risk

Subscribe to risk

This piece from FT confronts head-on the well-worn notion that law departments slow down business progress. Thomas Laubert, group general counsel of Daimler, the German carmaker, says the depiction of legal departments as bottlenecks holding back the rest of the business is an outdated cliché. “In-house counsel is the one that is [pushing] and has to push digital innovation,” he told FT. While it is still common for business heads to complain that a project or contract has been “stuck in legal,” many general counsel believe this notion of in-house teams always blocking progress is unfair.
Continue Reading Stuck in Legal? No Way

Software dips below the surface to mine the unconscious patterns in written communications.

CCBJ: Tell us about KeenCorp.

Andrew Fastow: KeenCorp is machine learning software that identifies risks faster than the current suite of tools by measuring internal communications, like emails and text messages, among groups of employees. It’s not looking for keywords. It’s looking for changes in tension level and connectedness. This metric is extremely highly correlated to risk, so when something risky is going on, tension levels rise, and the software picks it up.

It is based on a science called psycholinguistics and works much like voice inflection and body language. If you’re married or have a very good friend, you probably know when that person is tense even if they tell you everything’s fine. It’s because our brains have trained themselves to measure patterns. For someone you are very close to, your brain knows their speech, voice inflection and body language patterns, and your brain is able to subconsciously pick up any changes in those patterns.

This software is analogous to that. People’s writing patterns unconsciously change when the tension and connectedness levels change. When people are writing in a natural language environment, if they are more tense or if they are disconnecting from the situation, the software will pick it up because their patterns change. An annual report is an example of what’s not natural language communication. That’s very scripted. Emails are natural language communication.

One of the most frequently heard comments among directors when there’s a problem is, “Why didn’t we know about this sooner?” KeenCorp solves that problem. Using KeenCorp allows legal staff, risk managers, HR, management, and directors to find out about and resolve problems before they become government enforcement actions, lawsuits, a short-seller attack, the loss of valued employees, or a social media disaster.

Earlier risk identification leads to better outcomes for companies. Examples of risks that have been uncovered by the KeenCorp software include safety risk, harassment risks, gender and diversity issues, retention issues, financial fraud, compliance, change adoption, project management or project health, and management alignment.

What drew you to KeenCorp, and what is your role?

I am a consultant working on strategy and marketing, and I have invested in the company. I spent significant time searching for tools that companies could use to help identify risks that they were not seeing. As I spoke to more and more directors, risk managers, HR people, all of them seemed to say the same thing using slightly differ-ent words: “The thing that keeps me awake at night is the thing that I don’t know about.” This was the best new tool to identify those unknown risks.

If KeenCorp software had been available and had been used by Enron from 1999 through 2001, the Enron scandal would not have happened. Unfortunately, I cannot change the legacy of Enron. I’m ashamed and embarrassed about that. I believe what I did was wrong. What I hope to do is layer a legacy on top of it that I was part of the solution to the problem, and I see KeenCorp as a linchpin to the solution.

How does the technology work? What intelligence can it offer employers?

The software goes through several steps. First, it an-onymizes all of the emails, all of the text messages, so there’s no ability to trace back to the original authors of any particular communication. All the personal informa-tion is blanked out: names, dates, etc.

Second, it groups employees into categories that the company determines. You can group employees in differ-ent ways to get different insights. For example, let’s say sexual misconduct is an issue, so you want to know if any groups, by gender or location or function or department, are sending off a signal that something is not quite right. The software can sort the information in a variety of ways and show whether those groups are behaving differently than other groups.

Third, it measures the patterns in those emails. Again, it is important to note that the software is not reading emails for content or specific words, like “fraud” or “mon-ey launder.” It’s evaluating if changes in patterns are occurring and measures those changes as differences in the level of tension and connectedness.

What I mean by “connectedness” is when a person personally involves themselves in the way they write. If a manager were to write, “At my Monday morning staff meeting, I presented this quarter’s financial statements,” that is different than if this manager wrote, “At the staff meeting, financials were reviewed.” In one case, the man-ager is taking personal ownership but not in the other. That’s one of the thousands of signals given off by the way people write.


Continue Reading Uncovering Risk in What Remains Unsaid

Article by: Charlie Platt / iDiscovery Solutions

I’ve written on this topic before, and despite the danger of sounding like a broken record, I will repeat myself: Cybersecurity is all about risk management. Many of you are likely working with your company’s chief information security officer (CISO) and security teams to help assess and control this cyberrisk. (At least I hope you are.) And one of the first things most security professionals recommend is taking an inventory of your IT assets. In fact, it’s embodied in the first Function of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework:

“The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.”


Continue Reading Are You Accounting for One of Your Largest Cybersecurity Risks?