Security researchers at Check Point Research (CPR), the research division of Check Point® Software Technologies Ltd. have published the latest annual comparison of cyber attacks. The basis for the evaluation is the company's own ThreatCloud, which is networked worldwide. This cloud collects global cyber attack data, which is then analyzed to ensure that all Check Point products are updated with the latest protection measures. The research team consists of more than 100 analysts and researchers who collaborate with other security vendors, law enforcement and various CERTs.

Healthcare providers under constant fire

The latest figures from 2021 show: Everywhere, the number of attacks on corporate networks increased sharply. In Switzerland by 65 percent, in Germany by 62 percent and in Austria by 117 percent. In terms of industries, healthcare providers in Switzerland were under constant fire and saw a 107 percent increase compared to 2020, followed by finance/banking at 98 percent and government/military at 86 percent. Europe as a region saw an increase of 68 percent of all virtual attacks - in percentage terms, this is the strongest compared to other areas, even though Europe and North America are still relatively "safe" in terms of absolute numbers.

Log4J vulnerability caused cyber attack attempts to increase

Security researchers saw a late peak in December because of the Log4J vulnerability, which affects nearly every system in the world. According to Omer Dembinsky, Data Research Manager at Check Point, "The number of cyber attacks peaked towards the end of the year, largely due to attempts to exploit the Log4J vulnerability. New penetration techniques and workarounds have made it much easier for hackers to carry out malicious intent. Particularly troubling is that some important sectors of society are high on the list of those most frequently attacked. Education, government and healthcare made it into the top 5 globally."

"We are in a cyber pandemic".

The number of cyber attacks will not decrease, Omer Dembinsky is convinced of that. And he chooses drastic words: "I expect all these numbers to increase in 2022, as hackers will seek new methods to carry out attacks, especially ransomware attacks. We are thus in a cyber pandemic, if you will. I recommend that the public, especially in the education, government and healthcare sectors, familiarize themselves with the basics of protecting themselves with IT. Various measures, such as applying patches, segmenting networks and training employees, can already make networks much more secure."

Source: Check Point

According to Economiesuisse, around 70,000 people in Switzerland are currently in isolation, and over 31,000 are in quarantine. The number of cases is increasing, as reported in the daily bulletins of the FOPH. The 7-day average of case numbers is 21,189 cases, according to the latest data as of January 7, 2022. The number of people in isolation or quarantine is expected to increase even further. The discussion about the duration of the quarantine obligation is getting louder.

Mandatory quarantine and isolation cause productivity reductions

Staff shortages are already a problem for certain companies, and they have to curtail production or reduce their offerings. In the public transport sector, for example, the Zurich public transport company has currently suspended streetcar line 15. The business umbrella organization Economiesuisse expects these bottlenecks to worsen in the coming days. Therefore, the cost-benefit ratio of the current rules regarding isolation and quarantine should be questioned, it demands. Currently, the federal government stipulates that isolation must last ten days. Nevertheless, many cantons have reduced the duration of contact quarantine to seven days.

New insights into the contagion phase

In Economiesuisse's opinion, the USA is a step ahead of Switzerland in this respect. On December 27, 2021, the CDC (Center for Disease Control and Prevention) health authority shortened the duration of isolation and quarantine. Infected people in isolation after a positive test and people in contact quarantine will be able to move freely after five days if they are symptom-free. The CDC based its decision on current scientific findings, according to the statement. This means that the majority of infections occur in the early stages of the disease, i.e. one to two days before the onset of symptoms and two to three days after. Therefore, the CDC believes that a five-day period is sufficient to sufficiently reduce the risk of infection posed by an infected person.

Prevent unnecessary restrictions and downtime

In contrast to the CDC, the federal scientific task force is still critical of the shortening of the quarantine requirement. Nevertheless, some experts question the current procedure and even consider a complete abolition of the quarantine obligation to be appropriate. Economiesuisse is calling for at least a nationwide reduction in quarantine and isolation to five days for people who are symptom-free at this point. This could reduce the risk of production stoppages and should lead to fewer restrictions on the supply of infrastructure. It would also allow the population to resume their daily lives sooner. This should help motivate people to support the measures and actually get tested if they have symptoms, writes Economiesuisse.

Source: Economiesuisse

The aim of the General Data Protection Regulation (GDPR) was to give EU citizens more control over their data and privacy. It was introduced in 2018 and also applies in Iceland, Liechtenstein and Norway, which are not EU members but belong to the European Economic Area EEA. Swiss companies are affected by the GDPR insofar as they are active with branches in EU countries. So in the event of violations, they too could be fined under the GDPR. A new Swiss data protection law (see box) awaits after long discussion for its entry into force - possibly in mid-2022.

