POPULARITY
Guest: Phil Gurski, President/CEO, Borealis Threat and Risk Consulting, former senior strategic analyst with CSIS.
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. Our guest, Communication and Relatability Expert Rachel DeAlto will be a keynote speaker on May 6th at RISKWORLD 2025. In this episode, Justin and Rachel discuss her career from insurance defense attorney to speaker, author, and startup leader. As a defense attorney, Rachel worked with risk management professionals. Rachel shares tips for creating connection, relatability, and trust. She speaks of authenticity within professional boundaries. Listen for suggestions on developing empathy and establishing trust. Key Takeaways: [:01] About RIMS and RIMScast. [:15] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode's show notes. [:33] About this episode. Our guest is relatability and communication expert, Rachel DeAlto. She will be one of the keynote speakers at RISKWORLD 2025. [:59] RIMS-CRMP Workshops! On February 19th and 20th, a two-day virtual workshop for the RIMS-CRMP will be led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:21] RIMS will be partnering with Purima once again on March 5th and 6th to deliver a virtual RIMS-CRMP Prep Course. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:38] Virtual Workshops! Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:53] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:14] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:25] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:43] This event is open for RIMS members only so if you're not a member, join now! Visit RIMS.org/advocacy for registration details. [2:51] RISKWORLD 2025 registration is open. Take advantage of our Super Savings Rate by February 28th. Speaking of RISKWORLD, that brings us to our very special guest. [3:03] Rachel DeAlto is a communication and relatability expert. She maintains a law degree and a master's in psychology and has achieved the designation of Certified Speaking Professional through the National Speakers Association. [3:17] Rachel is the author of Relatable: How to Connect with Anyone, Anywhere, (Even if it Scares You), available from Simon and Schuster. [3:26] On May 6th, Rachel DeAlto will deliver her keynote, “The Power of Relatability,” at RISKWORLD 2025, where she will explore the vital role of genuine human connections in effective leadership. [3:38] She's here to tell us a little bit more about her keynote and she will reveal some of the top interpersonal qualities that inspire trust and motivate teams. These are the sorts of skills that risk management professionals can use at any stage of their career. [3:56] Interview! Rachel DeAlto, welcome to RIMScast! [4:01] Rachel is one of the three keynote speakers on May 6th. She is super excited about it. She has heard amazing things about RISKWORLD from friends who have attended or spoken there. [4:18] Rachel was adjacent to the risk profession as an insurance defense attorney. She was very much aware of the risk management professionals. [4:47] Rachel was constantly having conversations with the risk professionals, keeping them in the loop, determining together where potential pitfalls were, based on the boots on the ground, in front of witnesses or clients. She and the risk management professionals were cooperative. [5:16] Rachel is still friendly with the claims adjusters she worked with and her former office, who are still working in the insurance defense world. [5:33] When Rachel knew she was going to be at RISKWORLD, she took a bigger look at it to see how large it is, how many different risk professionals are out there, and the different roles they play. The risk professionals Rachel had worked with were a fragment of the risk population. [6:07] Rachel saw there was a holistic way that organizations mitigate or prevent risk. [6:26] Rachel tells how she had transitioned from being an attorney. She had always dreamed of being an attorney and maybe a judge. Ten years ago, she came up with an idea for a startup company, intending to continue practicing law while running the company. [6:52] The company led to a significant launch, with about $2 million in private placement. Her responsibility shifted to the company she was running. That led to doing more media and public speaking. She had had no intention of leaving her boss; he still chastises her for it. [7:27] Rachel uses very strategic “yeses.” She notes that there are times when you are shown two paths; one goes this way, and one goes the other. She is grateful her paths led her to where she is. She would have been happy still practicing as an attorney but she enjoys what she does. [8:04] Rachel believes her skills as an attorney transfer to her career as a speaker. She likes being able to help people and make an impact, with some of the elements of her former career integrated into her work. She feels lucky to do what she does. [9:18] Rachel sees a change over the last several years in that we're understanding that we're all on a stage. We all have stories to tell. We all have parts of ourselves to share. The more comfortable we are in that, the more successful we can be. It's how we connect with people. [9:43] Rachel is all about relatability now. We should all be striving for it. It's the ability to connect with people on a multitude of levels. How can risk professionals balance the emotional risks of vulnerability, authenticity, and leadership and be relatable? [10:15] Rachel speaks of the components of relatability. Authenticity and vulnerability are parts of it, but you don't reveal everything. Be genuine while maintaining professional boundaries. It's not about oversharing but having appropriate levels of transparency. [10:46] Cheryl always tries to demonstrate this, whether in conversations or on a keynote stage. It's sharing stories for a purpose; sharing parts of herself, with intention attached to it. That's how we can build trust and credibility without compromising our authority and professionalism. [11:08] Justin asks about resilience. What traits or practices distinguish reliant leaders in periods of uncertainty? [11:31] Because she loves student loans, Rachel went back and got her master's degree in psychology. Resilience stuck with her. It's not a huge part of what she speaks on but it's part of our lives. [11:56] There's a lot of research around the difference between resilient states and traits. Some people naturally have resilient traits. Others can invoke resilient states when needed, focusing on adaptability, emotional intelligence, and maintaining composure. These can be developed. [13:44] Plug Time! RIMS Webinars! HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [13:04] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [13:15] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [13:27] The First of (hopefully) Many RIMS Texas Regional Conferences will be held in San Antonio from August 4th through 6th, 2025. The Risk Management Roundup in San Antonio is set to unite the Texas RIMS Chapters and welcome risk professionals from around the world. [13:50] You can join as a speaker. The Conference Planning Committee is interested in submissions that explore technology and cyber risk, workforce protection and advancement, energy and sustainability, extreme weather, construction, restaurant, retail, hospitality, and more. [14:08] The deadline to submit your proposal is Monday, February 24th. The link to the event and the submission process is in this episode's show notes. Go check it out! [14:20] Let's Return to My Interview with RISKWORLD Keynote Rachel DeAlto! [14:28] Justin asks about compassion. What steps can a risk professional take to build compassion? Compassion can be developed through practice. It's easy for risk professionals to look at things as black and white; as numbers, percentages, and data points. [15:30] If you start to feel a little disconnected from what you're talking about it's because you're coming at it from a very educated perspective. Recognize that and then ask yourself where are the parts of it where you can become compassionate. Take a step back and practice empathy. [15:53] Look at things from the other side and put yourself in the other person's shoes. Use active listening without judgment. Be in tune with the other person, trying to understand their objectives. Find common ground and the space to take a step back. Take small steps. [16:22] If someone feels disconnected from their compassion, they can start with the awareness of it and then take small steps in the beginning, to dive back into it. [16:32] On the RISKWORLD keynote stage, on May 6th, Rachel will share a lot of her practical frameworks for building trust and connection. She will also share data from her research on relatable leadership and what teams are looking for from their leaders. [16:57] Rachel will share ways to create stronger working relationships. Regardless of where you work as a risk professional, you work with other people. The stronger connections you have and the better teams you have, the more efficient you can be at what you do. That is her goal. [17:16] Who does Rachel look up to? The first to come to mind is Carey Lohrenz, one of the first female fighter pilots. She's an incredible human who has a phenomenal background. Brené Brown is incredibly relatable. She transmits information in a way that draws you in. [18:19] Rachel's parting words: “I'm excited to connect with everyone! That is where our superpowers lie, in the connections we build. [18:27] “Anyone attending RISKWORLD, setting the intention of creating connections that will make a difference professionally and personally is going to change how you show up and what you walk away with.” [18:39] It has been a delight to meet you, and I look forward to seeing you on May 6th at RISKWORLD. Thank you so much for joining us here on RIMScast! [18:53] Special thanks again to Rachel DeAlto, for joining us here on RIMScast. You can go to her site, RachelDeAlto.com for more information. Rachel will be one of three keynote speakers on the main stage at RISKWORLD 2025 on May 6th. [19:09] In our prior episode, we heard from Ryan Harris, who will also be keynoting there. Shortly, we will hear from the third May 6th keynote speaker, Holly Ransom. So be sure to subscribe to RIMScast and catch all of these episodes. [19:24] We want to see you at RISKWORLD 2025, from May 4th through May 7th. Register at RIMS.org/RISKWORLD. [19:30] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [19:58] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [20:17] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [20:35] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [20:51] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [21:05] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [21:12] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Mentioned in this Episode: RISKWORLD 2025 — May 4‒7. | Register today! | Super savings rate ends Feb. 28. RIMS Legislative Summit — March 19‒20, 2025 Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates RIMS-Certified Risk Management Professional (RIMS-CRMP)RISK PAC | RIMS Advocacy RIMS Texas Regional Conference 2025 | Submit an Educational Session by Feb. 24. RIMS Risk Management magazine www.racheldealto.com RIMS Webinars: RIMS.org/Webinars “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025 Upcoming Virtual Workshops: “Fundamentals of Insurance” | Feb. 19‒20 | Instructor: Gail Kiyomura “Applying and Integrating ERM” | Feb. 26‒27 | Instructor: Elise Farnham “Managing Data for ERM” | March 12 | Instructor: Pat Saporito See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP | Presented by the RIMS Greater Bluegrass Chapter” February 19‒20, 2025 | Instructor: Chris Mandel RIMS-CRMP Exam Prep with PARIMA | March 5‒6 and April 22‒23 | Virtual Full RIMS-CRMP Prep Course Schedule Related RIMScast Episodes: “Risk and Leadership Patterns with Super Bowl Champion Ryan Harris” “Kicking off 2025 with RIMS CEO Gary LaBranche” Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla! RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest: Rachel DeAlto, Communication and Relatability Expert Production and engineering provided by Podfly.
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. Our guest, Ryan Harris, became a Super Bowl Champion after winning Super Bowl 50 in 2016 with the Denver Broncos and retired later that year. Ryan speaks about winning a game in Chicago, winning the Super Bowl, and becoming a sportscaster. He shares inspiring thoughts about achieving greatness, what it takes to succeed, and the difference between willingness and perfection. Listen for Ryan's rules for success in this inspiring episode. Key Takeaways: [:01] About RIMS and RIMScast. [:15] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode's show notes. [:33] About this episode. We will be joined by Super Bowl Champion and award-winning broadcaster, Ryan Harris. He will be a keynote at RISKWORLD 2025. [:59] RIMS-CRMP Workshops! On February 19th and 20th, a two-day virtual workshop for the RIMS-CRMP will be led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:21] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:37] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [2:00] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:23] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:34] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:52] This event is open for RIMS members only so if you're not a member, join now! Visit RIMS.org/advocacy for registration details. [3:00] RISKWORLD 2025 registration is open. Take advantage of our Super Savings Rate by February 28th. Speaking of RISKWORLD, that brings us to our very special guest. [3:12] Ryan Harris became a Super Bowl Champion after winning Super Bowl 50 in 2015 with the Denver Broncos. He retired in 2016. [3:21] Beyond the field, Ryan has continued to work to win. For his contributions to Denver's business community, Ryan was the First African American to be awarded Colorado Sportscaster of the Year in 2020. [3:33] Ryan was also named to Denver Business Journal's 40 under 40 class of 2021. He is an analyst for his alma mater, Notre Dame. [3:42] On May 6th, Ryan Harris will be a mainstage speaker at RISKWORLD in Chicago where he will discuss transformative "5 Components of Championship Leadership," emphasizing how the direction from which leaders operate shapes their effectiveness. [3:58] We're going to have so much fun speaking to Ryan, and we might even get his predictions on Super Bowl LIX. Let's get to it! [4:06] Interview! Super Bowl L Champion, and RISKWORLD 2025 Keynote Speaker, Ryan Harris, welcome to RIMScast! [4:18] Ryan Harris is the first Super Bowl Champion to join us on RIMScast! Justin and Ryan are both big fans of the Buckhorn Exchange in Denver. [5:09] Ryan loves the idea of having people together at RISKWORLD 2025 to find groundbreaking solutions and try new things. That's how you win in football; that's how you win in life! Ryan looks forward to a convention of people looking for what's next with the skills they have now. [5:32] Ryan says playing NFL football in Chicago was cold. He recalls that playing on Soldier Field feels like you're in a spaceship; the way the stadium bows out and comes right up is unique! [5:49] One of Ryan's favorite memories of playing against the Chicago Bears was when the Broncos beat the Bears in a tight game, the year the Broncos went to win the Super Bowl! It was an important win! [6:02] Ryan credits Head Coach Gary Kubiak for inspiring the team to win that day in Chicago by shortening team meetings from an hour to 15 minutes. So they kept the 15-minute meetings for the rest of the year and won the Super Bowl! Ryan loves going to Chicago. [5:38] Ryan had said that one of the things he was going to do after the Super Bowl was get into broadcasting. He didn't have to go to anybody else to make that happen. [6:55] Ryan says the plan starts with you! You need nothing outside of yourself to be great. You cannot expect other people to work harder for you and your goals. You're working toward them. [7:06] Ryan got his “doctorate” in Applied Football Mechanics and Theory. He went into broadcasting to use all that knowledge. He was selected by the NFL to go to a Broadcast Boot Camp and meet the best of the best in the broadcast industry. [7:20] On the last day, one of the presenters told them to go to their Alma Maters and work their way up. Ryan canceled his flight home, rented a car, and drove from that symposium to Notre Dame, and that's where he got his first broadcasting job. [7:34] Ryan says it started with him listening, taking action, and telling people what he wanted to do and how he wanted to get involved. You sometimes have to work for free to get started, and then you don't. [7:59] Everyone can sit on the couch and say they want to do something. The difference is the people who put their feet where they want to be. [8:04] At the Broadcast Boot Camp, Ryan saw an old college football rival. They hugged it out. The NFL is one big office building and there aren't a lot of chairs. Spend a couple of years there and you'll get to know a lot of people in the NFL and they'll get to know you. [8:31] Ryan is currently in law school. His “doctorate” is from “Peyton Manning University.” He had great “professors” like Ben Roethlisberger, Alex Smith, and Tim Tebow. He went through quite the school of football thought. [8:47] It's fun to have that knowledge, but it's useless as a father or a keynote speaker. He can't go hit people anymore. He had to change, and it's been fun doing that. [9:17] Ryan has a double major in Political Science, and Economics and Policy. From Political Science he learned that there are many ways to solve social problems. In economics, he learned that having two parents in your life puts you in the top 1% of opportunities in America. [9:51] There are key figures in your life or the education you receive that drastically change economic outcomes. What kinds of levers motivate people? There are many ways to do the same thing. It's a matter of degree and what fits the situation. [10:34] Ryan's advice on stories: 1. People remember the first 20 words you say. 2. Storytelling is more valuable than a Master's in Business Administration. [10:55] Start a story with a main theme. “We're going to talk about failure. This is a time I failed. On my sixth day in college football in training camp, I got knocked to the ground.” Our brains love tangible examples. Examples get people into the story. Then Ryan introduces the obstacle. [11:18] “At one point in Kansas City, I wanted to quit.” He tells what he learned from it. He always brings a big idea that everybody understands and gives a concrete example from his life, what he said to himself, how he went through it, and what he learned from it. [11:45] When we can bring people into our story and talk about our failures and how we worked out of them, we help others and create impact. [12:14] Ryan attests that you don't win by ignoring the struggle. He speaks of factors of success and elements of success. Factors are things like having money and goods. Elements are things that have to happen for you to be successful. [12:30] Failure is an element of success! You have to fail to reach your highest potential. That's the only way it works. Any famous person or industry has had a failure or ten, along the way. We don't talk enough about our failures. Having a process for failure dictates your success. [13:05] Kickers in the NFL focus on process. Golfers focus on process. When you focus on the process, you reduce anxiety by 78%. You have the power to create the process for the failure you need. Then you start to have fun! [13:22] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th to discuss “4 Themes Shaping the Future of GRC in 2025”. [13:34] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [13:50] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [14:02] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [14:13] The First of (hopefully) Many RIMS Texas Regional Conferences will be held in San Antonio from August 4th through 6th, 2025. Risk Management Roundup in San Antonio is set to unite the Texas RIMS Chapters and welcome risk professionals from around the world. [14:32] You can be a speaker. The Conference Planning Committee is interested in submissions exploring technology and cyber risk, workforce protection and advancement, energy and sustainability, extreme weather, construction, restaurant, retail, hospitality, and other trends. [14:55] The deadline to submit your proposal is Monday, February 24th. The link to the event and the submission process is in this episode's show notes. Go check it out! [15:07] Let's Return to My Interview with Super Bowl 50 Champion and RISKWORLD 2025 Keynote, Ryan Harris! [15:20] Ryan Harris had an NFL career of 10 years, about 300% longer than the average NFL career. Justin asks what lessons of his career apply themselves most to risk management. [15:43] Preparation is number one. What are you preparing for? When you're an NFL lineman you get prepared for different blitzes, an extra person who's going to come from a different place. The key to picking up the blitz is knowing it's coming. You anticipate it. [15:58] Anticipation is very big. Then take the space that you need. Ryan tells of introducing himself to Mark Cuban, as a fan, referring to a book about him. Don't hold back. Introduce yourself to people you want to meet. In the NFL, you learn you have to take action. [16:45] Go do it. You don't get to know if it's successful or not until the end. That's what Ryan loves bringing to people about the game of football. [17:22] If you are looking to transition from one career to another, 1. Find out how to listen with curiosity. You add value by being curious. 2. Ask “How” or “What” questions, not “Why” questions. 3. Follow up. Call or email. Do those three things and you are going to be successful. [18:47] Ryan Harris will bring his positivity to RISKWORLD. Positivity is one of the most important elements of success. Some hard experiences are a part of succeeding. Find a way to stay positive. It is so easy to be negative. Be positive and look at the obstacles in front of you. [19:36] Look at the things you can do with the skills you can add to be successful. The positivity keeps you moving faster in that direction. [19:59] What about injuries? Ryan Harris has had nine surgeries; four of them on his back! One time, walking to dinner, his body locked up, being so swollen from the impact in the game. [20:19] The biggest thing people miss about professional athletes is how they take care of their bodies. Ryan has been doing yoga for 17 years. The Kansas City Chiefs are on their way to their third straight Super Bowl. They've had yoga every Tuesday at their facility for the last 10 years. [20:46] If you want to know what the greats are doing, they're doing yoga. They start with yoga, a stretch, hydration, and nutrition to repair. All those things matter, but also the mindset they're in. Tell your body, I don't care how you feel right now, we've got to lift at 11:00. Then do it. [21:13] Find a way. Get the kinks out. It is mind over matter. [21:42] Ryan explains how he, as an offensive tackle, adjusted for a blitz. The key to being great is using all the information that's out there. We fail sometimes to realize the information that's at our fingertips because we're not even looking. [21:55] When Ryan was with the Kansas City Chiefs, his 8th year in the NFL, a coach taught him, “Ryan, that spacing doesn't make sense. What is the field telling you right now?” He had not looked up beyond the line. When he looked, he could see the safety positioned to blitz. [22:36] Ryan took it upon himself to get all the information he could before the snap. That made the play easier. He anticipated this guy going there, and he pushed him hard, helping his teammate. He was ready to attack the guy who was coming. That could apply to a sales call. [22:54] Any situation you face will be easier if you gather all the information that's available about it. Make backup plans. [23:09] Ryan talks about entrepreneur Jesse Itzler. He went to Davos to sell hourly memberships on his airplane. He couldn't get in, but he found out everyone was going to one coffee shop for a muffin and coffee. On the last day, he bought all the muffins and sat in the corner. [23:27] Someone walked in for a muffin. The shopkeeper said he's got them over there. Jesse said, I've got a muffin for you, do you want it? That was his first sale. Do everything you can, take in all the information you can, and apply it strategically. [24:08] Ryan predicts the Kansas City Chiefs are going to win Super Bowl LIX. He believes their willingness is the highest. The number one thing you learn in winning a Super Bowl is you have to be willing, not perfect. Ryan says most people are unwilling to be imperfect to succeed. [24:23] The Kansas City Chiefs don't care what it looks like. They're willing to win the game with 13 seconds left on the clock or with five seconds left on the clock. [24:34] For those who will be watching as a casual spectator, look for somebody to make a mistake and see if they're strong enough to come back and make a play again. If you can find that person, that team is a likely winner. [24:51] Ryan, it's been such a pleasure to meet you today! I look forward to seeing you again in May. I'll be in the front, right there, waving to you! I'll try not to distract you too much, though! [24:58] Ryan says, “Please try, I'm used to it! I love you, Justin. Thanks for having me, my friend!” [25:04] Special thanks again to Super Bowl Champion and award-winning broadcaster, Ryan Harris, for joining us here on RIMScast. You can go to his site, RyanHarris68.com for more information. [25:17] Be sure to register for RISKWORLD 2025, where Ryan will be on the main stage on May 6th, delivering a Keynote. [25:27] Be sure to tune into next week's RIMScast episode, when another one of those main stage Keynotes, Rachel DeAlto, will join us as we talk about “The Power of Relatability.” Register at RIMS.org/RISKWORLD. [25:42] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [26:10] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [26:28] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [26:46] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [27:02] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [27:16] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [27:24] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Mentioned in this Episode: RIMS Risk Management magazine RISKWORLD 2025 — May 4‒7. | Register today! | Super savings rate ends Feb. 28. RIMS Legislative Summit — March 19‒20, 2025 Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates RIMS-Certified Risk Management Professional (RIMS-CRMP)RISK PAC | RIMS Advocacy RIMS Texas Regional Conference 2025 | Submit an Educational Session by Feb. 24. RyanHarris68.com RIMS Webinars: RIMS.org/Webinars “4 Themes Shaping the Future of GRC in 2025” | Sponsored by Resolver | Feb. 6, 2025 “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025 Upcoming Virtual Workshops: “Claims Management” | February 11‒12 | Instructor: Chris Hansen “Fundamentals of Insurance” | Feb. 19‒20 | Instructor: Gail Kiyomura “Applying and Integrating ERM” | Feb. 26‒27 | Instructor: Elise Farnham “Managing Data for ERM” | March 12 | Instructor: Pat Saporito See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP | Presented by the RIMS Greater Bluegrass Chapter” February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Related RIMScast Episodes: “Kicking off 2025 with RIMS CEO Gary LaBranche” “Stacking Habits with Olympic Gold Medalist Jon Montgomery” “Exploring Risk in Extreme Environments with Kevin Vallely” Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla! RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest: Ryan Harris, Super Bowl Champion, Colorado Sportscaster of the Year Production and engineering provided by Podfly.
