X

Nomeco, a leading pharmaceutical wholesaler in Denmark, was facing challenges with its legacy replenishment and ERP systems which had become difficult to maintain and develop. The planning tools were unable to integrate with each other, leading to unnecessary manual steps throughout their process. This was particularly problematic every two weeks when prescription drug prices and pharmacy assortments needed to be updated across their network of pharmacies. Furthermore, Nomeco’s pharmacy customers have considerable autonomy in deciding assortments, delivery schedules, delivery sizes, and other parameters. This made forecasting demand and ensuring optimal inventory levels for pharmaceuticals immensely complex and time-consuming. Additionally, the unstable supply chains and frequent supplier stock-outs of prescription medications required providers to identify appropriate pharmaceutical substitutions to meet their customer demand. Nomeco’s systems were not able to support optimally in these situations, which required their planners to manually identify the ideal replacements for these medications.

One Stop, a leading UK convenience store chain and a subsidiary of Tesco, faced challenges in managing the complexity of their product assortment. Their broad product offering ranged from ultra-fresh products with short spoiling times to more ambient inventory with longer shelf life. Demand for many products was sensitive to external factors such as weather, and sales for some products were easily cannibalized by promotions on similar items. These complex forecasting scenarios, in which multiple drivers could overlap and interact to impact demand, required a sophisticated solution. One Stop aimed to increase day-level forecast accuracy for products with demand driven by weather and cannibalization, and improve fresh product availability without seeing a corresponding rise in spoilage.

A global FinTech company was facing regulatory scrutiny due to insufficient Know Your Customer (KYC) files. The company was required to remediate all customer files that required Enhanced Due Diligence within a short timeframe to continue transacting with a specific set of clients. The challenge was to accelerate the file review process to meet the increased file requirements within the stipulated deadlines. The company needed both subject matter experts and technology solutions to address this issue. Additionally, the company's existing sanctions and negative news screening solution was found to be providing incomplete coverage, further complicating the situation.

The Fortune 500 multinational corporation was facing a significant challenge with their existing risk management solution. The one-size-fits-all approach was proving to be costly and time-consuming, with the team spending an excessive amount of time reviewing reports. The quality of these reports was also poor, leading to a lack of confidence in the decisions being made. The company was seeking a comprehensive review of their risk exposure across global vendors and suppliers, and thus decided to engage a new third party management partner. The goal was to find a solution that could provide high-quality, reliable results while reducing costs and time spent on due diligence.

The case study revolves around a company that was struggling with the automation of the Customer Identification Program (CIP) and Diligence processes across their global account population. The company was handling approximately 1,000,000 searches annually, which was a significant volume to manage manually. Prior to the implementation of DDIQ, the business was conducting manual searches via World-Check and Lexis Nexis. This traditional approach was not only time-consuming but also prone to errors, leading to inefficiencies in the overall process. The challenge was to find a solution that could automate the process, reduce the volume of relevant files to be reviewed, and save working hours, thereby increasing cost savings.

The parent company of multiple in-country mobile payment services providers was facing a significant challenge. They needed to align the local market regulatory expectations and in-country operations with global Anti-Money Laundering (AML) program standards and operating requirements. This was a complex task due to the varying regulations and standards in different countries. The company needed a solution that would not only ensure compliance with these diverse regulations but also streamline their operations to maintain efficiency and effectiveness.

A top 20 global financial institution faced a significant challenge due to a change in their customer risk rating model. The new model led to an increase in the volume of high-risk files that needed to be reviewed, which the bank was unable to manage effectively. This resulted in significant quality challenges. Furthermore, regulatory guidance mandated risk-based reviews on a periodic basis. This compelled the bank to perform Know Your Customer (KYC) due diligence on a significantly larger portion of high-risk customers. However, the bank was unable to devote sufficient resources to meet the periodic review deadlines, further exacerbating the situation.

Sanctions are economic pressures used by governments and international bodies to protect security interests and international law against aggressive actions or threats to international peace and security. They can be imposed for various reasons, including anti-money laundering, financial crimes, human rights violations, terrorism, invasion, and proliferation of weapons of mass destruction. Sanctions can significantly impact businesses, especially those that rely heavily on international trade. They can disrupt supply chains and make it difficult or impossible to do business with certain countries. With geopolitical risk growing in many parts of the world, sanctions are becoming increasingly common. Businesses are responsible for sanctions screening and ensuring their compliance, and choosing not to do so can be costly. For example, BNP Paribas, France’s largest bank, was fined $9 billion for violating US sanctions against Iran, Sudan, and Cuba. Complying with sanctions lists is essential because it helps ensure that businesses and legal entities are not inadvertently doing business with entities or individuals sanctioned by the government.

