Category Archives: Compliance


This blog looks at the intersection of Information, Governance, and Compliance.  Normally, when one hears “Compliance,” one assumes it means compliance with law.  But Compliance also extends to compliance with policy.

“Barnes & Noble Cites Policy In Firing,” The Wall Street Journal, July 5, 2016 B1.  B&N CEO and a member of the board fired after a little more than a year for violation of a so-far-undisclosed company policy..  No severance package.  Ouch.

What sort of message does that send to the rank and file when the CEO gets punished for violating company policy?  Does that extend beyond the policy the CEO is accused of violating?  Is that why the specific policy wasn’t mentioned?

I assume this was for a violation more serious than failing to follow the company’s Records Retention Policy.  But aren’t all violations of company policy by the CEO equally serious? Aren’t all violations of policy equal, or are there capital “P” policies, and small “p” policies?  How does an employee tell the difference?

And the company chose to publicize at least the basic reason for the firing; does it do that in all firings for policy non-compliance?  Does the CEO have more or less privacy rights than the lowest-paid employee?


Leave a comment

Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Employees, Governance, Internal controls, Policy, Privacy

A billion here, a billion there

Eventually, you’re talking real money.

“Volkswagen Fined $1 Billion in Germany,” The Wall Street Journal, June 14, 2018 B4. Fine for “dereliction of management oversight” following the diesel emissions-testing scandal.  Somewhat broader than a Caremark claim.

Will the directors have to pay anything out of their pockets?  Or just their shareholders’ pockets?

Leave a comment

Filed under Board, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Culture, Directors, Duty, Governance, Internal controls, Oversight, Oversight

Sniff test

What happens to compliance when the CEO and her boyfriend collaborate to create a culture of secrecy and fear?

“Partners in Blood,” The Wall Street Journal, May 19, 2018 C1.  Reports from the trenches at Theranos, which said it was able to run a range of tests from a few drops of blood; it couldn’t.  SEC charges company with fraud, and investors lose millions.

While the implications of a relationship of the CEO goes to Governance, are there also links to Compliance and Information?  What impact did the culture have on the company’s compliance?  How do investors know about the nature of a CEO’s personal relationships leaking into the corporate environment?

Who should have seen this and reported it to someone?  Why didn’t the directors smell a rat?

Leave a comment

Filed under Board, Compliance, Culture, Culture, Directors, Duty, Employees, Governance, Oversight, Oversight, Risk, Supervision, To report

Unnecessary repairs

This post, too, was languishing in “Drafts.”  But it, too, is important.

What if you cheat your customers by billing them for work you never did, and then try to hide the evidence?  Your shareholders pay.

“Caterpillar Pleads Guilty in Railcar Case,” The Wall Street Journal, December 8, 2017 B3.  Five million dollar criminal fine and $20 million in restitution after subsidiary cheats customers and tosses the evidence overboard.

How much damage to the parent company’s reputation?  Which employees will take the hit?  The same ones who got bonuses?

Leave a comment

Filed under Board, Compliance, Compliance, Controls, Corporation, Duty, Employees, Governance, Internal controls, Oversight

Equifax Hack went deeper

This is old news.  This post never made it out of “Drafts.”  But worthy of note.

The hack at Equifax that may have affected 145.5 million people went deeper than Equifax originally reported.

“Equifax:Hack Went Deeper,” The Wall Street Journal, February 10, 2018 B10.  In addition to names, addresses, driver’s license numbers, and Social Security Numbers, the hack may have reached tax id numbers, email addresses, and additional driver’s license information.

It’s comforting (?) to know that your personal email address isn’t considered either (a) yours or (b) “sensitive,” at least in the US.

Have any of the Equifax directors been sued by their shareholders?  The CEO retired.  The shareholders are paying for all this.

See, also, the post from February 11 about the spat between Equifax and Senator Warren about whether the hack reached passport numbers.

Leave a comment

Filed under Access, Board, Compliance, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, Oversight, Oversight, Ownership, Protect assets, Protect information assets, Security, Value, Vendors

Another ½ billion

This may appear to be more a straight compliance piece than an information governance piece, but consider that the officers and directors didn’t know or didn’t report things that they should have known about.  Truth or consequences?

“Wells Fargo Reaches Settlement In Lawsuit,” The Wall Street Journal, May 5, 2018 B10. Tentative settlement in suit alleging certain “current and former officers and directors of the bank had made false statements” affecting the stock price between 2014 and 2016.

The final paragraph of the article says,

The bank said Friday that it “denies the claims and allegations in the action and entered into the agreement in principle to avoid the cost and disruption of further litigation.”

One pauses to wonder if the current shareholders agree, it being their $480 million being spent to resolve the lawsuit, not the $480 million of said certain current and former officers and directors.  This is on top of the $1 billion fine paid last month.  Hopefully, the current and former shareholders will get some of the $480 million, less legal fees.

Telling fibs in connection with a company’s stock price can be real expensive for some one.  Not knowing about abusive sales practices is about the same as lying.  And how can you deny something yet still pay $480 million?  Who are they trying to fool this time?  At least now they can post nice ads on TV, claiming a re-invention.  Has the culture problem been fixed?

Leave a comment

Filed under Board, Compliance, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Inform market, Inform shareholders, Information, Internal controls, Investor relations, Oversight, Oversight, Protect, Supervision, To report, Value

Three returning contestants

And all on the same page.

  1. “U.S. Indicts VW’s Former CEO,” The Wall Street Journal, May 4, 2018 B1. Former CEO indicted in March for conspiracy and wire fraud following the emissions cheating scandal.  Do CEOs go to jail?
  2. “Facebook Has Dual Standard On Privacy,” The Wall Street Journal, May 4, 2018 B1. If you’re in a special group in Facebook, you get an alert if someone accesses your profile; if you’re a muggle, or don’t work at Facebook, you don’t.  Maybe this will change?
  3. “Theranos Hurt Big-Name Investors,” The Wall Street Journal, May 4, 2018 B1.  Company said it had the technology to do a wide range of blood tests based on a few drops of blood.  It didn’t, and a host of big-name investors lost a bundle. Is this a governance issue, an information issue, or a compliance issue?  Don’t believe everything you hear; it’s costly.  And don’t serve as a director without doing your own due diligence.

Leave a comment

Filed under Access, Accuracy, Board, Compliance, Compliance, Compliance, Controls, Corporation, Culture, Data quality, Duty, Duty of Care, Employees, Governance, Internal controls, Oversight, Oversight, Policy, Protect information assets, Supervision