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. In this episode, Justin interviews CISA Chief Privacy Officer James Burd about data privacy and protection. Topics include how CISA protects agencies and critical infrastructure, how they responded to a recent data attack, and what risk professionals and data privacy professionals can work together to ensure their organization is resistant to data breaches. Listen for actionable ideas to improve the cyber security at your organization. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode's show notes. [:32] About this episode. We will discuss data privacy with James Burd, the Chief Privacy Officer of The Cyber Infrastructure Security Agency (CISA) here in the U.S. [:58] RIMS-CRMP Workshops! On February 19th and 20th, a two-day virtual workshop for the RIMS-CRMP will be led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:20] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:36] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:59] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:22] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:34] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:51] This event is open for RIMS members only so if you're not a member, join now! Visit RIMS.org/advocacy for registration details. [3:02] Interview! It is Data Privacy Week here in the U.S., through January 31st. This is an annual effort to promote data privacy awareness and education. Its events are sponsored by the National Cybersecurity Alliance. This week's theme is Take Control of Your Data. [3:23] Here to discuss how to take control of your data, and the best practices that risk professionals and business leaders need to know, is Chief Privacy Officer of CISA, James Burd. [3:36] James is the senior agency leader responsible for managing and overseeing CISA's privacy, external civil rights, civil liberties, and transparency programs. [3:46] We're going to talk about some of the big events that made headlines in late December and early January around cybersecurity and data privacy and the frameworks and strategies that risk professionals can implement to take control of their data. [4:02] CISA Chief Privacy Officer James Burd, welcome to RIMScast! [4:18] James has a fantastic team of privacy, transparency, and access professionals who provide transparency to the American public while integrating full privacy rights, liberties, and protections into the management of a safe, secure, and resilient infrastructure. [4:48] As Chief Privacy Officer, James Burd's primary responsibility is to ensure that privacy is at the forefront and integrated into every initiative, program, and policy CISA undertakes, regardless of whether it's by policy, process, or technical solutions. [5:00] This includes ensuring compliance with Federal privacy laws and embedding privacy considerations in the agency's operations and partnerships. [5:08] Protecting critical infrastructure inherently involves safeguarding sensitive and critical information that any organization holds, whether it's CISA or any of the many stakeholders of CISA. Privacy and cybersecurity are inherently interconnected. [5:21] CISA ensures its cybersecurity programs focus on protecting systems, networks, and data from unauthorized access while the privacy portion ensures that personal and sensitive data are handled responsibly, ethically, and securely. [5:39] What are the keys to a strong cybersecurity strategy? [5:52] The work CISA does in the privacy world is to ensure that the information CISA is holding is secure and safeguarded and also to tell the public how exactly they do that. [6:14] In the early days of CISA, it was a Computer Emergency Readiness Team (CERT). CERTs respond to major cybersecurity incidents at a state, local, national, or international level. A cybersecurity incident in the U.S. is similar to a cybersecurity incident in any nation. [6:50] All nations are facing the same cybersecurity issues. CISA's international work is about information sharing and helping each other understand what threats we all face. [7:19] Integrating privacy into risk management frameworks is a core consideration. A lot of the privacy work CISA does with risk managers is for ERM, identifying privacy risks and impacts and ensuring that mitigation strategies align with goals. [7:42] Risk managers are key partners in implementing strong data governance practices. CISA works with them to establish policies for data handling, access, and usage that align with the security needs and privacy protection of an agency or organization. [7:56] Risk managers have the opportunity to help privacy officers identify a privacy problem or privacy risk all across the organization. That's part of the risk manager's job as a point person. [9:13] CISA wants to do this privacy protection work with organizations before a breach. Many privacy professionals have learned the hard way that if you don't collaborate up front, you have to collaborate later, as a result of your emergency. That's not a great day. [9:29] Risk professionals have different viewpoints to consider. They may see that some privacy risks overlap with some financial risks, depending on the risk owner's point of view. It doesn't make sense to solve the same problem in 10 different ways. [10:30] The National Institute of Standards and Technology (NIST) is a valuable partner of CISA's. NIST can see what works or doesn't work as a conceptual or technical framework. NIST studies a problem from several angles and gives CISA an effective solution for the framework. [11:23] Daniel Elliott of NIST has been on RIMScast. James has collaborated with Daniel. [11:49] CISA is a collaborative agency. It does not exist without its partners and stakeholders. When NIST facilitates conversations between CISA and other stakeholders, it helps CISA figure out, of all the problems in the world, which critical problem we need to solve right now. [12:17] CISA has Cyber Performance Goals or CPGs, which are a subset of the NIST Cybersecurity Framework. CISA will tell a small business that they should start with the CPG and get it right, and then expand to everything else. [12:38] CPGs are not a substitute for a risk management framework, but they are a starting point. The CPGs would not exist if not for the work NIST had done in talking to small, medium, and large businesses and figuring out all the different issues they face. [13:08] In December, Chinese cyber attackers infiltrated U.S. agencies. When there is a major incident like that, there is a whole-government response. CISA plays an important role in that response, like a firefighter. Law enforcement plays the role of investigator. [14:16] CISA and its interagency partners are heavily involved in responding to recent Chinese activity associated with both Salt Typhoon and Volt Typhoon. They've been working very closely with the Treasury Department to understand and mitigate the impacts of the recent incident. [14:35] There's no indication that any other Federal agency has been impacted by the incident but CISA continues to monitor the situation and coordinate with other authorities, like the FBI, to ensure that there's a comprehensive response. [14:50] The security of federal systems and data is of critical importance to national security. CISA is working aggressively to safeguard any further impacts. The People's Republic of China is a persistent threat, specifically, the GRC and related entities, who perform these activities. [15:12] They're one of the most persistent and strategically sophisticated adversaries we face in cyberspace today. The PRC has decades of experience in conducting rampant cyber espionage against U.S. businesses and critical infrastructure. [15:26] CISA has become increasingly concerned over the last year that the PRC is not just doing espionage but is trying to burrow into the critical infrastructure for a rainy day. These state-sponsored activities are coming from campaigns like Volt Typhoon and Salt Typhoon. [15:45] What happened to Treasury provides a stark example of these types of tactics. These tactics target critical infrastructure such as telecommunications, aviation, water, and energy. [15:56] Their goal, as far as we can tell, is not to cause immediate damage but to gain persistent access to those systems and remain undetected until they want to do something. [16:08] CISA has been very involved, not just responding to these incidents, but deeply studying these incidents to understand what is happening and what we need to do as a government and nation to protect ourselves from these burrowing activities. [16:27] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th to discuss “4 Themes Shaping the Future of GRC in 2025”. [16:39] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [16:55] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [17:07] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [17:20] Let's Return to My Interview with James Burd of the Cyber Infrastructure Security Agency! [17:42] Whether talking about AI, IoT, or 5G, the issues are hardware problems and software problems. [18:02] The issues of the 1970s are similar to the issues of the 2020s, regarding vulnerabilities, exposure, and unsafe practices when developing software and hardware. [18:20] What we're seeing in the emerging technology space with AI, IoT, and 5G is an increase in the volume and velocity of data. The improvement of technology in this space is based on power and efficiency. Software improvement is based on the reach of interconnectivity. [18:34] Privacy and cybersecurity risks do not just appear. We're seeing existing risks and issues increasing in size and complexity. What we previously thought of as a perceived risk is now a real risk, thanks to advances in computational power and the amount of data available. [18:54] It's always been a risk but it was less likely to occur until this point where there's more data, more volume, and more complexity. AI systems rely on a vast amount of personal data, raising concerns about data security, algorithmic bias, and a lack of transparency. [19:11] We've heard about these risks with machine learning and big data databases. They require governance frameworks that address how data is collected, stored, and used in systems, or, in this case, AI models. [19:28] Those frameworks should be familiar to anyone working in the data protection space or the risk management space for the last three decades. Insurers getting into the cybersecurity space have been paying stark attention to this. [19:58] We've found out that IoT devices are probably the easiest and most risky entrance points within networks into homes and critical infrastructure devices. The biggest risks they create are unauthorized access, data breaches, and potential surveillance. [20:19] These are not new risks. They're existing risks that are promulgated because of the new avenue to get in. It used to be that the worst thing that could happen to an IoT device like a router is that it gets compromised and becomes part of a botnet to take down websites. [20:38] Today, that still happens, but that IoT device is looked at as the back door for entering someone's network if it's not properly secured. [20:49] In itself, 5G is awesome. There are fantastic things to do with increased data flow. With increased speed and connectivity come the ability to move more data at a time and we're facing data being transferred in an insecure manner. People don't know what data they're sharing. [21:15] We're running into the same classic issues but they're exacerbated by something we view as a major success, access. Access should be celebrated but we shouldn't open doors because we can open them. We need to be able to make sure those doors are secured. [21:48] James paraphrases Mark Groman, a privacy expert formerly with the FTC. “Privacy and cybersecurity are sometimes viewed as competing priorities. They are two sides of the same coin. I refuse to live in a world where you compromise security for privacy or vice versa.” [22:11] We live in a world where you can have both. The great thing about advancing technologies is that we can do both. Both cybersecurity and privacy aim to protect sensitive data and systems, just from slightly different angles and for different reasons. [22:31] There has to be a collaborative approach between cybersecurity and privacy. An intermediary like a risk professional can help cybersecurity and privacy teams work together. [22:41] By leveraging things privacy-preserving technologies and designing privacy into cybersecurity measures, organizations can bridge the gap and achieve harmony between the two essential functions. This strengthens the organization and its overall risk management. [22:58] When a risk is realized in one area, it's common for it to be a harmonious risk with another risk in a different area. In the privacy and cybersecurity space, risks overlap often. Conflicts between cybersecurity and privacy are easily bridged. [23:24] Cybersecurity professionals want to collect more data; privacy professionals want you to minimize the amount of data you collect. [23:34] Cybersecurity relies on extensive data collection to detect, monitor, and respond to threats. Privacy wants to collect only what's necessary and maintain it for a minimum time. [23:46] Security monitoring tools like intrusion detection systems may gather logs or metadata that could include personal data, creating potential privacy risks, especially for an insider threat. [24:00] Organizations can implement privacy-aware cybersecurity solutions that anonymize or pseudo-anonymize data where possible, allowing cybersecurity professionals to get to the root of the problem they're trying to solve while masking sensitive data. [24:13] If you're investigating an insider threat, you can unmask the data. Do you need that data to do the job that you're tasked to do? If not, why run the risk of inappropriately accessing it? [24:53] Privacy frameworks will always encourage transparency about data usage and sharing, especially by private entities doing consumer business and handling personal information. [25:07] The public needs to know what you are collecting from them, how you are using it, and whether are you sharing it. They need to know if you are handling their data securely. [25:38] James would tell cybersecurity professionals that if they think obscurity is security, they should find another job. Obscurity is typically the worst way to secure things. [25:51] There are ways to describe how data is being held or secured by an organization without compromising the cybersecurity tools or techniques used to monitor or look for vulnerabilities. [26:03] Transparency can be maintained without compromising security and can be used in a way to assure the public that an organization is keeping serious security techniques in mind when handling the public's data. James tells how to share that message with the public. [27:08] When James opens software, he reads the Third Party Agreements. He knows most people don't. Government agencies include a plain language version of the agreement. Some private companies are doing the same to help people understand how their data is being used. [28:40] Quick Break for RIMS Plugs! The first of hopefully many RIMS Texas Regional Conferences will be held in San Antonio from August 4th through August 6th, 2025. [28:58] This groundbreaking event is set to unite the Texas RIMS Chapters and welcome risk management professionals from around the world! Also known as the Risk Management Roundup in San Antonio, you can join as a speaker! [29:11] The Conference planning committee is interested in submissions that explore technology and cyber risk, workforce protection and advancement, energy and sustainability, extreme weather, construction, restaurant, retail, hospitality, and other trending now sessions. [29:28] The deadline to submit your proposal is Monday, February 24th. The link to the event and the submission process is in this episode's show notes. Go check it out! [29:39] The Spencer Educational Foundation's goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [29:58] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [30:20] General grant awardees are typically notified at the end of October. Learn more about Spencer's general grants through the Programs tab at SpencerEd.org. [30:30] Let's Return to the Conclusion of My Interview with the Chief Privacy Officer of CISA, James Burd! [31:00] A lot of ERM frameworks exist because they were required by regulation or law. [31:10] Privacy professionals are starting to see the same risks that risk management and compliance professionals have been dealing with for decades. The big tools that privacy professionals use are called Data Privacy Impact Assessments (DPIA). [31:29] DPIAs vary, depending on the regulatory framework or law. DPIAs do two things: they identify what data assets you have and they examine the risks that are associated with the handling of those data assets and what mitigations must be in place to buy down those risks. [31:48] That assessment can populate half of an ERM framework's register. Getting involved with your privacy program manager as they do these DPIAs may first cause the privacy program manager to resist your risk assessment, but a risk in one space is a risk in another space. [32:21] The DPIA is a valuable source of information for a risk manager. You can see the risks earlier. You can identify with the privacy program manager what some of the major risks might become. That means both realized and unrealized risks, which are equally important. [33:06] A privacy program manager will be preoccupied with a lot of the perceived risks. A risk manager wants to know which risks are more likely and identify them early. [33:40] A likelihood assessment will help the privacy officer identify how many “calories” to spend on this risk. The risk manager and privacy manager have a mutually beneficial relationship. They help each other. [34:17] CISA provides cybersecurity education, news on vulnerabilities and cyber threats, threat intelligence, and service to critical infrastructure providers once there is an incident of some sort. The CISA website shows cyber threat indicators of what a compromise might look like. [35:40] CISA has found novel patterns on networks that make it hard to tell that your network has been compromised. CISA calls those things “Left of Doom.” On the “RIght of Doom,” CISA prioritizes the incidents that it responds to. [36:02] CISA focuses primarily on critical infrastructure. If you have a situation CISA cannot respond to, they will assist you by a local field office to find the people to help you, whether it's law enforcement, local cyber security service providers, or a local Emergency Response Team. [37:03] Companies are involved in the California wildfires. Could an incident like that distract them that they might become susceptible to data breaches? James notes that you can't address every problem at the same time. Prioritize, rack, and stack. [37:17] Incidents are going to happen. CISA asks agencies and companies to take the time and spend the resources to knock out all the low-hanging fruit. The great majority of incidents CISA sees are bad actors exploiting very simple, easy-to-fix vulnerabilities. [37:55] It might be companies not using encrypted traffic, or only using a password to secure access to a server. The fix is relatively low cost or low impact. It takes time to figure out how to do the fix, but you'll be grateful that you took the time and spent the money to implement it. [38:24] The cost of a greater fix from the breach of a simple vulnerability will be far greater than the resources you'd spend to address it in the first place. Establishing that floor will help you focus on other “fires” that pop up while assuring you won't get “popped” for a silly reason. [38:49] If somebody's going to get you, make sure they've tried their hardest to get you. [38:58] It's Data Privacy Day today, as this episode is released! It's the start of Data Privacy Week! The theme is Take Control of Your Data! [39:22] Robust privacy governance tips: Figure out where your data asset inventory is for your organization. Keep track of it and keep track of the risk associated with each data asset, Each data asset may have a different set of risks. [39:47] Every organization should maintain a comprehensive inventory of data assets, detailing what data is collected, where it is stored, who has access to it, and how it's used. [39:56] The risk professional probably isn't the one who takes the inventory, but they should have access to it and they should be evaluating that inventory. [40:06] The risk professional can help the privacy manager by helping them establish clear policies and procedures for handling data, access control, and breach response, based on real risk. A privacy officer sometimes has difficulty identifying a real risk over a perceived risk. [40:23] By focusing on real risks, you avoid the problem where privacy officers spend too much energy coming up with solutions for the most unlikely scenarios, leaving organizations unprepared for what's likely to happen. [40:42] Special thanks again to James Burd of CISA for joining us here on RIMScast! There are lots of links about Data Privacy Day and Data Privacy Week in this episode's show notes. [40:54] Also see links to RIMS Risk Management magazine coverage of data privacy through the years and links to some RIMScast episodes that touch upon the topic. Be sure to tune into last week's episode with Tod Eberle of the Shadowserver Foundation on cyber risk trends of 2025! [41:18] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [41:47] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [42:05] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [42:23] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [42:39] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [42:53] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [43:00] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Mentioned in this Episode: RIMS Risk Management magazine RISKWORLD 2025 — May 4-7. | Register today! RIMS Legislative Summit — March 19‒20, 2025 Cyber Infrastructure Security Agency National Cybersecurity Alliance | Data Privacy Week 2025 Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Texas Regional Conference 2025 | Submit an Educational Session by Feb. 24. RIMS Webinars: RIMS.org/Webinars “4 Themes Shaping the Future of GRC in 2025” | Sponsored by Resolver | Feb. 6, 2025 “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025 Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP” | Presented by the RIMS Greater Bluegrass Chapter February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Upcoming Virtual Workshops: “Claims Management” | February 11‒12, 2025 | Instructor: Chris Hansen “Fundamentals of Insurance” | Feb. 19‒20, 2025 | Instructor: Gail Kiyomura “Applying and Integrating ERM” | Feb. 26‒27, 2025 | Instructor: Elise Farnham “Managing Data for ERM” | March 12, 2025 | Instructor: Pat Saporito See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP | Presented by the RIMS Greater Bluegrass Chapter” February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Full RIMS-CRMP Prep Course Schedule Related RIMScast Episodes: “Cyberrisk Trends in 2025 with Shadowserver Alliance Director Tod Eberle” “Kicking off 2025 with RIMS CEO Gary LaBranche” “Year In Risk 2024 with Morgan O'Rourke and Hilary Tuttle” “AI and Regulatory Risk Trends with Caroline Shleifer” “Cybersecurity Awareness and Risk Frameworks with Daniel Eliot of NIST” (2024) “Cybersecurity and Insurance Outlook 2023 with Josephine Wolff” Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance”| Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla! RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest: James Burd, Chief Privacy Officer, Cyber Infrastructure Security Agency (CISA) Production and engineering provided by Podfly.
