You may not be old enough or nerdy enough to remember the Romulan cloaking device from the original Star Trek. But I do/am.
“Fake Signals and Illegal Flags: How North Korea Uses Clandestine Shipping to Fund Regime,” The Wall Street Journal, November 29, 2018 (online). How do shipments still arrive in and leave from North Korea, notwithstanding the various sanctions on the regime there? Apparently, it’s blue smoke and mirrors.
I raise this here for two reasons. First, in the North Korean story this is a bunch of information being generated that is deliberately false, and the compliance types struggle to deal with it in order to enforce the applicable rules. The enforcers use satellites and data analytics; the shippers use deception and semi-legal and illegal stratagems.
Second, what extremes might your employees go to to avoid being detected when they are doing something they know is wrong, and how well prepared are you to deal with it? Do you have the proper controls and investigative procedures? What should you look at to confirm that what you’re being told is true?
Filed under Collect, Compliance, Compliance, Compliance (General), Controls, Corporation, Data quality, Directors, Duty, Employees, Governance, Information, Internal controls, Management, Oversight, Policy, Supervision, Third parties, To report, Use
“CNN Sues the White House, Seeks Return of Press Pass,” The Wall Street Journal, November 14, 2018 A3. Can the White House refuse to let in a member of the press into the White House for being rude?
Avoid for now the political implications of this, and what the First Amendment and the Fifth Amendment provide. Think instead about who can deny a single individual access to information, while providing access to 190 other people.
Who is entitled to access information in your company? What controls are in place to make sure that people who shouldn’t have access don’t get access? Who determines what those controls are? Who enforces them? Is part of this culture?
Filed under Access, Compliance (General), Controls, Culture, Duty, Governance, Government, Internal controls, Policy, Third parties, Uncategorized
Have you ever misused your company credit card? How about used a company asset for your personal business?
“Gulfport CEO Exits Following Review,” The Wall Street Journal, November 2, 2018 B2. CEO resigns after investigation into his use of his company credit card (he had paid the charges back, eventually, without interest) and the company plane.
On departure, he gets $400,000 and 6 months of health care coverage. I don’t know whether that’s better than nothing.
The ground troops learn from their “betters.” Seeing the CEO get canned for policy violations firms up the perception of the seriousness with which the company treats violations of policy or procedure. More so than a ground troop getting canned.
Does your company publicize these stories?
“Former Goldman Bankers Charged,” The Wall Street Journal, November 2, 2018 A1. “Two senior … bankers allegedly paid bribes and stole and laundered money … [in] one of the biggest financial frauds in history.”
What does it say when two of your 435 partners and one of your managing directors commits a fraud? Failures in systems/controls? Bad culture? Do you have a “cowboy atmosphere” in Asia? Poor training? Are these rogue employees? What’s the impact on your reputation? What was the tone at the top?
This is primarily a Governance point. How will the new CEO handle?
Filed under Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Oversight, Policy, Supervision, Who is in charge?
“Irish Vote to Remove Law on Blasphemy,” The Wall Street Journal, October 29, 2018 A10. Although no one has been convicted of violating the law in 80 years, stage is set to repeal law making it a crime to say something offensive to religious sensibilities.
Looking at this from a Governance perspective, can you have an effective control that is not sufficiently clear as to when someone has violated it? Do your policies and procedures set up controls that are sufficiently clear? And if the voters can amend the constitution on a 65% vote, who is in charge? As culture changes, do your controls keep pace?
And if you never enforce a control, does that mean it’s working?
“Apple CEO Urges Action on Data Misuse,” The Wall Street Journal, October 25, 2018 B1. Tim Cook wants GDPR-style privacy protections in the US. Claims “[o]ur own information … is being weaponized against us with military efficiency.”
He went on to suggest that the data collection practices of some online advertising companies are the equivalent of government surveillance.
How do we wrest control of our information back again? Or is privacy dead? And do we believe that our federal legislature is competent to develop the necessary (and effective) legal controls and protections that true Governance requires?
Filed under Access, Accuracy, Analytics, Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Oversight, Ownership, Ownership, Policy, Privacy, Technology, Third parties, Value
“Treasury Employee Is Accused of Leaks,” The Wall Street Journal, October 18, 2018 A4. Employee arrested for allegedly disclosing confidential banking information about Paul Manafort, among others, to a reporter at BuzzFeed.
Leaking your employer’s information is hazardous to your health and freedom. But it’s good to know the government takes compliance seriously.
Filed under Compliance, Compliance (General), Controls, Duty, Duty of Care, Employees, Governance, Government, Internal controls, Oversight, Policy, Protect assets