AuditBoard Live Webinar banner advert Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

News update July 2022 A&R magazine Jul Aug 22

Rising flood risks rarely covered by insurance

Natural catastrophes resulted in a total global economic loss of US$270bn in 2021 and insured losses of US$111bn, according to reinsurance firm Swiss Re. This continues a trend of insured losses increasing by an average of five to seven per cent annually worldwide.

Growing populations, rapid urban development and the accumulation of economic wealth in areas at higher risk of disasters are contributing to this rise in losses.China and US, in particular, suffered from natural catastrophes in 2021, while floods in Europe last July cost more than any other natural disaster on record in the region.

Floods are by far the most frequently occurring natural peril. In the past decade, there were approximately three times as many major flood events as there were tropical cyclones. Floods caused more than a third of all fatalities related to natural catastrophes and the economic losses from floods were second only to losses to tropical cyclones.

However, Swiss Re said that only five per cent of severe flood losses were insured in emerging markets, and only 34 per cent were covered in advanced economies,
in the past decade.

The largest insurance gap for flood protection is in Asia, where seven per cent of economic losses were covered by insurance. In Europe, 34 per cent of flood losses were insured. 

Ransomware tops list of emerging risks

New ransomware models are the most serious emerging risk for organisations, in terms of overall risk score and frequency, according to Gartner’s latest Emerging Risks Report. Ransomware risk is followed closely by post-pandemic talent, supply chain disruptions, inflationary pressures and macroeconomic downturn. The report is based on a survey of 330 senior executives in the first quarter of 2022. 


ISACA issues zero trust resource

Information security standards setter ISACA has released a new resource, Zero Trust: How to Beat Adversaries at Their Own Game. This outlines the benefits of applying the zero trust principle and explores key considerations and components including identity and access management, leveraging cloud technologies and checking device
posture health.

The guidance offers a brief history of exploitations and lists the key compromises reported in the second half of 2021.

It also examines tactics commonly used by hackers and the ways enterprises can apply zero trust technologies to interrupt a hacker’s tactical life cycle – from extending the control plane outside the enterprise and using virtualisation as a defensive solution to planning to fail effectively and employing intelligence to monitor insider threat activities. 


Reinvent supply chains to boost resilience

Supply chain challenges arising from the Covid-19 pandemic and Russia’s invasion of Ukraine could result in a cumulative loss of 920bn to gross domestic product (GDP) across the Eurozone by 2023, according to a report by consultancy Accenture.

From Disruption to Reinvention – The Future of Supply Chains in Europe says that supply chains must be able to absorb, adapt to and recover from disruptions whenever and wherever they occur, should be customer-centric and agile so they can quickly and cost-effectively adapt to changes in demand and need to support, if not accelerate, organisations’ sustainability agendas.

Rise in ESG and supply chain fraud

Fraud risks around ESG-reporting and supply chain disruption are likely to grow and have the potential to cause businesses serious harm, according to PwC’s Global Economic Crime and Fraud Survey 2022.

Although incidences of this type of fraud are currently low, PwC believes that they will increase as fraudsters seek to take advantage of current geo-political and economic difficulties.

Just six per cent of organisations said they experienced anti-embargo fraud in the past 24 months. However, PwC expects this to increase in the next 24 months as global sanctions rise to the highest levels in recent history.

While just eight per cent of the organisations that uncovered fraud in the past 24 months experienced environmental, social and governance (ESG) reporting fraud, PwC believes this will also rise as ESG becomes more important to stakeholders.

One in eight organisations experienced new incidents of supply chain fraud during the disruption caused by Covid-19, and one in five said they see supply chain fraud as an area of increased risk as a result of the pandemic.


Cost of ransomware attacks soars

Two-thirds of organisations suffered a ransomware attack in 2021, compared with 37 per cent in 2020, according to research by security software provider Sophos. In its State of Ransomware 2022 report, Sophos said the average ransom paid by organisations that had data encrypted in a ransomware attack increased to US$812,360, and that there was a threefold increase in the proportion of organisations paying ransoms of US$1m or more.

Nearly half (46 per cent) that had data encrypted paid the ransom to restore their data, even if they had other means of data recovery, such as backups.

Sophos found that the average cost to recover from the most recent ransomware attack in 2021 was US$1.4m and that it took an average of one month to recover from the damage and disruption. 


European AML compliance efforts rated as substandard

European governments must improve their efforts to combat money laundering and terrorist financing, because their current capabilities are inadequate, according to a report by Europe’s main human rights body.

They also need stricter regulation and better supervision of fintechs, crypto firms and advisers including lawyers, accountants and tax specialists who might facilitate money laundering, according to the Council of Europe’s anti-money laundering/countering the financing of terrorism (AML/CFT) body, Moneyval.

In its report for 2021, Moneyval said the 34 jurisdictions subject to its monitoring demonstrated only a “moderate” level of effectiveness in their AML/CFT attempts. As a result, compliance is “below the satisfactory threshold.”

It said that AML efforts remain “particularly weak” in financial sector supervision, private-sector compliance, transparency of legal persons, money laundering convictions and confiscations, financial sanctions for terrorism and proliferation of weapons of mass destruction.

In almost 90 per cent of assessed countries, the report highlighted the absence of in-depth assessment of certain specific risks, such as terrorism financing and offshore money laundering. This meant it was more difficult to achieve a risk-based approach to make the best use of resources and focus. The report also acknowledged poor enforcement and investigation records.

Eight countries were given a low rating for their money laundering conviction rates, and 12 countries were found not to follow up parallel money laundering investigations for financial crime cases. 

UK government sets out audit reform plans

Plans to shake up the audit market and improve corporate governance in the UK’s biggest companies were announced on 31 May in response to the government’s consultation “Restoring trust in audit and corporate governance”(March 2021). The proposals inlcude replacing the Financial Reporting Council (FRC) with the Audit, Reporting and Governance Authority (ARGA), which will have tougher enforcement powers and will be funded by a levy on industry.

ARGA will have statutory powers to oversee the professional bodies’ regulation of the accountancy profession, power to ban failing external auditors from reviewing large companies’ accounts and the ability to direct companies to restate their accounts without going to court. It will be able to enforce the operational separation of audit and non-audit functions in the largest external audit firms, and FTSE-350 companies will be required to employ a challenger firm to conduct part of their audit, in order to reduce the dominance of the Big Four firms. If necessary, the business secretary will be able to introduce a market share cap.

Unlisted companies with over 750 employees and annual turnovers of more than £750m (termed as “public interest entities” or PIEs) will fall within the scope of the regulator for the first time.

Directors of large listed companies will be expected to state whether their internal controls are effective under the Corporate Governance Code, while directors of PIEs who breach their legal duties to be open with external auditors, or who lie about their firm’s finances, will face fines. The government says it will also clamp down on directors’ “rewards for failure”. 

Importantly for internal audit functions, large businesses will have to provide more information to investors and the public about what they have done to prevent fraud, which company metrics have been independently checked, and what risks the company faces. 

Broken view of risk exacerbates disasters

The world will face 560 “disaster events” each year by 2030, according to The Global Assessment Report (GAR2022), by the UN Office for Disaster Risk Reduction. It says that human activity is contributing to an increasing number of larger, more intense disasters globally and points to a broken perception of risk based on “optimism, underestimation and invincibility”, leading to policy, finance and development decisions that exacerbate existing vulnerabilities. 


This article was first published in July 2022.