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. In this episode, Justin interviews Shadowserver Foundation Alliance Director Tod Eberle about cybersecurity. Tod tells how his background as a prosecutor led to his interest in cybersecurity, how he encountered the non-profit Shadowserver Foundation, and how he left the public sector to work with them. He explains how Shadowserver provides actionable data to alert network owners and law enforcement of network vulnerabilities that need to be mitigated. He discusses trends in malware attacks, especially in ransomware. He shares his thoughts on ransomware threats of 2025 and the years to come. He provides tips on preparing your network against ransomware. Listen to how you can harden your organization's network against malware attacks. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode's show notes. [:33] About this episode. We will discuss cybersecurity with Tod Eberle, the Alliance Director of the Shadowserver Foundation. [:55] RIMS-CRMP Workshops! On February 19th and 20th, there will be a two-day virtual workshop for the RIMS-CRMP led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:18] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:34] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:58] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:20] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:31] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:49] This event is open for RIMS members only so if you're not a member, join now! Visit RIMS.org/advocacy for registration details. [3:02] Interview! Our guest Tod Eberle is the Alliance Director of the Shadowserver Foundation, a non-profit security organization working altruistically behind the scenes to make the internet more secure for everyone. [3:15] Tod Eberle is with us to discuss the cybersecurity trends on his risk radar and the threats he wants risk professionals to be aware of as 2025 kicks into high gear. Shadowserver Alliance Director, Tod Eberle, welcome to RIMScast! [3:41] Justin saw that Shadowserver Foundation was promoted by the National Cybersecurity Alliance and he thought it would be great to have a follow-up on his appearance there. [3:54] Tod says the National Cybersecurity Alliance is a great organization. After working together with them for a year, they invited Tod to do a webinar. It was a great experience. [4:28] Tod's background is as a career prosecutor, starting as a county prosecutor in Western Pennsylvania in 1997. In 2004, Tod became a Federal Prosecutor in Pittsburgh for the U.S. Department of Justice. [5:00] In 2014, He transitioned over to the National Security and Cybercrime section in Pittsburgh. Pittsburgh was at the forefront of cyber investigations by both the U.S. Attorney's Office and the FBI. Tod wanted to be a part of that. [5:34] The Pittsburgh office has run investigations and issued indictments against Chinese Military Intelligence officers and Russian GRU officers for hacking. In 2014, Pittsburgh had the first criminal indictment of nation-state threat actors. [6:00] In that case, Chinese Military Intelligence PLA officers hacked into Pittsburgh companies Westinghouse, ALCOA, U.S. Steel, and United Steel Workers. Some forward-thinking folks at the FBI and the U.S. Attorney's Office, particularly U.S. Attorney David Hickton, focused on cyber. [6:29] That continued over the years until the present. [6:46] To begin an investigation, the FBI and U.S. Attorney's Office in Pittsburgh, need to have some aspect of an organization's criminal activity touch that district, the Western District of Pennsylvania. A national ransomware case with one victim in Pittsburgh can be investigated. [7:16] In the investigation of Russian GRU actors responsible for the destructive NotPetya malware attack, a district hospital's network was attacked and destroyed. They expanded the investigation and charging documents to include other attacks around the country. [7:58] In 2015 Tod was a prosecutor working with the FBI on an investigation. He was at Europol at the Hague in the Netherlands, a center that brings together investigators and prosecutors from different countries who investigate the same threat group through Europol and Eurojust. [8:33] Tod met the Shadowserver Foundation non-profit group at the Hague in 2015. They were helping, through free technical support to the takedown operation, to dismantle the infrastructure of a crime group, using sinkholing and other security measures. [9:08] Tod Joined the Shadowserver Foundation in January of 2023. He is the Shadowserver Alliance Director. As a small non-profit, everyone wears many hats. The Shadowserver Foundation is a 501(c)(3) in the U.S. and a separate non-profit legal entity in the Netherlands. [9:47] The Shadowserver Foundation started about 2004. It celebrated its 20th anniversary in 2024. It began as a loose group of volunteers made up of cybersecurity researchers and technical experts who came together to help network owners and law enforcement. [10:15] Over the years they became more structured and became a non-profit organization. It's an unusual non-profit organization working 100% in operations. It works in three core areas. First, it's the world's largest provider of free, actionable cyber threat intelligence. [10:45] Second, the Shadowserver Foundation does cybersecurity capacity-building around the world. Third, it also provides free support to law enforcement investigations and disruption operations with technical support and expertise. Those three things are its core mission. [11:07] Justin notes commonalities between RIMS cyber risk reporting and the Shadowserver Foundation's work. Shadowserver collects a vast amount of threat data daily. What are the patterns it sees for 2025? [11:29] Shadowserver Foundation can help organizations mitigate risks. It collects cyber threat data at its data center in California through internet-wide scanning, honeypot sensors, sinkholing operations, and collecting and analyzing malware samples. [11:57] Every day for free the Shadowserver Foundation takes that data and provides it to over 9,000 organizations around the world and to 201 National C-CERTs that cover about 176 countries. [12:13] These reports identify exposed, misconfigured, vulnerable, compromised instances or devices on networks that need patching. [12:25] The organizations that get Shadowserver's data can be anything from banks to hospitals, universities, K-12 school districts, ISPs, local, state, and federal governments, small, medium, and large businesses, Fortune 500s, and NGOs; just about anyone can sign up. [12:46] The idea behind this is that cyber security should be available to everyone, regardless of the ability to pay. Organizations can sign up at the Shadowserver Foundation website, and provide their contact information and network information with IP ranges and ASNs. [13:12] The Shadowserver Foundation does its due diligence and if everything checks out, it automates those reports to go out to the organization daily. About 9,000 organizations sign up directly to receive daily reports. [13:22] The Shadowserver Foundation also sends out data for entire countries to the national C-CERT designated to handle that in those countries. In the U.S., CISA gets hundreds of millions of events from them every day for all the U.S. It is the same around the world. [13:52] Tod says that some things never change. Networks are breached primarily through phishing attacks, malicious links or attachments, and social engineering. [14:09] One trend is a focus on vulnerabilities. Criminals exploit vulnerabilities in the network that aren't timely patched and before they are patched. Shadowserver gives organizations an external snapshot view of their networks just as criminals are scanning for themselves. [14:52] Cybercriminal groups increasingly leverage zero-day vulnerabilities to breach a network. A zero-day vulnerability is a flaw in software or hardware that's unknown to the vendor and has no patch. The vendor has had zero days to fix the vulnerability after it has been discovered. [15:16] That was the case with the Clop ransomware gang. In 2024, they started exploiting zero-day vulnerabilities in Fortra's GoAnywhere software. That continued in May, with them exploiting Progress Software's MOVEit file transfer application. [15:38] Very recently, in December, the Clop Ransomware group claimed responsibility for using a zero-day vulnerability in Clio's file transfer platform that breached victims' networks. [15:49] Cyber criminals extort victims and steal data with ransomware attacks. Risk managers in cybersecurity need to stay on top of critical vulnerabilities that often go unpatched. Those are often the easiest gateway into a network. [16:26] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th to discuss “4 Themes Shaping the Future of GRC in 2025”. [16:38] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [16:54] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [17:06] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [17:17] The Spencer Educational Foundation's goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [17:35] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [17:58] General grant awardees are typically notified at the end of October. Learn more about Spencer's general grants through the Programs tab at SpencerEd.org. [18:08] Let's Return to the Conclusion of My Interview with Tod Eberle of Shadowserver! [18:49] Justin notes that In December of 2024, China attackers breached the Committee on Foreign Investment in the U.S. That is the government office that assesses foreign investments for national security risks. [18:58] China also targeted the Treasury's Sanctions Office after it sanctioned a Chinese company for its alleged role in cyberattacks. [19:14] Tod thinks we should acknowledge that this is nothing new and nothing we should be surprised about. It's been going on for many years and it's going to continue. Justin was in the Federal government in 2013 and 2014. [19:32] In 2015, it was announced that the U.S. Office of Personnel Management had been breached. Personal sensitive data for 42 million people were stolen. [19:44] In May 2014, five Chinese military officers were indicted for computer hacking and economic espionage against companies based in Pittsburgh. This is nothing out of the ordinary. Unfortunately, indictments don't seem to have a deterrent effect. [20:21] Countries can deny the charges of hacking even with strong evidence of their involvement. [20:37] There are different types of hacking, with different types of motivation. There is traditional espionage against U.S. government agencies. There is theft of intellectual property with nation-states trying to gain a commercial advantage in business. [21:23] There are destructive hacks by nation-state actors, like the NotPetya attack, or attacks on the Ukrainian power grid and banking systems in 2015 and 2016. [21:36] The Volt Typhoon threat actor group and its access to the U.S. critical infrastructure is one of the greatest national security concerns because of its potential to disrupt everything from water to power, to food, to transportation. [22:10] The ripple effect that can come from those disruptions would be enormous. The Colonial Pipeline ransomware attack of a few years ago affected fuel supplies, commerce, and the prices of goods. [22:31] Nation-state hacking is no longer just a concern for government agencies and companies that do business internationally, but it's now a concern for all of society. There's the potential to affect the daily lives of innocent civilians through attacks on critical infrastructure. [23:16] Tod mentions another 2014 indictment out of Pittsburgh, on the GameOver Zeus Botnet takedown. Part of that was a crypto locker ransomware disruption. This was in the infancy of ransomware, for $300 ransoms. Now ransom demands are in the tens of millions of dollars. [23:53] We have seen a huge evolution in ransomware. It's not going away. One thing we're seeing is bypassing data encryption and focusing on data theft. It's easier and less time-consuming for the threat actors because they don't have to map out the network. [24:41] If a victim company had good backups and easy restoration, that was an issue ransomware actors had to deal with, so why would the threat actors bother with that? They just focus on easy data theft and extortion of ransom for the data. [25:04] Tod thinks we will continue to see extortion. Ransomware continues to be the greatest concern for companies. The use of AI has been increasing both for defenders and attackers. [25:14] A new ransomware group, FunkSec, is claiming large numbers of victims of extortion, encryption, and data theft. They seem to have ransom demands of less than $10,000. They have sold stolen data. Researchers think this is a less experienced group using AI to write code. [27:22] Shadowserver's very talented team collects the data. It's free. They want to get it into the hands of those who can use it. The reports identify things that are seen to be misconfigured or unnecessarily exposed to the internet. Sometimes they can show if something is compromised. [28:12] Shadowserver designates the events by severity level so the end user can prioritize their patching and address first the ones that are most critical and severe. The reports act both as an early warning system and a victim notification system if a device is seen to be compromised. [28:59] The network owner needs to remediate that and patch it before further exploitation like a ransomware attack can occur. [29:07] Shadowserver has two ways to detect that a device is compromised. The first is if they have indicators that tell them a device on the network is compromised. The second is with their support for law enforcement, law enforcement may share sensitive data with Shadowserve. [29:32] When law enforcement does a takedown and they get victim identification data like IP addresses, they must do victim notification. Law enforcement isn't scaled to do victim notification for hundreds of thousands of users. Shadowserver helps them with notifications. [30:48] Shadowserver is very careful to share data responsibly. Company A will get the data they have for Company A and it won't be shared with Company B and vice versa. Shadowserver views the data as belonging to that network owner. [31:08] If a company authorizes Shadowserver and wants them to share their data with a third party, Shadowserver will happily do it. There are several companies with MSSPs to manage their security. If the company asks, Shadowserver will send the data to their MSSP. [31:43] As a small, non-profit organization, not everyone has heard of the Shadowserver Foundation. They want people to know they have this data and they want to share it. It could be relevant for cyber insurance companies' due diligence, with the insurance applicant's consent. [32:20] It's important because those reports can show whether a network has remained healthy and secure over time. Tod would love to see Shadowserver be able to help more in the risk mitigation areas. [32:56] Special thanks again to Shadowserver Foundation's Tod Eberle for joining us here on RIMScast! Check out this episode's show notes for links to the Shadowserver reports we mentioned. [33:07] Be sure to tune in next week for Data Privacy Day! We've got a special episode with James Burd, Chief Privacy Officer of the Cybersecurity and Infrastructure Security Agency (CISA). That's going to be a good one! [33:22] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [33:50] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [34:07] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [34:25] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [34:41] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [34:55] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [35:03] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Mentioned in this Episode: RIMS Risk Management magazine RISKWORLD 2025 — May 4‒7 | Register today! RIMS Legislative Summit — March 19‒20, 2025 Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy Shadowserver Foundation National Cybersecurity Alliance RIMS Webinars: RIMS.org/Webinars “4 Themes Shaping the Future of GRC in 2025” | Sponsored by Resolver | Feb. 6, 2025 “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025 Upcoming Virtual Workshops: “Claims Management” | February 11‒12, 2025 | Instructor: Chris Hansen “Fundamentals of Insurance” | Feb. 19‒20, 2025 “Applying and Integrating ERM” | Feb. 26‒27 “Managing Data for ERM” | March 12, 2025 See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP | Presented by the RIMS Greater Bluegrass Chapter” February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Full RIMS-CRMP Prep Course Schedule Related RIMScast Episodes: “Kicking off 2025 with RIMS CEO Gary LaBranche” “Year In Risk 2024 with Morgan O'Rourke and Hilary Tuttle” “AI and Regulatory Risk Trends with Caroline Shleifer” “Cybersecurity Awareness and Risk Frameworks with Daniel Eliot of NIST” (2024) Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail' | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla! RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest: Tod Eberle, Shadowserver Foundation Production and engineering provided by Podfly.
