During the second-largest global financial crisis around 2008, many people began calling for more crisis and risk management in the government to prevent a similar scenario. After the Great Depression, the securities and financial trade system was overhauled, with more regulation, transparency and oversight in an effort to prevent a similar market crash. Since that point, there have been spirals down, but not to the same degree. The recession of 2008 was the closest to the Great Depression, at least in recent memory. While the economy has slowly recovered, corporations and consumers have also battled with cyber attacks, compromising credit cards and bank accounts. Many financial institutions have had to re-focus on crisis and risk management to prevent losses in the event of a cyber attack.
So what does the role of crisis and risk management do to prevent securities and trade crimes? First, risk managers help a company organize their responses to a crisis, and to behave in a way that prevents the crisis from occurring in the first place. Risk managers should ensure that there is a tone of compliance coming from the top-down. That means CEO’s, presidents and officers of the company need to create an environment of incentives and sanctions to ensure compliance with federal regulations. Risk managers can also help companies create plans for foreseeable crises – planning pays off. A predictable crisis could be a PR nightmare for the company or its directors, and the effect it has on its stocks or its shareholders. Finally, risk managers can be the point of contact for the many people interested in what’s happening with the company during a crisis – shareholders, consumers, and government prosecutors. If each company has an attitude of strict compliance, self-auditing and proper planning in the event things go bad, below-the-board and criminal deals will be discouraged, to the benefit of the public-at-large.
Companies also need to engage in crisis and risk-management to prevent cyber-fraud and losses to their customers. Security must be a part of every IT decision a company makes – from setting up the email server to creating a system of processing payments, as applicable. One can learn a lot from some of the major cyber attacks. A few years ago, Target was attacked right before the Christmas holidays, leaving their customers vulnerable to further financial complications. The credit card numbers of hundreds of thousands of customers had been stolen. Most retailers contract with a third-party who processes payments, called HVAC. Target had this set-up. The third-party did not have proper anti-malware solutions installed, and therefore a virus was able to infiltrate the system and steal all the point-of-sale information from Target’s consumers. Retailers need to be sure that the third-party contract uses fraud and malware protection software for their entire system, as well as conduct regular audits to ensure compliance and security.
Companies and corporations would create an environment of predictability and stability if they used the expertise of crisis and risk managers. Most of the time, financial crises are predictable, either because of shady business practices that are tacitly approved of by management, or with shoddy cyber security. Creating a system of transparency and oversight could prevent criminal activity and its negative effects on society.