Category Archives: Supervision

Barclays culture, continued

“Compliance Officer To Leave Barclays,” The Wall Street Journal, September 16, 2017 B1. The compliance officer at Barclays responsible for the whistleblower program settled “an employment dispute” with Barclays right before a hearing in London.  The CEO had earlier tried to learn the identity of the employee who complained about his hiring of a buddy.  The UK regulatory authority is still investigating that matter.

But the CEO remains in place.  Go figure.  I guess the Board’s sense of ethics is flexible.

I wonder what the employment dispute was about?

Advertisements

Leave a comment

Filed under Board, Compliance, Compliance, Controls, Corporation, Culture, Culture, Directors, Duty, Duty of Care, Governance, Internal controls, Oversight, Oversight, Policy, Privacy, Supervision, Third parties

Keeping track of junk

To manage junk, get rid of it.  To manage the junk you can’t (or won’t) destroy, you need to know where it is.  Or bad things happen

“A Band Of Junk Clutters Space,” The Wall Street Journal, September 13, 2017 A1.  The Air Force tracks about 23,000 objects in orbit, but doesn’t “own” all of them, nor does it have the right to destroy them all.

Sounds to me a lot like information governance — there’s a lot of stuff to manage, even though a lot of it is junk.  Who owns “it” and who’s in charge?  Who is the ultimate decision maker about what can be destroyed?  In the absence of a governance structure, who does what?

Leave a comment

Filed under Controls, Definition, Duty, Duty of Care, Governance, Government, Information, Oversight, Supervision

The Hack of All Hacks

The Yahoo hack may have affected 1.5 billion customers.  But in terms of targeted hacks, OPM was pretty big.  There’s a new contender for the Hack of Hacks.

“Equifax Reveals Huge Breach,” The Wall Street Journal, September 8, 2017 A1.  The records (name, address, Social Security number, birth date, etc.) of 143 million US consumers at the credit reporting company have been hacked. That’s roughly half the US.  And they sat on it for awhile (since they discovered in on July 29).

Will this fundamentally change the landscape?  Will we see EU-level privacy controls in the US?  Will the directors of Equifax face personal liability for not ensuring the information was protected?  How can you protect your Social Security Number five years from now?  How will credit decisions be made in the future?

 

Leave a comment

Filed under Access, Accuracy, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, IT, Oversight, Oversight, Privacy, Protect assets, Protect information assets, Risk Assessment, Security, Supervision, Value, Vendors

Criminal charges for a CEO

Corporations get charged with criminal conduct from time to time.  But seldom does the CEO at the time also get charged.

“Barclays Hit With Fraud Charges,” The Wall Street Journal, June 21, 2017 B1.  Charges of fraud and illegal payments filed against the bank and its former CEO (and a few other executives) in the UK.

As usual, the shareholders get the bill for any fines (and any diminution in share value).  Curiously absent were any charges against the directors of the Bank’s Board at the time.  But maybe the failure of the Board to detect this level of criminal activity will result in civil suits against the directors for negligent supervision.

Maybe Shearman & Stirling can write another report. (See Wells Fargo posts, supra).  Willie Sutton wasn’t the only crook who knew where the money is/was.

Leave a comment

Filed under Board, Compliance, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Oversight, Oversight, Protect assets, Risk assessment, Supervision

Duty of Directors

One of my common themes is the duty of directors.  They get paid a lot of money to act as fiduciaries for the company’s shareholders.

“Warren Keeps Pressure on Wells,” The Wall Street Journal, June 20, 2017 B10.  Senator Elizabeth Warren (D. Mass.) is leaning on the Federal Reserve (arguably an independent body) to remove 12 directors who served on Wells Fargo’s Board when the account- cramming scandal was going on.  Other problems have emerged at Wells Fargo since then.

The shareholders didn’t/couldn’t vote them out in April, and so far (as I know) the directors haven’t been held personally liable for negligent oversight.  So it’s nice that someone is still pursuing the people in charge at the time that (some of the) bad things were happening.

Some executives got fired or their bonuses were docked.  The shareholders lost a bundle in fines and penalties paid by the company.  It would be nice if the directors were held responsible and accountable — not just to penalize them, but to put other directors on notice of what they are getting paid to do, and for whom.

Would be nice to have a poster child for the director’s duty.

Leave a comment

Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Culture, Directors, Duty, Duty of Care, Governance, Inform shareholders, Internal controls, Oversight, Oversight, Protect assets, Risk Assessment, Risk assessment, Supervision

British two-step

Gee, how important are computers to your company?  Or, more importantly, the information they contain?

“Big Outage Dogs British Airways,” The Wall Street Journal, May 30, 2017 B3. A power surge apparently takes out BA’s entire IT system.  No flights, no baggage, and no customer communications.  This is partly a business continuity problem, and is a predictable hazard (I was working at Amoco in Chicago in the 90’s when a flood took out the email servers that were then in the basement- Ed.).  But it also highlights how important access to information is to having your business run right.  If you put all your eggs in one basket, watch that basket.

What happens when you have so much information that you can’t read it all? “U.K.’s MI5 Begins Internal Probe,” The Wall Street Journal, May 30, 2017 A9.  Apparently, the suicide bomber in Manchester was on, and then off, the security service’s radar screen.  He was one of 20,000 suspects, but not among the 3,000 most active ones.

Leave a comment

Filed under Access, Accuracy, Business Continuity, Communications, Controls, Duty, Governance, Government, Information, Interconnections, IT, Operations, Oversight, Supervision, Third parties, Value

A handful of stories

  1. Compare

“FCC Won’t Move Against Colbert for Crude Remarks,” The Wall Street Journal, May 24, 2017 A3.  Remarks about Trump don’t draw a fine.  The question remains, what will?  What’s the impact of the regulator not even trying to enforce regulatory standards?

With

“Pakistan Investigates Social-Media Critics of Its Military,” The Wall Street Journal, May 24, 2017 A8.  Twenty-seven critics investigated for “unacceptable” comments criticizing and ridiculing the military and judiciary.  The FCC wasn’t consulted.

2. “U.S. Sues Chrysler Over Emissions Tests,” The Wall Street Journal, May 24, 2017 B1.  Apparently VW wasn’t the only one seeking to game the emissions-testing process.

3.  “Human Still Rule Machines in Insurance,” The Wall Street Journal, May 24, 2017 B1.  Despite the new sources of data, and the ability of computer programs to determine how much an individual insurance policy should cost, humans are still a necessary decision-maker.

4.  “Target Settles Probe Into Its 2013 Hack,” The Wall Street Journal, May 24, 2017 B3. Following the 2013 data breach, Target pays an additional $18.5 million to settle state charges.

5. “High-Ranking Chinese Regulator Faces Probe,” The Wall Street Journal, May 24, 2017 B14.  Assistant chairman of the China Banking Regulatory Commission fired for breaking the rules.  Details not available.

Leave a comment

Filed under Accuracy, Analytics, Compliance, Compliance, Controls, Corporation, Culture, Duty, Employees, Governance, Government, Information, Internal controls, Management, Managers, Oversight, Supervision, Value