Category Archives: Compliance Verification

January 4, 2019 · 3:47 am

Catching up, again

I was otherwise engaged in December, what with the holidays and travel and our first grandchild, born in Hong Kong, and haven’t been posting.  Here’s the month in review, in chronological order, in multiple parts:

  1. How to monetize your information

    “Paywall for HuffPost? Verizon Hunt for Web Revenue Goes Beyond Ads,” The Wall Street Journal, December 3, 2018.  Do you let people see content (plus ads) for “free,” or do you charge for access?  Which one places the “correct” value on the information you are providing?  What if you did both?

  2. Who’s in charge?

    “Disney Raises the Bar Robert Iger Has to Clear to Win Bonus,” The Wall Street Journal, December 4, 2018.  Shareholders push back on bonus compensation plan, demonstrating an unusual level of control (i.e., Governance) over their investment.  See also, “Shell to Link Carbon Emissions Targets to Executive Pay,” The Wall Street Journal, December 4, 2018.

  3. How much is your view worth?

    “Who’s Reading That News Story? Startup Will Help Marketers Find Out,” The Wall Street Journal, December 4, 2018.  Linking the desire of publishers and advertisers to monitor what news stories you look at and for how long, a start-up fills the gap.  The answer to the question,”Whose data is that?” is taking on multiple dimensions.

  4. It takes a village to prevent someone from getting top-secret information

    China Maneuvers to Snag Top-Secret Boeing Satellite Technology,” The Wall Street Journal, December 5, 2018.  Boeing seemed unconcerned when a customer for one of its satellites told Boeing that the customer was being financed by Chinese interests, to whom sale of the top-secret technology involved was restricted.  But after an alleged payment default, Boeing cancels order. “Boeing Backs Out of Global IP Satellite Order Financed by China, The Wall Street Journal, December 7, 2018.  Did the press coverage have an impact?

  5. Law firms leak, too

    “U.S. Prosecutors Charge Four People in Panama Papers Probe,” The Wall Street Journal, December 5, 2018.  Action follow leak of law firm documents showing how wealthy people hid money from tax.

  6. Who owns (or controls) the Cloud?

    “China’s Alibaba Takes On Amazon in European Cloud,” The Wall Street Journal, December 5, 2018.  Chinese Cloud company challenges Amazon for control of the Cloud in Europe.  Which (the US or China) will better protect the privacy of the users?

  7. Does your information governance program cover the content of the training provided to your customers?

    “Boeing Omitted Safety-System Details, Minimized Training for Crashed Lion Air 737 Model,” The Wall Street Journal, December 6, 2018.  Questions arise after 189 people killed in a crash and the crews hadn’t been trained on the new flight-control system.

  8. Facebook tried to monetize “your” data?  Gadzooks!

    “Facebook’s Zuckerberg at Center of Emails Released by U.K. Parliament,” The Wall Street Journal, December 6, 2018.  Newly released emails show that Facebook apparently considered charging app developers for accessing “your” data held by Facebook, and suggest Facebook discounted the chance of developers sharing that data with others.

  9. Not “just-in-time” discipline

    “Wells Fargo Firing Dozens of Regional Managers in Retail-Bank Cleanup,” The Wall Street Journal, December 6, 2018.  More than two years after the account-cramming scandal, Wells Fargo starts to fire some regional managers for failure of oversight responsibilities.  Sort of like punishing your full-grown dog for an accident she had as a puppy.  And what about the executives who were overseeing those fired managers?

  10.  Biometrics is/are information, too

    “Microsoft Pushes Urgency of Regulating Facial-Recognition Technology,” The Wall Street Journal, December 7, 2018.  Lack of worldwide restrictions on surveillance without a warrant leads Microsoft to urge restrictions on the technology.  Is privacy when in public a basic human right?

  11. It’s not the crime, it’s the coverup?

    “U.S. Alleges Huawei CFO Hid Ties to Telecom With Iran Business,” The Wall Street Journal, December 8, 2018. Did the CFO lie to hide from banks connections Huawei had with company that did business with Iran?  What is the impact to the current state of trade relations with China?

