Category Archives: Compliance

January 4, 2019 · 3:47 am

Catching up, again

I was otherwise engaged in December, what with the holidays and travel and our first grandchild, born in Hong Kong, and haven’t been posting.  Here’s the month in review, in chronological order, in multiple parts:

  1. How to monetize your information

    “Paywall for HuffPost? Verizon Hunt for Web Revenue Goes Beyond Ads,” The Wall Street Journal, December 3, 2018.  Do you let people see content (plus ads) for “free,” or do you charge for access?  Which one places the “correct” value on the information you are providing?  What if you did both?

  2. Who’s in charge?

    “Disney Raises the Bar Robert Iger Has to Clear to Win Bonus,” The Wall Street Journal, December 4, 2018.  Shareholders push back on bonus compensation plan, demonstrating an unusual level of control (i.e., Governance) over their investment.  See also, “Shell to Link Carbon Emissions Targets to Executive Pay,” The Wall Street Journal, December 4, 2018.

  3. How much is your view worth?

    “Who’s Reading That News Story? Startup Will Help Marketers Find Out,” The Wall Street Journal, December 4, 2018.  Linking the desire of publishers and advertisers to monitor what news stories you look at and for how long, a start-up fills the gap.  The answer to the question,”Whose data is that?” is taking on multiple dimensions.

  4. It takes a village to prevent someone from getting top-secret information

    China Maneuvers to Snag Top-Secret Boeing Satellite Technology,” The Wall Street Journal, December 5, 2018.  Boeing seemed unconcerned when a customer for one of its satellites told Boeing that the customer was being financed by Chinese interests, to whom sale of the top-secret technology involved was restricted.  But after an alleged payment default, Boeing cancels order. “Boeing Backs Out of Global IP Satellite Order Financed by China, The Wall Street Journal, December 7, 2018.  Did the press coverage have an impact?

  5. Law firms leak, too

    “U.S. Prosecutors Charge Four People in Panama Papers Probe,” The Wall Street Journal, December 5, 2018.  Action follow leak of law firm documents showing how wealthy people hid money from tax.

  6. Who owns (or controls) the Cloud?

    “China’s Alibaba Takes On Amazon in European Cloud,” The Wall Street Journal, December 5, 2018.  Chinese Cloud company challenges Amazon for control of the Cloud in Europe.  Which (the US or China) will better protect the privacy of the users?

  7. Does your information governance program cover the content of the training provided to your customers?

    “Boeing Omitted Safety-System Details, Minimized Training for Crashed Lion Air 737 Model,” The Wall Street Journal, December 6, 2018.  Questions arise after 189 people killed in a crash and the crews hadn’t been trained on the new flight-control system.

  8. Facebook tried to monetize “your” data?  Gadzooks!

    “Facebook’s Zuckerberg at Center of Emails Released by U.K. Parliament,” The Wall Street Journal, December 6, 2018.  Newly released emails show that Facebook apparently considered charging app developers for accessing “your” data held by Facebook, and suggest Facebook discounted the chance of developers sharing that data with others.

  9. Not “just-in-time” discipline

    “Wells Fargo Firing Dozens of Regional Managers in Retail-Bank Cleanup,” The Wall Street Journal, December 6, 2018.  More than two years after the account-cramming scandal, Wells Fargo starts to fire some regional managers for failure of oversight responsibilities.  Sort of like punishing your full-grown dog for an accident she had as a puppy.  And what about the executives who were overseeing those fired managers?

  10.  Biometrics is/are information, too

    “Microsoft Pushes Urgency of Regulating Facial-Recognition Technology,” The Wall Street Journal, December 7, 2018.  Lack of worldwide restrictions on surveillance without a warrant leads Microsoft to urge restrictions on the technology.  Is privacy when in public a basic human right?

  11. It’s not the crime, it’s the coverup?

    “U.S. Alleges Huawei CFO Hid Ties to Telecom With Iran Business,” The Wall Street Journal, December 8, 2018. Did the CFO lie to hide from banks connections Huawei had with company that did business with Iran?  What is the impact to the current state of trade relations with China?

4 Comments

Filed under Accuracy, Board, Compliance, Compliance, Compliance (General), Compliance Verification, Controls, Corporation, Definition, Directors, Duty, Governance, Information, Internal controls, Managers, Oversight, Oversight, Ownership, Privacy, Protect assets, Protect information assets, Technology, Third parties, To report, Value, Vendors, Who is in charge?

December 3, 2018 · 5:23 am

Coming up to speed

Marriott Says Starwood Data Breach Affects Up to 500 Million People,” The Wall Street Journal, November 30, 2018 (online).  Data breach potentially affecting passports and credit cards of as many as 500 million guests at Marriott’s Starwood properties, which were acquired in 2016.  They knew about this in September, but reflects a breach that may go back to 2014.

So, two years after an acquisition, the target’s information security practices blow up in the acquiror’s face.  What does that say about the acquiror’s duty to integrate the data practices and controls around information protection?

Does your M&A team think about information governance issues?  Is that an identified risk, with an identified (and owned) action plan?  Did the Board identify this as a risk?  What the value of this information considered part of the transaction value?  How was that reflected?

Leave a comment

Filed under Board, Compliance, Compliance Verification, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, IT, Management, Oversight, Protect, Protect assets, Protect information assets, Risk Assessment, Risk assessment, Security, Value

November 7, 2018 · 12:05 pm

Another one bites the dust

“Barnes & Noble Details CEO Firing,” The Wall Street Journal, October 31, 2018 B1.  CEO allegedly fired for sexual harassment and bullying, and interfering with the sale of B&N.

So, the CEO gets canned.  No severance package.  What message does this send to the rest of the organization (and, indeed, to other CEOs and other companies)?  How does the Board look on this one?  From a Compliance standpoint, and a Governance one, looks pretty good.