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. In this episode, Justin interviews Christine Schelble, Director of Insurance and Risk Management at GE Appliances, a Haier company about her work at GE Appliances, a Haier company. She shares how she began with GE Appliances, shortly after GE sold GE Appliances to Haier. She talks about how she works as a department of one and the relationships she has built throughout the company and with insurance brokers and TPAs. She speaks of the necessity of making changes when a relationship isn't good or a risk philosophy isn't a match. Christine also shares about her risk career and how her risk philosophy has remained constant wherever she has worked. She gives tips for preparing a request for proposal when a change is necessary and shares her advice for less experienced risk professionals. She speaks of the history of the Greater Bluegrass Chapter of RIMS, where she sits on the board, and the benefits of actively participating in a RIMS chapter. Listen for wisdom about keeping current with the insurance market, getting your designations, and changing with conditions. Key Takeaways: [:01] About RIMS. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to engage today and embrace tomorrow in Chicago from May 4th through May 7th! Register at RIMS.org/RISKWORLD and the link in this episode's notes. [:30] About this episode, coming to you from RIMS headquarters in New York. Our guest is Christine Schelble, the Director of Insurance & Risk Management at GE Appliances. We are going to discuss career development in risk management. [:58] RIMS-CRMP Virtual Workshops On February 19th and 20th, there is a two-day virtual workshop for the RIMS-CRMP led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:20] The next RIMS-CRMP-FED Exam Course will be held from February 4th through the 6th, 2025. Links to these courses can be found on the Certification page of RIMS.org and through this episode's show notes. [1:36] RIMS Virtual Workshops! Gail Kiyomura of The ART of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:50] We've got ERM on our minds. On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. The “Managing Data for ERM” course will be hosted by Pat Saporito, starting on March 12th, 2025. [2:12] A link to the full schedule of virtual workshops can be found through the RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:25] Interview! Christine Schelble is the Director of Insurance and Risk Management at GE Appliances, a Haier company. She is one of the founding members of what is now the Greater Bluegrass Chapter of RIMS, which won the 2024 Chapter of the Year Award at RISKWORLD. [2:49] Christine has decades of experience leading risk management initiatives for global companies. We will learn about what it takes to be in that sort of position, how she progressed throughout her career, and when and where she saw opportunities and took them. [3:07] This will be a fun way to kick off 2025; let's get started! Christine Schelble, welcome to RIMScast! [3:18] GE sold GE Appliances on June 6, 2016, to Haier, the world's largest home appliance company. They are located in China. Christine works for Haier U.S. Appliance Solutions, Inc. doing business as GE Appliances, a Haier Company. It is the Haier U.S. headquarters. [4:09] Christine is a department of one. She works with people throughout the company. The goal of risk management is to spread that philosophy throughout the company. It has only improved since she started. She has lots of support when it comes to claims and coverage. [5:11] Christine had come from a technology company and was very familiar with the technology supply chain. When she came on board, she met with the supply chain people to learn their philosophy and processes. The only time she gets involved with them is for an insurance claim. [6:05] In appliances, Christine says there are so many “Black Fridays” in the year that you can see the returns ebb and flow throughout the year. It's not a serious problem. [6:44] Christine left Lexmark in 2001 after 15 years. One of her risk management connections called her and said that the position was opening at GE Appliances. She wanted new challenges so she sent in her resume, interviewed with them, and got the position. [7:43] Christine says it's one of the best jobs she's ever had. She's been able to take everything that she's learned and implement it into a startup program. That has been rewarding. When she started, it was the first time GE Appliances was managing and purchasing insurance coverage. [8:23] Christine joined GE Appliances three months after the sale and took a couple of months to understand how things worked. She started making changes at her first renewal because she could see where things hadn't worked out in relationships and coverage. [9:25] Risk management for your company is not a static position. It's constantly changing. You've got to constantly look at what's going on in the insurance market and what's going on internally and adapt your coverages, deductibles, and maybe your relationship with your TPA. [9:17] The way the program looked in 2016 when she came in is not the way it looks now. [9:30] The biggest third-party GE Appliances works with is the claims administrator. Otherwise, Christine works with brokers. Currently, she works with three different brokers for the competition. If the relationship is not great, she'll change the people on her account. [10:28] For risk managers coming up in the industry, Christine recommends keeping up with your education, getting your designations, attending webinars and seminars, and doing everything you can to keep up with what's going on in the insurance market. It's constantly changing. [10:49] Christine will do an RFP when she's looking to change something. You've got to have face-to-face conversations with your brokers, carriers, and TPAs. You have to educate them on your business and products. Your company and products are not the same as another's. [11:41] If you're just moving to a TPA because they gave you the lowest price, it's not going to work unless you work with them and have an ongoing relationship. Christine has them come in, meet her people, go through some of GE Appliance's processes, and see the plants. [12:01] Christine has done the same things in her previous jobs, as well. [12:15] TPAs changed how they worked during the pandemic. The TPA world will continue to change in reaction to changes in the world. [12:50] Christine has a process for developing an RFP. She starts with having a non-disclosure agreement in place. That's very important. Then she shares exposure information, the insurance schedule, the actuary report, and a loss run or two, so they can understand the overall risk. [13:33] She puts hot points into the RFP, how to move claims forward, and how the program should be improved and moved forward. That's been her philosophy throughout her career. [14:17] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th with a topic to be arranged. [14:25] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [14:41] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [14:52] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [15:04] The Spencer Educational Foundation's goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [15:22] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [15:45] General grant awardees are typically notified at the end of October. Learn more about Spencer's general grants through the Programs tab at SpencerEd.org. [15:57] Back to the Conclusion of My Interview with Christine Schelble! [16:23] Christine shares how she works as a department of one. She just continues to do what she's educated to do. When she looks back, it feels great to see all that she has done. It's important to get the relationships going so that people can trust you. [16:49] Christine works with the Finance, the supply chain, the manufacturing finance people, and Legal, where she is located. It's about building the trust factor. [17:12] Christine is a long-time member of the RIMS Kentucky and Bluegrass Chapters, which are now the RIMS Greater Bluegrass Chapter. Christine has been in RIMS since she started in risk management. She loves the support from other risk professionals and the networking. [18:13] Christine started with RIMS in the D.C. area, then in Connecticut. She moved to New Jersey and was in RIMS in New Jersey and New York. When she moved to Kentucky, she joined the chapter. She was president for a year or two around 2003 or 2004. [18:46] Christine is thrilled that the younger members of the community have started the chapter back up. During economic downturns there was a loss of people and others couldn't get out to meetings. The same five people were doing the same job and they were ready to pass the torch. [19:21] It took several years for the torch to come back up. Christine acknowledges the work of Jeremy, Erica, Britt, and Brittany in getting the chapter up and going again. Christine is more than happy to help and support them by sitting on the board. [19:50] The Greater Bluegrass Chapter of RIMS was named the 2024 Chapter of the Year. Christine says that was a good feeling. It was fun to support them at RISKWORLD 2024 in receiving that award. [20:42] Christine is thrilled to see that in the younger generations, there are more women in higher positions within insurance carriers and brokers. When she started, there weren't as many. She says it is such a great career, whether you are male, female, or whatever. It's amazing! [21:22] Christine is thrilled to see that more schools offer risk and insurance as a degree. The Greater Bluegrass Chapter supports Eastern Kentucky University and its risk and insurance curriculum with an annual golf tournament in September that raises money for scholarships. [21:55] The Greater Bluegrass Chapter has also asked the university to have a student become a member to help expand their knowledge into the RIMS world. Justin mentions Spencer's Risk Manager on Campus program. He thanks Christine for her continued service in RIMS. [23:18] Special thanks to Christine Schelble for joining us here on RIMScast and kicking off 2025! Next week, we will be joined by RIMS CEO Gary LaBranche! [23:30] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [23:57] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [24:15] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [24:33] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [24:49] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [25:21] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [25:28] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Mentioned in this Episode: RIMS Risk Management Magazine RIMS DEI Council Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates Contribute to RIMS Risk Management Magazine / Submission Guidelines RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS Webinars: RIMS.org/Webinars “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by HUB International | Feb. 20, 2025 Upcoming Virtual Workshops: “Stay Competitive with the RIMS-CRMP” | Presented by the RIMS Greater Bluegrass Chapter February 19‒20, 2025 | Instructor: Chris Mandel “Applying and Integrating ERM” | Feb. 26‒27 “Managing Data for ERM” | March 12, 2025 “Fundamentals of Insurance” | Feb. 19‒20, 2025 See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Related RIMScast Episodes: “Maintaining an Award-Winning ERM Program with Michael Zuraw” “Applying ERM Theory with Elise Farnham” “On Risk Appetite and Tolerance” “Global Perspectives with RIMS 2023 Chapter Presidents” (ft. Greater Bluegrass Chapter) Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor (New!) “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla! RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest: Christine Schelble, Director of Insurance and Risk Management at GE Appliances, a Haier company Production and engineering provided by Podfly.
Guest: Phil Gurski, retired CSIS senior analyst, President Borealis Threat and Risk Consulting, specialist in terrorism, author of six books on terrorism.
The RCMP and other Five Eyes intelligence organizations have published a report warning that children as young as 12 are being radicalized by online content...but how seriously should we take this report? Guest host Kevin Vuong gets to the bottom of this with the help of Phil Gurski, the CEO of Borealis Threat and Risk Consulting and also a former Sr. strategic analyst on terrorism. Learn more about your ad choices. Visit megaphone.fm/adchoices
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. In this episode, Justin interviews Morgan O'Rourke and Hilary Tuttle of RIMS Risk Management Magazine for the Q4 Edition Risk Year in Review. They discuss the biggest risk events we've seen in 2024, including natural disasters following climate change and even the recent murder of the UHC CEO. They give their forecasts for 2025, with cybersecurity being an expanding area of risk, combined with AI, and regulatory changes likely under the new administration. Listen for categories of risk your organization is sure to face in the coming year. Key Takeaways: [:01] About RIMS. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to engage today and embrace tomorrow in Chicago from May 4th through May 7th! Register at RIMS.org/RISKWORLD and the link in this episode's notes. [:30] About this episode, coming to you from RIMS headquarters in New York. This episode is our special 2024 finale! Hilary Tuttle and Morgan O'Rourke of RIMS Risk Management Magazine will join us to discuss the top trends and stories from 2024 and what to expect in 2025. [:58] RIMS-CRMP Virtual Workshops On February 19th and 20th, there is a two-day virtual workshop for the RIMS-CRMP led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:20] The next RIMS-CRMP-FED Exam Course will be held from February 4th through the 6th, 2025. Links to these courses can be found on the Certification page of RIMS.org and through this episode's show notes. [1:36] RIMS Virtual Workshops! Gail Kiyomura of The ART of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:50] We've got ERM on our minds. On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. The “Managing Data for ERM” course will be hosted by Pat Saporito, starting on March 12th, 2025. [2:12] A link to the full schedule of virtual workshops can be found through the RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:25] Interview! The Q4 edition of RIMS Risk Management Magazine is my favorite of the year! It is The Year in Risk edition. We'll have a chance to revisit all the risk highlights from 2024. [2:42] Here to discuss what made the cut and trends we need to look out for in 2025 are RIMS Director of Publications and Risk Management Magazine Editor in Chief, Morgan O'Rourke and Risk Management Magazine Managing Editor, Hilary Tuttle. [3:01] There is so much to discuss from cyber security to executive safety. As a show of appreciation to the RIMScast audience and subscribers worldwide, we've got so much great content in one huge episode, as opposed to spreading it out over two episodes. [3:18] You don't have to wait, it's all here for you at once! Let's get to it! [3:30] Morgan O'Rourke and Hilary Tuttle, Welcome back to RIMScast! [3:39] Morgan and Hilary are here to discuss The Year in Risk, which is the title of the Q4 edition of RIMS Risk Management Magazine. How does 2024 stand out from other years? [4:04] Morgan starts looking back at the year's events in October. He recalls the bridge collapse in Baltimore in March. There are always going to be hurricanes and natural disasters. There are always going to be cyber attacks. It's just a matter of what flavor they are this year. [5:15] Morgan categorizes big risk events. There are accidents, like the bridge in Baltimore that affect shipping, and natural disasters, including storms, earthquakes, and record heat. 2024 is the hottest year on record, with the hottest day in recorded history, July 22. [6:38] The AXA Future Risks Report lists climate change as the number one risk. Climate change brings natural disasters to places that don't normally see them, like wildfires in the Northeast. [7:55] Hilary says there were a few hundred fires in New York City this year. The NYFD had to put together its first brush fire task force. In the first two weeks of November, they had 271 fires. Canada has had a terrible year for fires, continuing from its 2023 fire season. [9:25] Climate change puts everybody at risk. The risk landscape expands so that everybody's in the game. Paraphrasing Flannery O'Connor, Hilary says 2024 was a disaster in truth everywhere. Disasters are not new but they are occurring in different places and times than before. [10:22] There were 11,000 fires in the Northeast this year, largely in October and November. It's a different season and in a different region. The traditional risk models are thrown out the window. [10:49] Morgan comments that this year we saw the earliest category 5 hurricane formed: Beryl in June. We're starting to throw out more of the parameters for when you need to be prepared for something. [11:21] We are seeing more geopolitical conflict, supply chain issues, and risks that didn't seem impactful in regions that seemed stable and reliable. Thirty percent of shipping goes through the Red Sea. Shipping is 90% of the supply chain. [11:55] Hilary says in the last year and a half, shipping through the Red Sea has become an untenable and sometimes uninsurable risk. Our standard expectations for doing business are going out the window or being upended. This has become more of a problem this year. [12:42] There are risks we itemize as the things that are causing problems. Then there are bigger-picture risks you don't necessarily identify when you're thinking about your problems. [13:01] You're thinking about supply chain disruption and natural catastrophes and business interruption, but not about the climate change that may cause them. [13:42] Morgan says people have to focus on the problem that's in front of them. You have to deal with the acute issues before you can deal with the systematic ones. It's hard to solve systematic problems. [14:28] Morgan sees polycrisis as interconnected risks. Hilary sees the word as an easy way to allude to something that has been happening for a long time. She can't think of a time in which you truly faced only one risk without having to think of multiple interconnected risks. [17:35] Morgan edited the new RIMS Executive Report, “Understanding Interconnected Risks” authored by RIMS Strategic and Enterprise Risk Management Council members Michael Zuraw and Tom Easthope. [17:48] The paper is available only for members until February 12th, 2025. Then it will be publicly accessible. [18:16] Morgan says the key for the paper is in its practicality about how you should go about prioritizing risks and understanding where they connect within your operations to communicate with departments and executives and implement risk mitigation. It's actionable. [19:30] Morgan considers that the value of RIMS membership and Risk Management Magazine is in learning what to do about risks. [20:02] Hillary objects to the term polycrisis. It over-intellectualizes a problem to the detriment of focusing on how to solve it or what to do about it. [20:58] Plug Time! RIMS Webinars! Hub International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [21:23] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [21:34] RIMS is now accepting nominations for all awards other than Risk Manager of the Year 2025. The submission deadline is Monday, January 6th, 2025. To receive a RIMS award, all winners must be active members and in good standing. [21:54] These awards are the Diversity, Equity, and Inclusion Chapter Leadership Award, the Harry and Dorothy Goodell Award, the Volunteer of the Year “Heart of RIMS” Award, the Richard W. Bland Memorial Award, the Chapter of the Year Award, the Rising Risk Professional Award, the Risk Management Hall of Fame, and the Cristy Award. [22:32] You can find more information about the awards through the About Us page of RIMS.org or the link in this interview's show notes. [22:40] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [22:51] Back to our Year in Risk Interview with Morgan O'Rourke and Hilary Tuttle of RIMS Risk Management Magazine! [23:16] Justin brings up the recent shooting and killing of the UHC CEO. Morgan was at the same hotel but didn't hear about it until he had walked to the office. [23:46] If RIMS Risk Management Magazine had been a print publication, this event would not have been included. Being a digital publication, Risk Management Magazine was able to cover it. [23:59] Hilary starts with executive safety and employee safety. She speaks of reputation risk and monitoring social media discussion. For most who commented on social media, this murder was no surprise. UHC had a tremendous failure of reputation risk and public listening. [25:28] Hilary was saddened but not surprised by the incident. She calls privatized health insurance in the United States a horror show. You can't let cashing those executive incentive checks blind you to public response. [26:27] Morgan says it's amazing to see that public sentiment was decidedly unsympathetic, but it's not unexpected. Hilary mentions the rates of medical debt in the U.S. Hilary saw an outpouring of approval of the murder, which is an awful response to have. [27:15] If you're in a position where that is the public sentiment around your organization, you need to fire your PR firm and think very seriously, not only about how you're conducting business but about how you're communicating with the public. That is a huge reputation failure. [27:47] Some health insurance companies have trimmed down or removed their executive team pages to make them less identifiable in public. It's a safety issue. You want to be very careful about how much you post about individual people. [28:43] From a cyber security perspective, nothing you put on the internet is private or innocuous. If you are an insurance executive who likes to go hiking at Mount Whatever, maybe that's not information you want to put on the internet. [29:31] Hilary sees this situation as reminiscent of Big Tobacco as an industry. She believes there is an awareness that there is a certain amount of evil being done among executives in this industry. She says perhaps there is a social reckoning to be had in that. [30:06] Plug for The Spencer Educational Foundation! Spencer's goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [30:24] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [30:48] General grant awardees are typically notified at the end of October. Learn more about Spencer's general grants through the programs tab of SpencerEd.org. [30:59] Let's Return to the Conclusion of my Interview with RIMS Risk Management Magazine's Morgan O'Rourke and Hilary Tuttle! [31:11] Justin asks about AI and cyber security in 2025. The Cybersecurity and Infrastructure Security Agency (CISA) has noted that there will be an increase in breaches and the creativity of attacks. [31:38] They have a revised Revised National Cyber Incident Response Plan that is available for public comment. Hilary agrees that there will be more AI embedded in cyber attacks in 2025. It is already being used to power attacks and in the detection of attacks. [32:01] AI is also being used effectively in different forms of exploiting humans with ChatGPT and better phishing emails. It is being used to write better malware that is harder to detect. [32:25] Moody's Outlook expects a significant intensification of cyber risk in 2025, from the number of cyber incidents that are occurring and the sophistication and impact of cyber risk. Companies are getting better at detecting cyber attacks and doing basic cyber security. [33:19] Cyber criminals are getting better, too. The attacks will be harder to detect or more severe in scope. Hilary calls social engineering an interesting art. Like journalism, you have to find the approach that successfully gets the information you are looking for out of humans. [34:38] Morgan describes an old social engineering attack with a recording of a baby crying in the background, and a “harried mom” trying to get into an account without her password, trying to craft a persuasive argument. Gen AI might do all this in one step and be relatively successful. [36:01] Hilary mentions that at the DEF CON hacker's conference, there is a social engineering village. Their “Capture the Flag” is a contest to do just what Morgan described. There are bulleted lists of the types of information you are trying to get in an allotted time. [37:02] Morgan says it's not like the fast-typing hackers seen in the movies. You get the information through conversation. [38:05] Hilary says one of the downsides of automation is the tremendous proliferation in the number of attacks that are being launched. Ransomware attacks grew 70% last year and are on track to double their 2022 levels by the end of 2024. [38:29] Moody's and QB Canada both came out with reports anticipating 5,200 ransomware attacks around the world in 2025, from 2,500 in 2022. It's easier to launch attacks at scale against multiple organizations at once. The attacks are more sophisticated and damaging. [39:01] The ransomware attacks are asking for significantly more money. Fewer companies are paying ransoms because they have backups and plans in place. Average ransomware