Authors – French Caldwell and Richard Stiennon
Key takeaways –
Third party risk management is not just for suppliers, IT vendors and service providers. In many cases, subsidiaries or other organizations within your enterprise, and even well-known business customers should be brought into the third party management program.
The problems at Deutsche Bank and Danske Bank reminded me of an inquiry I had with a CISO at a large high tech equipment manufacturer. We were discussing best practices in third party risk management. I asked him what types of companies he was monitoring and he told me they were subsidiaries. He was putting these subsidiaries through the same hoops as he would any other third party vendor, classifying them into three risk categories, doing deep dives and continuous monitoring on the higher risk ones, and documenting certification and accreditation on all of them.
The Financial Times today recounted Deutsche’s current regulatory rows — money laundering by a former subsidiary Regula that it had acquired in the British Virgin Islands and Deutsche’s role as a corresponding bank processing over €160billion in suspicious payments for Danske Bank Estonia. And of course Danske Bank Estonia was a subsidiary acquired by Danske.
Being “in the family,” it is apparent that Regula and Danske Bank Estonia did not get enough scrutiny by their parents. Had they been treated as high risk third parties, the risks and lack of effective controls to prevent money laundering may have been discovered earlier, avoiding the heavy supervisory presence and regulatory investigations that the parents now enjoy.
Also, Danske Estonia’s use of Deutsche Bank instead of its own parent to transfer money out of Estonia could have helped to bypass parental scrutiny. Should Deutsche have raised a red flag — like a neighbor who lets the neighbor kid smoke pot in her backyard? Deutsche didn’t raise a red flag, instead stating they weren’t the ones responsible for validating the source of the funds — that was Danske’s problem.
Yet, now it’s all come back on Deutsche, and the lesson learned for the rest of us — when a lot of money is on the line, treat your family and your friends as acquaintances.
1 — Bring high risk subsidiaries into your third party risk management program
2 — High risk customers should also be included in your third party risk management program
Key takeaways:
1 – With modern social technologies, political movements can coalesce in days, maybe hours
2 – The weak political center and struggling traditional political parties in France provide an opening for the emergence of more political movements enabled through social technologies\
3 – Government leaders should be prepared with strategies to predict, engage, monitor, and respond to rapidly emerging political movements
Over the last three weeks, protests in France that were triggered by a new fuel tax and rising fuel costs have grown through social media to become a national movement. Watching the yellow vests protestors break out into a violent mob in Paris, and the police response with tear gas and water cannons, reminded me of other protests over the last two decades that have been organized through social technologies. The very first was the Battle of Seattle where protest organizers used text messaging and online bulletin boards – but that required months and weeks of preliminary planning. As we observe in France, with modern social technologies, political movements can coalesce in a few days, maybe a few hours.
Text me — killing Doha
The anti-WTO protests in Seattle in 1999 are the earliest documented application of social technologies in street-level activism. In Seattle, protesters networking through cell phones and updates to online websites were able to outmaneuver police and shutdown a round of trade talks. The round of WTO talks that had led up to Seattle ended inconclusively with no agreement on the major issue of breaking down trade barriers between rich and poor nations. The subsequent Doha round of talks, which began in 2001 and was scheduled to complete in 2005, picked up on the same theme of breaking down trade barriers between rich and poor countries. However, ten years after the original deadline the Doha round was still not complete – the smart mob had killed it.
The Arab Spring — not quite social
With the advent of smartphones, social media combined with mobile technology, and Twitter was often identified as an enabling technology for street protestors in the 2011 Arab Spring protests. Credible research has shown that during the Arab Spring protests, most street activism preceded social media activity, rather than followed it – indicating that most people were tweeting and posting about the events they were seeing on television, rather than using social technologies to organize the protests.
Social technologies help political movements, but leadership still matters
Seattle in 1999 remains the benchmark for organization and execution of street activism using social technologies. The yellow jackets in France, have yet to demonstrate a similarly high degree of organization, and the protests could peter out. However, there is a political vacuum in France, with both right and left mainstream political parties having been marginalized in the last elections, raising the specter of a weak center represented by President Macron and his “La République En Marche” party facing a population that has shown that it can self-organize through online and mobile technologies.
So far, Macron’s government has been ill-prepared to deal with a national political movement that appeared in a fortnight. In Macron’s favor is that the yellow vests have shown no cohesive national leadership; yet, that is also a problem for Macron since there is no legitimate movement leadership to engage.
Recommendations
Many government leaders treat social media as another public relations channel, like print and broadcast media. Instead they should be looking at social and mobile data as a rich source of insights. Government leaders can use social media analytics to predict, manage, engage and respond to rapidly emerging political movements, as follows:
1 — stress test proposed major initiatives and identify key indicators that can predict the range of societal reactions
2 – identify the people who are the primary influencers and engage appropriately and constructively with them as the indicators warrant
3 — monitor the indicators before and after the initiative is launched, and
4 — if people take to the streets, analyze the mobile and social data to guide the deployment of and response by law enforcement in ways that prevent or limit violence
5 – while mining and analyzing social and mobile data, ensure that policy and procedures to protect individual and group rights of assembly, petition, free speech, and privacy are followed
