Category Archives: Directors

Consequences

One of the consequences of non-compliance is a higher level of scrutiny from the regulators.

“Wells Fargo Places Two Executives On Leave,” The Wall Street Journal, October 25, 2018 B10.  The Comptroller of the Currency sent letters to two WF executives about their failures of oversight at the bank in connection with WF’s sales practices.  Execs (chief administrative officer and chief auditor) placed on leave and removed from operating committee.

Boy, does that ever not look good on your resume.

Why did the regulator have to do this?  One reason is that WF didn’t do it itself.  Would your compliance system do better?  Do the directors still have their jobs?

 

Leave a comment

Filed under Board, Compliance, Compliance (General), Corporation, Culture, Directors, Duty, Employees, Governance, Government, Oversight, Supervision, To report

Hackers look to make money

That’s a catchy headline.

“Facebook Thinks Hack Was Set by Spammers,” The Wall Street Journal, October 18, 2018 B1. FB says recent breach of ~30 million accounts was by spammers wanting to make profits, and not by nation states with evil motives.  FB will likely never find who took the information.

This raises a whole host of issues about information ownership and the duty of companies who handle and store your data.   And IT security, or insecurity.  Which is your favorite?  I personally favor what this says about the culture at FB; with these issues, the FB communication to the market and its shareholders and its customers speaks volumes about how FB views the risks of its business.  So now a denial is Information, by definition.

Leave a comment

Filed under Access, Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Definition, Directors, Duty, Duty of Care, Employees, Governance, Information, Interconnections, Internal controls, Investor relations, IT, Oversight, Ownership, Privacy, Protect assets, Security, Technology, Third parties, Who is in charge?

Information delayed

“Advertisers Allege Facebook Put Off Disclosing Error,” The Wall Street Journal, October 17, 2018 B1.  Facebook sued two years ago for knowing the statistics on how long users were looking at videos were flawed, overstating the average time videos were viewed but failed to let the advertisers know.  So advertisers paid for posting videos based on inaccurate information from the seller (Facebook).

I guess one could comment on the culture at Facebook that would permit this behavior, or upon the Compliance implications of the apparent failure to punish anybody (employees, directors) for this apparent breach of customer trust. But instead one could focus on how much value Facebook derived from not disclosing information about known defects in its processes.  So, either (a) the definition of Information includes information you don’t disclose or (b) the value of information can include the value of not disclosing it.

The documents turned over in discovery are not favorable to FB.

Leave a comment

Filed under Accuracy, Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Data quality, Definition, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Reliance, Supervision, Technology, To report, Value

Hiding another ball

“HSBC to Pay $765 Million in U.S. Pact,” The Wall Street Journal, October 10, 2018 B12.  Bank hid the risks of defective mortgages for at least 2 years.  Sold mortgaged-back securities in the meantime.

“Wells Fargo … [paid] $2.09 billion to settle similar claims.”  Four other banks also settled.

Why do we keep our money in banks?  Weren’t they supposed to be safe?  What does it say about the Boards of these companies?  Did the directors screw up?

Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Investor relations, Oversight, Protect assets, Supervision, To report

Facebook again. Again.

“EU May Fine Facebook $1.63 Billion Over Breach,” The Wall Street Journal, October 1, 2018 B1.  The hack of 50 million Facebook users reported earlier may lead to a large fine against Facebook (4 times its annual revenue).  The regulator in Europe has demanded more information.

Impact of stock value not reported.

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Governance, Information, Internal controls, Investor relations, IT, Oversight, Protect assets, Security, Value

FB in the news. Again.

“Facebook Hackers Access Nearly 50 Million Accounts,” The Wall Street Journal, September 29, 2018 A1.  Unknown hackers may have gotten access as early as July 2017 by exploiting flaws in the system’s code.  May have taken over your account and gotten to your posts and private messages, and may have the credentials to access other services, like Tinder and Spotify.

Is Facebook responsible for making sure its site is secure?  How did the executive in charge of safety and security miss this?  Does the Board at Facebook have liability?  Facebook no longer has a Chief Security Officer.

1 Comment

Filed under Access, Board, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Oversight, Protect assets, Protect information assets, Security, Technology, Third parties

Enforcement

What you do when an important executive is alleged to have violated company policy says a lot about your compliance program.

“Claims About Executive Tested Uber Overhaul,” The Wall Street Journal, September 27, 2018 B3.  Senior executive investigated; rather than being terminated, he received a formal warning (apparently, informal was not sufficient), his bonus was reduced Why do you give bonuses to people who violate company policy?), and was required to take sensitivity training.

This at a company that had a rather sordid history of sexual harassment.

How will Uber convince its remaining employees that this time it is serious?  Do you believe them?  Is this an effective compliance program under the Federal Sentencing Guidelines, assuming that’s the appropriate measure?

Where’s the Board?  Do they care?

1 Comment

Filed under Board, Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Employees, Governance, Oversight, Oversight, Uncategorized

Who’s the boss?

To have governance, is a single point of accountability required?

“Workers Deal With Too Many Bosses,” The Wall Street Journal, August 21, 2018 B1.  According  to a recent poll, two-thirds of employees have more than one boss.  Some employees respond by trying to manage their bosses.

From a Governance perspective, if you have multiple bosses, who sets your priorities?  Who establishes the policies and procedures and instructions that you, as an employee, must follow?  How does one resolve conflicts?

And which one person in your organization bears responsibility/accountability for the overall Governance of your company’s Information?  Your company’s overall Compliance with law and with company policy and procedures?

Without such a single point of accountability/responsibility, who gets punished if things don’t go right?  If no one is held responsible/accountable at the C-suite level, do you really have a program-in-fact, as opposed to a program-on-paper?

 

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Employees, Governance, Internal controls, Supervision, Who is in charge?

How much due process is due?

“CBS to Weigh CEO’s Fate,” The Wall Street Journal, July 30, 2018 A1.  Discussion over whether CEO accused of sexual harassment should stand down while the investigation continues.

Curious that Urban Meyer has to stand aside while an investigation into whether he should have reported domestic abuse by an assistant coach 9 years earlier at a different school, but Leslie Moonves remains on board as the CEO of CBS.  See https://infogovnuggets.com/2018/08/07/caesars-wife/

What does it say about a company’s culture when, in the current environment, the CEO can remain in his job during such an investigation?  How convinced are the rank-and-file employees that the sexual harassment policy is real, or just a piece of paper?  Are the directors serious about this policy?  What about other policies?

Leave a comment

Filed under Board, Compliance, Compliance, Compliance (General), Corporation, Culture, Culture, Directors, Duty, Employees, Governance, Oversight, Oversight, Policy

We didn’t know

Knowledge, or lack thereof, is often a good defense.

“Fiat Says It Didn’t Know CEO was Ill,” The Wall Street Journal, July 27, 2018 B1.  Company says privacy of health care information meant they didn’t know that their CEO had been sick for a year.

Who knew or should have known?  Was this insider information that would affect the value of investments?

Should the Board have known?  Did the CEO have a duty to disclose?  For more than a year!

Governance, Compliance, and Information.  All in one.  Add a dash of privacy.

Leave a comment

Filed under Access, Accuracy, Board, Communications, Compliance, Compliance (General), Compliance Verification, Controls, Corporation, Directors, Duty, Employees, Governance, Inform market, Inform shareholders, Internal controls, Investor relations, Oversight, Privacy, To report, Uncategorized