Might this be a pretext?  Could he have been fired for some other reason?

 

Leave a comment

Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Internal controls, Oversight, Supervision

August 7, 2018 · 2:41 pm

How much due process is due?

“CBS to Weigh CEO’s Fate,” The Wall Street Journal, July 30, 2018 A1.  Discussion over whether CEO accused of sexual harassment should stand down while the investigation continues.

Curious that Urban Meyer has to stand aside while an investigation into whether he should have reported domestic abuse by an assistant coach 9 years earlier at a different school, but Leslie Moonves remains on board as the CEO of CBS.  See https://infogovnuggets.com/2018/08/07/caesars-wife/

What does it say about a company’s culture when, in the current environment, the CEO can remain in his job during such an investigation?  How convinced are the rank-and-file employees that the sexual harassment policy is real, or just a piece of paper?  Are the directors serious about this policy?  What about other policies?

Leave a comment

Filed under Board, Compliance, Compliance, Compliance (General), Corporation, Culture, Culture, Directors, Duty, Employees, Governance, Oversight, Oversight, Policy

July 23, 2018 · 7:41 pm

Fraudster

“Theranos Settle Investor Suit As Firm Runs Low on Funds,” The Wall Street Journal, July 23, 2018 B3.  Investors alleged Theranos had defrauded them by making false statements about the company’s technology.

This joins the long (and growing) list of people suing for harm caused by this company.  Are the directors in the dock?  The CEO and former president are.

False statements are information, in a sense.  The is the kind of basic, bog standard stock fraud that led to the creation of the SEC.

Who’s going to get the last drop of blood out of this stone?

Leave a comment

Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Data quality, Definition, Directors, Duty, Duty of Care, Employees, Governance, Inform shareholders, Information, Internal controls, Investor relations, Oversight, Oversight, Protect information assets

July 23, 2018 · 6:57 pm

Loose lips volume II

“Chips CEO Resigns Over Conduct,” The Wall Street Journal, July 18, 2018 B1.  CEO of Texas Instruments fired/forced-to-resign after two months for violating company’s Code of Conduct.  Probably no package, either.  No details on the nature of the violation.

It’s nice when a company enforces its policies against the CEO.  Sends a message to the worker bees.

Leave a comment

Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Employees, Governance, Internal controls, Oversight, Oversight, Policy

July 23, 2018 · 11:08 am

Sexting

It’s always good to have a catchy headline.

“Lust, Anger Topple Powerful Lawyer,” The Wall Street Journal, July 14, 2018 A1.  Sexting scandal costs head of major law firm his job (and his ~$6 million salary), even though he did nothing beyond sending and receiving the texts.

Would you trust a lawyer who had such lapses in personal judgment?  Would you trust the law firm of which he was the chairman?  He had reason to suspect the woman he was texting, as he became aware of her when looking into her relationship with a friend of his at church.  Good deeds don’t go unpunished.

She sent copies of the email exchanges to the firm’s executive committee.

The problem with email is that it doesn’t go away, and you can’t control what the recipient does with them.

Important safety tip, Egon,  That bears repeating.  And repeating.

1 Comment

Filed under Board, Communications, Compliance, Controls, Governance, Internal controls, Third parties

July 8, 2018 · 5:29 pm

Policy

This blog looks at the intersection of Information, Governance, and Compliance.  Normally, when one hears “Compliance,” one assumes it means compliance with law.  But Compliance also extends to compliance with policy.

“Barnes & Noble Cites Policy In Firing,” The Wall Street Journal, July 5, 2016 B1.  B&N CEO and a member of the board fired after a little more than a year for violation of a so-far-undisclosed company policy..  No severance package.  Ouch.

What sort of message does that send to the rank and file when the CEO gets punished for violating company policy?  Does that extend beyond the policy the CEO is accused of violating?  Is that why the specific policy wasn’t mentioned?

I assume this was for a violation more serious than failing to follow the company’s Records Retention Policy.  But aren’t all violations of company policy by the CEO equally serious? Aren’t all violations of policy equal, or are there capital “P” policies, and small “p” policies?  How does an employee tell the difference?

And the company chose to publicize at least the basic reason for the firing; does it do that in all firings for policy non-compliance?  Does the CEO have more or less privacy rights than the lowest-paid employee?

Leave a comment

Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Employees, Governance, Internal controls, Policy, Privacy

June 14, 2018 · 4:39 pm

A billion here, a billion there

Eventually, you’re talking real money.

“Volkswagen Fined $1 Billion in Germany,” The Wall Street Journal, June 14, 2018 B4. Fine for “dereliction of management oversight” following the diesel emissions-testing scandal.  Somewhat broader than a Caremark claim.

Will the directors have to pay anything out of their pockets?  Or just their shareholders’ pockets?

Leave a comment

Filed under Board, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Culture, Directors, Duty, Governance, Internal controls, Oversight, Oversight

May 22, 2018 · 1:54 pm

Sniff test

What happens to compliance when the CEO and her boyfriend collaborate to create a culture of secrecy and fear?

“Partners in Blood,” The Wall Street Journal, May 19, 2018 C1.  Reports from the trenches at Theranos, which said it was able to run a range of tests from a few drops of blood; it couldn’t.  SEC charges company with fraud, and investors lose millions.

While the implications of a relationship of the CEO goes to Governance, are there also links to Compliance and Information?  What impact did the culture have on the company’s compliance?  How do investors know about the nature of a CEO’s personal relationships leaking into the corporate environment?

Who should have seen this and reported it to someone?  Why didn’t the directors smell a rat?

Leave a comment

Filed under Board, Compliance, Culture, Culture, Directors, Duty, Employees, Governance, Oversight, Oversight, Risk, Supervision, To report