Record high fines in 2021

Data security services provider Atlas VPN has calculated the DSGVO fines in 2021. According to their data, these amount to over €1 billion, with a total of 412 fines imposed in 2021. The companies that had to pay the highest fines for violations of the GDPR include global companies such as Amazon and WhatsApp, but also various national telecommunications service providers. The extent to which Swiss companies also had to pay GDPR fines is not clear from the information provided by Atlas VPN.

In 2018, when the EU implemented the GDPR law, a total of 436,000 euros in fines were imposed on companies. The next year, 2019, the amount of fines increased significantly to 72 million euros. Then in 2020, the total value of fines imposed by the end of the year exceeded 171 million euros. However, 2021 far surpassed previous years, producing GDPR fines of more than EUR 1 billion, an increase of 521 % from the previous year.

Amazon Europe Core S.à.r.l. had to pay the highest fine in 2021, €746 million. Later, in September, the EU fined WhatsApp Ireland Ltd. 225 million euros, the second-highest fine in the history of the GDPR. Vilius Kardelis, cybersecurity writer at Atlas VPN, can be quoted as saying, "The GDPR continues to successfully hold companies accountable when they misuse people's data or are unclear in their privacy policies. Companies have become more responsible in handling their customer data to avoid hefty fines from regulators, ultimately benefiting all EU citizens." So the efforts to improve data protection seem to be starting to bear fruit.

DSGVO buses in country comparison

In some countries, the updated data protection laws had a significant impact on companies, as they were subject to appropriate fines under the new system. In Spain, for example, 351 fines were imposed, amounting to EUR 36.7 million. The average fine is around EUR 105,000, which means that Spain has collected by far the most fines compared to all other countries. The biggest "sinners" there turned out to be various telecom providers, above all Vodafone Spain, which had violated the GDPR regulations several times with various marketing activities.

Italy is in second place with 101 GDPR fines, for which companies had to pay almost EUR 90 million. The average fine in Italy in 2021 was around EUR 887,000, which is one of the highest compared to other countries. In our southern neighboring country, TIM, a large telecommunications service provider, was also asked to pay. The company had to pay a fine of 27.8 million euros for improper collection and dissemination of data.

Third on the list is Romania, which has imposed a total of 68 penalties that add up to 721,000 euros. Although the country has imposed many penalties, the average is less than 11,000 euros.

Source: VPN Atlas

New data protection law in Switzerland

Switzerland is also getting a new data protection law. This was adopted on September 25, 2020 and is expected to come into force possibly in mid-2022. It is essentially based on the EU's GDPR and aims to increase transparency in the exchange and processing of personal data, promote the personal responsibility of data operators, and strengthen data protection supervision by the Federal Data Protection and Information Commissioner (FDPIC). The new Swiss data protection law also brings an expansion of the penal provisions with fines of up to 250,000 Swiss francs.

On January 6, 2022, the Swiss Federal Office of Energy awarded the Watt d'Or energy prize for the 15th time. The prize, which is not endowed, honors exceptional achievements in the field of energy. The trophy - a snow globe - was presented on a smaller scale this year due to the pandemic situation. The jury for the Watt d'Or 2022 was chaired by St.Gallen National Councilor Susanne Vincenz-Stauffacher. 

Winner of the Watt d'Or 2022

A total of 31 organizations submitted projects that were evaluated by a team of experts. Finally, 11 entries were nominated for the final round. From these, the jury has now selected the winning projects in the four Watt d'Or categories, although: this year there is no winner in the mobility category. This year, SBB wins the prize in the "Energy Technologies" category, Verora AG from Edlibach ZG in the "Renewable Energies" category and schaerraum AG from Horw LU in the "Buildings and Space" category.

Intelligent load control against power consumption peaks

SBB received an award for its intelligent load management to counteract electricity consumption peaks in the interval timetable. The system uses load management software developed in-house. This software switches off train car and switch heaters for a short time in the event of load peaks, which can occur repeatedly due to the high frequency of the timetable. In this way, SBB makes consumption more flexible and, as a "prosumer," optimizes the interaction with electricity production. By 2023, SBB will be able to flexibly control 70 megawatts in this way. In this way, it is also taking on a model role for Switzerland's general power grid, according to one of the jury's conclusions.

Vegetable carbon stores CO2

The moraine region of Menzingen/Neuheim (Canton Zug) is home to a nucleus for the still young negative emission technologies (NET). Since 2012, Verora AG, a group of farmers from the Zug mountain region, has been producing plant charcoal from natural tree and shrub cuttings here. Over the past 10 years, the Verora AG team has developed the necessary pyrolysis plant from a prototype by German university spinoff Pyreg GmbH into a reliably functioning production plant. As a feed additive, the plant carbon reduces the formation of greenhouse gases during the digestion of cows, it reduces the smell of ammonia in the barn, increases the nutrient content of fertilizer and compost, makes agricultural soils more robust and fertile, and binds CO2 in them for centuries.