payments are going up. Last year, ransomware payments passed $1.1 billion for the first time. [39:26] The companies that pay ransom are feeling more compelled and are in a tougher spot so they are paying larger ransoms. [39:48] Morgan points out that paying the ransom doesn't solve the problem. Change Healthcare had the largest healthcare data breach in U.S. history. They paid $22 million in ransom but didn't get the data back. Some attackers will keep extorting you or just take your money and run. [40:36] The FBI has said don't pay ransomware. You can't trust criminals. [40:43] Hilary mentions three ransomware threats: holding a network captive, holding data captive, and holding sensitive information captive. This is triple extortion. If you are the victim of a ransomware attack, go in with the expectation that that is the situation. [41:55] Hilary forecasts that 2025 will be a colorful year. There is a tremendous amount of uncertainty in pretty much everything. It will be an interesting year, politically. It will be a very interesting four years, from a regulatory perspective. [42:22] In terms of severe weather, disasters, and cyber, it feels like there will be more, and more, and more events. [42:51] Morgan thinks the biggest thing is the change in administration and the priorities. ESG has been downscaled. A lot of companies are moving off of DEI initiatives, based on the shift in administration and the feeling that DEI will not be as popular. [43:16] The regulations concerning a lot of ESG may no longer be in play. The federal guidelines are not going to be what they were in any aspect. [43:39] President Biden in 2023 issued an Executive Order with guidelines and restrictions on AI. Donald Trump has said he'll probably rescind that. Donald Trump seems to be aligned with a lot of the tech companies for less regulation of AI. Fingers crossed it doesn't make things worse! [44:33] Hilary knows several organizations are particularly concerned about some of the potential risk impacts of taking away many of the consumer protections and other regulations that do a tremendous amount to curb risk. That could increase the risk landscape for many. [44:55] CISA has cautioned that this could have a disastrous impact on cyber security. A lot of regulations that keep organizations safer are potentially on the chopping block under the new administration. Hilary thinks that's probably true in some other industries. It will get risky. [45:30] It has been a pleasure to see you both! I appreciate your time. The RIMS Risk Management Magazine Year in Review is now available at RMMagazine.com. Quick Plug! We're looking for submissions from the risk profession. See the contribution guidelines. [46:01] Reach out to Hilary and Morgan. Especially if you're a risk professional, we want to hear your ideas. Morgan says we're only as strong as our contributors in the risk management community. Give us what you've got! [46:21] Special thanks again, as always, to Morgan O'Rourke and Hilary Tuttle of RIMS Risk Management Magazine for joining us here on RIMScast! The Risk Management Year in Review Edition is now live at RMMagazine.com. A link is in this episode's show notes. [46:41] We look forward to checking back with Morgan and Hilary for the mid-year update in 2025. [46:48] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [47:35] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [47:52] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [48:09] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [48:23] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [48:30] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Mentioned in this Episode: RIMS Risk Management Magazine RIMS DEI CouncilNominations open for RIMS 2025 Awards! (Through Jan. 6, 2025) Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates Contribute to RIMS Risk Management Magazine / Submission Guidelines “RIMS Executive Report: Understanding Interconnected Risks” RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS Webinars: RIMS.org/Webinars “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025 Upcoming Virtual Workshops: “Stay Competitive with the RIMS-CRMP” | Presented by the RIMS Greater Bluegrass Chapter February 19‒20, 2025 | Instructor: Chris Mandel “Applying and Integrating ERM” | Feb. 26‒27 “Managing Data for ERM” | March 12, 2025 “Fundamentals of Insurance” | Feb. 19‒20, 2025 See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Related RIMScast Episodes: “Big Shifts with John Hagel, RIMS ERM Conference Keynote” “2024 Mid-Year Risk Update with Morgan O'Rourke and Hilary Tuttle” “2023 Risk Year In Review with Morgan O'Rourke and Hilary Tuttle” “Live from the ERM Conference 2024 in Boston!”“Maintaining an Award-Winning ERM Program with Michael Zuraw” “Applying ERM Theory with Elise Farnham” “On Risk Appetite and Tolerance” Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor (New!) “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guests: Morgan O'Rourke, RIMS Director of Publications and Risk Management Magazine Editor in Chief Hilary Tuttle, Managing Editor, Risk Management Magazine Social Shareables (Edited For Social Media Use): There were 11,000 fires in the Northeast this year, largely in October and November. It's a different season and in a different region. The traditional risk models are thrown out the window. — Hilary Tuttle There are always going to be hurricanes and natural disasters. There are always going to be cyber attacks. It's just a matter of what flavor they are this year. — Morgan O'Rourke In the last year and a half, shipping through the Red Sea has become an untenable and sometimes uninsurable risk. Our standard expectations for doing business are going out the window or being upended. — Hilary Tuttle People have to focus on the problem that's in front of them. You have to deal with the acute issues before you can deal with the systematic ones. — Morgan O'Rourke For most who commented on social media, the murder of the UHC CEO was no surprise. UHC had a tremendous failure of reputation risk and public listening. — Hilary Tuttle Phishing is not like the fast-typing hackers seen in the movies. They get the information through conversation. — Morgan O'Rourke Nothing you put on the internet is private or innocuous. If you are an insurance executive who likes to go hiking at Mount Whatever, maybe that's not information you want to put on the internet. — Hilary Tuttle
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. In this episode, Justin interviews Carrie Frandsen, the ERM Director of the University of California and a RIMS-CRMP Commissioner. Justin and Carrie discuss all things ERM. In particular, Carrie explains the purposes of ERM, what constitutes success in an ERM Program, and how to start an effective ERM Program in your organization. Listen for ideas on fitting ERM into your organization's daily processes and decision-making, with resources to set you on the path to ERM success. Key Takeaways: [:01] About RIMS. [:14] Public registration for RISKWORLD 2025 is now open! RIMS wants you to engage today and embrace tomorrow in Chicago from May 4th through May 7th! Register at RIMS.org/RISKWORLD and the link in this episode's notes. [:30] About this episode, coming to you from RIMS headquarters in New York. We will be joined by Carrie Frandsen, for some ERM motivation. She is the system-wide ERM Director for the University of California and a RIMS CRMP Commissioner. [:58] The next RIMS-CRMP Exam Prep Virtual Workshop will be held on December 17th and 18th. [1:09] On February 19th and 20th, there is a two-day virtual workshop for the RIMS-CRMP led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:27] The next RIMS-CRMP-FED Exam Course will be held from February 4th through the 6th, 2025. Links to these courses can be found on the Certification page of RIMS.org and through this episode's show notes. [1:42] RIMS Virtual Workshops! Gail Kiyomura of The ART of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:57] We've got ERM on our minds. On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito, starting on March 12th, 2025. [2:18] A link to the full schedule of virtual workshops can be found through the RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:29] Interview! Our guest today is one of the most enthusiastic people I know on the topic of ERM! She is Carrie Frandsen, the system-wide ERM Director of the University of California. She's also a RIMS CRMP Commissioner. [2:48] Carrie is here to talk about all things ERM. Whether you want to build a program from the start or you want to enhance an existing program, this is the mind that you want to tap into! We are thrilled that she's here. Let's get to it! [3:03] Carrie Frandsen, Welcome to RIMScast! [3:13] Carrie says she is a true ERM geek! With enterprise risk management you need the ability to think organization-wide. [3:25] Not just to think organization-wide but you need to be able to think about the world and how things that are changing in the world, like politics, economics, and sociological changes, impact your organization. Then you have to get other people excited about that. [3:42] You need to be able to partner with people inside your organization, like internal audit, compliance, and health and safety, all the different groups that are second-line, and help them get excited about building an enterprise-wide view of risks across the organization. [4:03] Once you've got your second line of defense, you can build that risk committee to democratize risks across the organization. Everybody can see the risks in their silo and how things impact each other across different units. [4:36] Carrie says the primary goal of enterprise risk management is to enhance an organization's ability to anticipate and mitigate risks effectively while maximizing those opportunities for value creation. [4:49] ERM helps organizations make more risk-informed decisions. It helps improve resilience and removes obstacles to achieving strategic objectives. [5:06] ERM is part of the governance and management of an organization. Know what could impact you from outside the organization as well as things that are changing in your policies, procedures, and processes. Make sure those are effective to continue achieving your objectives. [5:37] ERM can provide an early warning on risks and the effectiveness of controls. When you're using ERM in decision-making, it can help you to challenge assumptions before decisions are made. It can help you to set the frame for the decision and help you consider the alternatives. [6:02] ERM can help you ensure that appropriate actions are taken to reduce your risks. It helps the organization to learn and adapt. [6:14] Healthcare organizations do root cause analysis, a good risk assessment technique to figure out how to make negative outcomes not happen again. There are a lot of risk assessment techniques that can help you, depending on the situation your organization is working on. [6:42] Culture is how things are done. A risk-aware culture is essential for a successful ERM implementation. It fosters an environment where risk is openly discussed and employees feel comfortable in identifying and reporting potential risks without fear of repercussions. [7:08] This allows organizations to address issues proactively before they escalate. If you have a risk-aware culture, risks and risk assessments are integrated into decision-making and risk is considered at all levels of decision-making from strategic planning to operational activities. [7:29] This helps to ensure that risk is a key factor in every management decision. Employees can take ownership of risk management. [7:38] The University of California has a motto: “ERM means Everyone's a Risk Manager.” Individuals doing their day-to-day work in their area of expertise are the ones who know best what their risks are and how to manage their risks. [7:58] Our role as risk managers is to support these employees by giving them training in ERM, and risk assessment tools, and letting them talk to other people about risks that may impact them that aren't in their area. That distributed approach enhances the effectiveness of ERM. [8:18] A risk-aware culture promotes continuous learning where lessons from past incidents are shared and used to improve future risk management practices. [8:36] At the top level of ERM are the board and leadership. They set the tone for the organization's risk culture. They need to understand the dynamic risk environment in which the organization operates. They need to know of rising risks so they can make good decisions. [9:06] At the day-to-day level, where the work happens, is the risk owner. That's the person with the accountability and authority to manage that risk. [9:18] The business unit level is where risk management and control processes take place. An organization's risk is inseparably connected to its objectives. The responsibility for managing risk can't lie with anyone other than the person who's responsible for achieving those objectives. [9:36] Good risk management is everybody's responsibility. What does the Risk Manager do? The risk leader provides the infrastructure, tools, coaching, leadership, and resources. [10:08] Resources can be anything from software to workshops to all sorts of things to help people identify, manage, monitor, and report on the risks. [10:20] Risk managers can champion a risk-intelligent culture across the organization. Risk-intelligent culture is a term coined by Deloitte in a white paper. [10:46] Risk managers are the ones who champion the integration of ERM into existing policies, structures, and processes. They get the risk committees going, they make sure that the issues get escalated to leadership, and that policies, procedures, and controls are improved. [11:07] Risk Managers facilitate proactive risk thinking. They conduct risk sensing and report on emerging risks. An ERM person is a generalist. They don't manage a particular area but check in with everybody about rising risks and report that information. They have people tracking risks. [11:55] We have a new political landscape and changes in society. There are always new health issues arising. As long as there's somebody in an organization paying attention to conditions, the ERM person's role is to make sure those things get considered at the leadership level. [12:19] A Risk Manager can provide a structured discipline for the consideration of risk in decision-making. They can lead risk workshops. They can make sure a risk-assessment process is built into regular management meetings. They can support risk-mitigation activities. [12:46] Risk Managers can support mechanisms to provide timely risk information to decision-makers. [12:54] Plug Time! RIMS Webinars! Hub International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [13:14] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [13:25] RIMS is now accepting nominations for all awards other than Risk Manager of the Year 2025. The submission deadline is Monday, January 6th, 2025. To receive a RIMS award, all winners must be active members and in good standing. [13:45] These awards are the Diversity, Equity, and Inclusion Chapter Leadership Award, the Harry and Dorothy Goodell Award, the Volunteer of the Year “Heart of RIMS” Award, the Richard W. Bland Memorial Award, the Chapter of the Year Award, the Rising Risk Professional Award, the Risk Management Hall of Fame, and the Cristy Award. [14:23] You can find more information about the awards through the About Us page of RIMS.org or the link in this interview's show notes. [14:31] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [14:43] Back to the Interview about all things ERM with Carrie Frandsen! [15:01] For ERM success, you need to have a framework for taking the steps to integrate risk management more into your existing activities and functions. Organizations are already managing risk. ERM gets more people to consider and talk about risk in their decision-making. [15:34] ERM success factors include strong leadership buy-in, a culture of risk awareness, and open communication. [15:45] When you're getting started, you want to develop a clear ERM vision. Start where you are and build your business case and your implementation roadmap. [15:58] Your implementation roadmap starts with a gap analysis between what you are doing well with risk management and where you can make improvements. The vision is what you see in five years of doing X. [16:17] Based on those areas where you want to improve your ERM approach, you build your business case and lay out your implementation roadmap. Bring it to your leadership and that improves your leadership buy-in. [16:32] Then you need to define your enterprise risk management roles and accountabilities. They're often straightforward. The person in charge of an area is the risk owner of that area. Just take the time to define those roles. [16:50] Sometimes when you map out risk accountabilities, you see that for some enterprise risks, there's not one person who's responsible for it because it covers a few areas or reaches across the whole organization. [17:08] The pandemic was a good example of that. It doesn't fit in any one area of responsibility. Building accountability for things that go across areas is always a challenge. [17:21] Consider how you will develop your risk assessment and mitigation resources for risk owners. What are they already doing and what tools do they need? That's where you engage those risk owners and work directly with them to provide them with resources. [17:40] Make ERM an integral part of your operational processes and decision-making. Look at your existing processes and meetings to see where you can build risk assessment into them. You can't be everywhere. You want to build that in as a normal part of processes. [18:04] Ensure that the organization and its people are regularly monitoring risks and learning from those experiences. [18:21] As you get started with ERM, get your hands on some material and read about enterprise risk management. Get some familiarity with it. You want to become a trusted advisor and be that ERM expert as much as you can. [18:44] To begin doing ERM, engage leadership, risk owners, and your second line of defense. Start doing your gap analysis which starts with conversations. Ask leadership what they hope and expect from enterprise risk management. [19:03] When talking with leadership, you generally want to work to become a trusted advisor. You want to focus on the biggest risks. Ask people what they care about and what they're working on. That will help inform assessing your organization's current ERM capabilities. [19:24] In your ERM plan, figure out how to integrate ERM into strategic decision-making and everyday management actions. Identify where, when, and how, key decisions are made. Work to embed risk assessment into those decision-making activities. [19:47] Carrie suggests using a decision quality chain. Form a risk committee. Risk committees facilitate the identification, analysis, and mitigation of risks. You want people that are at the director level and the same reporting level. [20:09] You want a representative from every area for an enterprise-wide view. You want a good forum where people can bring up their issues or concerns, build a shared understanding of the organization's risks, and provide recommendations to leadership on significant issues. [20:35] Effective risk governance depends on timely and relevant risk information so your exposures can be monitored and managed. Information needs to be communicated to the right people at the right time and in the right ways for people to make risk-informed decisions. [21:02] Carrie recommends using new ERM material. In addition to ISO 31000, ISO recently published Risk Management — A Practical Guide that helps with the steps of implementing ERM. Norman Marks has a helpful blog and wrote a book, World-Class Risk Management. [21:43] Carrie used World-Class Risk Management as an assignment in her ERM Certificate program classes through UCLA Extension. She teaches the first two classes, The Foundations of Enterprise Risk Management, and The Designing and Implementing an ERM Program. [22:16] Carrie's partner Carol teaches the Advanced Techniques class. [22:33] The ERM Certificate Program aligns with the RIMS-CRMP so that once you've taken all the classes, you're well-positioned to sit for and pass the RIMS-CRMP. [22:47] Special thanks to Carrie Frandsen for joining us. A link to her ERM Q&A interview from 2021 is in this episode's show notes. Many of the resources she mentioned are in the show notes as well as links to RIMScast and RIMS Risk Management Magazine coverage of ERM. [23:11] As always, visit RIMS Risk Management Magazine at RMMagazine.com. [23:17] Next week, our 2024 Finale will feature an interview with the editors of RIMS Risk Management Magazine, Morgan O'Rourke and Hillary Tuttle. [23:26] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [24:13] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [24:32] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [24:48] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [25:03] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [25:11] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Mentioned in this Episode: RIMS DEI Council RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla! Nominations open for RIMS 2025 Awards! (Through Jan. 6, 2025) Nominations for the Donald M. Stuart Award “ERM Q&A with Carrie Frandsen: ERM at the University of California System” RIMS Webinars: RIMS.org/Webinars “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025 Upcoming Virtual Workshops: “Stay Competitive with the RIMS-CRMP” | Presented by the RIMS Greater Bluegrass Chapter February 19‒20, 2025 | Instructor: Chris Mandel “Applying and Integrating ERM” | Feb. 26‒27 “Managing Data for ERM” | March 12, 2025 “Captives as an Alternate Risk Financing Technique” | Dec. 17‒18 “Fundamentals of Insurance” | Feb. 19‒20, 2025 See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops RIMS-CRMP Prep Workshops Related RIMScast Episodes: “Risk Quantification Through Value-Based Frameworks” “Live from the ERM Conference in Boston!” “Maintaining an Award-Winning ERM Program with Michael Zuraw” “Applying ERM Theory with Elise Farnham” “On Risk Appetite and Tolerance” “Big Shifts with John Hagel, RIMS ERM Conference Keynote” “Contract Review's Role in Risk Management” Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor (New!) “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest: Carrie Frandsen, Systemwide Enterprise Risk Management Director, University of California RIMS-CRMP Commissioner (and RIMS-CRMP holder) ERM Certificate Program at UCLA Extension Social Shareables (Edited For Social Media Use): You need to be able to partner with people inside your organization, like internal audit, compliance, and health and safety, all the different groups, and help them get excited about building an enterprise-wide view of risks across the organization. — Carrie Frandsen The primary goal of enterprise risk management is to enhance an organization's ability to anticipate and mitigate risks effectively while maximizing those opportunities for value creation. — Carrie Frandsen A risk-aware culture promotes continuous learning where lessons from past incidents are shared and used to improve future risk management practices. — Carrie Frandsen As you get started with ERM, read about enterprise risk management. Get some familiarity with it. You want to become a trusted advisor and be that ERM expert as much as you can. — Carrie Frandsen Effective risk governance depends on timely and relevant risk information so your exposures can be monitored and managed. Information needs to be communicated to the right people at the right time and in the right ways. — Carrie Frandsen
In this year's final “On Aon” episode, we take a closer look at one of the four key megatrends impacting organizations around the world: Technology. AI is driving new exposures that leaders need to identify and address. Our experts discuss the human risk in AI and the steps organizations should be taking. Experts in this episode: Spencer Lynch, Global Security Consulting Leader, Cyber SolutionsAdam Peckman, Head of Risk Consulting and Cyber Solutions, Asia Pacific[1:35] AI's increasing risk in cyber exposure[3:02] Regulatory challenges with AI[3:25] The human element of cybersecurity[4:50] Strategies for managing increasing risk exposureAdditional Resources:Evolving Technologies Are Driving Firms to Harness Opportunities and Defend Against Threats2024 Client Trends Report: Better Decisions in Trade, Technology, Weather and WorkforceOn Aon Special Edition: 2024 Business Decision Maker Survey2024 Business Decision Maker SurveySpecial Edition: Global Trade and its Impact on Supply ChainTweetables:“Gen AI will help businesses productivity and allow employees to be more engaged in stimulative work activities.” — Adam Peckman“The human element remains the weakest link in defending against cyber attacks.” — Adam Peckman“Risk leaders cannot afford to wait until these new technology initiatives go live before investigating the risk and insurance implications.” — Adam Peckman
Mark Towhey in for Jim GUEST: Phil Gurski - President and CEO, Borealis Threat and Risk Consulting – former CSIS Senior Analyst WILL SYRIA CHANGES = SECURITY RISKS FOR CANADA? Do you trust city councillors to make a just decision?
