you go about your life, especially in public places.

Thursday, May 12, 2016

How far can finger-pointing and bad-mouthing take you?



Catholics are taught at an early age that someone is always watching you.  As a child, I didn't think of this as surveillance (not a term that the Baltimore Catechism is familiar with), but rather as being benignly supported in my efforts to be a good person.

On the irreligious side, I learned early about being a good citizen and helping others -- to "put myself in their shoes," as my mother would say.  This behavior seemed to square up with my heroes, Nancy Drew the Hardy Brothers, and with the principles taught by the Brownies and (later) Girl Scouts.
I had no sense of limitations or boundaries growing up.  I was there to grow into myself.

I've tried hard in my career to explain to colleagues and to shadowers that 1) honesty is the best policy because it's most efficient; 2) that "Every wall is a door" (Ralph Waldo Emerson); 3) that harboring resentments or engaging in finger-pointing hurts you most of all because it sucks your attention and focus into proving your hypothesis; and 4) that there is always something to learn from another, especially if you can put yourself in her/his shoes.

There's not enough time left on my runway to spend my energy negatively.  Observing the current state of politics is enough of a time sucker.  I'll spend my time working to change the world, one project (or one class) at a time.

Tuesday, April 26, 2016

Us vs the Europeans

The European Union definition of personal information and of privacy is so much more restrictive than ours that it should come as no surprise that the Europeans are not as interested in using massive data suction tools to find terrorists as this government is.

I wish I could say that any of the presidential candidates understood the issues around privacy, in particular digital privacy, but I'm afraid we are going to have to leave that to the Supreme Court.

The FBI director says he was greatly misunderstood, that he's simply interested in being able to read "clear text."  Meanwhile, we learn that there was nothing of interest on the work phone in San Bernardino that caused the FBI to take Apple to court to break the device's encryption and to create software most of us in the business call a "back door."  The FBI however is still hopeful that they might be able to figure out what the terrorists did in time not yet accounted for by checking out their GPS data.  (If they were smart enough to use burner phones, they would have been smart enough to turn off "Location Services," thus turn off GPS.)

I am looking for a leader, perhaps a former government official, to become the clear spokesperson for privacy and in particular for digital privacy.  I don't think that Tim Cook can do this and run his business at the same time.  We need a private sector leader to explain clearly to the American public what is at stake in these skirmishes.