4 Comments

Filed under Accuracy, Board, Compliance, Compliance, Compliance (General), Compliance Verification, Controls, Corporation, Definition, Directors, Duty, Governance, Information, Internal controls, Managers, Oversight, Oversight, Ownership, Privacy, Protect assets, Protect information assets, Technology, Third parties, To report, Value, Vendors, Who is in charge?

December 3, 2018 · 5:47 am

What happens when the boss gets jailed?

This blog tends to mention cases where senior executives get (or don’t get) punished for their alleged misdeeds.  The spin is often that the seniors don’t get punished as hard as the worker bees.

But what happens when the CEO gets put in jail for his or her alleged misdeeds, which may have led to under-reporting in the company’s financials for the past five years?

“Carlos Ghosn’s Arrest Rocks Auto Empire,” The Wall Street Journal, November 21, 2018 (online).  Nissan’s CEO jailed for allegedly under-reporting his earnings by several tens of millions of dollars.

How do you explain this to the worker bees?  What’s the culture at the top?  How did the Board not catch this?  Were there not controls in place?  Might the shareholders be a bit upset?

More a Governance and a Compliance issue, perhaps, although if one looks, one could find some information-related failures.

 

Leave a comment

Filed under Board, Compliance, Compliance (General), Compliance Verification, Controls, Corporation, Culture, Culture, Data quality, Directors, Duty, Duty of Care, Governance, Internal controls, Oversight, Oversight

December 3, 2018 · 5:23 am

Coming up to speed

Marriott Says Starwood Data Breach Affects Up to 500 Million People,” The Wall Street Journal, November 30, 2018 (online).  Data breach potentially affecting passports and credit cards of as many as 500 million guests at Marriott’s Starwood properties, which were acquired in 2016.  They knew about this in September, but reflects a breach that may go back to 2014.

So, two years after an acquisition, the target’s information security practices blow up in the acquiror’s face.  What does that say about the acquiror’s duty to integrate the data practices and controls around information protection?

Does your M&A team think about information governance issues?  Is that an identified risk, with an identified (and owned) action plan?  Did the Board identify this as a risk?  What the value of this information considered part of the transaction value?  How was that reflected?

Leave a comment

Filed under Board, Compliance, Compliance Verification, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, IT, Management, Oversight, Protect, Protect assets, Protect information assets, Risk Assessment, Risk assessment, Security, Value

August 7, 2018 · 2:29 pm

We didn’t know

Knowledge, or lack thereof, is often a good defense.

“Fiat Says It Didn’t Know CEO was Ill,” The Wall Street Journal, July 27, 2018 B1.  Company says privacy of health care information meant they didn’t know that their CEO had been sick for a year.

Who knew or should have known?  Was this insider information that would affect the value of investments?

Should the Board have known?  Did the CEO have a duty to disclose?  For more than a year!

Governance, Compliance, and Information.  All in one.  Add a dash of privacy.

Leave a comment

Filed under Access, Accuracy, Board, Communications, Compliance, Compliance (General), Compliance Verification, Controls, Corporation, Directors, Duty, Employees, Governance, Inform market, Inform shareholders, Internal controls, Investor relations, Oversight, Privacy, To report, Uncategorized

March 8, 2018 · 8:45 pm

Are you responsible for your brother? Your cousin?

It’s bad enough trying to control your own employees, and those of your agents (and vendors).  But how do you control the employees, agents, and vendors of your various affiliates and ventures?  Do you all have the same Code of Conduct?  The same policies on a whole host of sensitive matters?

“KPMG Scandals Stay Local,” The Wall Street Journal, March 8, 2018 B10.  KPMG deals with alleged non-compliance at three international affiliates involved in auditing.

Does a client know the difference?  Do you ask prospective consultants about the compliance history of the larger firm?  Do you exercise enough control to also get liability?

Leave a comment

Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Duty, Governance, Internal controls, Managers, Oversight, Third parties

February 7, 2018 · 5:29 pm

Lessons learned?

I am not sure what to say about the Nunes memo about the DOJ and the FBI and the FISA court, and classified information and governance and compliance.  Too political to be educational.