Guest host Amanda Galbraith speaks with Jim Bookbinder, Professor of Management Science at the University of Waterloo, on the logistical challenges. On today's show: Bob Fife, Ottawa Bureau Chief, The Globe and Mail, on Prime Minister Justin Trudeau reportedly once again making overtures to Mark Carney Michael Jarman, the 2024 Microsoft Excel World Championships, explains competitive spreadsheet work and how he got involved Phil Gurski, President and CEO, Borealis Threat and Risk Consulting — former CSIS Senior Analyst, on the latest in Syria and potential ISIS threats as prisoners get released The Daily Debrief Panel with Laura Stone, Queen's Park Reporter, The Globe and Mail and Marieke Walsh, Senior Political Reporter, The Globe and Mail Peter Brown, Canada Research Chair in Meteor Astronomy and Professor at Western University, on the peak of the Geminid meteor shower this weekend
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. In this episode, Justin interviews Caroline Shleifer, Founder and CEO of RegASK about the RegASK report, “The 2025 State of Regulatory Affairs and Compliance Report.” Justin and Caroline discuss how regulatory affairs professionals see AI adding the most value in three key areas of their day-to-day activity: augmentation, automation, and acceleration. Caroline shares some examples of these areas of AI. The report highlights AI and ESG as areas of increasing regulation. Caroline shares how risk management professionals can best prepare for the unique challenges these emerging regulatory areas present. The report suggests that AI solutions could transform regulatory affairs work, particularly in summarizing and adapting requirements to specific organizational contexts. Caroline offers her thoughts on risk management roles evolving alongside this AI adoption in regulatory affairs. Listen for ideas on leveraging AI tech to stay current with the evolving regulatory landscape. Key Takeaways: [:01] About RIMS. [:14] Member registration for RISKWORLD 2025 is now open! General registration opens on December 4th. Visit RIMS.org/RISKWORLD. [:25] About this episode, coming to you from RIMS headquarters in New York. Our topic is AE adoption and regulatory risks with the Founder of RegASK, Caroline Shleifer. [:49] The next RIMS-CRMP Exam Prep Virtual Workshop will be held on December 17th and 18th. [1:00] On February 19th and 20th, there is a two-day virtual workshop for the RIMS-CRMP led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:18] The next RIMS-CRMP-FED Exam Course will be held from February 4th through the 6th, 2025. Links to these courses can be found on the Certification page of RIMS.org and through this episode's show notes. [1:34] RIMS Virtual Workshops! Elise Farnham of Illumine Consulting recently joined us here on RIMScast. On December 17th and 18th, she will host “Captives as an Alternate Risk Financing Technique”. [1:49] Gail Kiyomura of The ART of Risk Consulting, will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [2:00] This is the last week to sign up for “Managing Data for ERM”, hosted by Pat Saporito on December 12th. Registration closes on December 11th. [2:12] A link to the full schedule of virtual workshops can be found through RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:26] Interview! The adoption of Artificial Intelligence in an enterprise's operations, workflows, and processes is on our members' minds. AI presents its own unique set of regulatory risks. My guest today is here to discuss insights about AI adoption. [2:46] She is Caroline Shleifer, the CEO and Founder of RegASK, which recently released “The 2025 State of Regulatory Affairs and Compliance Report.” She is here to discuss some of the trends that she noticed from the surveys of senior executives and business leaders. [3:04] She shares her perspective on the upside potential of AI adoption and ways that risk professionals can work alongside regulatory professionals to ensure everything runs smoothly and above board. We've got data, trends, and perspectives to explore. [3:21] Caroline Shleifer, Welcome to RIMScast! [3:49] RegASK's new report is “The 2025 State of Regulatory Affairs and Compliance Report.” [4:15] Caroline worked for years in the life science and consumer product industry, helping them scout innovation in ingredients and technology and helping them put it on the market. [4:47] Doing that, Caroline realized that many times there was a challenge in understanding which regulations applied or in being caught off guard by a regulation they were not aware of. Sometimes these regulations prevent businesses from launching a product as they plan. [5:28] It's important to understand and catch up with the fast-moving regulatory environment. The challenge is understanding what applies to an organization well in advance so there are no delays or non-compliance. This is a recurring challenge for small and large companies. [6:00] Caroline looked at the technology used in the banking and finance systems to help with compliance. She wondered why not apply that technology to the consumer product and life science industry to develop a product to help the regulatory affairs team stay current. [6:35] About six years ago, Caroline founded RegASK, starting small with her clients in the consumer products and consumer health industry. She expanded it progressively to larger geographies and industry verticals. [7:06] Caroline respects risk professionals as they deal with challenges that are often overlooked by other business units. When the work is well done, no one sees it, as it seems seamless. No one sees the day-to-day work behind the scenes to prevent non-compliance. [8:02] Risk professional teams are usually understaffed. The risk of non-compliance can range from stopping a product from being imported to stopping a clinical trial or having a big financial impact. [8:45] Sometimes the compliance manager is the default risk manager and wears many hats. [9:33] When Caroline formed RegASK, she saw something like AI was coming. She didn't see how quickly it would come. Things that took RegASK years to develop a few years ago, take less than a year to develop now. RegASK has accelerated its roadmap due to recent developments. [10:49] According to the RegASK report, 38% of regulatory affairs professionals feel at risk of non-compliance due to unawareness of specific regulations. That agrees with the feedback RegASK gets from its clients. [11:21] It's very challenging to understand every regulation. RegASK provides the curation of regulatory information and helps pass the information to the right teams at the right moment with the right language, including what the impact and risk may be for different business units. [12:27] The report says 27% of senior executives expect regulatory risks to have the biggest impact on businesses in 2025. Everyone should be aware of these risks and be attentive to understanding the landscape and what is happening around them. [13:17] Monitor regulatory agencies. Learn where and how to collect information and who should get the information you collect. Get training for the regulatory affairs team and the broader company on how to collect, summarize, and convey this information. [14:04] The third point is to understand that now you have some technology that can help in this process. Understand what your needs are and adopt AI technology to some aspects of your workflow to solve some critical challenges you have. [14:34] Understand what your workflow is. If you digitalize a process that is not optimal, you end up with a suboptimal digitalization and outcome. Study your current process and challenge it to see how it could be improved. Understand where technology can be leveraged in your process. [15:10] RegASK helps companies to understand their workflow and how it can be improved. Caroline recommends picking the right partner to help you. Caroline notes that RegASK has been featured in a Gardner industry report on regulatory agencies and technology solutions. [16:18] Plug Time! RIMS Webinars! On Thursday, December 12th, our final RIMS Webinar of 2024 will be presented by OneTrust: “Staying Vigilant: 7 Practical Tips for Ongoing Third-Party Risk Monitoring”. [16:35] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [16:47] RIMS is now accepting nominations for all awards other than Risk Manager of the Year 2025. The submission deadline is Monday, January 6th, 2025. To receive a RIMS award, all winners must be active members and in good standing. [17:07] These awards are the Diversity, Equity, and Inclusion Chapter Leadership Award, the Harry and Dorothy Goodell Award, the Volunteer of the Year “Heart of RIMS” Award, the Richard W. Bland Memorial Award, the Chapter of the Year Award, the Rising Risk Professional Award, the Risk Management Hall of Fame, and the Cristy Award. [17:44] You can find more information about the awards through the About Us page of RIMS.org or the link in this interview's show notes. [17:52] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [18:04] Back to the Interview with Caroline Shleifer! [18:20] Justin likes the part in the report that zeroed in on AI in regulatory risk management: augmentation, automation, and acceleration, three areas where AI will add value to daily activity. [19:10] Caroline says these are the key areas where the technology can support regulatory risk professionals. She gives an example of augmentation. AI can take the capture of regulatory change and augment it with external information that can come into play. [19:40] You can augment your initial data with additional feedback from your internal team's experience and external experts. With technology, you can easily collaborate and have information in one place and integrated into your workflow. [20:29] Acceleration is about speeding up your workflow. Instead of searching multiple databases and websites, AI technology can leverage the search much faster. You type a question to get sources of information and then converse intelligently with the system. [21:12] Automation handles mundane repetitive tasks. You can automate searching for regulatory agency information. [22:01] The report also highlights ESG as an area of increasing regulation internationally. ESG regulations demand increased transparency and focus on sustainability practices, labor rights, corporate governance, environmental regulations, and more. [22:45] There is a broad spectrum of additional regulations and directives you have to look at and monitor. It's evolving quickly. [23:00] The first thing is to integrate ESG into the risk framework. Establish an ESG-specific risk management process such as a governance compliance check, supply chain audit, and so forth. [23:17] The second aspect is the reporting and disclosure using robust reporting tools. Look at the mandatory disclosure requirements. Make regular improvements in your reporting. [23:41] Reporting requires collaboration across functions, such as sustainability, HR, corporate governance, and other teams to align on the ESG initiatives versus regulatory expectations. It's across the organization. Collect and then disseminate the information across the organization. [24:09] Finally, monitoring the evolving global ESG standards, emerging social responsibility regulations, and environmental and sustainability regulations. There is a lot to take care of and companies are not always well-equipped to do so. It requires a lot of attention and structure. [24:54] Regulatory affairs professionals are collecting the regulatory changes and requirements for compliance. They summarize them and highlight the potential impacts and risks for the company. For instance, regulation around packaging can put a supply chain at risk. [25:24] This information needs to be passed on to the risk management and compliance decision-makers. These are early signals they get much faster than when they waited for the information to be processed manually. That can give them more time to prepare the response. [26:14] This data-driven decision-making helps teams prepare better for compliance and active risk identification. [26:33] RegASK has about 35 employees and a global community of about 2,000 spread across more than 120 countries. [27:11] Caroline credits technology such as Teams and Zoom for helping RegASK continue to function during COVID-19. It's super easy to collaborate remotely now and be productive. When she needs to meet in person, Caroline enjoys meeting with different teams in different places. [28:01] Caroline thinks remote work brings some additional energy and creativity with teams being in various countries and regions. [28:14] Caroline uses AI in her work. She uses it day-to-day in testing RegASK's products and functionality, sales process, and drafting marketing materials. Now it's how you adapt AI rather than do you adapt AI. How can you leverage it efficiently in a very specific use case? [29:07] After the creativity and value added by humans, AI is helping in different processes. [29:20] Special thanks again to Caroline Shleifer of RegASK for joining us here on RIMScast. “The 2025 State of Regulatory Affairs and Compliance Report” is now publicly available. A link is in this episode's show notes. [29:37] I've also listed links in this episode's show notes to RIMS and Risk Management Magazine reporting and coverage of AI and AI adoption. Check it out! [29:50] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [30:36] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [30:53] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [31:09] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [31:24] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [31:31] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Mentioned in this Episode: RIMS DEI Council RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS-CRMP Stories — Featuring Manny Padilla! Nominations open for RIMS 2025 Awards! (Through Jan. 6, 2025) Nominations for the Donald M. Stuart Award “RegASK: The 2025 State of Regulatory Affairs and Compliance Report” RIMS Risk Management Magazine, “Managing the Risks of Emerging AI Regulations” RIMS Risk Knowledge: Artificial Intelligence RIMS Webinars: “Staying Vigilant: 7 Practical Tips for Ongoing Third-Party Risk Monitoring” | Sponsored by OneTrust | Dec. 12, 2024 RIMS.org/Webinars Upcoming Virtual Workshops: RIMS-CRMP Exam Prep (Virtual)Dec. 17‒18, 2024 | 9:00 am‒4:00 pm EST — Register by Dec. 10. “Stay Competitive with the RIMS-CRMP” | Presented by the RIMS Greater Bluegrass Chapter February 19‒20, 2025 | Instructor: Chris Mandel “Managing Data for ERM” | Dec. 12, 2024 & March 12, 2025 “Captives as an Alternate Risk Financing Technique” | Dec. 17‒18 “Fundamentals of Insurance” | Feb. 19‒20, 2025 See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Related RIMScast Episodes: “Exploring Risk in Extreme Environments with Kevin Vallely”, RIMS Canada Conference 2024 Keynote “Change Management and Strategy with Jay Kiew, RIMS Canada Conference 2024 Keynote” “Live From Vancouver! with Maryam Salmasi, Fred H. Bossons Award Winner 2024” “RIMS 2024 Rising Star Chelsea Andrusiak” (SKRIMS Vice President) “Supply and Bike Chains with Emily Buckley” Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor (New!) “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest: Caroline Shleifer, CEO and Founder at RegAsk Social Shareables (Edited For Social Media Use): I worked for years in the life science and consumer product industry, helping them scout innovation in ingredients and technology and helping them put it on the market. — Caroline Shleifer Risk professional teams are usually understaffed. The risk of non-compliance can range from stopping a product from being imported to stopping a clinical trial to a financial impact. — Caroline Shleifer Leveraging technology helps you to augment the data with all the additional knowledge that you have collected along the way that can be integrated into your workflow. — Caroline Shleifer Now it's more how you adapt AI rather than do you adapt AI. — Caroline Shleifer
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. As the 2010 Winter Olympics gold medalist in men's skeleton, Jonathan “Jon” Montgomery became a national icon, renowned for his spontaneous and exuberant celebration. Since 2013, Jon has hosted The Amazing Race Canada, captivating audiences nationwide. His career highlights include winning his first World Cup race in 2008 and earning two silver medals at the 2008 FIBT World Championships. Inducted into the Manitoba Sports Hall of Fame in 2019, Jon continues to inspire through his passion for sport and community. Jon recently keynoted the RIMS Canada Conference 2024 in Vancouver, where he took the audience along on his journey to Olympic history. RIMScast Host Justin Smulison was in the audience and was inspired by Montgomery's story, which revealed the parallels between risk management and sports and competition. To help close out 2024 and usher in the winter, Montgomery joined RIMScast to discuss his risk philosophies, highlighted by the ups and downs of training and competition. Justin and Jon discuss Jon's victory at the 2010 Olympics followed by his failure to qualify for the 2014 Olympics. Jon reveals where he fell short and how he turned this failure into a life-changing habit of learning lessons from every setback. Jon comments on the differences between individual risk-taking, and risk professionals applying more risk-aware thinking. Jon talks about journaling his wins and losses in life. Jon credits his team for everything he achieves, from the Olympics to Amazing Race Canada. Jon shares how a misunderstood training program challenged him to his limit but built him up for the 2010 Olympics. Jon's secret sauce is his curiosity and his desire to chase the best-informed guesses. Jon recommends stacking habits to make short-term goals become long-term commitments. Listen in to hear Jon's take on the RIMS Canada Conference 2024 and what he experienced there. Key Takeaways: [:01] About RIMS. [:14] Member registration for RISKWORLD 2025 is now open! General registration opens on December 4th. Visit RIMS.org/RISKWORLD. [:25] About this episode, coming to you from RIMS headquarters in New York. We will be joined by Olympic Gold Medalist, Host of The Amazing Race Canada, and recent RIMS Canada Keynote, Jon Montgomery! [:49] The next RIMS-CRMP Exam Prep Virtual Workshop will be held on December 17th and 18th. The next RIMS-CRMP-FED Exam Course will be held from February 4th through the 6th, 2025. [1:08] Links to these courses can be found on the Certification page of RIMS.org and through this episode's show notes. [1:15] RIMS Virtual Workshops! Elise Farnham of Illumine Consulting recently joined us here on RIMScast. On December 17th and 18th, she will host “Captives as an Alternate Risk Financing Technique”. [1:30] Gail Kiyomura of The ART of Risk Consulting, will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:41] This is the last week to sign up for “Managing Data for ERM”, hosted by Pat Saporito on December 12th. Registration closes on December 11th. [1:52] A link to the full schedule of virtual workshops can be found through RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:08] Interview! My guest today is one of my favorite RIMS Keynotes from 2024, the 2010 Winter Olympics Gold Medalist for Men's Skeleton, Jon Montgomery. He's an icon in Canada. He's known since 2013 as the host of The Amazing Race Canada, captivating audiences. [2:27] He's an all-around great guy. His keynote at the RIMS Canada Conference 2024 inspired me. We are catching up now to close out 2024 with a little extra inspirado! We will discuss his risk philosophies and how our listeners can apply these philosophies to their lives. [2:58] Jon Montgomery, welcome to RIMScast! [3:09] Jon Montgomery is an Olympic Gold Medalist. You may also know him as the recent host of the RIMS Canada Conference 2024. Jon is calling into the interview from his home office. Justin found Jon to be very personable after his keynote address at the conference. [3:49] Jon says his experience was awesome. The best part was connecting one-on-one with people, and putting a medal around folks' necks. Not everybody is going to remember what you say but everybody will remember how you made them feel and a moment you shared. [4:27] Jon gets a charge out of meeting folks and finding out who they might know in common. He says in Canada if it's more than a couple degrees of separation, one of them has been living under a rock. [5:13] Jon saw that folks at the conference were genuinely engaged and happy. The level of positivity was the connecting element from person to person. He could feel the energy. It felt like folks looked forward to these opportunities. People were familiar with one another, like family. [5:36] Jon saw that people look forward to these conferences to be among friends, as well as to learn and network. The level of familiarity was tangible. [6:26] Jon likes to assess risk, by whatever metrics he uses, and he loves to compete against the best, whatever he gets to be a part of. [6:51] Jon talks about measuring the risks of skeleton against the potential rewards. Whatever the perceived risks were, he pushed them to the side for the opportunity to represent my country, which carried much greater weight. He downplayed the risk in pursuit of that reward. [7:27] In hindsight, we might lie to ourselves on occasion about risky endeavors because of that proverbial dangling carrot. Jon would have played any sport that would have him. Skeleton had a shorter bench than the national team in hockey, or even speedskating, or downhill skiing. [7:55] When Jon first saw skeleton, he was compelled. Having tried it one time, he was hooked. He loved the experience of being on the sled. He didn't think too much about what would happen to him but it seemed safer than hockey with all its variables, which he grew up playing. [8:33] In skeleton racing, you go down a frozen chute. There are no right angles and everything is pretty smooth. It just has a great deal of speed. Once Jon got his brain wrapped around that, he was comfortable in that arena. [8:55] Jon learned that the sport places incredible pressure on the brain. That was glossed over in the pursuit of representing Canada. Some