Also awarded the Watt d'Or 2022: Climate-neutral commercial and residential building

Wooden buildings are increasingly becoming an economically attractive alternative to conventional construction methods. schaerraum AG from Horw in Lucerne has built a climate-neutral commercial and residential building based on the modular planning principle "RaumRaster". The principle is based on a wooden skeleton that stands on a concrete base and bears the entire load of the building. Thanks to flexibly combinable modules, the construction time was significantly reduced: The building was constructed in just eight months. The building technology also conserves resources and costs: the smart coupling of the air-conditioning technology with the energy piles, the heat pump, the solar systems on the roof and carport, and a battery storage system means that the building produces around 50% more energy than it consumes. In the eyes of the jury, schaerraum AG's "RaumRaster" planning principle for the construction of multi-family houses made of wood is a promising approach to building in a climate-friendly, resource-saving and cost-effective way.

Source: Federal Office of Energy

In plastic molding or injection molding and 3D printing, systematic geometric deviations of the products occur due to the process. The software module FormCorrect is an integral part of the measuring software WinWerth^® from Werth Messtechnik in Giessen (Germany) and enables product optimization with the aid of largely automatic correction of the CAD model. Process optimization with often only one correction loop can significantly reduce development costs.

More operating comfort

Now the range of functions has been expanded to allow even more flexibility. The extension of the visualization options grants an increased ease of use. To check the parameter selection, the relevant measuring points as well as the original and expected remaining deviations can be displayed before the correction. Since the correct alignment of the measurement point cloud to the CAD model is a prerequisite for a good correction result, the deviation element can now also be displayed and checked. In addition to the measuring points, other visualization options can be shown and hidden. With the help of the cylinders for point selection, the resolution of the correction can be checked. The arrows within the cylinders show the respective deviation and can also be hidden for a clearer display.

Correction process becomes clearer

In the expanded version of FormCorrect, elements that are not functionally relevant, such as lettering and ejector marks, can be excluded from the correction. Multiple measurements can now also be taken into account when calculating the deviation element, so that efficient correction with small remaining deviations from the CAD model is possible even in the case of a large process scatter. The correction can be performed after the parameter definition for all desired patches. The separation of the two processes allows a better overview of the correction process.

Plastic molding: Correction directly on the mold CAD model

In addition to the workpiece CAD model, the correction can also be performed directly on the tool CAD model. In this case, too, the measured deviations of the workpiece from the workpiece model are mirrored on the latter to calculate the deviation element, since a corresponding surface exists in both models. This is the surface where the workpiece and mold touch during injection molding. The difference between the correction of the workpiece model and that of the mold model is therefore only whether the material must be removed or added. For example, if the workpiece is too wide, material must be removed from the workpiece and material must be added to the mold.

Source and further information: Werth measurement technology

The prevention of money laundering and the prevention of money flows to terrorist organizations have gained a high level of public attention in recent years. Although financial institutions spend billions annually to keep pace with increasingly stringent and extensive regulatory regimes, compliance with Anti Money Laundering (AML) and Know Your Customer (KYC) regulations poses strategic challenges for banks.

Know Your Customer processes as a cost factor?

The results of the latest "Know Your Costumer" study by Strategy&, the strategy consulting firm of PwC, show that banks could save up to 65% of their AML and KYC operating costs with an efficient, network-oriented approach. This is because targeted measures to increase productivity and reduce factor costs can in many cases simplify processes, reduce costs and improve the customer experience, according to a finding of the study, which took a close look at the Know Your Customer processes of various financial institutions.  

Globally, banks paid approximately 21.9 billion Swiss francs (€23.2 billion) for AML/KYC sanctions and related legal fees from 2015 to 2019. This represents a 26-fold increase compared to spending between 2005 and 2009. In Europe alone, banks incur an estimated 11.4 billion Swiss francs (€12 billion) in annual operating costs to maintain and ensure KYC compliance processes. In addition, there are further technology expenses of around 6.6 billion Swiss francs (€7 billion) per year. Only 20% of the costs are incurred for the enrolment of new customers and their data collection, whereas a full 80% are incurred in carrying out scheduled and ad hoc checks on the personal and business data of corporate customers. It is particularly striking that most of the costs are incurred by large international groups among corporate clients, even though their number in the overall portfolios of banks in the European core markets is manageable, for example in comparison with small and medium-sized enterprises.  

Dissatisfaction among corporate customers

Corporate customers themselves also express dissatisfaction with the status quo - they would like to see uniform procedures from their house banks and more convenience, e.g. in digital interaction, the study found. Eight out of ten banks are already implementing notable KYC optimization programs, yet 54% of the companies rate their experience with KYC processes as negative.  

