Category Archives: Compliance

How much process is due?

“School Assault Policy Shifts,” The Wall Street Journal, November 1, 2018 A3.  New regulations to require students accused of sexual assault to have the right to cross-examine the accuser.

This involves Governance, Compliance, and Information.

Governance:  the government would require schools to investigate sexual assault claims in a certain way.  The government has the power of the purse, due to the amount of federal funding.

Information:  an accusation of assault is only a part of the story; only through cross-examination and other investigation can the decision maker decide whether the accusation and the (assumed) denial are sufficiently “believable” and “believed.”

Compliance: determining whether someone complied with the law or your policy requires some level of rigor.  How much evidence of a violation is required?

 

Advertisements

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Culture, Duty, Governance, Information, Internal controls

Employees speaking up

At common law, an employee has a duty

  • to comply with applicable laws in the performance of his/her work for the employer
  • to comply with his/her employers reasonable instructions in the performance of that work, and
  • to report material information to his superiors.

“Credit Union Staff Faults Safeguards Against Laundering,” The Wall Street Journal, October 31, 2018 B12.  Employees raised concerns in 2017 about the anti-money laundering program at the credit union where they worked.  The chief audit executive dismissed the allegations.

Were these employees rewarded for raising these concerns? No.  Did the company make changes?  The company says it did.  Will other employees raise concerns in the future?

How seriously do you take concerns raised by your employees, who are closest to the facts?  Is this a Compliance point or a Governance point?  Or an Information point (in that Management received information and apparently didn’t use it)?

Leave a comment

Filed under Compliance, Compliance (General), Controls, Culture, Duty, Employees, Governance, Information, Internal controls, Oversight, Third parties, To report, Use

Another one bites the dust

“Barnes & Noble Details CEO Firing,” The Wall Street Journal, October 31, 2018 B1.  CEO allegedly fired for sexual harassment and bullying, and interfering with the sale of B&N.

So, the CEO gets canned.  No severance package.  What message does this send to the rest of the organization (and, indeed, to other CEOs and other companies)?  How does the Board look on this one?  From a Compliance standpoint, and a Governance one, looks pretty good.

Might this be a pretext?  Could he have been fired for some other reason?

 

Leave a comment

Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Internal controls, Oversight, Supervision

It depends on your point of view

“U.K. Plans to Introduce Digital Tax on Tech Firms,” The Wall Street Journal, October 30, 2018 A9.  Rather than further regulating firms like Google and Facebook, the UK now tried to tax their locally generate revenue.

The lack of a universal taxing methodology may cause the big players some headaches.  Compare the patchwork of privacy obligations if you operate in different countries (or states).

Look at this from two different views.  First, how does a large multi-national comply with all the different laws around the world?  Second, how does your company deal with the overlapping laws and your own corporate policies and procedures, which may apply differently to different parts of your company?

While one-size-fits-all makes sense at one level (if you’re on top of the Governance pyramid), does this process require a bit more granular differentiation (if you are on the bottom)?

 

 

Leave a comment

Filed under Compliance, Controls, Governance, Interconnections, Internal controls, Oversight, Third parties, Who is in charge?

Consequences

“U.S. to Restrict Chip Maker,” The Wall Street Journal, October 30, 2018 A5.  Company accuses another company of stealing intellectual property. US government “restricts” US firms from dealing with the accused thief, which is owned by the Chinese government.

So, even though the accused thief has not been held legally liable, either civilly or criminally, the US government picks a winner.

Leaving that issue aside, does your risk analysis include this consequence when determining what could happen if someone at your company does something inappropriate with a third party’s intellectual property?  Do you have sufficient controls to address this risk?

Leave a comment

Filed under Compliance, Compliance (General), Controls, Governance, Internal controls, Oversight, Risk assessment

Admissions

What happens when you have to disclose your secret sauce?

“13 Secret Steps for Harvard Admission — They May Not Help,” The Wall Street Journal, October 29, 2018 A1. Analysis of admissions data shows what affects (helps, hurts) your chances of admission.

If you were Harvard, would you want to keep this secret, to prevent people from gaming the system?  If you were an applicant, wouldn’t you want to know?

Certainly, this is Information, but to what is it relevant?  Can you use it effectively, or is it just interesting?  What’s it worth to you?

From a Governance perspective, did Harvard have sufficient controls in place to prevent both the violation of law and the appearance thereof?  We’ll see.

Leave a comment

Filed under Access, Analytics, Compliance, Controls, Definition, Governance, Information, Internal controls, Value

What’s worse than a tweet?

“FBI Probes Tesla Over Production Figures,” The Wall Street Journal, October 27, 2018 A1.  FBI conducts a criminal investigation into whether Tesla knowingly overstated anticipated production figures and thereby misled investors.

What if Tesla knew at the time that it couldn’t and wouldn’t meet the production targets it was then continuously providing the market?  When does mere puffery become criminal?  What controls would you need to have to prevent this at your company?

Do you have them?  Are they enforced?

Leave a comment

Filed under Accuracy, Collect, Communicate, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Data quality, Duty, Duty of Care, Governance, Internal controls, Investor relations, Management, Oversight, To report