Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Data protection, pandemic planning among top banker concerns at ABA conference

Reprints

NAPLES, Fla.—Identity theft and the possibility of a pandemic are among the major evolving risks facing banks, experts say.

Michael Flanagan, Chicago-based managing director with the Gallagher CyberRisk Services unit of Arthur J. Gallagher & Co., said the banking industry's increasing dependence on Internet-based services also increases its exposure to liabilities stemming from identity theft and hacking.

"Since 2000, the online banking community has doubled," he said at a session during the American Bankers Assn.'s Insurance Risk Management Annual Conference in Naples, Fla., from Jan. 21-24. "Forty percent of Americans now bank online."

Since the practice is so widespread, Mr. Flanagan said banks are left with more to protect and insure than just dollar bills. "(Personal information) is a currency out in the marketplace today," he added.

According to a presentation by Mr. Flanagan and Michael Lamprecht, a Chicago-based national practice leader also with Gallagher CyberRisk Services, 70% of online banking consumers reported security problems in 2005. Nationwide, there were 8.9 million victims of identity theft in 2006.

To help protect themselves and mitigate breaches in online security, the brokers said banks should investigate all of their exposures, which include those stemming from computer networks; professional services offered; vendors, partners and outside contractors performing work for banks; and a bank's own multimedia practices, from online advertising to broadcasting.

Developing a risk management strategy isn't simple, according to Mr. Flanagan, adding that there are few models to consider when creating an effective plan. "There's not enough loss information at any one company for the most part to do a lot of accurate trending in these areas, so you are going to find that there is a wide variety of techniques being used," he said.

Jim Bollman, an Omaha, Neb.-based corporate risk officer with TD Ameritrade Inc., said the company took six years to develop its plan, which crossed into all aspects of business for the online securities brokerage firm and has been deemed successful.

For example, changes were made to the company's human resources practices after Ameritrade found that new employees could breach security.

"These are people who social engineer their way into an organization," Mr. Bollman said. "Anybody who works there has to be fingerprinted and we do a background check on them. The problem was they could be working with us for two or three weeks before all the results are back. We've had to re-engineer how that process works now and actually have all those background checks out of the way before letting them come to work."

As for specialty insurance products that cover such cyber risks, Mr. Flanagan urged banks and companies to be careful when selecting a program and find one that caters to the specific needs of the company.

"If you are choosing to go out and buy a program, don't buy what (insurers) are offering off the shelf because those policies are created for manufacturing, retailers and all different kinds of businesses," he said. "Custom and tailor it to meet your bank's needs."

Addressing another evolving risk affecting banks, Julie McCashin, Houston-based vp of the health service department with health care consulting firm International SOS, said organizations need to pay attention to the possibility of an avian flu outbreak, which could affect all aspects of the business world.

Banks, because of public concerns and regulations, have been at least six months ahead of the business world in creating pandemic preparedness plans in the event of an outbreak, said Ms. McCashin, who has helped create pandemic plans for several corporations, including Merrill Lynch & Co. Inc. and Citigroup Inc.

"By far the financial sector is ahead of the game in pandemic planning," she said.

Among some of the best practices for pandemic planning include: providing employees with accurate information regarding a pandemic, having a corporate communications plan in place and employing a crisis management team.

Companies also are stockpiling items such as breathing masks and antiviral medications to help quell an outbreak, she said.