Across the board, financial institutions are already working internally on processes to improve their response to future directives and efficiently manage their own KYC processing capacities. In addition, banks are also commissioning external service providers to take over certain KYC tasks or are using regional "utilities" that bundle data management for several institutions. Numerous networking approaches have also emerged in the market to facilitate data exchange between banks, corporate clients, regulators and data providers within an easily accessible ecosystem. While the results of the study show that coordinated multiple use of existing data sets, automated fill-in formats, targeted staff training and the employment of KYC analysts in low-cost countries can save up to 65% of the current start-up operating costs for AML and KYC measures, the key benefits can only be realized through a "best of breed" approach with the empirical values of all measures already deployed. 

Cross-border KYC networks as a solution

To achieve this requires a cross-border KYC network that connects banks, their corporate customers and data, regulators as well as other service providers via specific access points. At the heart of this network are corporate customers and their seamless customer experience. They can centrally control their data using digital solutions and securely share it with selected banks on demand. Fundamental to the reusability of existing KYC data assets is the development of a common data standard recognized by national and international regulators and the ability to share data securely across borders. Regulators can also play a role in the network, providing a useful means of monitoring compliance. With the possibility of flexible scalability, the network could be expanded to include additional service providers to introduce new services tailored to banks and corporate clients. 

"The model will be successful if the network is used in a variety of other ways by companies and banks in addition to standardized and international KYC data management. Numerous applications are conceivable, for example, for the identification of players along the supply chain of companies, for the exploitation of information across several companies in a group or even for the cross-industry provision of data for business transactions. Only in the free exchange of all participants can efficiency gains fully unfold and new offers and services emerge," explains Markus Weiss, Director at Strategy& Switzerland. "By increasing the level of digitalization and automation of all processes and using technologies such as blockchain or artificial intelligence, banks can additionally improve the efficiency of their overall business activities." 

Source: Strategy&

We know it from our daily trip to the supermarket: fruits and vegetables are mostly wrapped in plastic, often even individually, such as the cucumbers tightly covered with plastic film. Of course, such plastic packaging protects the fruit and vegetables from spoiling, but it also generates considerable amounts of waste. Together with Empa, Lidl Switzerland has now developed a protective cover for fruit and vegetables based on renewable raw materials, in other words a kind of "eco-jacket". 

An "eco-jacket" instead of plastic film

After more than a year's work, researchers at Empa's Cellulose & Wood Materials laboratory can now present a special protective cellulose coating that can be applied to fruit and vegetables. The result: the coated fruit and vegetables stay fresh significantly longer. In tests, for example, the shelf life of bananas was extended by more than a week. This significantly reduces food waste. "The big goal is that such natural coatings can replace a lot of petroleum-based packaging in the future," says Gustav Nyström, head of the research department.

Source and further information: Empa

The world of work has changed radically in the last year and a half. The pandemic has both spawned new trends and accelerated existing ones in such a way that we now find ourselves catapulted into a completely new HR landscape. While 2020 was all about quick turnarounds, temporary fixes, and for many, adaptation for sheer survival, in 2021 we've seen companies use the lessons learned in the early months to boldly implement long-term change. As a result, the future of work has changed forever - and so here is my prediction for top trends for business and HR decision makers for 2022.

Forecast 1: Red card for 9-to-5

Full focus on flexibility! New flexibility has become the paradigm, whether realized through hybrid forms of work or full remote working. Over the past year, employees have come to know the freedom of no longer being tied to a specific location to complete their tasks. What initially took some getting used to for many has now become the law. Traditional notions of presenteeism have finally proven irrelevant.

Companies that resist this change will have little chance of prevailing in the war for talent. A survey from the Opinion research company Civey on behalf of EY Real Estate found that 90 % of people would like to work remotely, at least part-time or full-time. In addition, a new wave of resignations is emerging across Europe, of employees leaving their jobs in search of greater flexibility and a sense of purpose. This is challenging companies to rethink and move away from a corporate culture or working time strategy where employees are measured by their presence from 9am to 5pm.

I predict that the number of companies offering more flexibility in terms of how and where employees want to work will increase dramatically. And even the most traditional industries will adapt to this.

Prediction 2: Rejection of the fixed place of work

More knowledge workers have moved in the past 20 months than ever before, and this trend is set to increase. According to a Bitkom study one in five professionals (21 %) would move if they worked mostly from home in the future. And this opens up great opportunities for employers who are flexible in their choice of work locations. Remote work has a huge impact on the mobility of talent.

But to make location-independent collaboration successful, companies need to rethink their talent strategies and collaboration tools. After all, employees in different locations need different tools. Recent Investigations of Dropbox with the collaboration of Enterprise Nation found that video conferencing, cloud storage, file sharing and simultaneous editing software, for example, were business critical for business continuity during the pandemic.

I predict that the market for simple, easy-to-use document workflows that eliminate or reduce friction in globally distributed, location-independent work will continue to grow strongly.

