Category Archives: Policy

December 3, 2018 · 6:35 am

Those pesky Romulans!

You may not be old enough or nerdy enough to remember the Romulan cloaking device from the original Star Trek.  But I do/am.

“Fake Signals and Illegal Flags: How North Korea Uses Clandestine Shipping to Fund Regime,” The Wall Street Journal, November 29, 2018 (online). How do shipments still arrive in and leave from North Korea, notwithstanding the various sanctions on the regime there?  Apparently, it’s blue smoke and mirrors.

I raise this here for two reasons.  First, in the North Korean story this is a bunch of information being generated that is deliberately false, and the compliance types struggle to deal with it in order to enforce the applicable rules.  The enforcers use satellites and data analytics; the shippers use deception and semi-legal and illegal stratagems.

Second, what extremes might your employees go to to avoid being detected when they are doing something they know is wrong, and how well prepared are you to deal with it?  Do you have the proper controls and investigative procedures?  What should you look at to confirm that what you’re being told is true?

 

Leave a comment

Filed under Collect, Compliance, Compliance, Compliance (General), Controls, Corporation, Data quality, Directors, Duty, Employees, Governance, Information, Internal controls, Management, Oversight, Policy, Supervision, Third parties, To report, Use

November 19, 2018 · 9:25 am

Access

“CNN Sues the White House, Seeks Return of Press Pass,” The Wall Street Journal, November 14, 2018 A3.  Can the White House refuse to let in a member of the press into the White House for being rude?

Avoid for now the political implications of this, and what the First Amendment and the Fifth Amendment provide.  Think instead about who can deny a single individual access to information, while providing access to 190 other people.

Who is entitled to access information in your company?  What controls are in place to make sure that people who shouldn’t have access don’t get access?  Who determines what those controls are?  Who enforces them?  Is part of this culture?

Leave a comment

Filed under Access, Compliance (General), Controls, Culture, Duty, Governance, Government, Internal controls, Policy, Third parties, Uncategorized

November 7, 2018 · 2:10 pm

Better than nothing?

Have you ever misused your company credit card?  How about used a company asset for your personal business?

“Gulfport CEO Exits Following Review,” The Wall Street Journal, November 2, 2018 B2.  CEO resigns after investigation into his use of his company credit card (he had paid the charges back, eventually, without interest) and the company plane.

On departure, he gets $400,000 and 6 months of health care coverage.  I don’t know whether that’s better than nothing.

The ground troops learn from their “betters.”  Seeing the CEO get canned for policy violations firms up the perception of the seriousness with which the company treats violations of policy or procedure.  More so than a ground troop getting canned.

Does your company publicize these stories?

Leave a comment

Filed under Compliance, Controls, Corporation, Duty, Employees, Governance, Internal controls, Oversight, Policy, Protect assets

November 7, 2018 · 1:43 pm

Fraud at the top

“Former Goldman Bankers Charged,” The Wall Street Journal, November 2, 2018 A1. “Two senior … bankers allegedly paid bribes and stole and laundered money … [in] one of the biggest financial frauds in history.”

What does it say when two of your 435 partners and one of your managing directors commits a fraud?  Failures in systems/controls?  Bad culture?  Do you have a “cowboy atmosphere” in Asia?  Poor training?  Are these rogue employees?  What’s the impact on your reputation?  What was the tone at the top?

This is primarily a Governance point.  How will the new CEO handle?

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Oversight, Policy, Supervision, Who is in charge?

November 7, 2018 · 9:22 am

I know it when I see it

“Irish Vote to Remove Law on Blasphemy,” The Wall Street Journal, October 29, 2018 A10.  Although no one has been convicted of violating the law in 80 years, stage is set to repeal law making it a crime to say something offensive to religious sensibilities.

Looking at this from a Governance perspective, can you have an effective control that is not sufficiently clear as to when someone has violated it?  Do your policies and procedures set up controls that are sufficiently clear?  And if the voters can amend the constitution on a 65% vote, who is in charge?  As culture changes, do your controls keep pace?

