Monthly Archives: March 2017


Information shared on WhatsApp is regulated, and may be visible, too, if you’re in banking.

“U.K. Fines Ex-Banker For Boasting on App,” The Wall Street Journal, March 31, 2017 B10.  A managing director used WhatsApp to share confidential deal information with his buds.  The managing director resigned and was fined £37,198.  The company had discovered the messages when searching the former employee’s phone on another matter. [Messages on WhatsApp normally can’t be seen by government investigators because of end-to-end encryption; you need access to the device and the password – see the recent terrorist attack in London.]


  • Managing Directors don’t follow policies
  • Companies do well when they report transgressions to the authorities.
  • People get fired for this stuff

Leave a comment

Filed under Access, Compliance, Controls, Corporation, Directors, Duty, Employees, Governance, Internal controls, IT, Oversight, Security

How important is keeping records?

In September 2010, a pipeline exploded in San Bruno, California, killing eight.  PG&E, the pipeline’s owner, couldn’t find records of pipeline inspections required by regulation.  Lots of fines and civil damages.

As part of the resolution, or as part of their post-crisis communications plan, PG&E placed a full-page ad in The Wall Street Journal on March 21.

Here’s a pdf of the ad.  TheWallStreetJournal_20170321_B005

Doubt if the corporation has that ad in Lucite paperweights.

Does your corporation adhere to regulatory record-keeping requirements?



Leave a comment

Filed under Board, Compliance, Compliance, Corporation, Directors, Duty, Employees, Governance, Legal, Oversight, Records Management, Requirements

Presidential liability

No, not that President.

The former president of Penn State University was convicted of child endangerment connected with the Jerry Sandusky scandal, for not telling the authorities about a complaint of allegedly inappropriate conduct in order to preserve the university’s reputation.  “Ex-College Head Guilty In Sandusky Case,” The Wall Street Journal, March 25, 2017 A2 (U.S. Watch).

A couple of points.

First, the president of a corporation is responsible for his or her own acts, even if the corporation hasn’t (yet) been held vicariously liable for the criminal act.

Second, the common law duty to report violations of law or policy applies to all employees, even the president.  If the president had reported this to the Board (or it’s close friend, the Compliance Department), and the Board didn’t act (disclose to authorities), would criminal liability against the corporation be easier to establish?

Third, as far as I know, the corporation hasn’t been criminally charged.  Why not?

Leave a comment

Filed under Controls, Duty, Employees, Internal controls, To report

What you don’t say

If a corporation fails to raise “‘known trends or uncertainties'” in securities filings, has it committed fraud against third parties?


“High Court To Weigh Corporate Omissions,” The Wall Street Journal, March 28, 2017 A2.  Supreme Court to hear a case involving suit by investors against company for omissions in public filings, otherwise the purview of the SEC.

So, does this mean that unspoken information is “information” subject to government regulation or third-party litigation?

Leave a comment

Filed under Accuracy, Board, Communications, Corporation, Definition, Duty, Governance, Inform market, Inform shareholders, Information, Oversight

Do you track what’s the normal cost?

“Venezuela Alleges Fraud in $1.3 Billion Oil-Rig Lease,” The Wall Street Journal, March 16, 2017 A10.  “Officials at PdVSA [the state oil company in Venezuela] were accused of embezzlement by paying inflated fees.”

How do you track whether the company is paying inflated fees to companies owned by Saudi princes, with a no-bid contract to an industry newcomer?  You do track that, don’t you?  As a director you would want to make sure that people weren’t paying too much for service contracts.  Why would the state oil company pay inflated rates?  Aren’t these bribes going the ‘wrong’ way?  Or was it just waste and incompetence?  The difference is only $250,000 a day for seven years.

Do you consider the information governance aspects of the FCPA, beyond the books and records?  It is good that the government checks.

Leave a comment

Filed under Board, Compliance, Compliance Verification, Controls, Corporation, Definition, Directors, Duty, Employees, Governance, Government, Information, Internal controls, Oversight, Oversight, Protect assets, Risk Assessment, Risk assessment

About time

Part of governance is punishing someone who violates the rules.  Good, though, to have some temporal connection between the violation and the punishment.

“U.S. Plans Charges In Breach At Yahoo,” The Wall Street Journal, March 15, 2017 B1.  Move comes after 2014 breach at Yahoo that exposed 500 million users in late 2014, after the larger breach in 2013 exposing twice as many accounts.  Huge impact on the users and the shareholders.

The company’s lawyer resigned and the CEO lost her cash bonus.  Have the directors at the time been penalized at all? They missed this, too.

Leave a comment

Filed under Board, Controls, Directors, Duty, Employees, Governance, IT, Lawyers, Oversight, Oversight, Protect assets, Protect information assets, Security

Managing Fake News

How do you respond when someone starts spreading false rumors about you or your organization?  Would it be good to have your country’s president’s support?

“Muslim Group Fights Web Spread of Fake News,” The Wall Street Journal, March 13, A13.  Government and a private organization join forces in Indonesia to battle fake news.  Think of Snopes, in Bahasa, sharing because “‘This is our responsibility as a society as a whole because hoaxes, false information, is not healthy for society.”

Could other countries benefit from a government-supported push?



Leave a comment

Filed under Accuracy, Controls, Data quality, Duty, Governance, Government, Oversight, Third parties