Forecast 3: Clear extension of asynchronous communication

When the pandemic first hit, staff everywhere were quickly gripped by 'zoom fatigue'. Days of video calls sapped our energy - and most importantly, they got in the way of meaningful work. Unnecessary meetings are one of the biggest disruptors to a productive and effective workday, and it's up to all of us to change that. By encouraging employees to remove all unnecessary meetings from their calendars and schedule live conversations more intentionally, employees can more easily shift from "all-day synced" to "asynchronous by default," bringing more flexibility and greater focus to their day. However, the importance of live conversations remains - and the magic lies in teaching employees how to recognize when a quick zoom or phone call is (still) of value. To support this, new frameworks such as the "Core Collaboration Hours" is needed. By establishing clear time slots for asynchronous and real-time collaboration, employees can work more effectively with their colleagues across time zones, while freeing up valuable time to focus on their favorite projects and personal lives. I predict the companies that take the step to change their culture towards "asynchronous as standard" will have the best success in attracting new talent!

Personnel management: From referees to playmakers

In the last 20 months, the role of HR has also changed dramatically around the world. Before Corona, HR was a necessary corporate department, often just keeping things running smoothly behind the scenes. But as the world of work has changed, so has HR. In these unprecedented, challenging times, HR leaders have navigated the ship through the storm, finally earning a well-deserved seat at the leadership table. Now that their value as strategic thought leaders has been proven, their influence will remain recognized beyond HR. I clearly predict that by 2022, many more HR leaders will be involved in business decisions across the board, and their role will change from outside referees to true game changers.

To the author:
Laura Ryan is Director of International HR at Dropbox, the content collaboration platform that helps organize work in the new world of distributed work. Laura Ryan has more than 16 years of experience in the HR industry. 

The challenges in AI engineering arise from the characteristics of AI-based methods: The performance of technical systems that use machine learning (ML) methods can often only be poorly estimated in advance. This makes it difficult to make reliable statements about safety and reliability. This is offset by a large potential benefit: Successfully used, data-driven methods can often make decisions faster and better than would be possible with classically developed methods. In this way, they support humans, relieve them and complement them. In industrial production, ML processes lead to higher-quality and thus longer-lasting products, increase resource efficiency or enable predictive maintenance. In the field of mobility, ML processes can increase driving safety, e.g. by emergency braking in dangerous situations, and thus save lives.

In order to integrate AI-based components effectively and efficiently into existing or new applications, a systematic approach is essential. Established systems engineering process models are intended for complex technical systems. However, the use of AI and ML brings new challenges that a dedicated process model should explicitly address.

Systematically develop and operate AI solutions with AI engineering

PAISE® (a registered word mark for Nice Class 9 and 42 products), the Process Model for AI Systems Engineering, is specifically designed for the development and operation of AI-based systems. It combines approaches from computer science and data-driven modeling with those of classical engineering disciplines to overcome challenges. AI Systems Engineering, translated as AI Engineering, is what the scientists* call the interdisciplinary approach they have been working on since mid-2020. "With AI engineering, we want to systematize the development and operation of AI-based solutions. Only if AI methods can be used reliably from an engineering perspective will there be an opportunity to leverage the high value creation potential," says Prof. Dr.-Ing. habil. Jürgen Beyerer, head of Fraunhofer IOSB and the scientific directorate in CC-KING, the Karlsruhe Competence Center for AI Engineering. "With PAISE®, we have created a set of tools that also provides small and medium-sized enterprises in particular with a practical guide to achieve this goal."

During development, it can be difficult to estimate the performance of an overall cyber-physical system with AI components in advance. "This means that changes to the high-level design of the overall system may still be necessary at a late stage," says Constanze Hasterok, a scientist at Fraunhofer IOSB and editor of the PAISE® model. "Among other things, this effect occurs when the final ML models are trained with data from real operations. For new developments, however, high-quality data from operation is typically only available at a late stage." For operations, he says, monitoring and ideally automatic adjustment of ML models is necessary when systems and their environmental conditions can change over time.

In addition, there are personnel difficulties: As a rule, companies - especially medium-sized ones - do not have their own AI experts. At the same time, managers need to know which AI expertise should be available in the long term for the operation of AI-based systems and how the development process and its interim results are to be evaluated.

Customizable development through checkpoints

PAISE® divides the development process into seven phases. Project teams in companies must first create a common understanding of the problem, define goals and requirements, and collect solution approaches. The product is then divided into subsystems based on the requirements. This so-called functional decomposition is not final; this is where the model's agile approach begins. The development of the individual components proceeds cyclically, step by step the subsystems are refined and checked for compatibility. Each run increases the maturity of the overall system.

