One of the drivers of some aspects of information governance is 18 USC 1519, a provision of the Federal criminal law dealing with obstruction of justice. The provision was added by Sarbanes Oxley.
A fisherman gets prosecuted under this law and his conviction turns upon whether his disposal of a fish equaled the destruction of a document or other tangible object to influence a matter within the jurisdiction of an agency of the US government.
Is this what Congress either said or meant?
“Prosecutors Used Sarbanes-Oxley to Hook a Fisherman,” Wall Street Journal, April 28, 2014, online. http://on.wsj.com/1ivuPC8
Had it been a gun, an easier question. But a living or dead animal?
One of the problems with problems is that once you have one, it’s hard to prevent multiplication.
Case in point. Barclays. After the rate rigging scandal, Barclays changed CEOs. Had some problems with the insurance products it offered. Then it linked broker compensation at its wealth advisory arm to compliance with law and policy. More recently, it paid a quarter of a billion dollars to settle Fannie Mae/Freddie Mac issues.
Yesterday, at the annual meeting, shareholders objected loudly at proposed increases in compensation and bonus.
Was inability to pay enough to attract staff a risk identified as arising from rate rigging?
This isn’t so much an information governance issue as it is a risk assessment one. What is the total, all-in cost of noncompliance?
“Barclays Gets an Earful Over Its Pay Practices,” Wall Street Journal, April 25, 2014 C3 http://on.wsj.com/1iTEzdX
Two articles from today’s Journal, but one topic.
“Flurry of Allergan Trades Preceded Bid,” and “Insider Cases’ Legal Basis Questioned, Wall Street Journal, April 23, 2014 C1 http://on.wsj.com/1gSgfVG, http://on.wsj.com/1l4bo8M
The first looks at the suspicious rise in volume of trades in Allergan prior to disclosure of a takeover bid. Round up the usual suspects. The second raises questions about the SEC’s theory in insider trading cases and whether not only must you know the information is ill-gotten, but you must also get that information in return for something.
So, how you got it matters more than the information. Go figure.
I was tempted to return to a continuing story: PG&E and the San Bruno blast. They/it pled not guilty to felony criminal violation of safety rules (including not keeping records of the pipeline) in connection with the 2010 explosion in California. “PG&E Pleads Not Guilty,” Wall Street Journal, April 22, 2014 B2 http://on.wsj.com/1idccbQ
Instead I choose to focus on “A Future Where Bionics Track Your Health,” Wall Street Journal, April 22, 2014 D2 http://on.wsj.com/1i9BCar. The doctor can tape on a sensor, or give you a contact lens, that allows him or her to continuously track your condition, wirelessly. Some sensors can be reabsorbed into the body. Medicines can be released remotely.
While this is interesting from the health standpoint, think about the additional zetabytes of information that this will generate. How will it be managed/controlled/stored/protected/used?
Filed under Analytics, Business Case, Collect, Compliance, Controls, Internal controls, IT, Management, New Implications, Privacy, Protect, Security, Third parties, Use
Even the smartest guys in the room write dumb stuff. But give them emoticons in their email? Let the plaintiff’s lawyers rejoice (and order a new jet).
“Tech Giants Discussed Hiring, Say Documents,” Wall Street Journal, April 21, 2014 A1 http://on.wsj.com/1iEnXH6
For the non-lawyer, agreements between competitors on who to hire and who not to hire are troubling; may be an antitrust violation. So when the wigs in Silicon Valley discussed hiring, that’s an issue. But when Steve Jobs was told of a recruiter from Google who was fired for recruiting from Apple, Mr. Jobs forwarded the email with a smiley face. Let the lawsuits commence (or continue).
How do you control what people write? Why do they get dumber on a keyboard or a phone keyboard? Why are senior execs a bigger problem?
Filed under Business Case, Communications, Compliance, Compliance, Content, Controls, Culture, Governance, Internal controls, Legal, Management, Risk
Were there a virus happening in the food chain, wouldn’t you want to know each time it happened, so you could track down the cause and limit further contagion?
The World Organization for Animal Health doesn’t track incidents of two pig viruses, one of which kills piglets (harmless to humans, it appears). The USDA now requires hog farmers to report and track each incident.
