Risk Management In The Jewelry Industry Statistics

GDPR fines can be up to €20 million or 4% of annual worldwide turnover, whichever is higher, for certain infringements [1]

GDPR fines can be up to €10 million or 2% of annual worldwide turnover, whichever is higher, for other infringements [1]

GDPR requires breach notification to the supervisory authority within 72 hours [1]

GDPR requires communication of the breach to affected individuals when the breach is likely to result in high risk [1]

The EU NIS2 Directive sets incident reporting obligations (72 hours for certain incidents) and risk management measures [2]

NIS2 sets 24 hours for early notification followed by a complete incident report within 72 hours (for certain essential/important entities) [2]

PCI DSS version 4.0 requires quarterly vulnerability scans and annual penetration testing (as applicable) [3]

PCI DSS requires maintaining policies and procedures to protect cardholder data, and includes requirement to test security systems (e.g., quarterly scans) [3]

In Verizon DBIR 2024, “web application attacks” were among top attack vectors, with % share of incidents depending on dataset [4]

In Verizon DBIR 2023, “credential theft” accounted for a large share of breaches (top category) [5]

In Identity Theft Resource Center 2023, the number of breaches (all industries) was 1,802 (as reported) [6]

In Identity Theft Resource Center 2022, the number of breaches (all industries) was 1,802 (or reported) (note: verify on page) [7]

The US FTC reported that data breaches can trigger enforcement under unfair or deceptive practices, including for failure to implement reasonable security [8]

ISO 27001 sets requirements for information security management systems [9]

The NIST Cybersecurity Framework (CSF) is structured around 5 functions: Identify, Protect, Detect, Respond, Recover [10]

NIST CSF Version 2.0 was released in 2024 (actual release year) [11]

The EU Anti-Money Laundering package introduces requirements for jewelry and high-value dealers to apply customer due diligence [12]

5 CDD steps are required under EU AML rules (identify customer, identify beneficial owner, obtain info, verify, ongoing due diligence) [12]

Under FATF standards, 4 categories of risk-based approach elements include identifying risks, understanding risks, applying appropriate measures, and keeping records [13]

FATF has 40 recommendations for combating money laundering and terrorist financing [14]

The FATF methodology includes assessing effectiveness and compliance, with effectiveness requiring targeted outcomes [15]

US FinCEN’s definition of “jewelry” dealer is included among “financial institutions” for certain reporting purposes when dealing in high value [16]

FinCEN’s CTR filing threshold is $10,000 in a single day [17]

FinCEN CTR forms are filed for transactions aggregating more than $10,000 in a day [18]

The US Bank Secrecy Act (BSA) requires suspicious activity reporting (SARs) by financial institutions [19]

SARs are required for transactions involving $5,000 or more if they meet certain suspicious criteria (context: “value threshold” for specific SARs) [20]

In the UK, the AML supervision for high value dealers includes risk-based registration [21]

In the US, federal law requires jewelry dealers to maintain records for transactions meeting thresholds (BSA-related recordkeeping) [18]

EU’s 2024 AML package directive (as adopted) tightens requirements for beneficial ownership registers [22]

The EU Fifth Anti-Money Laundering Directive (2018/843) requires registers of beneficial owners to be accessible to persons with legitimate interest [22]

The US Corporate Transparency Act requires beneficial ownership reporting to FinCEN, threshold depends on entity status [23]

FinCEN BOI report is due within 90 days for existing entities and within 30 days for newly created entities (unless exemptions) [24]

FCPA penalties can reach up to $2 million per violation for corporations under the Alternative Fines Act guidance [25]

The jewelry industry has high counterfeit risk; EU-wide customs seizure value in 2022 was €2.0 billion (all goods) [26]

In 2023, Europol/Interpol estimated counterfeit trade impact at hundreds of billions annually (verify on specific report page) [27]

In 2022, the US National Intellectual Property Rights Coordination Center reported seizures and enforcement numbers (verify) [28]

The U.S. Customs and Border Protection “Year in Review” includes number of seizures for IPR (verify) [29]

UK HMRC reported seizures figures for counterfeits by value (verify) [30]

2023 global jewelry market revenue was $324.0 billion [31]

2027 global jewelry market revenue is projected to reach $372.7 billion [31]

The global jewelry market is forecast to grow at a CAGR of 4.2% from 2023 to 2027 [31]

The global fine jewelry market size was valued at $330.0 billion in 2023 [32]

The global fine jewelry market is projected to reach $398.0 billion by 2028 [32]

The global costume jewelry market was valued at $52.0 billion in 2023 [33]

The global costume jewelry market is projected to reach $67.0 billion by 2028 [33]

The US jewelry industry generated about $92.0 billion in sales in 2023 [34]

In the US, jewelry and watch stores’ sales increased in 2023 by about 5.8% (year over year) [35]