Checkpoints play an important role in this, as Hasterok explains: "The checkpoint-based concept of PAISE® enables a flexible development process. ML methods often require an explorative approach: You develop an ML component on a test basis and empirically check whether it is suitable for the desired purpose. Other subsystems require a targeted approach, for example according to established systems engineering methods for electronic components. In PAISE®, the individual systems are developed in parallel, each according to a domain-specific appropriate procedure." The checkpoints synchronize the development status of the subsystems early in the project and evaluate their interaction as an overall system. "In contrast to classic milestones, the targets are not firmly defined for all checkpoints at the beginning of the project," she continues. "If, for example, it turns out that an ML-based method is not the right tool after all, statistical methods can be used, the suitability of which is evaluated in the following checkpoint."

Four continuous artefacts create framework conditions

The organization of heterogeneous teams also benefits from this: Participants with different competencies meet regularly and can discuss cross-sectional aspects such as safety, cost or ethical issues. The role distribution of PAISE® defines phase-specific functions and responsibilities. 

In addition to the distribution of roles, there are three other continuous result documentations (artifacts) in PAISE®: The system model describes dependencies of the individual components; the documentation for external audits includes aspects that are required for an audit by third parties such as authorities; and the data documentation records metadata of the data used, such as its source, quality, pre-processing steps and framework conditions of the data extraction.

"By providing systematic methods, we want to encourage companies and developers to tackle AI projects. PAISE® is a big step forward in this respect. It maps the entire process from conception and data acquisition to operation and maintenance, and addresses all the difficulties that can arise from a technical perspective during the implementation of an AI project," explains Dr.-Ing. Thomas Usländer, head of department at Fraunhofer IOSB and project manager of CC-KING.

A white paper on this topic is available available for download here.

A construction company employs undeclared workers in order to save on AHV and BVG contributions. A bank is engaged in large-scale money laundering. A mechanical engineering company purchases raw materials that are produced in a third world country under questionable working and environmental conditions. And yet another technology company exports power plant components through opaque channels to a state that is subject to international economic embargoes. These (fictitious) examples may be extreme and probably exceptional cases - there are also more "harmless" examples such as that of an employee who secretly downloads paedosexual content from the Internet or that of a sales representative who "fudges" expense claims in his own favour. Be that as it may, all of these examples involve violations of legal, internal or even ethical standards.

Whistleblower protection in Switzerland insufficient

Employees who come across such irregularities are now faced with a dilemma: Should they report the violations? Or does their duty of loyalty to their employer prevent them from doing just that? The fact is that people who report irregularities in companies have only weak legal protection in Switzerland. A bill on "protection in the event of reporting irregularities in the workplace" was shot down by the federal parliament. In terms of protection for whistleblowers, i.e. people who report irregularities, Switzerland now ranks far below the rest of the world. Cases in which company employees go public often end badly: the matter turns into a scandal, and the company concerned has its hands full fighting the threat of damage to its image. The loser in such a case is the employee who started the whole thing: He is held responsible for the damage and dismissed without notice...

Corporate compliance makes sense

For banks and securities dealers in Switzerland, an Compliance function have long been required by law. But in other industries as well, more and more companies, regardless of their size, are recognizing compliance as an integral part of good corporate governance. An effective compliance concept outlines the compliance topics that are central to the company in question and defines the compliance risks. It also regulates reporting to the company management and the board of directors. Last but not least, it also includes a concrete compliance organization. In order to ensure uniform standards, a professional and anonymous whistleblower system is recommended within a compliance management system in this country as well. "The aim of such a whistleblowing system is to provide sufficient protection for whistleblowers in order to avoid risks in connection with compliance violations and to position the company as an exemplary and transparent employer in terms of employer branding," explains Thomas Wittkopf, Managing Director of TELAG AG. This company already provides an integrated whistleblowing system for large corporations and SMEs under the name WhistleTAG. The demand for such a solution could now even increase: In order to better protect both addressees and whistleblowers themselves, the new EU Whistleblower Directive will come into force from 17 December 2021. This regulation obliges companies with 250 or more employees or annual sales of EUR 10 million to have an anonymous whistleblower system. From 2023, the limit will be lowered again, to 50 employees. This also affects Swiss companies that employ staff, partners or suppliers from the EU.

EU Whistleblower Directive requires anonymous reporting system

The EU Whistleblower Directive stipulates that whistleblowers must be offered the opportunity to make their report electronically via an encrypted online system as well as verbally by telephone, but in any case anonymously and securely. "Whistleblower confidentiality must be ensured so that employees have the courage to report a compliance breach in the first place. In practice, we often experience that it is particularly difficult for employees in SMEs, which pride themselves on their open corporate culture, to point out a malpractice. They are afraid of the consequences - ranging from belittlement to mobbing to far-reaching retaliatory measures. That's why, in most cases, they refrain from reporting." With devastating consequences, as the ACFE Report of the Association of Certified Fraud Examiners (ACFE): Thus, the average financial loss amounts to CHF 200,000 - not including the damage to reputation. "Managing directors and boards of directors are responsible, but are often in the dark because employees lack the basis to report a malpractice due to inadequate protection. A professional whistleblowing system offers companies an opportunity for transparency and practiced corporate governance both internally and externally," says Thomas Wittkopf. Conclusion: Even if Switzerland does not have to transpose the EU Whistleblower Directive into national law, it can serve as an instrument against corruption and money laundering in this country as well.