“USDA to Require Pig-Virus Reports,” Wall Street Journal, April 19-20, 2014 A4 http://on.wsj.com/1i4J3tD
You can manage only that which you track.
Filed under Board, Business Case, Collect, Communications, Controls, Governance, Inform market, Information, Knowledge Management, Management, Risk, Use, Value
Finra, the self-regulating industry association for stock brokers, is revisiting its system for confirming and reporting a broker’s record. Finra is going to cross-check their information against information in public court records, to supplement self-reporting by the brokers.
This follows a series of articles in the Wall Street Journal pointing out deficiencies in the Finra system. Congress is getting involved. One issue is whether results from required exams are posted (unlike doctors or lawyers). Finra recommends that investors look at their site (BrokerCheck) before investing.
“Plan to Fix Cracks in Broker Records,” Wall Street Journal, April 16, 2014 C1 http://on.wsj.com/Qp5N1j
Four perspectives. Finra’s. The brokers’s. The investors’s. The Journal’s.
I, for one, thought that people who got the highest score on the bar exam studied too hard. For me, it was pass/fail. But I wouldn’t begrudge someone who scored the highest from advertising that fact (the absolute scores were not available when I took the bar). I would, however, argue that maybe he or she might overwork a client’s file.
Filed under Analytics, Collect, Duty of Care, Inform market, Inform shareholders, Information, Management, Ownership, Privacy, Use, Value
It’s good to know who passed their exam the first time. Especially when you know that those who don’t pass the first time have more problems than those who do. But do you care whether your lawyer passed on the first try or the fifteenth? What about your stock broker?
FINRA (the trade association/self-regulating body representing brokers) doesn’t want you to know who failed SEC- and state-required exams when you go to BrokerCheck. The Wall Street Journal posts an analysis of complaints and similar events compared to whether the broker passed state tests the first, second, third, or fourth time.
Interesting information. Are you entitled to all information that might be relevant to your decision? Are you comfortable with the (self-)regulator knowing this but not telling you?
“Brokers Who Fail Test Have Checkered Records,” Wall Street Journal,” Wall Street Journal, April 15, 2014 A1 http://on.wsj.com/1gz8i7N
What information do you have and what’s it worth to the user?
Filed under Analytics, Collect, Communications, Governance, Information, Management, Ownership, Privacy, Protect, Protect assets, Use, Value
Makes sense. Put a digital copy of thousands of years of historical texts online, for free.
“Vatican to Digitize Historic Archives,” Wall Street Journal, April 12, 2014 A8 http://on.wsj.com/1hBHuJa
What’s the value of the original, versus the digital copy? 40 million pages. Is this part of fulfilling the purpose of the collection?
Filed under Collect, Controls, Inform market, Inform shareholders, Information, Internal controls, Management, Protect, Protect assets, Protect information assets, Use, Value
Here are two from today’s paper.
Beyond High-Speed Trading – other access to information before the muggles. “Sensitive Market Data Leaked After Government Phone Call,” Wall Street Journal, April 11, 2014 A1 http://on.wsj.com/1gdtuQs
On December 3, the government hints in a phone call to the healthcare industry that “federal funding for private Medicare plans would likely fall more than expected.” This information was finally released to the public on January 9. Lucky you didn’t buy or sell stocks in those six weeks.
In March, staff at the Federal Energy Regulatory Commission gave a presentation on the vulnerability of the electric grid to attack. On Wednesday, April 9, FERC decided to try to classify this information and restrict its public disclosure. We the people don’t need to know, despite numerous unclassified discussions of the grid’s sensitivity over the last few years. This was either “irresponsibility” or freedom of the press. So, the agency releases the information, without attempting to classify it, and it’s the Wall Street Journal’s obligation not to report it?
Whose information was this, and who had a duty to protect it? What controls were in place and why did they fail?
Filed under Board, Business Case, Compliance, Controls, Duty of Care, Governance, Inform market, Inform shareholders, Information, Internal controls, Management, Ownership, Protect, Protect assets, Protect information assets, Risk, Third parties