I rail from time to time on the breaches of law or policy that result in corporate fines but no individual accountability. So I was relatively happy to see “Goldman Pays Up Over Leak,” The Wall Street Journal, August 4, 2016 C1.
A staffer at the Federal Reserve in New York leaked confidential government information to a former colleague, who then worked at Goldman Sachs. Another Goldman Sachs executive knew about the leak of the information and failed to report it to his superior.
- The staffer who leaked the information got fired and fined $2,000.
- His former colleague pled guilty to theft of government property (and not receiving stolen goods), was barred from the banking business for life, and fined $5,000.
- The Goldman Sachs executive who knew but didn’t tell – he was fired, and faces a proposed fine of $337,500 and a lifetime bar from the banking industry (his lawyer says he’s fighting the allegations).
- Goldman Sachs paid $50 million to New York State and $36+ million to the Federal Reserve.
Quoting from The Journal, “[t]he Fed said it is ‘illegal to use or disclose confidential supervisory information without prior approval of the appropriate banking regulator.'” The article did not provide a regulatory citation for this requirement.
So, the relatively good news is, while the shareholders of Goldman paid the majority of the penalty, at least the actual perpetrators paid something. What percentage of $86 million is $2,000?
This one isn’t in the print edition. But it’s an interesting development.
“Prosecutors Sharply Reduce Potential PG&E Penalties From Pipeline Explosion,” The Wall Street Journal, August 3, 2016.
PG&E is being sued for the explosion of a gas pipeline in San Bruno in 21010 that killed 8. I follow this case because of PG&E’s inability to locate vital records related to more than half of the 212 miles of pipeline. Records of inspections required by regulation and such.
In day four of jury deliberations in the criminal trial against PG&E, the government reduced the amount of fines it was seeking from $562 million to $6 million. The larger amount was the calculation of twice the amount of money PG&E saved by not doing what the regulations required.
Why? What does this say about how important compliance it? Will any corporate executives go to jail? Or be sued by the shareholders?
Filed under Business Case, Compliance, Compliance, Controls, Culture, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Management, Risk
Notwithstanding the Yates Memorandum, not a lot of senior executives have taken the fall for company problems. However comma.
“Email Hack Leads to a DNC Shake-Up,” The Wall Street Journal, August 3, 2016 A4. The CEO and two other senior executives are leaving following the email hack at the DNC (in addition to Chairwoman Debbie Wasserman Schultz).
Not clear whether this was because the the breach per se, or the content of what was disclosed. It is good that people at the top take responsibility.
“IOC Stops Short of Banning Entire Russian Delegation From Rio Olympics,” The Wall Street Journal, July 25, 2016. The title says it all.
Does the punishment you get for violating a rule depend heavily on who you are? Have the gold medals from Sochi lost their luster? Has the institution been seriously, and perhaps irreparably, damaged?
In Thursday’s The Wall Street Journal several major corporate players posted a full-page ad titled “Commonsense Corporate Governance Principles.” There was an accompanying article, “Corporate Leaders Back Best Practices,” The Wall Street Journal, July 21, 2016 B3.
I was struck. While there was a lot of language about independence and trust and leadership and transparency, the words “duty” and “compliance” were not mentioned.
Curious. Principles without a mention of duty. One wonders why we have problems with corporate governance.
What if critical systems don’t easily include information on critical items?
There are unique ID numbers on some medical devices such as pacemakers and hip replacements. But the nature of medical billing systems makes it difficult to include this information in the normal medical information flow. This complicates recalls and the like.
“Medicare Backs ID Numbers For Devices,” The Wall Street Journal, July 15, 2016 A3.
Medicare has, after years of requests, finally supported adding the unique IDs to billing records, so the devices are easier to track. FDA had pressed for this for years.
What information do you have and do your IT systems prevent you from using it? Who needs to approve the changes necessary to make things work better together?
I have been quiet for several reasons. One, The Wall Street Journal was having delivery problems for several weeks. While I use the digital edition for my posts, I read the paper copy each day to find my material. Two, I was on vacation. Three, I try to avoid politics in this blog, and it’s been a busy time, politically.
Hard to report dispassionately the decision by the FBI Director not to recommend indictment of the former Secretary of Commerce based on the facts the Director laid out, and the language of the applicable statutes. It seemed that he was saying that the Secretary had likely/possibly violated the law but no reasonable prosecutor would bring such an action.
What does it say about information governance when the rules are not applied to the higher-ups? Why have these rules?
I’m not recommending prosecuting if there is no likelihood of conviction — that would be a waste of time. But this one seems to be a close call, and there are policitcal consequences of both action and inaction. What is the impact on compliance throughout the US government with applicable law of the decision to not even bring the case before an impoartial fact finder (either court or jury), but to instead to leave it to the investigator to make the decision?
What does this say about the average (or reasonable) prosecutor?
If the Chief Executive of your company doesn’t follow company policy, and everybody in the company knows it, do you take disciplinary action against him/her? If not, can you expect people to follow any policies at all? Is that a fundamental failure to fulfill duties, on multiple levels? How does the Board explain this to the shareholders?
How can you enforce information security and retention policies in your company when this is what is rolling out on the TV screens every day?