EU Whistleblower Directive: Recommendations for Swiss companies

How does a whistleblower hotline work? This can either exist in a company-internal reporting office or be outsourced to a professional service provider. TELAG is such a service provider, which has been operating an anonymous whistleblower system for companies in the financial and service sectors for 13 years, which meets the requirements of the new EU Whistleblower Directive. The company provides the software for the anonymous processing of digital and telephone reports as well as 24-hour availability in 24 languages. TELAG's whistleblower system also includes report qualification, case management and, if necessary, an ombudsman office with an independent law firm.

• A professional whistleblowing system is considered best practice for groups and SMEs and is particularly recommended as soon as the company has branches in other EU countries and/or employs staff, partners, suppliers from the EU area.
• The reporting process must work both by telephone and in writing, including a feedback loop to the whistleblower, and ensure the anonymity of the whistleblower.
• The commitment of the executives ("tone from the top") underpins the seriousness with an anonymous whistleblower system and pays off the credibility. Spurred on by the public discourse on ethics and morals in companies, the new generation of employees and managers is demanding business ethics and transparency. 
• Last but not least, preventive action is much cheaper than cost-intensive clean-up work in the event of a compliance breach, which regularly entails irreparable damage to reputation as well as considerable financial consequences - on average CHF 200,000 according to the ACFE report of 20218. 

Further information: www.telag.ch/whistletag

International SOS's annual global Risk Outlook 2022 report, produced in collaboration with market research firm Ipsos Mori, reveals an increasingly complex risk landscape facing organizations. Nearly 1000 employee health professionals in 75 countries were surveyed. The responses show that there will be increased investment in both mental and physical health. More than half, or 56%, of companies intend to increase spending in both areas.

Productivity losses due to mental health problems

Companies face a dual health challenge, according to the survey. In addition to the physical aspects of protecting against COVID-19, the pandemic has contributed significantly to a mental health crisis, according to Risk Outlook 2022. More than a third of respondents (36 %) expect mental health conditions to cause a significant drop in productivity in 2022.

The need for increased investment in employee health stems from the fact that businesses expect increased risks in 2022. More than two-thirds (68 %) of companies expect risks to increase or remain the same next year. In particular, decision makers responsible for business travel (69 %) and international expatriates or expatriates (67 %) expect risk levels to increase or remain the same in 2022.

Business travel as a risk to employee health

Particularly in connection with the topic of business travel and expats, International SOS notes that access to high-quality healthcare has become a major challenge in many countries due to the pandemic. If this is inadequate or unavailable in the country being travelled to, medical evacuation is often mandatory. International SOS data shows that the risk of medical evacuation during a business trip is nine times higher today than it was in 2019, due to the direct impact of Covid-19, coupled with an increased need for medical care and due to complex requirements regarding testing, isolation and quarantine measures. Overall, medical evacuations have become much more complex - and correspondingly more costly: The processing time for handling a medical evacuation for Covid-19 cases and non-Covid-19 cases has currently increased due to the complex organization in terms of logistics and obtaining all necessary permits.

COVID-19 remains a major challenge in 2022

For many organizations, COVID-19 remains a major operational challenge. One-third (33 %) of respondents to Risk Outlook 2022 said that having adequate resources to deal with the virus would be one of the biggest challenges in 2022. Respondents from Western Europe and the Americas were challenged by COVID-19 guidelines, particularly the need to define testing and vaccine guidelines for COVID-19. 36 % of respondents in Western Europe and the Americas cited this as a problem, compared to a global average of 25 %.

Pandemic biggest concern for employee health

While the pandemic tops the list of concerns, other perennial security risks are expected to cause disruption in 2022. With growing concerns about climate change, 21 % of respondents expect natural disasters, including extreme weather, to cause disruption in 2022, closely followed by transport issues - both for local, national and international travel - (19 %) and security threats and civil unrest (16 %).

"In 2022, businesses need to be aware that perennial security concerns such as crime, civil unrest, terrorism or other geopolitical issues have not disappeared as a result of the pandemic. In many cases, the risks have actually increased. Tensions surrounding lockdowns, vaccine rollouts, and perceived encroachments on civil liberties have led to riots and violence in some places. With increasing vaccination requirements or restrictions on unvaccinated individuals worldwide, tensions are expected to increase in 2022. In addition to COVID-19-related triggers, natural disasters, geopolitical events, domestic conflict, and crime will continue to impact businesses around the world. These impacts will intensify in 2022 as travel increases again and there is a greater focus on the duty of care of employees in their home country," says Gautier Porot, Security Director for Switzerland and Italy at International SOS.