So, the right-hand news item instead.  “Fed Limits Wells Fargo Growth, Replaces Directors,” The Wall Street Journal, February 3, 2018 A1.  Following a pretty bad year or two, following the customer cramming schedule or the auto insurance.  A former CEO. Lower bonuses.  Now the government takes control of a large bank and replaces the directors.  Restricts the bank’s future growth.  A 6% stock value drop, before this week’s really bad sell-off.  Cost: $300-400 million. Government says, “We cannot tolerate pervasive and persistent misconduct at any bank ….”

What’s the value of compliance?  Is it the possible loss of your ability to control your company?  Is this a lesson for directors, in that they may lose their positions (but they don’t have to refund their fees)(yet- the derivative suits are coming soon).  They didn’t even do that to BP!  The Chief Risk Officer is also retiring later this year.

Business case for compliance or better risk management?  For knowing what’s going on in your company?  Not sure what the lesson is for the shareholders.

Leave a comment

Filed under Board, Business Case, Compliance, Compliance, Compliance Verification, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Inform market, Inform shareholders, Internal controls, Oversight, Oversight, Protect assets, Risk, Risk Assessment, Risk assessment, Supervision, To report

February 7, 2018 · 4:56 pm

Vendors

“U.S. Probes Supplier to VW,” The Wall Street Journal, February 1, 2018 B2.  Engineering firm under criminal investigation for alleging helping VW cook the emissions tests – altering the nature of the information provided to the government.  See also, “Robert Bosch Workers Face Probe,” The Wall Street Journal, February 1, 2018 B3. (Similar allegations, but involving Chrysler).

Are you concerned about your vendors?  Do you make sure they comply with law?  Do you appreciate the data that confirms your own compliance?  What’s it worth to have that data be accurate?

Were this a blog about Crisis Management and Emergency Response, there would be an entry here about what you should do when you hear that someone else in your industry has been doing something bad.

Leave a comment

Filed under Accuracy, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Data quality, Definition, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Oversight, Protect assets, Protect information assets, Third parties, Value, Vendors

February 7, 2018 · 4:29 pm

Snoopy cried

“Shares of MetLife Plunge on Big Charge,” The Wall Street Journal, January 31, 2018 B16. MetLife needed to increase its reserves after “losing track of possibly tens of thousands of retirees owned monthly pension payments.”  Loses 9% of share value (and this was before the big drop this week!).  This was after they reduced their reserves earlier, resulting in increased revenues.  The day earlier, “Pension Snafu Hits MetLife Results,” The Wall Street Journal, January 30, 2018 B1. A “records mistake.”  Huh?

People have been and will be fired.  Will any senior executives take the hit?  What exactly is the company’s business?  Where was the Board on this?  Do they refund any of their fees?  At least the company admitted a material weakness in its financial systems.  Is the CFO nervous about what he/she signed?  Did the boost affect anyone’s bonus?  Did this affect the market?

This was not a records mistake.  It was a conscious decision.  Who decided to reduce the reserves and just forget about the pensioners who weren’t easy to find?

1 Comment

Filed under Accuracy, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Data quality, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Investor relations, Oversight, Oversight

December 8, 2017 · 10:18 am

Wells Fargo, again

“Wells Fargo Gets New Warning,” The Wall Street Journal, November 30, 2017 B1.  Feds may take enforcement action over the company’s auto-insurance and mortgage operations.

Will the shoes ever stop dropping at Wells Fargo?  Once you are shown to be non-compliant, do you get stuck under the regulatory microscope?

How’s that suit against the directors going?

Leave a comment

Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Oversight, Oversight

December 8, 2017 · 10:12 am

Breach at PayPal

“PayPal Discloses Breach At Its TIO Unit,” The Wall Street Journal, December 2, 2017 B11.  Upwards of 1.6 million users affected at newly acquired company that has kiosks in retail stores.

When you acquire a company, make sure their cybersecurity is up to snuff.  From Day One.

Leave a comment

Filed under Board, Compliance, Compliance Verification, Controls, Corporation, Duty, Duty of Care, Governance, Internal controls, IT, Oversight, Oversight, Protect assets, Protect information assets, Security, Supervision