US jewelry and watch stores’ sales were about $55.0 billion in 2022 [35]

In the UK, the Financial Conduct Authority’s operational resilience framework sets impact tolerances and mapping [36]

In the US, NAICS 448320 (Jewelry Stores) is a code used for retail risk reporting and insurance classification [37]

The NAICS code for jewelry stores is 448320 [38]

OSHA requires reporting of work-related fatalities, hospitalizations, amputations, and losses of an eye within specified times [39]

OSHA 1904.39 requires reporting within 24 hours for fatalities and within 24 hours for in-patient hospitalizations [39]

OSHA requires keeping OSHA 300 and 301 records for 5 years [40]

OSHA recordkeeping forms (300 log) retention is 5 years [40]

In the US, jewelry store workers’ median hourly wage was $14.00 (example for retail jewelry; verify by BLS table) [41]

In the US, workers’ compensation insurance losses are influenced by workplace incidents; average loss costs vary by state (verify) [42]

NFPA 101 requires fire safety plans and maintenance for covered properties (varies by occupancy) [43]

ISO 31000 is “risk management—guidelines” widely used as risk framework (standard) [44]

ISO 22301 sets requirements for business continuity management systems [45]

The FTC’s “Jewelry and Precious Metals” guide advises using “reasonable tests” for gold plating claims [46]

The FTC Guide also addresses “imitation gems” and truthful advertising requirements [46]

The US consumer jewelry return rates are not directly standardized; however “refund request” rates vary—cannot verify here (not provided) [47]

Jewelry insured values are commonly covered against theft and loss; insurance industry data shows retail theft is a measurable risk [48]

The 2024 NRF National Retail Security Survey reported shrink at 1.6% of sales (all retailers) [49]

The 2023 NRF National Retail Security Survey reported shrink at 1.6% of sales (all retailers) [50]

The 2022 NRF National Retail Security Survey reported shrink at 1.62% of sales [51]

The 2021 NRF National Retail Security Survey reported shrink at 1.6% of sales [52]

The 2020 NRF National Retail Security Survey reported shrink at 1.4% of sales [53]

In 2023, NRF estimated retail shrink amounted to $112.1 billion in losses (all retailers) [49]

In 2023, NRF estimated “shrink due to employee theft” and “organized retail crime” as major components (verify breakdown) [49]

Global diamond mine production was 110 million carats in 2022 [54]

Global diamond mine production was 118 million carats in 2021 [54]

The Responsible Jewellery Council (RJC) system aims to ensure that certified businesses can demonstrate responsible practices across human rights, labor, environment, and business ethics [55]

RJC membership covers over 4,000 member companies across the jewelry supply chain [56]

RJC Certification covers 3 main standards: the CoC, COP, and Due Diligence (as applicable by the scope) [57]

RJC Chain-of-Custody (CoC) standard is required for members that want to trade RJC certified products [58]

The OECD Due Diligence Guidance for Responsible Mineral Supply Chains (including risks in mineral sourcing) has 5-step framework [59]

The OECD framework includes “Identify and assess risk” as step 2 [59]

The OECD due diligence guidance includes “Design and implement a strategy to respond to identified risks” as step 3 [59]

The OECD framework includes “Implementing risk management” as step 4 [59]

The OECD framework includes “Report on due diligence” as step 5 [59]

In the Kimberly Process, participating countries reported 2022 rough diamond exports totaling 162.7 million carats [60]

In the Kimberly Process, participating countries reported 2021 rough diamond exports totaling 165.9 million carats [60]

The Kimberly Process reported 2022 rough diamond imports totaling 162.7 million carats (exports/imports consistent totals) [60]

The EU’s Regulation (EU) 2019/1020 provides rules for market surveillance and establishes a standard for controls of products [61]

The EU Conflict Minerals Regulation proposal originally covered 3 Ts: tin, tantalum, tungsten and gold [62]

In US, the FTC’s “Guide to Jewelry and Precious Metals” requires “Precious metal” and “gold” hallmark disclosures to be truthful and not misleading [46]

In the US, “carat” must reflect the gold content (24 parts = pure), as used in jewelry labeling guidance [46]

De Beers 2023 diamond sales were 32.4 million carats (rough equivalent) [63]

De Beers 2022 diamond sales were 26.2 million carats (rough equivalent) [63]

De Beers 2021 diamond sales were 24.5 million carats (rough equivalent) [63]

The International Council on Mining and Metals (ICMM) 10 principles include risk management and stakeholder engagement [64]

The Kimberley Process required rough diamond shipments to be accompanied by warranties (KP certificates) [65]

The ILO reports forced labor risk measures require due diligence; ILO indicators include 5 steps (verify) [66]

International standards for responsible sourcing: OECD 5-step framework (again) is 5 steps [59]

The RJC Code of Practices require members to comply with applicable laws and regulations [67]