And if you never enforce a control, does that mean it’s working?

Leave a comment

Filed under Compliance (General), Controls, Culture, Governance, Internal controls, Policy, Third parties, Who is in charge?

October 26, 2018 · 10:22 am

Weapons

“Apple CEO Urges Action on Data Misuse,” The Wall Street Journal, October 25, 2018 B1.  Tim Cook wants GDPR-style privacy protections in the US.  Claims “[o]ur own information … is being weaponized against us with military efficiency.”

He went on to suggest that the data collection practices of some online advertising companies are the equivalent of government surveillance.

How do we wrest control of our information back again?  Or is privacy dead?  And do we believe that our federal legislature is competent to develop the necessary (and effective) legal controls and protections that true Governance requires?

Leave a comment

Filed under Access, Accuracy, Analytics, Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Oversight, Ownership, Ownership, Policy, Privacy, Technology, Third parties, Value

October 25, 2018 · 3:39 pm

Leaker arrested

“Treasury Employee Is Accused of Leaks,” The Wall Street Journal, October 18, 2018 A4. Employee arrested for allegedly disclosing confidential banking information about Paul Manafort, among others, to a reporter at BuzzFeed.

Leaking your employer’s information is hazardous to your health and freedom.  But it’s good to know the government takes compliance seriously.

Leave a comment

Filed under Compliance, Compliance (General), Controls, Duty, Duty of Care, Employees, Governance, Government, Internal controls, Oversight, Policy, Protect assets

August 26, 2018 · 4:47 pm

Who exactly are your partners?

“U.S. Probes Microsoft on Bribery,” The Wall Street Journal, August 24, 2018 B1.  DOJ probes sales of software licenses to middlemen for ultimate sales to smaller governments.

Did the middlemen in, say, Hungary, share their discounted purchase price with government officials by way of bribes?  Even if they did, is Microsoft liable?  Unless the middlemen were Microsoft sales agents (who didn’t take title to the software licenses), or Microsoft knew of the scheme, hard to see FCPA liability for Microsoft.  Were the middlemen business partners of Microsoft, or just intermediate purchasers?

The ethics of the people with whom you do business can come back to bite you.  Your policies may apply by contract to consultants and third parties that you engage, but do they apply to the people to whom you sell/license your product?

 

 

 

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Oversight, Policy, Third parties, Vendors

August 9, 2018 · 8:57 am

Shoot for the stars

Nailing a high-visibility target demonstrates that you’re serious about compliance.  Especially if he or she is a big money maker.  And especially if it is over violations of your company’s procedures.

“GAM Says Fund Manager Breached Policies on Gifts,” The Wall Street Journal, August 7, 2018 B10.  “[T]he star fund manager” also used his personal email to transact business for the company, and failed to follow other company procedures.

The company’s shares have dropped 44%.

Would you be surprised if your company did this?  What does that say about your culture?

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Internal controls, Oversight, Policy

August 7, 2018 · 2:41 pm

How much due process is due?

“CBS to Weigh CEO’s Fate,” The Wall Street Journal, July 30, 2018 A1.  Discussion over whether CEO accused of sexual harassment should stand down while the investigation continues.

Curious that Urban Meyer has to stand aside while an investigation into whether he should have reported domestic abuse by an assistant coach 9 years earlier at a different school, but Leslie Moonves remains on board as the CEO of CBS.  See https://infogovnuggets.com/2018/08/07/caesars-wife/

What does it say about a company’s culture when, in the current environment, the CEO can remain in his job during such an investigation?  How convinced are the rank-and-file employees that the sexual harassment policy is real, or just a piece of paper?  Are the directors serious about this policy?  What about other policies?

Leave a comment

Filed under Board, Compliance, Compliance, Compliance (General), Corporation, Culture, Culture, Directors, Duty, Employees, Governance, Oversight, Oversight, Policy