of the athletes got concussions and had to work through them. Jon's wife was profoundly affected by participation in skeleton racing. [9:18] Jon says they are where they are today because of that row to hoe and the dark days that followed after she left the sport and Jon retired four years later. [9:40] Could risk professionals push some risks to the side with a similar outcome or is there a different approach to apply in their roles? Jon suggests risk professionals not turn a blind eye to the outcomes. As an individual chasing a dream, there has to be some of that. [10:05] Jon says if he focuses solely on the risk, it might detract from his capacity to react and take advantage of a situation and opportunity. If you're dwelling on what could go wrong, you're missing things right in front of you that might swing the pendulum in the other direction. [10:32] As a risk professional, you work to mitigate that negative outcome. For what's at stake as a risk professional, Jon would not advise turning a blind eye to outcomes. For the public, dwelling on what can go wrong will lead to some of those outcomes. What we focus on grows. [10:57] If you perpetually focus on the negative and what could go wrong, you will attract it. Focus instead on what you want to have happen. Justin and Jon discuss the law of attraction where thoughts become things. Justin watched it on streaming instead of reading the book. [12:40] Jon keeps track of his hits and misses, but he doesn't do as much journaling as he thinks he should. When he does journal, he is proud that he wrote of his successes to be reminded of them later. He finds journaling to be a great tool to be leveraged. [13:32] Jon says nobody should expect not to experience disappointments. As a parent, Jon has had to realize that his reactions are natural, even if he would have preferred to react a different way. [13:58] The conversations that are had afterward are humanizing, when he admits not having had the patience the situation warranted. Jon talks of building conversation around expectations, realities, and disappointments, moving forward with purpose. [14:22] One of Jon's most disappointing experiences was falling short of making the 2014 Olympic team. As the defending Olympic champion, he failed to qualify for the 2014 Games although he was stronger, faster, and more prepared. He had tried to create a better sled. [15:43] In skeleton racing, your sled needs to be intertwined with every fiber of your being. You have to know how it will react to the smallest impetus. If you haven't had the time to become one with your sled, you are at a disadvantage. Jon didn't have the time to perfect his sled. [16:18] Jon fell just a hair short. It was wildly disappointing. The feeling in the pit of his stomach was palpable. Today, Jon is so glad it happened to him. What he took away from it was that he realized he had pushed people away who could have helped him in his project. [17:37] Jon had spent a lot of time, money, and effort on this project and he thought people just wanted to be part of it. He pushed against collaboration. He made himself a man on an island in a solo pursuit. He couldn't reach the necessary expedited rate of development alone. [18:12] If you want to go quickly, go alone. If you want to go far, you've got to go together. Jon applies that lesson to everything he does today as an entrepreneur and in business. He knows he can't do it singly. The lesson has stood him well since he moved on from the disappointment. [18:43] As you move away from a failure, if you focus on the lessons you learned through that pursuit, that's always going to be a win. You'll either get the victory or the lesson. In either case, it's a W! [19:10] Plug Time! RIMS Webinars! On December 5th, we have “Predictive Strategies to Detect Electrical and Machinery Failures”, presented by Global Risk Consultants, a TÜV SÜD company. [19:25] On Thursday, December 12th, OneTrust returns to deliver “Staying Vigilant: 7 Practical Tips for Ongoing Third-Party Risk Monitoring”. [19:35] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [19:47] RIMS is now accepting nominations for all awards other than Risk Manager of the Year 2025. The submission deadline is Monday, January 6th, 2025. To receive a RIMS award, all winners must be active members and in good standing. [20:07] These awards are the Diversity, Equity, and Inclusion Chapter Leadership Award, the Harry and Dorothy Goodell Award, the Volunteer of the Year “Heart of RIMS” Award, the Richard W. Bland Memorial Award, the Chapter of the Year Award, the Rising Risk Professional Award, the Risk Management Hall of Fame, and the Cristy Award. [20:44] You can find more information about the awards through the About Us page of RIMS.org or the link in this interview's show notes. [20:52] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [21:04] Back to the Interview! [22:02] As the tip of the iceberg, the visible part of Amazing Race Canada, Jon stands on the shoulders of a juggernaut of a team. When you saw Jon at the Olympics, going down the mountain on the crazy carpet with rails on it, you didn't see the team behind the athlete. [22:27] Jon's team was made up of coaches, trainers, physiotherapists, and team leaders. All of these people feed into a moment. [22:40] When that moment becomes visible to the masses, the capacity to see the team for the individual isn't present but everybody who has done something that they can be proud of knows full well what goes into a result. [23:22] Jon's public speaking skills developed in tandem with his pursuit of athletics in high school. Jon and a buddy were student council co-presidents. They spoke in front of their peers at student assemblies. There is no more angst-inducing group to speak to than teen peers. [24:26] Jon became an auctioneer. He shares a sample of his auctioneer chant. He was often asked to MC weddings and events. He learned to be himself on a grand stage. When a beer was thrust in front of him, he was himself. It led him to develop his career, rather than auctioning. [27:31] Jon has a great deal of anonymity in a bar although some speak of offering him a beer. His favorite beer is wet and free. When offered, he will chug it. [29:01] Due to misunderstanding an article on training, Jon found himself overtraining in squats, lifting twice what was suggested. It caused him to break down, physically, emotionally, and mentally, spending hours at the gym to get 100 reps done. [30:17] On day 10, Jon fell short, being unable to do 100 squats with 200 additional pounds on the bar than he had had on day 1. He looked at the workout again and found he had done almost 100% more work than was required. There was no amount of energy he didn't expend to do it. [31:11] It dawned on him that he never would have made it that far had he known the truth. He wouldn't have put forth that amount of work if he hadn't believed it was possible. That belief that others had done it was compelling and propelled him far past his self-imposed limitations. [31:39] Almost completing the doubled workout made Jon realize that things are only out of our reach if we put them there; if we use self-limiting verbiage like “I can't,” or “We're going to fail.” Confidence is the key, whether you think you can or you think you can't, you're right. [31:59] That experience in the gym made Jon realize that if he was going to be good at skeleton racing, he was going to have to continue to develop his legs, his glutes, his quads, and his core, and also his confidence; his capacity to believe that he could be a 2010 national team skeletor. [32:22] Jon had to believe he had the same opportunity and chance as every other athlete out there to win a medal; to win the gold medal. [32:31] All he could do was execute and be the best version of himself on the day that mattered and not worry about anybody else. If he did that, he would put himself in the best possible position. Jon was 30, turning 31. His training had made him strong. He peaked at the Games. [33:12] Jon's last push on his last run at the Games was his best. He needed that fast start time to compete with the two fastest pushers in the world. [34:12] Justin and Jon discuss not drinking alcohol on days you train. Jon says how we manage something inherently unhealthy is an individual thing. Your capacity to recover after having alcohol is reduced. Jon calls drinking a balancing act. You have to weigh things. [36:42] Jon talks about getting deep sleep and REM. He wears an Oura Ring to track his sleep. His metrics are different when he's had alcohol. Jon cherishes his sleep. [37:50] Jon says when you stack habits, your capacity to change short-term interests into long-term commitments is so much more bolstered. [38:33] Jon Montgomery's secret sauce is curiosity. He has a great deal of gratitude for having a curious mind. It's hard to teach or coach curiosity. Curiosity can be nurtured when you recognize it in your children and others. Jon's curiosity leads him to chase best-informed guesses. [39:37] Jon never holds anything so dear to his heart that he would die on that front. He is open and willing to have his mind changed about stuff. He's plain about what he knows right now. [39:49] Jon, it has been such a pleasure to have this one-on-one time with you for RIMScast. This past year, 2024 RIMS Canada had their best lineup of keynotes with you, Kevin Vallely, Jay Kiew, and Jody Wilson-Raybould. You all were fantastic and there was a lot to take away. [40:14] It resonated with me so I wanted to keep you at RIMS a little longer to get some more of those nuggets of wisdom. [40:39] Jon invites you to get your submission tapes in for Amazing Race Canada. Casting is still open. Jon will be the host for as long as they will have him! If they can him, he'll follow them on the road and sneak into shots! They do the show for men's health awareness. Donate online. [41:19] Special thanks again to Olympic gold medalist Jon Montgomery for joining us here on RIMScast. If you missed his keynote at the RIMS Canada Conference 2024, be sure to look for him on the road as he delivers several more at other events. [41:33] Be sure to follow his adventures as the host of Amazing Race Canada, which is gearing up for its 11th season, brought to you by CTV. Learn more about him at JonMontgomery.CA. [41:47] More RIMS Plugs! The RIMS App is available to RIMS members exclusively. Go to the App Store and download the RIMS App with all sorts of RIMS resources and coverage. It's different from the RIMS Events App. Everyone loves the RIMS App! [42:22] You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [43:07] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [43:25] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [43:42] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [43:56] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [44:03] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Mentioned in this Episode: RIMS DEI Council RIMS-Certified Risk Management Professional (RIMS-CRMP) NEW FOR MEMBERS! RIMS Mobile App RIMS-CRMP Stories — Featuring Valerie Fox! Nominations open for RIMS 2025 Awards! (Through Jan. 6, 2025) Nominations for the Donald M. Stuart Award RIMS Webinars: “Predictive Strategies to Detect Electrical and Machinery Failures” | Sponsored by TUV SUD GRC | Dec. 5, 2024 “Staying Vigilant: 7 Practical Tips for Ongoing Third-Party Risk Monitoring” | Sponsored by OneTrust | Dec. 12, 2024 RIMS.org/Webinars Upcoming Virtual Workshops: RIMS-CRMP Exam Prep (Virtual)Dec. 17‒18, 2024 | 9:00 am‒4:00 pm EST — Register by Dec. 10. “Managing Data for ERM” | Dec. 12, 2024 & March 12, 2025 “Captives as an Alternate Risk Financing Technique” | Dec. 17‒18 “Fundamentals of Insurance” | Feb. 19‒20, 2025 See the full calendar of RIMS Virtual Workshops” RIMS-CRMP Prep Workshops Related RIMScast Episodes: “Exploring Risk in Extreme Environments with Kevin Vallely”, RIMS Canada Conference 2024 Keynote “Change Management and Strategy with Jay Kiew, RIMS Canada Conference 2024 Keynote” “Live From Vancouver! with Maryam Salmasi, Fred H. Bossons Award Winner 2024” “RIMS 2024 Rising Star Chelsea Andrusiak” (SKRIMS Vice President) “Supply and Bike Chains with Emily Buckley” Sponsored RIMScast Episodes: “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL (New!) “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS Events, Education, and Services: RIMS Risk Maturity Model® RIMS Events App Apple | Google Play Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest: Jon Montgomery, 2010 Winter Olympics Men's Skeleton Gold Medal Winner and Host of Amazing Race Canada Social Shareables (Edited For Social Media Use): The best part of a gig is the opportunity to connect one-on-one with people in their space, and getting to put a medal around folks' necks. Not everybody is going to remember what you say but everybody will remember how you made them feel and a moment you share. — Jon Montgomery I like to assess risk, on what metrics I use, and I love to compete. I love to stack myself against the best, in whatever it is I get to be a part of. — Jon Montgomery When I saw skeleton for the first time, I was compelled, from a visual standpoint. Having tried it one time, I was hooked. — Jon Montgomery When the moment of competition becomes visible to the masses, the capacity to see the individual's team isn't present but everybody who has done something that they can be proud of knows full well what goes into a result. — Jon Montgomery That belief that others had done this doubled workout was compelling and propelled me far past my self-imposed limitations. It made me realize that things are only out of our reach if we put them there. — Jon Montgomery I am a curious dude. It's led me to chase best-informed guesses for what we know today. I am open and willing to have my mind changed about stuff. Here's what I know right now. — Jon Montgomery
A auditoria contínua está revolucionando a gestão de riscos nas empresas, especialmente diante de crescentes desafios tecnológicos e de segurança. Mariana Blois, gerente de auditoria interna da ARD Saúde, e Suzana Okamura, diretora de Risk Consulting na Forbes Mazars, exploram os avanços e as vantagens dessa abordagem, como a detecção proativa de riscos e o fortalecimento da governança. Em meio à transformação digital e ao uso de inteligência artificial, discutem como implementar com eficiência uma cultura de auditoria contínua e vencer barreiras culturais e técnicas.Participantes:Suzana Okamura, Diretora, Forvis Mazars.Mariana Blois, Gerente de Auditoria Interna, RD Saúde.Host(s):Juliana Cavani, Apresentadora, Tracto.
- Toronto Public Library apologizes after lost child denied help, Jim speaks with Megan Kinch - mom involved in the story- At what point can you put country over party? 'Thanks for dinner': Trudeau meets with Trump, cabinet nominees at Mar-a-Lago after tariffs threat- American Warships Neutralize Houthi Missile Attack in Vital Shipping Lane. Jim speaks with Phil Gurski - President and CEO of Borealis Threat and Risk Consulting for his analysis
Host Alex Pierson is joined by Phil Gurski the CEO of Borealis Threat and Risk Consulting and a former CSIS Sr. Strategic Analyst on Terrorism on what are the risks of a terror attack occurring in Toronto during one of Taylor Swift's upcoming shows. Learn more about your ad choices. Visit megaphone.fm/adchoices
O mercado de fintechs tem crescido exponencialmente nos últimos anos, com inovações como Banking as a Service, Credit as a Service e Embedded Finance, que estão transformando a maneira como empresas oferecem serviços financeiros. Francisco Carvalho, CEO da ZipDin, compartilha sua trajetória pioneira no setor e os desafios enfrentados ao longo do caminho, desde as primeiras regulações até as complexidades de operar com grandes volumes de crédito. A conversa explora desde a profissionalização do setor até os erros mais comuns cometidos por empresas que buscam atuar no mercado financeiro de forma eficiente.Participantes:Francisco Carvalho, CEO, ZIPDIN.Host(s):Janny Castro, Diretora de Risk Consulting especializada em compliance, Forvis Mazars.Juliana Cavani, Apresentadora, Tracto.Fernanda Baptista, Supervisor de Consultoria - Financial Services, Forvis Mazars.
RECOVERING POLITICIANS PANEL: WHAT KIND OF CAUCUS MEETING CAN PM TRUDEAU EXPECT? Tasha Kheiriddin is joined by George Smitherman, a former Ontario Liberal Deputy Premier and Health Minister, Cheri DiNovo, a former Member of Provincial Parliament of Ontario and Lisa Raitt, a former deputy leader of the Conservative Party of Canada. There is a federal Liberal caucus meeting taking place this week and it comes at a time when there's talk among some MPs of their dissatisfaction with PM Trudeau as the leader of their party. Meanwhile, the province of New Brunswick has made history this week by electing their first ever woman Premier. The Liberal's Susan Holt won a majority. TORONTO'S STRATEGY TO ADDRESS HOMELESSNESS DURING WINTER Tasha is now joined by Gord Tanner, the General Manager of Toronto Shelter and Support Services. Today: the City detailed its strategy to address homelessness in the winter. But, will it go far enough to meet the demand? We also get a recap on City workers dismantling the encampment at Allen Gardens. REMEMBERING CPL. NATHAN CIRILLO TEN YEARS ON Tasha is now joined by Peter MacKay, who served as Minister of Justice and Attorney General as well as other high profile cabinet positions under Prime Minister Stephen Harper and Phil Gurski, President and CEO of Borealis Threat and Risk Consulting and a former senior strategic terrorism analyst at CSIS. Today marks ten years since Cpl. Nathan Cirillo was gunned down in a terrorist attack in Ottawa. Our guests reflect on that tragic day and the lessons learned since.
A trajetória de Cláudio Azevedo à frente da Advice Compliance Solutions revela como o mercado financeiro tem enfrentado desafios crescentes em áreas críticas como prevenção à lavagem de dinheiro e ESG. O episódio explora como a evolução das regulamentações e a crescente demanda por soluções de automação estão moldando o setor. Azevedo compartilha insights sobre o surgimento da empresa, a importância da análise baseada em risco e a adoção de tecnologias para antecipar exigências regulatórias e adaptar-se às novas demandas de compliance.Participantes:Claudio Azevedo, Sócio Fundador e CEO, Advice Compliance Solutions.Host(s):Juliana Cavani, Apresentadora, Tracto.Janny Castro, Diretora de Risk Consulting especializada em compliance, Forvis Mazars.
A OceanPact, uma empresa que oferece suporte para atividades no mar, lida com particularidades específicas em um setor intensivo em capital, especialmente no processo de participação em BIDs e contratos de longo prazo. Eduardo de Toledo, CFO da empresa, compartilha como a OceanPact gerencia a alocação de recursos, precificação e manutenção de sua frota, além de discutir a importância de uma governança forte e a adaptação às novas tecnologias. A conversa explora a evolução da gestão financeira e as tendências futuras, incluindo o papel da inteligência artificial no setor marítimo.Participantes:Eduardo de Toledo, CFO, OceanPact.Janny Castro, Diretora de Risk Consulting especializada em compliance, Forvis Mazars.Host(s):Juliana Cavani, Apresentadora, Tracto.
A implementação de compliance na América Latina é um desafio que vai além das diferenças de idioma, abrangendo questões culturais, regulatórias e econômicas. Com base em sua vasta experiência, Alison Palermo aborda como essas complexidades afetam a adaptação de políticas globais e a necessidade de tropicalizar normas para refletir a realidade de cada país. O episódio explora os principais obstáculos enfrentados por empresas ao tentar aplicar regras de compliance em uma região tão diversa.Participantes:Alison Dorigão Palermo, Especialista em Compliance, (sem empresa).Host(s):Juliana Cavani, Apresentadora, Tracto.Janny Castro, Diretora de Risk Consulting especializada em compliance, Forvis Mazars.
TUNE INTO THE TOWN: REACTION TO TORONTO'S "DON'T BLOCK THE BOX" INITIATIVE Libby Znaimer is joined by Karen Stintz, a Conservative Party of Canada Candidate for Eglinton-Lawrence, a former Toronto City Councillor and the CEO of Variety Village, Toronto Councillor Jon Burnside for Ward 16 Don Valley East, and Councillor Paula Fletcher for Ward 14 Toronto-Danforth. There's plenty happening in Toronto lately...we kick things off with a discussion about the City's "Don't Block the Box" initiative aimed at curbing local traffic congestion with fine increases being announced by Mayor Olivia Chow. Meanwhile, the Toronto Police Association has kicked off a campaign calling for more pay for officers. And, one of the councillors on today's panel thinks that we are not getting enough accountability from our government leaders. THE MICHELIN GUIDE GOES BEYOND TORONTO WITH AWARDS TO RESTAURANTS Libby Znaimer is joined by Nick Di Donato, President of Liberty Entertainment Group, whose restaurant DaNico was awarded one Michelin star last night and Chef Jeremy Austin of The Pine in Creemore, Ontario which was also awarded a Michelin Star. This year's Michelin awards ceremony in Toronto was filled with excitement. It wasn't just Toronto restaurants who were handed awards. The Michelin Guide also awarded restaurants in other parts of Ontario including Oakville, Creemore and Niagara Region. HEZBOLLAH TERROR GROUP TARGETED WITH EXPLODING PAGERS AND WALKIE TALKIES Libby Znaimer is joined by Francis Syms, Associate Dean of Information & Communications Technology at Humber Polytechnic and a cybersecurity and consumer hardware expert, and Phil Gurski, President and CEO of Borealis Threat and Risk Consulting, and a former senior strategic terrorism analyst at CSIS. Lebanon has been on edge this week. First, because of a wave of pager explosions on Tuesday afternoon targeting members of the Hezbollah terrorist group who have been using the devices in an effort to evade Israeli communications interception. Then yesterday, walkie talkies being used by Hezbollah also exploded. The terrorist group is blaming Israel for the attacks. Meanwhile the Israelis have not publicly commented on these specific incidents. Our guests weigh in on how these developments serve as a setback for Hezbollah and how such technologies can be compromised.
