Monthly Archives: February 2018

Cost of (non-)Compliance

“U.S. Bancorp Is Charged, Fined in Laundering Case,” The Wall Street Journal, February 16, 2018 B2.  Bank fined over $600 million and criminally charged with laundering money.  And placed under a deferred prosecution agreement, which is always an adventure.

Bank allegedly constructed and operated its controls on money laundering “‘on the cheap.'”  Think of the money they saved!

Their shareholders, not so much.

How much would having adequate controls and filing required suspicious activity reports have cost?  More or less than $600 million?

A key compliance requirement for banks is to have adequate money laundering controls.  What does it say about the directors and officers that this bank didn’t have them?  Who’s responsible for this failure (i.e., who’s duty was it to prevent this?)?  Who’s getting canned?

Advertisements

Leave a comment

Filed under Board, Compliance, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Oversight, Oversight, Protect assets, Protect information assets, To report

The cobbler’s children

The cobbler’s children have no shoes.  Experts tend not to tend to things at home.

“Errant Charges at Coinbase,” The Wall Street Journal, February 17, 2018 B9.  A bitcoin firm ended up charging its customers multiple times (as many as 50!) for the same transactions. Blames its vendors.

Let me see.  You can’t work out your own electronic invoicing and you want to store our digital currency?  We should trust you why, exactly?

Wouldn’t you think you’d keep a close eye on the processes by which customers are charged and you are paid?

Leave a comment

Filed under Accuracy, Board, Controls, Corporation, Directors, Duty, Governance, Interconnections, Internal controls, IT, Oversight, Supervision, Third parties, Vendors

Can information have a negative value?

Doug Laney has done a lot of good stuff on infonomics, and the value of information.  But can information have a negative value?

“FBI Didn’t Follow Up Tip By Person Close to Shooter,” The Wall Street Journal, February 17, 2018 A1.  FBI got a tip on January 5 about the person who ended up shooting up the school at Parkland on February 14.  Failed to act on it.  Seventeen people died.

Do you have a duty to use information you have?  What if you have important information and you don’t use it, or can’t use it because you can’t find it?  Is that a liability (i.e., a “negative asset”)?

Do your internal controls make sure that critical information gets to the decision makers promptly?  If not, who’s responsible?

Look at the past year or two in industry and you will find several examples of the cost of not having important information reach the right people at the right time.  For example, Wells Fargo management didn’t learn of the account cramming until months or years later.  The Board at GE didn’t know about the two-plane approach the CEO was using.

Which is worse, knowing or not knowing?  Don’t know, but certainly knowing and not doing anything is the most expensive.

Leave a comment

Filed under Access, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Government, Information, Internal controls, Oversight, To report, Value

Information quality

The quality of information is largely based on its accuracy.  Excluding others from using that information can also be valuable, such as trade secrets, patents, or copyrights.  An additional factor is the information’s timeliness: getting information before someone else allows you to use that information first.  Even fractions of a second can matter.

“CME Defect Aids Speedy Traders,” The Wall Street Journal, February 13, 2018, B1.  Five years ago, some high-frequency traders took advantage of the small time gap between (a) when they received confirmation of trades and (b) when those trades were reported to the market.  Based on this information, they deduced the direction of market movements and sold or bought, as appropriate, before that information was in the market.  The exchange fixed this.  Sort of, as the problem has reappeared, albeit much smaller.  But microseconds matter, when it’s the computers that are doing the trading.

What’s the point?  Well, what information would you pay more for to get it sooner?  Do you rely on getting information at the same time as (or before) your competitors, allowing you to use your superior skill, foresight, and industry to profit from it?

Leave a comment

Filed under Access, Accuracy, Controls, Data quality, Information, Internal controls, Third parties, Value

Stop digging

What’s the first step to get out of a hole?  Stop digging.

“Wells Errs in Bid to Make Amends,” The Wall Street Journal, February 12, 2018 B1.  Wells Fargo, a frequent star in this blog, was trying to reach out to the 600,000 – 800,000 customers it screwed over by forcing them to buy auto collision insurance.  It couldn’t even do that.

First, it reportedly sent refunds to some non-customers.  Second, it told some customers that they would be paid the wrong amount. Third, it said it was going to pay refunds to people who hadn’t even bought the insurance. Affected: 38,000 folks.  Cause: a vendor’s coding error.

Fourth, Wells Fargo still hasn’t contacted the 110,000 people it overcharged for mortgage insurance rate locks.

And they are in charge of your bank deposits?

Leave a comment

Filed under Accuracy, Controls, Corporation, Duty, Duty of Care, Governance, Internal controls, Oversight, Supervision, Vendors

Uber settles

“Uber Settles Trade-Secrets Case,” The Wall Street Journal, February 10, 2018 B1.  Uber pays more than $240 million to settle case, and agrees not to use certain technology on self-driving cars, allegedly belonging to Waymo.  The agreement not to use was worth perhaps $250 million.

How does your company make sure it isn’t using a third party’s intellectual property without permission?  Is this an important part of your compliance program?  How does your company manage its acquisitions of new companies, some of whom (or their employees) may not have been as diligent in avoiding trade secret theft?

How can you prevent people from bringing information that you do not want into your company?  What are your processes?

Leave a comment

Filed under Board, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Ownership, Ownership, Policy, Protect assets, Protect information assets, Supervision, Third parties, Value, Vendors

Believable denials

“Equifax Denies Breach Of Passport Numbers,” The Wall Street Journal, February 8, 2018 B10.  In the hack of its files, Equifax admits exposing information of perhaps 145 million people.  Social Security numbers, stuff like that.  And credit card numbers and driver’s license numbers.  Senator E. Warren says the hack also exposed passport numbers.  Equifax says it didn’t.

Who do you believe?  One of them is wrong.   Which is more likely, that Equifax is lying or that a sitting US Senator didn’t understand Equifax’s submission to Congress?  When information is contradictory, how do you minimize risk?

 

Leave a comment

Filed under Access, Accuracy, Controls, Corporation, Duty, Government, Third parties