Category Archives: Inform shareholders

Equifax and SEC Hacks

A lot in the news of late about the hacks at Equifax and the SEC.

“SEC Discloses Edgar Corporate Filing System Was Hacked in 2016,” The Wall Street Journal, September 21, 2017 A1.

“Equifax Hackers Spied for Months,” The Wall Street Journal, September 21, 2017 A1.

“Equifax Board Weighs Clawbacks,” The Wall Street Journal, September 30, 2017 B3.  How many years’ compensation will be affected?

“Equifax Lawyer in Hot Seat,” The Wall Street Journal, October 2, 2017 A1.  Chief legal officer probed for clearing stock sales after executives knew, but no one else did, about the hack.

“Equifax Ex-CEO Lays Out Lapses,” The Wall Street Journal, October 3, 2017 B1.  Staffers blamed for not reacting to public warning.

“Lawmakers Slam the Ex-CEO Of Equifax,” The Wall Street Journal, October 4, 2017 B1.  He and others “weren’t aware of the significance of the company’s data breach ….” “[A]n employee failed to notify other staff to patch the software ….”  For want of a nail ….

“Senators Rap Credit-Reporting Model,” The Wall Street Journal, October 5, 2017 B1.  “[W]hy consumers shouldn’t have power over the data [credit companies] collect on them”?

“Lawmaker Asks SEC To Delay Trade Log,” The Wall Street Journal, October 5, 2017 B12.  Head of House Financial Services Committee pressures SEC to delay release of trading database following hack of SEC systems. Can you have too much information?

“Equifax Timeline Criticized,” The Wall Street Journal, October 6, 2017 B10.  How long did Equifax sit on news of the hack before alerting the Board, the market and the Feds?  Is five weeks too long?  Executives selling stock in that window will be investigated.  Three weeks before he informed the Board.

“After Breach, SSN Reliance Is Criticized,” The Wall Street Journal, October 7, 2017 A4.  One reaction to the Equifax hack is a move to find a replacement for Social Security Numbers.

“Index Firm Flagged Equifax for Security,” The Wall Street Journal, October 7, 2017 B9.  Company warned about Equifax data security flaws in August 2016.

“Equifax Probes Possible New Breach,” The Wall Street Journal, October 13, 2017 B1.  A code installed on Equifax’s website by a vendor “serve[s] ‘malicious content’ to consumers.”  Just when you thought ti was safe to go back in the water again.

“GOP Bill Would Boost Checks on Credit Firms,” The Wall Street Journal, October 13, 2017 B10.  The horse having left the barn, the government wants to exercise more oversight.

Advertisements

Leave a comment

Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Directors, Duty, Duty of Care, Governance, Inform market, Inform shareholders, Information, Internal controls, Investor relations, IT, Oversight, Oversight, Protect assets, Protect information assets, Security, Value, Vendors

Disclosure

“A Hot Startup Misled Advertisers,” The Wall Street Journal, October 13, 2017 A1.  Outcome Health apparently misled advertisers as to how many units their ads were appearing on.  The investigation continues.

How would your employees react if ask to provide inflated numbers to potential customers?  How would your investors react after a story appears on page one, above the fold?  Probably reflects in the valuation of the company.  And what about your company’s extensive political contacts?

Leave a comment

Filed under Accuracy, Board, Communicate, Compliance, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Culture, Data quality, Directors, Duty, Duty of Care, Employees, Governance, Inform market, Inform shareholders, Information, Internal controls, Investor relations, Managers, Oversight, Oversight, Policy, Protect assets, Protect information assets, Use, Value

Silence as information?

I normally cite to The Wall Street Journal.  But occasionally I come across something elsewhere worthy of note.  One of my sources is the Business Law Prof Blog.  There was a post there today titled “Omissions Liability: Tempest in a Teapot or Gathering Storm?

At issue, can there be Rule 10b-5 liability (dealing with securities fraud) for not saying something, when you had knowledge and something akin to a duty to disclose.  There’s a Supreme Court case (Leidos, Inc. v. Indiana Public Retirement System) pending that may resolve the issue.

Is a corporation’s failure to say something in itself information, and if so, is that silence itself information that must be governed in order to be compliant?  How do you manage/govern silence?

 

Leave a comment

Filed under Board, Business Case, Collect, Communicate, Communications, Compliance, Compliance, Compliance, Controls, Corporation, Directors, Duty, Governance, Inform market, Inform shareholders, Investor relations, Management, Third parties, To report

Lawsuits as a management technique

“Shareholders Sue More Frequently,” The Wall Street Journal, August 22, 2017 B1.  Study show shareholders (or class action lawyers) are litigating more when their company is sued, alleging false and misleading statements by management.  One-hundred thirty-one suits in fist six months of 2017.

So, when communicating to the market or shareholders, make sure everything will stand the test of time.  Is it accurate?  Is it complete?

Leave a comment

Filed under Accuracy, Board, Communications, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Inform market, Inform shareholders, Information, Investor relations, Risk assessment, Third parties, Value

Can shareholders do that?

Can one of the shareholders both sue your former CEO for fraud and contact all the other shareholders?  Apparently.

That’s what happening at Uber.  “Kalanick Critic Stirs the Pot,” The Wall Street Journal, August 15, 2017 B1.  Benchmark Capital (which also sits on the Board) sued the former CEO at Uber for fraud, saying he had failed to disclose “secret bad business practices,” which may revolve around the CEO’s increase in the number of directors, or allegations about sexual harassment and sexism.  While Uber searches for a new CEO, it is managed by a 16-person committee.  How’s that working for you?

Apparently, derivative actions aren’t a shareholder’s sole remedy.  And a board member can sue as an individual shareholder.

Leave a comment

Filed under Board, Compliance, Controls, Corporation, Culture, Directors, Duty, Governance, Inform market, Inform shareholders, Internal controls, Oversight, Shareholders

VW may face fraud charges

VW is being investigated by the EU’s antifraud office since November 2015, in connection with loans based, in part, on VW’s green environmental reputation.  The emissions cheating scandal has cost $25 billion.  And counting.  May recommend that Germany charges two employees with fraud.  German authorities are in on the hunt, too.

“Volkswagen Faced With New Legal Woes,” The Wall Street Journal, August 1, 2017 B3.

Who knew what when, and who failed to disclose what they knew?  When it rains, it pours.

Leave a comment

Filed under Board, Compliance, Compliance, Corporation, Duty, Employees, Governance, Inform market, Inform shareholders, Managers, To report

Duty of Directors

One of my common themes is the duty of directors.  They get paid a lot of money to act as fiduciaries for the company’s shareholders.

“Warren Keeps Pressure on Wells,” The Wall Street Journal, June 20, 2017 B10.  Senator Elizabeth Warren (D. Mass.) is leaning on the Federal Reserve (arguably an independent body) to remove 12 directors who served on Wells Fargo’s Board when the account- cramming scandal was going on.  Other problems have emerged at Wells Fargo since then.

The shareholders didn’t/couldn’t vote them out in April, and so far (as I know) the directors haven’t been held personally liable for negligent oversight.  So it’s nice that someone is still pursuing the people in charge at the time that (some of the) bad things were happening.

Some executives got fired or their bonuses were docked.  The shareholders lost a bundle in fines and penalties paid by the company.  It would be nice if the directors were held responsible and accountable — not just to penalize them, but to put other directors on notice of what they are getting paid to do, and for whom.

Would be nice to have a poster child for the director’s duty.

Leave a comment

Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Culture, Directors, Duty, Duty of Care, Governance, Inform shareholders, Internal controls, Oversight, Oversight, Protect assets, Risk Assessment, Risk assessment, Supervision