On June 9th, 2021, a fire and subsequent explosion occurred at a silicone packaging workshop in China’s Xinjiang Uygur autonomous region. The facility was part of a Hoshine Silicon manufacturing plant, a significant producer of various lines of metal, powder, and organic silicone and polysilicon products. Hoshine Silicon has been a part of significant market consolidation among polysilicon manufacturers in China and was a critical supplier to many of the top semiconductor and solar panel companies globally. The explosion was widely reported, and there was serious concern that the disruption of polysilicon in the semiconductor sector, which was already subject to substantial supply shortages, could be significant.

A large multinational hospitality company was facing a significant challenge with their high-volume due diligence needs. The company was incurring high costs due to the volume of third parties they needed to review. The quality of the reports from their incumbent provider was also under scrutiny, adding to their concerns. The company was seeking a comprehensive review of their risk exposure across global vendors and suppliers. To address these issues, they decided to engage a new third-party management partner.

In late September 2022, the IT Security community and Microsoft confirmed the investigation of a significant set of vulnerabilities, including two zero days, affecting Microsoft Exchange Server (2013, 2016, and 2019). These zero-day exploits are serious as they are computer-software vulnerabilities previously unknown to those who should be interested in its mitigation, like the vendor of the target software. Until the vulnerability is mitigated, hackers can exploit remotely nearly any programs, data, additional computers, or a network operating on the impacted system(s). The cybersecurity of supply chains has become a key risk area, with vulnerabilities like those seen with Microsoft Exchange Server and recent breaches such as SolarWinds and Accellion demonstrating how software can become a Trojan horse, turning protective products into ecosystem-wide threats. Over the last three years, Exiger’s clients have seen over 30 severe vulnerabilities targeted by hackers, often linked with powerful nation-state actors.

A prominent investment bank was facing a significant challenge. Despite its success in the investment banking sector, it had limited experience in offering commercial banking products and services. The bank needed to acquire comprehensive knowledge about the risk exposure and industry expectations for a control environment that offering new commercial banking products in the market would entail. The bank was aware that the introduction of new products could potentially expose it to unforeseen risks and regulatory scrutiny. Therefore, it was crucial for the bank to understand the potential risks and industry expectations before launching new commercial banking products.

The client, a top 10 regional bank in the US, was facing a significant challenge with their transaction monitoring system. They had previously engaged another consultancy firm to review their transaction alerts, but the results were unsatisfactory. The review resulted in zero Suspicious Activity Reports (SARs) being filed, which led to a regulatory review that forced the bank to revisit the alerts. The bank was not satisfied with the quality of work provided by the previous consultancy firm, which led to a lack of confidence in their transaction monitoring framework. The situation necessitated a thorough and reliable review of the alerts to ensure compliance and avoid potential regulatory issues.

The Dutch Ministry of Economic Affairs (EZ) is tasked with ensuring the safety of poultry supply chains in the Netherlands. One of the key responsibilities is the collection of salmonella data in the poultry supply chain, a task that has been delegated to AVINED. The challenge was to manage and offer a self-regulatory database for this purpose. The data collected is crucial for a variety of tasks such as registration of laboratory tests, reporting, and issuing important alerts. The poultry sector, like many others, has a complex structure with numerous stakeholders, making data management and collection a daunting task. The need for a system that could simplify this process, enable rapid response, and ensure transparency throughout the sector was evident.

The Better Cotton Initiative (BCI), established in 2009 by organizations such as Adidas, H&M, IKEA, Oxfam, and WWF, was created to enhance the livelihood and economic development in cotton-producing regions, reduce the environmental impact of cotton production, and secure the future of the sector. The initiative was designed to address issues such as harmful crop protection practices, water misuse, declining soil fertility, and unethical practices like child or forced labor. To achieve these goals, BCI needed to define a more sustainable way of growing cotton and train farmers to adopt these techniques. In 2013, 680,000 farmers produced 905,000 metric tonnes of Better Cotton. The goal was to increase these numbers to 5 million and 8.2 million respectively by 2020. However, ensuring that retailers and brands could confidently make claims about Better Cotton was a challenge.

