Category Archives: Investor relations

Was your ride late?

“Chicago Sues Uber For Lag in Reporting Data Hack,” The Wall Street Journal, November 28, 2017 B4.  Following the disclosure of the year-old breach of 57 million accounts, Uber is sued for consumer fraud and deceptive business practices, among other things.

There is the breach.  And then your response to the breach.  And then the regulators’ and the customers’ and the shareholders’ response to the breach.

Advertisements

Leave a comment

Filed under Communications, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Investor relations, IT, Oversight, Protect assets, Security, Supervision, To report, Value

Keeping secrets

“SEC Accuses Long Island Town of Fraud,” The Wall Street Journal, November 24, 2017 B11.  SEC alleges town failed to tell bondholders about special loan deals.  Town feels victimized, as the town board didn’t know of the special deals.

If you have a duty to disclose certain information, and don’t disclose it, that is called either “failure to disclose” or “fraud.”  Or a failure of management.  There are certain things that, as a director, you are supposed to know.

Board members are fiduciaries.

Leave a comment

Filed under Accuracy, Board, Communications, Compliance, Compliance, Corporation, Data quality, Directors, Duty, Duty of Care, Governance, Inform market, Inform shareholders, Investor relations, Oversight, Supervision, To report, Value

After a Whistleblower

“Whistleblower Alert Scrutinized,” The Wall Street Journal, November 24, 2017 B6.  A year ago, the CEO gets a letter from an employee saying the company is committing fraud by overstating some metrics.  Investors are later told the allegations are without merit, and invest $500 million.  Now the investors are suing.  We’re told that that suit is without merit, even though it looks like some metrics were overstated.

How do you handle continuing to operate your business after a whistleblower puts you on notice of potential wrongdoing?  What audiences do you need to communicate with?  Shareholders, government regulators, lenders, employees, others?  What can you say without stumbling over an inconvenient truth or two?

 

Leave a comment

Filed under Accuracy, Board, Communications, Compliance, Compliance, Corporation, Data quality, Directors, Duty, Duty of Care, Employees, Governance, Inform market, Inform shareholders, Investor relations, Lawyers, Protect assets, To report

Hacking denial

Keeping a hack of your enterprise should be difficult.  Some find it easy.

“Uber CEO Knew of Hack for Months,” The Wall Street Journal, November 24, 2017 A1.  Uber was hacked in October 2016 (they say), affecting 57 million accounts.  Less than Yahoo’s 3 billion, and Equifax’s 145 million.  The CEO learned of the breach in September 2017, shortly before taking the top job.  Uber also paid the hackers $100,000 to destroy some of the stolen data.

Would they have disclosed it at all if they weren’t seeking outside financing?

What’s your obligation to disclose to your customers that their information may have been stolen from you?

Leave a comment

Filed under Communications, Compliance, Controls, Corporation, Directors, Duty, Employees, Governance, Information, Internal controls, Investor relations, IT, Legal, Oversight, Ownership, Requirements, Security, To report

Equifax and SEC Hacks

A lot in the news of late about the hacks at Equifax and the SEC.

“SEC Discloses Edgar Corporate Filing System Was Hacked in 2016,” The Wall Street Journal, September 21, 2017 A1.

“Equifax Hackers Spied for Months,” The Wall Street Journal, September 21, 2017 A1.

“Equifax Board Weighs Clawbacks,” The Wall Street Journal, September 30, 2017 B3.  How many years’ compensation will be affected?

“Equifax Lawyer in Hot Seat,” The Wall Street Journal, October 2, 2017 A1.  Chief legal officer probed for clearing stock sales after executives knew, but no one else did, about the hack.

“Equifax Ex-CEO Lays Out Lapses,” The Wall Street Journal, October 3, 2017 B1.  Staffers blamed for not reacting to public warning.

“Lawmakers Slam the Ex-CEO Of Equifax,” The Wall Street Journal, October 4, 2017 B1.  He and others “weren’t aware of the significance of the company’s data breach ….” “[A]n employee failed to notify other staff to patch the software ….”  For want of a nail ….

“Senators Rap Credit-Reporting Model,” The Wall Street Journal, October 5, 2017 B1.  “[W]hy consumers shouldn’t have power over the data [credit companies] collect on them”?

“Lawmaker Asks SEC To Delay Trade Log,” The Wall Street Journal, October 5, 2017 B12.  Head of House Financial Services Committee pressures SEC to delay release of trading database following hack of SEC systems. Can you have too much information?

“Equifax Timeline Criticized,” The Wall Street Journal, October 6, 2017 B10.  How long did Equifax sit on news of the hack before alerting the Board, the market and the Feds?  Is five weeks too long?  Executives selling stock in that window will be investigated.  Three weeks before he informed the Board.

“After Breach, SSN Reliance Is Criticized,” The Wall Street Journal, October 7, 2017 A4.  One reaction to the Equifax hack is a move to find a replacement for Social Security Numbers.

“Index Firm Flagged Equifax for Security,” The Wall Street Journal, October 7, 2017 B9.  Company warned about Equifax data security flaws in August 2016.

“Equifax Probes Possible New Breach,” The Wall Street Journal, October 13, 2017 B1.  A code installed on Equifax’s website by a vendor “serve[s] ‘malicious content’ to consumers.”  Just when you thought ti was safe to go back in the water again.

“GOP Bill Would Boost Checks on Credit Firms,” The Wall Street Journal, October 13, 2017 B10.  The horse having left the barn, the government wants to exercise more oversight.

Leave a comment

Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Directors, Duty, Duty of Care, Governance, Inform market, Inform shareholders, Information, Internal controls, Investor relations, IT, Oversight, Oversight, Protect assets, Protect information assets, Security, Value, Vendors

Disclosure

“A Hot Startup Misled Advertisers,” The Wall Street Journal, October 13, 2017 A1.  Outcome Health apparently misled advertisers as to how many units their ads were appearing on.  The investigation continues.

How would your employees react if ask to provide inflated numbers to potential customers?  How would your investors react after a story appears on page one, above the fold?  Probably reflects in the valuation of the company.  And what about your company’s extensive political contacts?

Leave a comment

Filed under Accuracy, Board, Communicate, Compliance, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Culture, Data quality, Directors, Duty, Duty of Care, Employees, Governance, Inform market, Inform shareholders, Information, Internal controls, Investor relations, Managers, Oversight, Oversight, Policy, Protect assets, Protect information assets, Use, Value

Silence as information?

I normally cite to The Wall Street Journal.  But occasionally I come across something elsewhere worthy of note.  One of my sources is the Business Law Prof Blog.  There was a post there today titled “Omissions Liability: Tempest in a Teapot or Gathering Storm?

At issue, can there be Rule 10b-5 liability (dealing with securities fraud) for not saying something, when you had knowledge and something akin to a duty to disclose.  There’s a Supreme Court case (Leidos, Inc. v. Indiana Public Retirement System) pending that may resolve the issue.

Is a corporation’s failure to say something in itself information, and if so, is that silence itself information that must be governed in order to be compliant?  How do you manage/govern silence?

 

Leave a comment

Filed under Board, Business Case, Collect, Communicate, Communications, Compliance, Compliance, Compliance, Controls, Corporation, Directors, Duty, Governance, Inform market, Inform shareholders, Investor relations, Management, Third parties, To report