Category Archives: To report

Cost of (non-)Compliance

“U.S. Bancorp Is Charged, Fined in Laundering Case,” The Wall Street Journal, February 16, 2018 B2.  Bank fined over $600 million and criminally charged with laundering money.  And placed under a deferred prosecution agreement, which is always an adventure.

Bank allegedly constructed and operated its controls on money laundering “‘on the cheap.'”  Think of the money they saved!

Their shareholders, not so much.

How much would having adequate controls and filing required suspicious activity reports have cost?  More or less than $600 million?

A key compliance requirement for banks is to have adequate money laundering controls.  What does it say about the directors and officers that this bank didn’t have them?  Who’s responsible for this failure (i.e., who’s duty was it to prevent this?)?  Who’s getting canned?

Advertisements

Leave a comment

Filed under Board, Compliance, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Oversight, Oversight, Protect assets, Protect information assets, To report

Can information have a negative value?

Doug Laney has done a lot of good stuff on infonomics, and the value of information.  But can information have a negative value?

“FBI Didn’t Follow Up Tip By Person Close to Shooter,” The Wall Street Journal, February 17, 2018 A1.  FBI got a tip on January 5 about the person who ended up shooting up the school at Parkland on February 14.  Failed to act on it.  Seventeen people died.

Do you have a duty to use information you have?  What if you have important information and you don’t use it, or can’t use it because you can’t find it?  Is that a liability (i.e., a “negative asset”)?

Do your internal controls make sure that critical information gets to the decision makers promptly?  If not, who’s responsible?

Look at the past year or two in industry and you will find several examples of the cost of not having important information reach the right people at the right time.  For example, Wells Fargo management didn’t learn of the account cramming until months or years later.  The Board at GE didn’t know about the two-plane approach the CEO was using.

Which is worse, knowing or not knowing?  Don’t know, but certainly knowing and not doing anything is the most expensive.

Leave a comment

Filed under Access, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Government, Information, Internal controls, Oversight, To report, Value

Lessons learned?

I am not sure what to say about the Nunes memo about the DOJ and the FBI and the FISA court, and classified information and governance and compliance.  Too political to be educational.

So, the right-hand news item instead.  “Fed Limits Wells Fargo Growth, Replaces Directors,” The Wall Street Journal, February 3, 2018 A1.  Following a pretty bad year or two, following the customer cramming schedule or the auto insurance.  A former CEO. Lower bonuses.  Now the government takes control of a large bank and replaces the directors.  Restricts the bank’s future growth.  A 6% stock value drop, before this week’s really bad sell-off.  Cost: $300-400 million. Government says, “We cannot tolerate pervasive and persistent misconduct at any bank ….”

What’s the value of compliance?  Is it the possible loss of your ability to control your company?  Is this a lesson for directors, in that they may lose their positions (but they don’t have to refund their fees)(yet- the derivative suits are coming soon).  They didn’t even do that to BP!  The Chief Risk Officer is also retiring later this year.

Business case for compliance or better risk management?  For knowing what’s going on in your company?  Not sure what the lesson is for the shareholders.

Leave a comment

Filed under Board, Business Case, Compliance, Compliance, Compliance Verification, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Inform market, Inform shareholders, Internal controls, Oversight, Oversight, Protect assets, Risk, Risk Assessment, Risk assessment, Supervision, To report

Early warning system

You discover a product flaw.  One of the first things on your crises management list of things to do is notify your biggest (or best) customers.

“Intel Told China of Flaw Before U.S.,” The Wall Street Journal, January 29, 2018 A1.  Intel tells its Chinese customers of a security flaw in Intel chips before telling the US government.  Flaws discovered in June 2017.  Not disclosed to the market until after a website in the UK reports on them in January 2018.

Who thought waiting to tell the US government was a good idea?  Where are they now and what are they doing (and for whom)?

Getting information early increases the value of that information to you.  Six months?  What happened in the meantime?  What did the Board know?  Did they approve the communications plan?

Leave a comment

Filed under Board, Communications, Corporation, Directors, Duty, Duty of Care, Governance, Inform market, Information, Oversight, Security, To report, Value

Keeping track

Your can keep track on paper, or have a machine do it.  Which is better for compliance?

“Electronic Logs to Rule the Road,” The Wall Street Journal, December 16, 2017 B3.  For many years, larger trucking companies have used electronic systems to monitor how many hours their drivers drive, and thus comply with various DOT regs.  Now smaller companies will have to follow suit.

 

Leave a comment

Filed under Accuracy, Collect, Compliance, Controls, Corporation, Data quality, Duty, Employees, Governance, Information, Internal controls, Management, Oversight, Requirements, Third parties, To report, Value

Was your ride late?

“Chicago Sues Uber For Lag in Reporting Data Hack,” The Wall Street Journal, November 28, 2017 B4.  Following the disclosure of the year-old breach of 57 million accounts, Uber is sued for consumer fraud and deceptive business practices, among other things.

There is the breach.  And then your response to the breach.  And then the regulators’ and the customers’ and the shareholders’ response to the breach.

Leave a comment

Filed under Communications, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Investor relations, IT, Oversight, Protect assets, Security, Supervision, To report, Value

Wells Fargo, continued, again

“Wells Fargo Bankers, Chasing Bonuses, Overcharged Clients,” The Wall Street Journal, November 28, 2017 A1.  Only 35 of 300 companies had been charged only what they had agreed to.  Four foreign-exchange bankers fired.

Who is surprised?  The culture at the company was potentially fatally defective.

Why hasn’t the Board been held liable?  The directors utterly failed in their fiduciary duties.

Leave a comment

Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Culture, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Oversight, Oversight, Protect assets, To report