The organic food sector has been experiencing rapid growth, leading to increased pressure to meet supply demands. This growth has also heightened the need to ensure the authenticity of organic food and mitigate potential risks such as fraud in organic produce supply chains. Companies are faced with the challenge of identifying and assessing risks that could affect the quality of organic ingredients and products. They are also tasked with implementing appropriate measures to prevent these risks. Bionext, a company committed to promoting sustainable organic food and farming, needed a solution to manage these challenges, leading to the creation of Biotrust.

Closing the Loop, a company that collects and recycles scrap phones, was facing a significant challenge in managing the traceability of the scrap phones they collect in Africa. The e-scrap problem in Africa is growing daily, and proper recycling facilities are not available locally. Therefore, the scrap phones are shipped and recycled in Europe. This process creates jobs for phone collectors and entrepreneurs in Africa and reduces environmental damage, pollution, hazardous waste, and health issues. However, ensuring that every new phone is compensated with the collection and recycling of a scrap phone was a complex task. The scrap phones are collected in batches, paid by the kilo, and then consolidated into big bags, which are further consolidated into shipping containers to be sent to smelters in Europe.

Cashew production is primarily handled by smallholder farmers in Africa, India, Vietnam, and Brazil, with Africa accounting for 40% of the global production. The challenge lies in the lack of a comprehensive system to monitor and improve the sustainability of the cashew supply chain. The absence of a robust Management Information System (MIS) hampers the ability to track progress on sustainability goals and indicators. This lack of visibility and control over the supply chain also affects the ability of training institutions, local business development organizations, farmer organizations, and companies to monitor, evaluate, and adjust their sustainability efforts. Furthermore, the absence of a system to facilitate the exchange of best practices and knowledge hinders the scaling up of collective action.

The European fruit and vegetable sector faced a significant challenge in terms of residue monitoring. Wholesalers and international traders needed a platform that could streamline the process of assigning, reporting, and analyzing product tests. The lack of a collaborative platform resulted in inefficiencies, increased costs, and a lack of quality information. Furthermore, the sector lacked a comprehensive system that could provide insights into trends and best practices by comparing products, residues, suppliers, regions, and periods of time. The absence of a user-friendly business intelligence tool made it difficult for managers to independently browse data and create visualizations to support informed decision-making within their organizations.

GoodWeave International, an organization dedicated to eradicating child labour in the carpet industry, faced the challenge of effectively monitoring and verifying labour conditions across all tiers of production, including the often overlooked subcontracted homeworker level. The complexity of the supply chain, with multiple stakeholders and their intricate relations, made it difficult to ensure compliance with GoodWeave's no child labour standard. The organization needed a solution that could provide greater transparency, especially at the bottom of the chain, and enable proactive engagement with various actors, quick adjustments by producers, and collaborative efforts with importers to improve workers' conditions sustainably.

Ivanhoé Cambridge, a global real estate investment firm, was facing a significant challenge in managing a high volume of security alerts. The process of ingesting and reviewing these alerts was described as 'gruesome' by the Head of Security and Senior IT Security Manager, Patrick Gilbert. The team was often required to investigate alerts after regular business hours, leading to concerns about alert fatigue and potential team turnover. Gilbert was also keen to free up his team to focus on more strategic security initiatives unique to Ivanhoé’s business, such as creating an insider risk management model. The firm needed a security partner that could easily integrate with their existing tech stack, automate the response to millions of alerts, and demonstrate value to both the security team and the company’s executives.

In 2019, the Make-a-Wish Foundation was planning an IT transformation with a move to cloud infrastructure and SaaS applications. The organization had been using on-premises hardware and software to connect about 2,500 employees. However, the pandemic forced the nonprofit to shift to remote work, accelerating their cloud transformation by moving to Microsoft Azure. This rapid transition presented new security challenges. The foundation had to protect private data such as names, contact info, donation history, and medical records of wish recipients. The IT security team had to sort through thousands of alerts, identifying false positives from its on-prem environment and SaaS apps, and which required responses. The team also had to deal with the threat of business email compromise (BEC), a key attack vector for the organization.