Risk outlook 2022: Five forecasts

International SOS's top five listed forecasts for the next year are based on the results of the Risk Outlook Survey, expert interviews and the company's own data:

1. COVID-19, Long COVID and mental health will be the main disruptors of employee productivity in 2022, causing increasing absenteeism and continuity issues.

2. The infodemic will further exacerbate complexity in employee protection. At the same time, duties of care will be reshaped by new health and safety measures, employee expectations and regulatory compliance.

3. Activities disrupted by the pandemic will become more stable by 2023 as companies use health and safety risk management as a competitive advantage. With improved risk management, companies support employee retention and willingness to return to activities such as business travel.

4. Companies run the risk of being caught off guard by rapidly changing security environments, as civil unrest and geopolitical volatility will exceed pre-pandemic levels.

5. Climate change will increase the frequency and impact of climate-sensitive hazards such as infectious diseases, extreme weather events and socio-economic tensions.

Source and further information: International SOS. 

It has long been taken for granted that for a Audit at least large parts of the legally compliant inspection tasks can be carried out remotely. Of course, the personal presence of the auditor is also required for certain checks in the course of certification. Nevertheless, the hybrid audit form saves time and money - for everyone involved. This is a great benefit that no one would want to miss. In order for such an audit to lead to legally compliant certification, however, the framework parameters must be right.

Large companies and groups in particular have quickly realised the potential of audits that take place at least partly by video - after all, they are regularly checked by several specialists. Even a hybrid audit can significantly increase efficiency if one or two auditors are on site at the client's premises and other employees follow the audit virtually and check the documents in the meantime. Companies should be aware that a classic audit should not take place on a one-to-one basis via video, and should observe some general conditions for a successful implementation.

Professional impression via video

The basis for a remote audit is initially a computer or notebook with Internet access and the use of a video platform (e.g. WebEx or Microsoft Teams). Although an audit is about hard facts, these, together with other impressions, provide an overall picture of a company. For this, a good camera, appropriate lighting conditions as well as the quality of the sound are important. Those involved should think about the image detail, the background and a high-quality headset in advance. After all, these factors have a decisive impact on the impression the other person gets from the video. Both the technical infrastructure and the competence in operating the tools used are prerequisites for virtual work and remote audits: Everyone involved must be fit to handle the technology so as not to be distracted from the actual task.

Time for human interaction

During a personal appointment, auditors first get to know the reception area of a company and the first employees - quite automatically. Here, a personal impression of people, building, infrastructure and corporate culture is created. This arrival is missing in a remote audit. However, the interpersonal relationship work should not be forgotten and instead time should be deliberately planned for a brief introduction and getting to know each other before moving on to the technical and factual level. It has proven useful to appoint a moderator at the beginning. In this way, several small breaks can be planned and the meeting structured for all participants.

Asking the right questions is a central task of auditors. It is often possible to recognize in the non-verbal area where it is worthwhile to follow up. Here, unconscious behaviors play an important role, which often cannot be recognized on video - due to the perspective. All the more decisive is a good coordination between all participants in advance: What do you want from each other so that the audit is a success? Should company sites also be visited or should other employees be included in the discussion? With the right preparation, requirements can be clarified and organised in good time.

Digital documentation and collaboration

For a remote audit, the files, processes, procedures and documentation to be certified must be available digitally. Companies also need a collaborative tool to make this data available and edit it simultaneously. For real time savings, applications need functionalities that support the audit efficiently. The prerequisite for a remote audit is the use of process-supporting management software. Software solutions that the companies to be certified use continuously for quality management make a significant contribution here. During a remote audit, all parties involved can find the documents relevant to the audit here.

For companies, it makes sense to rely on an application that meets the requirements of an integrated management system and at the same time supports the areas of QM documentation as well as the development and expansion of a quality management system (QMS). In advance, organizations can grant temporary access to the auditors for a first orientation. This saves time in later discussions and enables both synchronous and asynchronous work. With an auditing function, the manual can be checked against a catalogue of criteria and findings documented. In the event of a deviation, a corrective measure is immediately defined and stored in the system - this also applies to comments made by the auditors. Modern solutions, such as orgavision, also take over the documented assignment of downstream tasks to the right people. With the right software, certification-compliant preparation can be achieved by transferring and importing existing requirement catalogues. The digital linking of relevant documents has also proven its worth. A QMS also scores points when it comes to traceability: auditors can easily see how the organisation has developed since the last audit, as it shows not only the current documentation, but also who has worked on what and when. With the help of comments and event management, it is also easy to implement the requirement demanded by DIN EN ISO 9001 and other management standards to document the continuous improvement process (CIP).

Author:
Johannes Woithon is the managing director of orgavision GmbH, based in Berlin. www.orgavision.de