Spring World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 29, Issue 1

Full Contents Now Available!

Jon Seals

Global assets under management (AuM) are set to swell to US$102 trillion in 2020 and according to a new report from PwC, the tax function, which is about to undergo significant change, will be critical in determining those players in the market who will be best positioned to win greater share of business in the lead up to it.

According to the report, ‘Asset Management 2020 and beyond: Transforming your business for a new global tax world’, as banks and insurers retreat from many business lines, asset managers are becoming more influential across a range of products, creating a new breed of global mega-managers. This is attracting huge focus from tax authorities, who, come 2020, will have specialist teams with the capabilities to carry out much more detailed enquiries than in the past, and the powers to request real-time investor-related information.

Investors, therefore, will expect asset management providers to have robust and efficient tax infrastructures. They will have minimal tolerance of tax uncertainty or tax adjustments and gravitate towards providers that offer products reflecting investor-specific tax profiles. Prospective investors will ask about tax disclosures even taking their individual tax charge into account before they consider investing in a fund. They will seek more certainty with respect to tax issues.

Portfolio taxation will become a key battleground

When launching new products, therefore, asset managers will routinely have to carry out full assessments to make them competitive in all channels. With more transaction taxes, local withholding and self-assessment capital gains regimes, every asset purchase and sale will have to be carefully examined from a tax risk and reporting perspective. This will require asset managers to have real-time access to data on global tax regimes.

PwC expects a number of integrated businesses combining asset management, wealth management and private banking activities with the ability to provide a full tax advisory service to clients, to emerge.

“In the lead up to 2020, investors’ evaluation on how their portfolios perform will focus predominantly on post-tax yields.  Asset managers therefore, will have little choice but to respond by dispersing their strategic tax resources throughout their business operations to give front, middle and back office staff access to real-time expertise,” says PwC’s William Taggart, Global  Tax Leader, Asset Management.

“In tandem in-house asset management tax teams will need to evolve to deal with perpetual audits and to engage with tax authorities on a frequent basis to influence policy and help guide the implementation of tax rules.”

Tax technology will be key to performance and client satisfaction

Technology for tax will enable investment firms to make timely tax-informed investment decisions and provide investors and tax authorities with the transparency and reporting they demand. It will also create the ability to differentiate between the alpha - the return in excess of a benchmark index or "risk-free" investment, created by the portfolio manager and that created (indirectly) by the capability of the tax team, to manage tax leakage and tax risk.

Technology will not only be close to the heart of asset managers – the tax authorities will also have made significant investments by 2020 too hence the age of selected paper-based reporting by asset managers to the tax authorities will be over. Tax authorities will request whatever information they want from asset managers through having direct access to their IT systems rather than asset managers pushing data to them.

Taggart concludes:

“Tax and reputation in the world of asset management, will be inseparable. The increased complexity of the tax function will require that it spends significant periods of time with operational activities in order to be able to act as a trusted advisor internally and to key executives. Asset managers will need to ensure highly-skilled tax people are brought into the heart of the business. The tone needs to be set at the top. The tax function is critical to the entire operation and senior management will need to make sure this is well understood.”

Notes to Editors

To help asset managers plan for the future, PwC’s report ‘Asset Management 2020 and beyond: Transforming your business for a new global tax world’ sets out a vision of what the tax landscape will look like in 2020 and beyond, and examines what it means for asset managers and their clients. The report recognizes that change will come incrementally, but should be started soon with a long term strategic vision of how the tax function should operate, how it is resourced, and its role within the overall business, in mind.  The report then sets out the characteristics of such a vision.

About PwC

PwC helps organisations and individuals create the value they’re looking for. We’re a network of firms in 157 countries with more than 195,000 people who are committed to delivering quality in assurance, tax and advisory services. Find out more and tell us what matters to you by visiting us at www.pwc.com.

© 2015 PwC. All rights reserved

PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure​​ for further details.

(MCT) - A slow-moving storm that has left parts of Charleston underwater dumped a foot of rain on the Columbia area since midnight.

