Category Archives: Risk assessment

Lessons learned?

I am not sure what to say about the Nunes memo about the DOJ and the FBI and the FISA court, and classified information and governance and compliance.  Too political to be educational.

So, the right-hand news item instead.  “Fed Limits Wells Fargo Growth, Replaces Directors,” The Wall Street Journal, February 3, 2018 A1.  Following a pretty bad year or two, following the customer cramming schedule or the auto insurance.  A former CEO. Lower bonuses.  Now the government takes control of a large bank and replaces the directors.  Restricts the bank’s future growth.  A 6% stock value drop, before this week’s really bad sell-off.  Cost: $300-400 million. Government says, “We cannot tolerate pervasive and persistent misconduct at any bank ….”

What’s the value of compliance?  Is it the possible loss of your ability to control your company?  Is this a lesson for directors, in that they may lose their positions (but they don’t have to refund their fees)(yet- the derivative suits are coming soon).  They didn’t even do that to BP!  The Chief Risk Officer is also retiring later this year.

Business case for compliance or better risk management?  For knowing what’s going on in your company?  Not sure what the lesson is for the shareholders.

Advertisements

Leave a comment

Filed under Board, Business Case, Compliance, Compliance, Compliance Verification, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Inform market, Inform shareholders, Internal controls, Oversight, Oversight, Protect assets, Risk, Risk Assessment, Risk assessment, Supervision, To report

Lawsuits as a management technique

“Shareholders Sue More Frequently,” The Wall Street Journal, August 22, 2017 B1.  Study show shareholders (or class action lawyers) are litigating more when their company is sued, alleging false and misleading statements by management.  One-hundred thirty-one suits in fist six months of 2017.

So, when communicating to the market or shareholders, make sure everything will stand the test of time.  Is it accurate?  Is it complete?

Leave a comment

Filed under Accuracy, Board, Communications, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Inform market, Inform shareholders, Information, Investor relations, Risk assessment, Third parties, Value

Criminal charges for a CEO

Corporations get charged with criminal conduct from time to time.  But seldom does the CEO at the time also get charged.

“Barclays Hit With Fraud Charges,” The Wall Street Journal, June 21, 2017 B1.  Charges of fraud and illegal payments filed against the bank and its former CEO (and a few other executives) in the UK.

As usual, the shareholders get the bill for any fines (and any diminution in share value).  Curiously absent were any charges against the directors of the Bank’s Board at the time.  But maybe the failure of the Board to detect this level of criminal activity will result in civil suits against the directors for negligent supervision.

Maybe Shearman & Stirling can write another report. (See Wells Fargo posts, supra).  Willie Sutton wasn’t the only crook who knew where the money is/was.

Leave a comment

Filed under Board, Compliance, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Oversight, Oversight, Protect assets, Risk assessment, Supervision

Duty of Directors

One of my common themes is the duty of directors.  They get paid a lot of money to act as fiduciaries for the company’s shareholders.

“Warren Keeps Pressure on Wells,” The Wall Street Journal, June 20, 2017 B10.  Senator Elizabeth Warren (D. Mass.) is leaning on the Federal Reserve (arguably an independent body) to remove 12 directors who served on Wells Fargo’s Board when the account- cramming scandal was going on.  Other problems have emerged at Wells Fargo since then.

The shareholders didn’t/couldn’t vote them out in April, and so far (as I know) the directors haven’t been held personally liable for negligent oversight.  So it’s nice that someone is still pursuing the people in charge at the time that (some of the) bad things were happening.

Some executives got fired or their bonuses were docked.  The shareholders lost a bundle in fines and penalties paid by the company.  It would be nice if the directors were held responsible and accountable — not just to penalize them, but to put other directors on notice of what they are getting paid to do, and for whom.

Would be nice to have a poster child for the director’s duty.

Leave a comment

Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Culture, Directors, Duty, Duty of Care, Governance, Inform shareholders, Internal controls, Oversight, Oversight, Protect assets, Risk Assessment, Risk assessment, Supervision

Rules

A necessary element of governance is that you have rules, or standards, to which the governed are supposed to adhere. Problems often arise when people don’t follow the rules. But can slavishly following the rules be as bad?  Depends on the rules.

“Behind United Airlines’ Fateful Decision to Call Police,” The Wall Street Journal, April 17, 2017 B1.   United has a strong demand and control system, and a system that rewards tenure over merit.  Rules for everything.  Rules that apply even to the third-party operator of last week’s flight from Chicago.

But who instituted a rule that requires having police haul a non-disruptive, paying passenger off a flight?  Seemed like a good idea at the time, I guess.  Hard to imagine this happening at an airline that hired attitudes rather than resumes.

Is a corporate cultural norm that would have avoided this also a part of governance?  Is that the “ethics” part of ethics and compliance?

Leave a comment

Filed under Board, Compliance, Controls, Corporation, Culture, Culture, Duty, Employees, Governance, Internal controls, Oversight, Oversight, Risk assessment, Third parties, Vendors

Do you track what’s the normal cost?

“Venezuela Alleges Fraud in $1.3 Billion Oil-Rig Lease,” The Wall Street Journal, March 16, 2017 A10.  “Officials at PdVSA [the state oil company in Venezuela] were accused of embezzlement by paying inflated fees.”

How do you track whether the company is paying inflated fees to companies owned by Saudi princes, with a no-bid contract to an industry newcomer?  You do track that, don’t you?  As a director you would want to make sure that people weren’t paying too much for service contracts.  Why would the state oil company pay inflated rates?  Aren’t these bribes going the ‘wrong’ way?  Or was it just waste and incompetence?  The difference is only $250,000 a day for seven years.

Do you consider the information governance aspects of the FCPA, beyond the books and records?  It is good that the government checks.

Leave a comment

Filed under Board, Compliance, Compliance Verification, Controls, Corporation, Definition, Directors, Duty, Employees, Governance, Government, Information, Internal controls, Oversight, Oversight, Protect assets, Risk Assessment, Risk assessment

Deception strategy

How do you prevent the competition from punking your business?  Caller ID helps the pizza delivery business identify who’s calling.

“Uber Used Program to Evade Authorities,” The Wall Street Journal, March 6, 2017 B4.  Uber apparently wrote its terms of service, and monitors data on who and where calls are coming from, to reduce competitors’ interfering with its business (by making fake calls).  Also identifies people suspected of running a law enforcement sting operation.

So Uber looks for clues to see if you’re a regulator.  Do you use a burner phone?  Does your credit card belong to a regulatory agency? Is this using information to assist the achievement of your business model?

Leave a comment

Filed under Access, Accuracy, Analytics, Business Case, Collect, Controls, Governance, Management, New Implications, Operations, Policy, Protect assets, Risk assessment, Use, Use