THE ZOOMER SQUAD: THE TREND OF INTENSE ENDURANCE SPORTS AMONG OLDER ZOOMERS Libby Znaimer is joined by Rudy Buttignol, President of CARP, Anthony Quinn, Chief Operating Officer of CARP, and John Wright, Executive Vice President of Maru Public Opinion. Our panel reacts to disgraced fashion mogul Peter Nygard's 11 year prison sentence and the trend of mid-life Zoomers (ages 45 plus) participating in intense endurance sports like the Ironman, triathlons and various other kinds of activities; clearly this demographic shows no sign of slowing down. And, should Canada institute what is called a "National Silver Alert line" for older adults who go missing? Our panel discusses this controversial idea. BACK TO WORK FOR MINIMUM THREE DAYS FOR FEDERAL PUBLIC SERVANTS Libby Znaimer is joined by Howard Levitt, Senior Partner at Levitt LLP, followed by Duncan Dee, a former Air Canada executive. Starting today, federal public workers have to go back to the office for a minimum of three days a week, and the latest on the possible impending pilots strike. SUSPECT FROM CANADA WANTED TO KILL "AS MANY JEWISH CIVILIANS AS POSSIBLE" IN NYC ON OCTOBER 7TH ANNIVERSARY Libby Znaimer is now joined by Philip Wasielewski, Senior Fellow at the Foreign Policy Research Institute and a former Director of Operations at the Central Intelligence Agency, and Phil Gurski, President and CEO of Borealis Threat and Risk Consulting and a former senior strategic terrorism analyst at CSIS. Last week, Canadian authorities arrested a citizen of Pakistan living in Canada with alleged plans to shoot and kill "as many Jews as possible" in NYC on or close to the anniversary of October 7th. Our experts weigh in on the latest.
TUNE INTO THE TOWN: MORE THAN 80,000 LETTERS DELIVERED TO PREMIERE OVER CONCERNS OF ONTARIO SCIENCE CENTRE Libby Znaimer is joined by Councillor James Pasternak, Ward 6 York Centre, Alex Blumenstein, Co-Founder of The Peak, and Karen Stintz, CEO of Variety Village. Recent debates on immigration cover abuses of the Temporary Foreign Worker program, visa overstays by international students, and troubling asylum cases like the alleged terrorist father-son duo. Libby and panel also discuss the persisting concerns surrounding the Ontario Science Centre. HOW TORONTO TERROR SUSPECTS GOT THROUGH CANADA'S IMMIGRATION SYSTEM Libby Znaimer is now joined by Phil Gurski, President of Borealis Threat and Risk Consulting and a former senior strategic terrorism analyst at CSIS, and immigration lawyer Guidy Mamann. Libby explores the recent case of a father and son accused of terrorism and their asylum process in Canada. The discussion focuses on the asylum application procedures, potential abuses of the system, and the role of immigration consultants who may mislead their clients. CONSUMER REPORT LISTS MOST TRUSTED USED CARS Libby Znaimer is joined by Alan Gelman, past host of Dave's Corner Garage and a licensed auto mechanic for the last 45 years, and Ruslan Eshigbay, Partner at Toronto Car Experts. Consumer Reports has released its 10 Used Car Picks, applying rigorous testing to pre-owned models. With new car prices high, many are turning to used cars for better value. Alex Knizek of Consumer Reports highlights that buyers shouldn't sacrifice safety or reliability to save money. The picks span various price categories and focus on the newest model years within each generation, ensuring better reliability and features. The list includes cars like the Buick Envision and Mazda CX-9, which offer value as used cars.
TUNE INTO THE TOWN: ASSAULT ON POLICE DURING PARKING DISPUTE IN TORONTO Libby Znaimer is joined by Alex Blumenstein, Co-Founder of The Peak, Toronto City Councillor Brad Bradford for Ward 6 Beaches-East York, and Karen Stintz, a Conservative Party of Canada Candidate for Eglinton-Lawrence, a former Toronto City Councillor and the CEO of Variety Village. It's Thursday - time to talk about all things municipal- and today we have to talk about parking! A bylaw officer and the police officer he called for backup were assaulted by a driver who had just been ticketed for parking in a bike lane - the fine for that offense had just gone up on the first of the month. Then we were treated to that viral video of a cop being called out for parking illegally to get coffee. The only physical part of the argument was the finger that was given... by the cop. Both the head of the Toronto Police Association and Premier Doug Ford think this constitutes harassment. So the question is: if you park illegally to get a cop a coffee, will you get a ticket? TERROR PLOT TARGETING TAYLOR SWIFT CONCERTS IN VIENNA FOILED Libby Znaimer is joined by Phil Gurski, President and CEO of Borealis Threat and Risk Consulting, and a former Senior Strategic Terrorism Analyst at CSIS. Mega popstar Taylor Swift has had to cancel her concerts in Vienna after authorities there foiled a planned terrorist attack on the concert venue and arrested two individuals. Phil reacts to the latest. AIR PASSENGER RIGHTS LAWSUIT AGAINST WESTJET Libby Znaimer is joined by Dr. Gabor Lukacs, President and Founder of Air Passenger Rights, and John Gradek, a faculty lecturer at McGill University and a former executive with Air Canada. Air Passenger Rights has filed a lawsuit against WestJet over their cap policy when it comes to compensation of hotel and food costs for customers facing flight disruptions, arguing that it is illegal. Meanwhile, Flair Airlines was ordered to compensate two passengers after a B.C. tribunal found it had lied about the reason for the cancellation. The airline said it was a bird strike but there was no evidence of that. Gabor highlights a Transport Canada database here in Canada called CADORS where all kinds of air occurrences like bird strikes are reported. Listen live, weekdays from noon to 1, on Zoomer Radio!
THE MEDICAL RECORD: IS EXPANDING THE RESPONSIBILITIES OF PHARMACISTS IN ONTARIO A GOOD IDEA? Libby Znaimer is joined by Dr. Malcolm Moore, Medical Oncologist at Princess Margaret Cancer Centre and a former head of the BC Cancer Agency, Dr. Alisa Naiman, a family doctor practicing comprehensive primary care in Toronto and Dr. Alon Vaisman, Infectious diseases physician at the University Health Network (UHN). Our panel reacts to the province ending its COVID-19 wastewater surveillance program, and other healthcare news of the week. THE LATEST WAVE OF ANTISEMITISM TARGETING THE JEWISH COMMUNITY Libby Znaimer is joined by MP Melissa Lantsman, Deputy leader of the Conservative Party (Thornhill) as well as Richard Robertson, Director of Research and Advocacy at B'nai Brith Canada and Rabbi Jeff Forman of City of David Messianic Synagogue. What we know about the latest wave of antisemitic attacks on the local Jewish community--this time in Vaughan--and our guests weigh in on whether our government leaders, at all levels, are doing enough to address the problem of antisemitism. TERROR CHARGES LAID IN GTA & HAMAS LEADER ASSASSINATED IN IRAN Libby Znaimer is now joined by Dr. Stephanie Carvin, Assistant Professor of International Affairs at Carleton University and an expert on national security issues, as well as Phil Gurski, President and CEO of Borealis Threat and Risk Consulting and a former Senior Strategic Analyst at CSIS. A father and son were arrested and charged for terrorism related offences according to the RCMP. And, what we know so far about the assassinations of Ismail Haniyeh, a Hamas leader, and Hezbollah senior commander Fuad Shukr.
What would a modern home economics course look like to you? That's the question being asked as the now-named 'Family Studies' is set to have a revamp come its way. Guest: Lesia Hucal, Family Studies teacher at St. Thomas More Catholic Secondary School and Vice President of the Ontario Family Studies & Home Economics Educators' Association - How is it even possible for the bathroom at Woodlands Park to cost $1.3 million and a year to renovate? Surely there's a better way! Guest: Indra Maharjan, Director of Corporate Facilities, City of Hamilton Cynthia Graham, Director of Environmental Services, City of Hamilton - Canadian politicians "wittingly" participated in foreign interference? What does this mean, practically speaking? What should be done about it? Guest: Phil Gurski, President of Borealis Threat and Risk Consulting, Former CSIS analyst
In this Risk Intel podcast, host Edward Vincent welcomed back Shawn Ryan, Chief Financial Officer at Strategic Risk Associates (SRA) to continue the conversation of hidden factories and what a Hidden Factory could look like inside a bank? These covert inefficiencies, often overlooked, can significantly impede operational effectiveness and risk management efforts, necessitating proactive measures for identification and mitigation. Follow SRA to Learn More.Follow us to stay in the know!
Alex Pierson speaks with Phil Gurski, President and CEO of Borealis Threat and Risk Consulting, former CSIS Analyst. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of the Risk Intel Podcast, industry veteran Shawn Ryan joined host, Ed Vincent to share invaluable insights into what is a hidden factory and how these types of risks could be lurking within banking operations. With over 30 years of experience in financial institutions, Shawn sheds light on the concept of hidden factories and their implications for banks. Listen to learn about the key takeaways from this enlightening discussion. Follow SRA to Learn More.Follow us to stay in the know!
Effective risk management is paramount to the success of Financial Institutions. Beth Nilles, a leading expert at SRA, joined Ed Vincent on the Risk Intel Podcast to discuss the innovative strides being made in risk and control self-assessment (RCSA) implementations at Strategic Risk Associates. The conversation delved into the why and how behind the development of SRA's groundbreaking RCSA module designed to address common challenges and elevate risk management practices to new heights. Based on conversations with financial institutions around the country, Beth found there are four standouts to a successful RCSA module: simplifying complexity, engaging the first line, seamless integration, and implementation excellence. Listen to learn more about Watchtower's integrated RCSA module and how it can help your institution streamline the risk assessment process. Follow SRA to Learn More.Follow us to stay in the know!
In today's rapidly evolving financial landscape, effective risk management is paramount for the success and stability of banks. One crucial tool in this endeavor is a Risk and Control Self-Assessment (RCSA), which provides insights into operational risks and informs strategic decision-making. In this episode of the Risk Intel Podcast, Beth Nilles, Director of Implementation at SRA, shared valuable insights into how RCSA can enhance bank operations. Listen to explore how RCSA is shaping risk management practices in the banking industry. Follow us to stay in the know!
In this episode of the Risk Intel Podcast, we had the privilege of hosting Joseph S. Berry, Co-Head of Investment Banking at Keefe, Bruyette, & Woods (KBW), a Stifel Company. With over 25 years of strategic advisory experience, Joe shares his expertise and insights into the ever-evolving landscape of financial services, regulatory challenges, and risk management in 2024. Listen to learn more.Follow us to stay in the know!
Succession planning stands as a cornerstone of organizational management, especially within the risk departments of financial institutions. In a recent episode of the Risk Intel Podcast, host Ed Vincent, CEO of SRA Watchtower and guest Michael Glotz, CEO of SRA Consulting delved into the intricacies of succession planning in risk management. Follow us to stay in the know!
In the dynamic landscape of financial risk management, this episode of the Risk Intel Podcast unveils a treasure trove of strategic insights. Our guest is industry veteran Doug Cargnel, boasting nearly 30 years of operational risk management and audit experience, the conversation centers around the crucial components of Risk and Control Self-Assessment (RCSA). Listen to learn about the key tools, practical tips, and regulatory collaboration strategies related to RCSA. Follow us to stay in the know!
Join us for the opening remarks of Day One at the Super Summit, featuring Richard C. Wilson. 01:27 - Combining Strategies for Success03:36 - Challenges in Capital Raising03:47 - Introduction to Family Offices05:30 - Negotiating and Earning Trust06:15 - Overcoming Rejection in Capital Raising06:29 - Risk Consulting and Capital Raising Job10:02 - Balancing Growth and Friction Removal12:27 - The Importance of Niche Focus12:50 - Seeing Deals First and Exclusive Access13:40 - Being Yourself and Authenticity13:51 - Importance of Being Number OneOur 17-year-old investor club, the Family Office Club, has 25 team members, 11 million social followers, has closed on over $500M of transactions, has over 4,000 active investors, and hosts 15 live events a year. To join our investor club as a capital raiser or CEO of a company needing capital to access our live community events, please visit https://FamilyOffices.comTo register with us as an investor to access live community events please visit https://InvestorClub.com
In this episode of the Risk Intel Podcast, host Ed Vincent welcomes Doug Cargnel back to the show to help explain some of the practical aspects of enacting a Risk and Control Self-Assessment (RCSA). Doug is a compliance expert, who brings nearly 30 years of operational risk management and audit experience in the financial sector. Follow us to stay in the know!
Guest host Anthony Furey speaks with Phil Gurski, President and CEO of Borealis Threat and Risk Consulting, former CSIS Analyst, about Canada including India in it's probe into election interference. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of SRA's Risk Intel Podcast, host Ed Vincent engages in a captivating conversation with Doug Cargnel, a seasoned professional boasting nearly three decades of operational risk management and audit expertise. The central theme of their discussion? Risk and Control Self-Assessments (RCSAs) – a pivotal component of a cutting-edge risk management program. This is part one of a three-part series to better understand and discover RCSA best practices. Follow us to stay in the know!
To kick off season two of the Risk Intel Podcast, Ed Vincent, host of the show and CEO of SRA Watchtower welcomed back Robin Greenlee, Chief Risk Officer at MapleMark Bank. The two delved into crucial aspects of scaling a risk management program and the importance of aligning it with the organization's strategic growth objectives. Follow us to stay in the know!
Alex Pierson speaks with Phil Gurski, President and CEO of Borealis Threat and Risk Consulting, former CSIS Analyst and author of ‘The Threat From Within: Recognizing Al Qaeda-Inspired Radicalization and Terrorism in the West' about the RCMP charging an Ottawa youth with terrorism for allegedly plotting an attack against the Jewish community. Learn more about your ad choices. Visit megaphone.fm/adchoices
In the latest episode of the Risk Intel Podcast, host, Ed Vincent, CEO of SRA Watchtower, engages in an enlightening discussion with Ryan Richardson and Andy Lorentz, seasoned attorneys and regulatory experts at Davis Wright Tremaine, LLP. This insightful episode unveils the intricacies of the newly proposed Consumer Financial Protection Bureau (CFPB) rule on Digital Payments that aims to extend supervisory authority to larger non-bank participants. Join Ed, Ryan, and Andy as they navigate the regulatory landscape, shedding light on the potential changes and implications for non-bank entities engaged in diverse consumer financial activities. The conversation also delves into the nuances of direct versus indirect supervision and unravels the challenges faced by technology companies operating in the financial services realm. Follow us to stay in the know!
Alex Pierson speaks with Phil Gurski, President and CEO of Borealis Threat and Risk Consulting, former CSIS Analyst, about an Indian national facing murder-for-hire charges in a case of what American law enforcement are calling an attempt “to assassinate a U.S. citizen on U.S. soil,” with an alleged connection to an employee of the Indian government. Learn more about your ad choices. Visit megaphone.fm/adchoices
Host Alex Pierson speaks with Phil Gurski, President and CEO of Borealis Threat and Risk Consulting, former CSIS Analyst. about Imam Adil Charkaoui, a controversial Islamic educator in Montreal. Learn more about your ad choices. Visit megaphone.fm/adchoices
Host Alex Pierson speaks with Phil Gurski, President and CEO of Borealis Threat and Risk Consulting, former CSIS analyst. Learn more about your ad choices. Visit megaphone.fm/adchoices
Host Alex Pierson speaks with Phil Gurski, President and CEO of Borealis Threat & Risk Consulting, former CSIS analyst about the espionage trial for a former top RCMP agent. Learn more about your ad choices. Visit megaphone.fm/adchoices
This throwback episode we celebrate Dr. William Aprill for his second appearance on our show. We miss him greatly, but can continue to learn from his amazing and critical contribution to our path. ///////////////////////////////// This week we have Dr. William Aprill back on the show to hit on some very timely subjects. William is the self-protection industry leader in knowing the criminals mind and the protectors mind and how to use this knowledge to keep us safer. Some of the topics discussed are the phycological effects of the COVID 19 lockdowns and economic impacts, and current riots spurred by George Floyd's death at the hands of negligent police officers. William also gives us some insight into the mindset of rabble rousing protestors and how they take advantage of and hijack legitimate protests committing violence and anarchy. Lastly the crew discusses William's preferred weapons and dry fire tools. The crew then hits on accountability of the week and prescribe the drill of the week which will be a test, re-test of the Todd Green FAST Drill. https://pistol-training.com/drills/the-fast If you are getting something out of this podcast, please subscribe, share and give us a review, it helps us to be discovered by more people, and could literally provide life saving information. Intro and Outro Music by: The Tactical Twins, Jason Bieler and The Baron Von Bielski Orchestra and Tim Alexander/Fata Morgana Please subscribe and share our podcast with friends and family. Visit our website for bios, future events and info at www.evosec.org Like, follow and share us on Facebook and Instagram @evosecusa WE ARE PUMPED TO HAVE A NEW AFFILIATE LINK FOR ORIGIN AND JOCKO FUEL!!! Help support this show by purchasing any of your JiuJitsu gear, Jocko Supplements, books clothing and more... link below. Origin/Jocko Fuel – Bringing back American manufacturing, producing the best Jiu-Jitsu Gis on the market, Jeans, rash guards, and world class supplements to help you on the path. Use EvoSec10 at checkout for 10% off, this helps us greatly. EVOSEC Originusa.com AFFILIATE LINK Tenicor – www.tenicor.com they are educators, and innovators in the holster market. They are firearms instructors themselves, pressure testing their gear in multiple force on force events every year. We support those who do the work. Again, patronizing our sponsors helps us greatly. Evolution Security is Eric Davis, Aaron Davis and Brian Schilt; specializing in self-protection education, defensive pistol and carbine, consulting, and weapons based grappling. Their mission is to help those serious about protecting themselves and their loved ones, become more capable though filtered information, recommended study, and highlighting their mentors who are the best in the field. In addition, Eric and Aaron (twins) are musicians keeping with Musashi's adage that martial artist should focus on art outside of the martial.
WATCH AND SUBSCRIBE TO OUR YOUTUBE CHANNEL https://www.youtube.com/@carljacksonshowandblog More: www.TheCarljacksonshow.com Facebook: https://www.facebook.com/thecarljacksonshow Twitter: https://twitter.com/carljacksonshow Parler: https://parler.com/carljacksonshowSee omnystudio.com/listener for privacy information.