The historic rainfall submerged low-lying traffic intersections around Columbia including Devine Street and Rosewood Drive and areas around Decker Boulevard.

Richland County declared a state of emergency Sunday, which allows the county to seek help from state emergency officials and buy emergency equipment and supplies.

...

http://www.emergencymgmt.com/disaster/-Storm-dumps-foot-of-rain-across-Columbia-overnight.html

The technology industry today is transforming its approach to assessing and managing third parties for bribery and corruption risk. As if it wasn’t already a massive challenge for organizations to keep up with new and ever-changing legislation and regulations, FCPA enforcement has elevated to a whole new level of intensity with the DOJ putting heavy resources behind taking action.

But fines are just the tip of the iceberg, and even greater expense may be incurred in pre- and post-enforcement activity. Investigations and their associated legal fees often far exceed the actual fines. In many cases, they can run to five or 10 times more. Post-enforcement costs – updating policies, increased training and dealing with monitors – can also be significant and may last years. In addition, FCPA violations can have a damaging and public effect on a company’s reputation and long-term revenues.

The reality is that the many FCPA risks arise from relationships with third parties — agents, brokers, distributors, suppliers, etc. who may interact with foreign governments or agents. The following points are red flags that require input from your third parties:

...

http://corporatecomplianceinsights.com/ignorance-is-no-excuse-managing-third-party-risk/

Using business continuity management to protect against data breaches

Organizations that involve their business continuity management teams in data breach planning and response can reduce the likelihood of data breach and lessen the cost and impact of any breach that should occur. These findings were uncovered in the 2015 Cost of Data Breach Study: Impact of Business Continuity Management, sponsored by IBM and conducted by the Ponemon Institute.

Ponemon has been charting the cost of data breaches for the last 10 years and in 2014 began examining the correlation between the cost of data breaches and business continuity management’s involvement with cyber security teams in responding to them. This year, the study found that such involvement reduces breach costs by an average of US$14 per compromised record, from US$161 to US$147. Because data breaches can affect thousands of records, overall savings can be significant: BCM involvement can reduce the total cost of each data breach from US$3.8 million to US$3.5 million.

Identifying and containing a data breach quickly is instrumental to limiting its impact and the study found that business continuity involvement can reduce the mean time to identify a data breach from 234 to 178 days, and the mean time to contain a data breach from 83 to 55 days.

Perhaps most important, the study found that BCM involvement with security operations can actually reduce the likelihood of data breach. According to the Ponemon study, the likelihood of a data breach involving 10,000 or more records striking a company that involves BCM in security operations is 21.1%, compared to 27.9% for organizations that have no BCM involvement with security. And if a breach does occur, it will negatively affect the business operations of only 55% of organizations that involve BCM with security, compared to 80% of organizations with no such involvement.

Clearly, BCM involvement with security operations can help limit the instances of data breach and mitigate the damage caused if a breach does occur. Organizations now understand this, and are finding ways to coordinate security and BCM response to breach. According to the Ponemon study, roughly 50% of the companies polled now have BCM involvement in data breach response planning and execution, up from 45% in 2014.

For further information on how business continuity management and security operations can work together to limit the impact of a data breach, read the IBM White Paper - Business continuity management: security can work together to safeguard data.

DENTON, Texas – More than $5.6 million in federal funding was recently awarded to the state of Louisiana to fund wind damage and flood protection measures in Jefferson and Terrebonne parishes.

In Jefferson Parish, more than $2.8 million covers mitigation measures taken to protect government facilities such as fire headquarters and the police department from wind and debris damage. The measures include 571 impact-resistant screens and roll-down shutters.

In Terrebonne Parish, more than $2.8 million pays for the elevation of 23 storm-damaged properties to one foot above the 100-year flood level. This significantly reduces the effect of future flooding on those structures.

