Category Archives: Lawyers

Conflicts as information

“McKinsey Held Back Chapter 11 Positions,” The Wall Street Journal, June 20, 2018 B1. Consultant advises in bankruptcy proceedings while holding undisclosed interests in the outcomes.

Did McKinsey not know that they had these investments?  Did they not have a process for checking for conflicts?  Or did they not care?  Did the lawyers not ask when employing an agent?  Was there no policy, at McKinsey or the court or the attorneys, about conflicts?

Maybe they need an outside consultant to review their processes.  Lots of really cool slides.

Advertisements

Leave a comment

Filed under Access, Accuracy, Compliance, Compliance (General), Controls, Corporation, Definition, Duty, Duty of Care, Governance, Information, Internal controls, Lawyers, Oversight, Third parties, To report

Poster boy for Information Governance

Years ago, while teaching a course to MBA students at Rice University, I used the Target credit card breach as a case study.  It touched a lot of bases.  Now we have a better one.

While there have been a lot of information governance-related stories in the news over the past two years, including Equifax and Facebook and VW and Wells Fargo, my nominee for the one name associated with the most significant teaching example in information governance and compliance is the former FBI Director, James Comey.

First, he gave us The Day That Information Governance Died, with his July 5, 2016 pronouncement that, notwithstanding her clear violations of several applicable legal laws dealing with the handling of confidential or secret information (and the destruction of information subject to a subpoena), Secretary Hillary Clinton’s use (and wiping) of a private server to store government email was not going to be prosecuted.  Such a pronouncement deviated “‘from well-established Department policies'” that the FBI does not comment about  ongoing criminal investigations.

Then he wrote a memo ostensibly commemorating a meeting he had with his boss on government business on a government computer (while in a government vehicle) during the work day, and declared that that was his personal correspondence that he could (and did) distribute as he pleased.

And now we learn that he conducted government business over his own private gmail account {that information does not appear in the WSJ article – Ed.}, and actively avoid his boss’ oversight (and his bosses failed to adequately supervise him).  “Report Blasts FBI Agents, Comey Over Clinton Probe,” The Wall Street Journal, June 15, 2018 A1. Inspector General releases his report on the Clinton Investigation.

Recap:

  • Violations of law are not enforced
  • Evidence is destroyed notwithstanding a subpoena
  • Senior employees ignore long-standing policy
  • Senior employees treat documents prepared by them in the course of business as their personal information
  • Senior employees use private email accounts to transact government business
  • Employees hide things from their bosses
  • Bosses failed to adequately supervise their reports

And this is at the FBI, by a lawyer.

Does anyone wonder why we have a hard time getting traction on information governance initiatives?  Certainly an argument for an Information Governance case study of just the Clinton email investigation and its aftermath.  Not sure you could cover it all in one semester, at both law schools and business schools.

 

Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Culture, Discovery, Duty, Duty of Care, Employees, Governance, Government, Information, Internal controls, Lawyers, Managers, Oversight, Ownership, Ownership, Policy, Requirements, Supervision, Who is in charge?

What does a lawyer do if the client ignores his advice?

The CEO arranged to hire one of his buddies for a senior job with the company.  Someone ( employees? a shareholder?) sent a letter to a member of the Board complaining about the hiring.  The CEO asked Security to find out who wrote the letter, despite being told by Compliance and the General Counsel not to.  He persisted.

“Barclays CEO Hit With Penalties of $1.5 Million,” The Wall Street Journal, May 12, 2018 B1.  UK regulators fined him nearly $870,000 for a ”serious error of judgment.'”

What does it say about a company when the CEO doesn’t listen to the company’s General Counsel or Compliance department?  Is this a governance problem, a compliance problem, or an HR problem?  Costs the shareholders about the same.  And did either the General Counsel or Compliance advise the Board that the C?  What happened to them?

Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Duty, Employees, Governance, Internal controls, Lawyers, Oversight, Supervision, To report

Reliance

“U.S. Prosecutors to Weigh Criminal Case for McCabe,” The Wall Street Journal, April 20, 2018 A1. The DOJ Inspector General referred the case/matter of former FBI Deputy Director for criminal prosecution over his responses to investigators looking into leaks.

What does it say about the culture of an organization when two of its top officers, both of whom are lawyers, may have lied to federal investigators?  And what if that organization’s mission is the investigation of crimes?

How much do we rely on institutions and professionals to provide governance and to stand as examples of compliance?  Is that reliance justified?

Leave a comment

Filed under Compliance, Compliance (General), Controls, Culture, Duty, Employees, Governance, Government, Lawyers, Legal, Requirements

Going back to law school

“Comey’s Handling of Memos Is Investigated,” The Wall Street Journal, April 21, 2018 A1.

Apparently, the former head of the FBI (and a lawyer) considers memos he wrote in the course of his employment, about a meeting with his boss in his capacity as an employee, on his employer’s computers, to be personal documents, rather than government documents.  I don’t think he learned that at the University of Chicago’s Law School.

Forget, for the moment, whether these contained classified information, the leaking of which would be a crime a well as a violation of the duty of an employee.  He decided to transfer these memos to an outside party (a law professor!), so that they would be leaked to the press.  Another crime if classified information was involved.  But the law professor just became a member of a conspiracy involving the theft of government property.

But think about it from the employer’s point of view.  Didn’t Mr. Comey just convert an employer asset into a personal asset?  Allegedly, he created these contemporaneously as a business record.  Business records belong to the business.

I (another lawyer, mind you) take the view that everything an employee receives or creates in his or her role as an employee is the property of his/her employer.  How could a government employee decide to release them to the media in his/her role “‘as a private citizen.'”  Does this mean an employee of your company can decide on their own to broadcast your trade secrets, not as an employee, but as a private citizen?

Leave a comment

Filed under Compliance (General), Controls, Duty, Employees, Government, Information, Internal controls, Lawyers, Ownership

Who owns your email?

“Lawyer Presses Mueller on Emails,” The Wall Street Journal, December 18, 2017 A4.  Questions arise after a government agency (later identified as the GSA) turns over Presidential transition team emails to Mr. Mueller.

Who owns the emails of non-governmental employees who use storage provided by a government agency?  And must the Special Counsel file a subpoena before getting information from a third party?

Where is your company’s email stored? Who owns it?

If there’s anything in those emails, are they “fruit of the poisonous tree” as the Special Counsel did not get a warrant?

Leave a comment

Filed under Access, Controls, Corporation, Duty, Employees, Government, Information, Internal controls, Lawyers, Ownership, Third parties

After a Whistleblower

“Whistleblower Alert Scrutinized,” The Wall Street Journal, November 24, 2017 B6.  A year ago, the CEO gets a letter from an employee saying the company is committing fraud by overstating some metrics.  Investors are later told the allegations are without merit, and invest $500 million.  Now the investors are suing.  We’re told that that suit is without merit, even though it looks like some metrics were overstated.

How do you handle continuing to operate your business after a whistleblower puts you on notice of potential wrongdoing?  What audiences do you need to communicate with?  Shareholders, government regulators, lenders, employees, others?  What can you say without stumbling over an inconvenient truth or two?

 

Leave a comment

Filed under Accuracy, Board, Communications, Compliance, Compliance, Corporation, Data quality, Directors, Duty, Duty of Care, Employees, Governance, Inform market, Inform shareholders, Investor relations, Lawyers, Protect assets, To report