Category Archives: Compliance (General)

External governance

“Rebuke at Wells Shows Clash,” The Wall Street Journal, November 15, 2018 B1.  Chief administrative officer (and former head of HR) at Wells placed on leave after the Office of the Comptroller of the Currency criticizes the oversight that she and the bank’s chief auditor provided.

If your company interacts with government regulators (and whose doesn’t?), is the government effectively a part of your governance structure?  Or is government a separate component of Governance, whether that is Compliance Governance or Information Governance?  Or just “Governance”?

And what does it say about communications when the government holds up a senior official for poor oversight?  What about the board?  Highly visible to the worker bees.

Leave a comment

Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Government, Internal controls, Management, Oversight, Oversight, Third parties, To report

Access

“CNN Sues the White House, Seeks Return of Press Pass,” The Wall Street Journal, November 14, 2018 A3.  Can the White House refuse to let in a member of the press into the White House for being rude?

Avoid for now the political implications of this, and what the First Amendment and the Fifth Amendment provide.  Think instead about who can deny a single individual access to information, while providing access to 190 other people.

Who is entitled to access information in your company?  What controls are in place to make sure that people who shouldn’t have access don’t get access?  Who determines what those controls are?  Who enforces them?  Is part of this culture?

Leave a comment

Filed under Access, Compliance (General), Controls, Culture, Duty, Governance, Government, Internal controls, Policy, Third parties, Uncategorized

Indicted

A Tesla employee is indicted for creating fake documents to cover up a fake-payment scheme.  “Former Tesla Employee Is Indicted,” The Wall Street Journal, November 12, 2018 B5.

Companies have a lot of controls to prevent fraud by employees, and often these controls work.  Why are there more such controls to prevent financial fraud than to prevent violations of other company procedures, such as those related to document creation, retention, and storage?

One wonders whether, in the aggregate, companies lose more money through poor document management and control than they lose through financial fraud.  How would one conduct such a study?

Leave a comment

Filed under Accuracy, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Protect assets, Records Management, Security, Third parties, Value, Vendors

Management of change

How do you make sure that your policies are keeping pace with law and society?

“Google Changes Harassment Rule,” The Wall Street Journal, November 9, 2018 B4.  Following an employee walkout over how the company handles/handled sexual harassment claims, Google will no longer require that such claims be subject to arbitration.

This ties to Governance (what rules do you have in place, and when do you update those), Compliance (how do you handle claims of policy violations), and Information (a claim is one type of information).

Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Definition, Governance, Information, Oversight

Too much sharing

I’m a bit of a knowledge management wonk, having been involved in the then-nascent KM movement within the inhouse legal community in the early 2000s.  But there can be too much sharing.

“Sinclair Settles With U.S. on Ad-Sales Data,” The Wall Street Journal, November 8, 2018 B2.  A media group settles lawsuit over alleged sharing of information among television station owners, that may have led to higher advertising rates.

An interesting side note is that this all came to light when Sinclair proposed to buy another company and had to undergo a government investigation.

Are there restrictions on how much information can be shared between and among competitors?  Yes.  They are call “antitrust laws.”  And is there a risk of making a deal that subjects you to government scrutiny?  Yes.  The may discover all manner of minor and major sins.

Leave a comment

Filed under Access, Communications, Compliance, Compliance (General), Controls, Corporation, Discovery, Duty, Governance, Information, Internal controls, Knowledge Management, Oversight

Tracking

“Technology Puts Pinch on Oil Smuggling,” The Wall Street Journal, November 2, 2018 B6.  Smugglers of Iranian crude will be challenged by satellites and big data.

Smugglers had in the past “hid” their ships, but that will now be harder.  Certain companies find a business opportunity in helping to track these vessels.

What controls do you need to have in place to make sure your policies are followed?  How have people tried to avoid your controls?  How did you/will you respond?  Is there a market opportunity for others to help you enforce compliance by collecting other information?

Leave a comment

Filed under Analytics, Collection, Compliance (General), Controls, Governance, Information, Oversight, Third parties, Use, Value

Fraud at the top

“Former Goldman Bankers Charged,” The Wall Street Journal, November 2, 2018 A1. “Two senior … bankers allegedly paid bribes and stole and laundered money … [in] one of the biggest financial frauds in history.”

What does it say when two of your 435 partners and one of your managing directors commits a fraud?  Failures in systems/controls?  Bad culture?  Do you have a “cowboy atmosphere” in Asia?  Poor training?  Are these rogue employees?  What’s the impact on your reputation?  What was the tone at the top?

This is primarily a Governance point.  How will the new CEO handle?

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Oversight, Policy, Supervision, Who is in charge?

Cheaters

“Market Cheats Get Caught More Often,” The Wall Street Journal, November 1, 2018 B10.  Traders manipulating prices by spoofing real futures trades are getting caught and prosecuted for criminal violations.  Exchanges cooperating with enforcement authorities.

If accurate information is worth X, what is inaccurate information worth?  It depends, whether you are buying or selling based on it.

So, this is both Information (information includes both accurate and inaccurate information) and Governance (manipulating market trades with false information is a crime that the CFTC and DOJ prosecute).

Leave a comment

Filed under Accuracy, Compliance, Compliance (General), Controls, Corporation, Data quality, Definition, Duty, Duty of Care, Employees, Governance, Information, Oversight

Chinese hacking alleged

“U.S. Charges Agents Of China Hacked Aviation Firms,” The Wall Street Journal, November 1, 2018 B4. Agents of the Chinese government indicted for trying to steal airline industry technology.

This is getting to be rather routine.  One part of this is the value of Information, and the importance of information security.  One part of this is Compliance, of course, as the US government is trying to protect the US information assets (although the company at issue probably had some responsibility for this as well, as well as their board of directors).  And, of course, Governance, as the US government is prosecuting.

We all know the business case for cyber-security.

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Interconnections, Internal controls, IT, Oversight, Protect assets, Security, Third parties

How much process is due?

“School Assault Policy Shifts,” The Wall Street Journal, November 1, 2018 A3.  New regulations to require students accused of sexual assault to have the right to cross-examine the accuser.

This involves Governance, Compliance, and Information.

Governance:  the government would require schools to investigate sexual assault claims in a certain way.  The government has the power of the purse, due to the amount of federal funding.

Information:  an accusation of assault is only a part of the story; only through cross-examination and other investigation can the decision maker decide whether the accusation and the (assumed) denial are sufficiently “believable” and “believed.”

Compliance: determining whether someone complied with the law or your policy requires some level of rigor.  How much evidence of a violation is required?

 

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Culture, Duty, Governance, Information, Internal controls