The funding for these projects originates from the Federal Emergency Management Agency’s (FEMA) Hazard Mitigation Assistance (HMA) grant programs. HMA, specifically the Pre-Disaster Mitigation program, provides funds for hazard mitigation planning and projects that reduce disaster losses and protect life and property from future damages. For more information on HMA, visit http://www.fema.gov/hazard-mitigation-assistance.

FEMA’s contribution represents a 72 to 75 percent federal cost share. FEMA awards funding for projects directly to the state of Louisiana; the state then disburses the grant to the eligible applicant.

Follow FEMA Region 6 on Twitter at https://twitter.com/femaregion6.
                                                                           
                                                                                                      ###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Monday, 05 October 2015 00:00

BCM & DR: Mergers & Acquisitions (Part 1)

As many of you may know, I work in Program and Project Management, as well as Business Continuity and Disaster Recovery. I find the Program/Project Management aspects help build and manage activities needed in BCM & DR and communicate buy-in and need with executives. If you haven’t had any Project Management training, I suggest you attend a course (Note to self: New Post about Project Management). So, it came as something interesting the other day when during a program meeting, the topic of a merger and acquisition with regards to BCM & DR came up during a meeting – and not at my urging either.

If you work for a large corporate entity, you may have gone through a merger/acquisition – as the either purchaser or the one who was acquired. If you work in the IT or DR/BCM role, then you’ve probably had some hair pulling moments trying to figure out how new – or old – technologies work and how they need to work together in the event of a disaster. But it’s doesn’t have to be that difficult…at least if the newly acquired company will still operate as a ‘separate entity’.

...

https://stoneroad.wordpress.com/2015/10/01/bcm-dr-mergers-acquisitions-part-1/

Creative abstract mobility and digital wireless communication technology business concept: group of tablet computer PC and modern touchscreen smartphones or mobile phones on wooden table

By: Sarah Leary

Online communication and social networks are changing the way that people communicate. Today, people are able to relay messages to those around them and those across the world nearly instantly. This instant communication is playing a critical role in emergency communication.

NextDoor_Earthquake

When the largest earthquake since 1989 hit Napa, California, and the greater San Francisco Bay Area in August 2014, neighbors and local agencies were quick to turn to social media to communicate updates and information about the damage and safety precautions. One of the social networks utilized was the private social network for neighborhoods, Nextdoor, which creates social networks and communication channels specific to individuals’ neighborhoods.

Within minutes of the earthquake, residents used Nextdoor to send urgent alerts out to their communities, warning their neighbors to take cover in doorways, watch out for crumbling chimneys, and keep an eye out for scared and flighty pets. In the days following the quake, neighbors continued to use this new social network to share neighborhood-specific tips on clean-up efforts, offer shelter to neighbors in need, and report sightings of lost pets in the area.

Several Nextdoor agency partners, including both the City of Napa and the City of American Canyon, used social media to inform residents of damages, advice for contacting emergency personnel, school closures, and more. In many areas, social media was used to advise residents to keep an eye out for the sound or smell of leaking gas lines and provided road closure updates.

An incredible number of social media conversations in the greater San Francisco Bay Area that day were related to the earthquake– demonstrating that a connected community is indeed a stronger community. Neighbors connected with neighbors, passing along the latest information on power outages, road closures, and damage reports.

Similarly, during the flash flooding and historic rainfall in Houston, Texas this May, the Houston Office of Emergency Management also turned to social media to send out important safety updates and urgent safety alerts to residents across the city.

“During times of emergency and natural disasters, it is often neighbors who are able to best help each other,” said Rick Flanagan, Emergency Management Coordinator at the Houston Office of Emergency Management. Social media “has played a vital role in, not only helping our residents connected, but giving us an effective way to work directly with residents to make Houston a more resilient, prepared city.”NextDoor_UrgentAlert

The ability to connect with the community online rapidly closed the communication gap that previously existed between residents and emergency services.

For towns that have experienced more than their fair share of natural disasters, like the City of Moore, Oklahoma, which has been plagued by tornadoes, social media platforms offer a way to connect communities and increase resiliency.