Matillion, a leader in data integration, faced a significant challenge as its customers increasingly adopted a cloud-first approach. The company's security requirements evolved to handle more users, complex use cases, and larger cloud workloads. Initially, Matillion deployed software into customer infrastructure, which allowed rapid expansion and ensured customers had full data sovereignty. However, as customers migrated to SaaS applications, Matillion had to continually evolve its strategy to protect new infrastructure vulnerable to attacks. The company's rapid global expansion and growing roster of enterprise customers further complicated the situation, as these customers scrutinized Matillion's security defenses. The company needed a solution that could keep pace with the rapidly evolving threat landscape and instill confidence in IT decision-makers about Matillion's cloud security.

Common Desk, a provider of flexible workspaces, was struggling with a custom-developed solution for managing billing, meeting room bookings, and other operational activities. The lack of an in-house development team, functionality issues, and a complex invoicing process were hindering the company's growth. The situation was further exacerbated by the need to cut nonessential costs during the COVID-19 pandemic. The custom solution was not user-friendly, leading to frequent queries from Community Managers to senior staff. Moreover, the software was unreliable, often requiring intervention from developers to fix issues. This was distracting the team from their core responsibilities. Additionally, the software was inconvenient for members, who could only view their invoices but not download them. They also had to contact the Common Desk team to change their billing details or check payment status.

Firmspace, a private office space provider for professionals and executives, was facing significant challenges with its in-house AWS-based software solution. The software was proving to be inefficient, particularly in terms of performance, cost, integrations, and visibility. The system was unable to handle the growing member data, frequently crashing, especially when adding new locations and members. The cost of scaling the product and improving its performance and user experience was prohibitively high. Integrating the solution with other systems, such as billing software, was inefficient and led to numerous data inaccuracies. Furthermore, the system failed to provide essential business metrics like revenue and occupancy. Firmspace realized the need for a reliable coworking software that would support their growth plans, automate and streamline billing, contracts, and memberships, and provide an intuitive and pleasant interface.

HAYVN, a coworking space with a mission to support and energize women on their professional and personal journeys, was looking for a scalable coworking management software to support their growth. They needed a vendor that could provide the necessary features and be responsive and reliable for handling support questions and issues. The team was certain that technology was an irreplaceable element of running a coworking space and one of their first initiatives in launching the business was to find a software to manage the space. They were looking for a solution that could ensure efficient and precise billing processes, provide insights into business dynamics and trends, offer secure and convenient access to members, and simplify the process of selling products online.

Acme Brick, a company with a long history in brickmaking, faced a significant challenge in managing the security of its IT infrastructure. With only two team members responsible for the security of 1200 workstations, servers, and active users, the company was struggling to maintain efficiency and effectiveness in its operations. The lean team was overwhelmed with the volume of work and the need for a tool that could streamline their day-to-day operations was deemed critical. The challenge was to find a solution that could integrate all their security tools into one platform, making it easier to manage and monitor their security posture.

Alpina Group, a Netherlands-based insurance technology firm, was facing a significant challenge in improving the maturity of its in-house security program. The company was on a steep growth curve, expanding its workforce from 350 to 550 employees in just two years. This rapid growth also led to an increase in the number of IT assets to manage and secure. The insurance sector is a popular target for attackers due to the wealth of sensitive personal and financial information they hold. Alpina Group recognized the need to enhance its visibility into the threat landscape and its own IT infrastructure to proactively manage risk. The company's incumbent SIEM platform created a blind spot after a year-long implementation, as it was too complex for the small security team to operate effectively. Security Officer Joost Dubbelman was tasked with finding vulnerability management and incident detection solutions that could be managed by a small team, provide enhanced insight, and help reduce risk.

Amedisys, a leading provider of home healthcare, faced a unique challenge in securing their patients’ and employees' data without impacting the usability of their systems. The majority of their user base consists of clinicians who provide care to patients in their homes. It was crucial to provide these medical professionals with a seamless and secure experience, as any disruption could impact the care provided to patients. The challenge was to ensure the security of sensitive data while maintaining the efficiency of their operations.

AMN Healthcare, a leading provider of total talent solutions for healthcare organizations, faced a significant challenge in integrating the cybersecurity systems of 28 recently acquired organizations. These organizations varied in size, from startups with 30-50 employees to established organizations with 2,500 employees, each with their own offices, policies, and frameworks. AMN needed a unified, future-proof security platform to integrate these organizations into their corporate structure, ensuring that every organization was following a singular security standard for detection and response. The challenge was further complicated by the shift to remote work due to COVID-19, which transformed each employee's home into a regional office, creating a lack of visibility and control over home networks.