“The more connected you are to your neighbors, friends, and family, the more invested you are in your community. We have people that have gone through disaster and destruction and they have chosen to stay,” said Jayme Shelton, marketing specialist for the City of Moore. “I think Moore citizens choose to stay because of the people.”

Shelton noted, “We come together as a community during times of disaster, and it would be great if we kept that going throughout the year. We don’t have to have a disaster hit us to know your neighbors.” Social media platforms play a big part in connecting neighbors, community leaders, and emergency management resources.

In 2010, the Pew Research Center released a report stating that 28 percent of Americans do not know a single neighbor by name, and only 29 percent know one neighbor by name.

Social media has enhanced how public agencies and residents work together to build more resilient communities. Public safety agencies across the country are increasingly combining the power of social networks with the power of connected neighbors to help create safer more resilient communities – whether the emergency is a flooding in Texas, an earthquake in California, or a tornado in Oklahoma.

If neighbors are able to be better connected, they will be much more resilient and prepared for anything that comes their way.


Nextdoor's icon a white house in a green boxSarah Leary is the Co-Founder and Vice President of Marketing and Operations at Nextdoor, a free and private social network for neighborhoods.

http://blogs.cdc.gov/publichealthmatters/2015/09/connecting-neighbors-through-social-media/

Monday, 05 October 2015 00:00

A Cyber Security Confession

I’m going to hold my hands up right now and tell you that as resilience professional in 2015 I still feel like I know very little about cyber security and it really concerns me.

I was recently listening to a very interesting discussion during an interview with Ken Simpson and the wonderfully insightful Lyndon Bird (a guy who I’m constantly asked if he’s my father because of our similar name) on the Beyond the Black Stump Podcast Series (I highly recommend a listen) where Lyndon, who is often described as one of the founding fathers of BC, touches on a point that I’ve been contemplating for a long time. In summary he says…

“Has business continuity gone through its lifecycle of conventional Business Continuity Management Systems into a wider arena called resilience and are our traditional skills ready for that?…Business continuity has a limitation in so far as where it goes to next…Cyber to some extent doesn’t fit our model.”

...

http://blueyedbc.blogspot.com/2015/09/pretending-to-know-about-cyber-security.html

I frequently help Forrester clients come up with shortlists for incident response services selection. Navigating the vendor landscape can be overwhelming, every vendor that has consultant services has moved or is moving into the space. This has been the case for many years, you are probably familiar with the saying: "when there is blood in the water." I take many incident response services briefings and vendors don't do the best job of differentiating themselves, the messages are so indistinguishable you could just swap logos on all the presentations.

Early next year, after the RSA Conference, I'm going to start a Forrester Wave on Incident Response services. Instead of waiting for that research to publish, I thought I'd share a few suggestions for differentiating IR providers.

...

http://blogs.forrester.com/rick_holland/15-09-24-10_questions_to_help_differentiate_incident_response_service_providers

As cyberrisks evolve, enterprises have begun to focus on the insider threat by adding specialized capabilities for behavioral analytics on top of endpoint and network monitoring. In order for these tools to be most successful, there must be a fundamental understanding of the role an insider plays in a breach. Not every employee-caused breach is malicious, but they certainly are numerous. In fact, according to Verizon’s most recent Data Breach Investigation Report, 90% of breaches have a human component, regardless of intent.

Insider threats are a rampant problem exemplified by several recent headline-making incidents: the indictment of six Chinese nationals on suspicion of stealing intellectual property worth millions from two U.S. technology firms; accusations from financial giant Morgan Stanley toward an employee believed to have stolen client information with the intent to sell it; and claims from wearable-maker Jawbone that its competitor Fitbit regularly courted its privileged employees, enticing several of them to switch companies and bring sensitive details on its products. The uncertainty around all of these cases begs a couple of important questions: how can intent be determined, and how can employee privacy be maintained while ensuring business security?

...

http://www.riskmanagementmonitor.com/understanding-cyberrisks-from-insider-threats/