That’s a serious charge.
“U.S. Watchdog Says McKinsey Misled Bankruptcy Court,” The Wall Street Journal, December 1, 2018 (online). Did McKinsey make misleading disclosures about what conflicts of interest it might have had? Was a related investment unit truly separate?
The point of this post is to highlight what can happen when one of your agents (and a consultant is an agent) makes an inadequate disclosure to a court about potential conflicts in connection with your case. Are you liable? Is your reputation damaged? What’s that worth? What controls do you have to prevent conflicts of interest by your consultants, and how do you police those controls?
Of course, you wouldn’t fail to disclose such a conflict yourself.
I was gobsmacked by the prior piece that described Amazon taking money to place sponsored ads on someone else’s baby gift registry. But Amazon doesn’t stop there.
“Amazon Makes Inroads Selling Medical Supplies to the Sick,” The Wall Street Journal, November 30, 2018 (online). Doctors are putting lists of products to buy in your medical records, with a link to where you can buy them on Amazon.
What could go wrong? No behavior going on here to create or extend a monopoly; drive on by.
Who owns your medical record? Who owns the relationship with your doctor? Who gets any money from leveraging your doctor’s recommendations? Who has a moral compass, or an ethics and compliance policy?
So, you have a baby coming. You establish a baby registry online, and list the items/gifts you want to receive. And then the host of the registry accepts payments from vendors of baby products to add certain items to “your” list.
Is nothing sacred?
“New Parents Complain Amazon Baby-Registry Ads Are Deceptive,” The Wall Street Journal, November 29, 2018 (online). Amazon accepts money from major companies to put “sponsored ads” on your list; there’s a small gray box saying “Sponsored.” Nothing descriptive like, “Similar to things the mother-to-be actually wants.”
I guess you have to check to make sure that you check “your” list at least twice, to make sure that Amazon hasn’t made it theirs. No bait, just switch.
Where’s the FTC on this? Would you buy from a company that paid to advertise on someone else’s gift registry, without asking? Are they a bit scummy? These aren’t small-time companies; advertisers buying the ads include Kimberly-Clark and Johnson & Johnson. To sell baby products!
Next thing, they’ll be posting billboards on your roof and on your car. Without so much as a by-your-leave.
Filed under Accuracy, Compliance, Controls, Corporation, Culture, Data quality, Duty, Duty of Care, Governance, Information, Internal controls, Oversight, Ownership, Third parties, Value
One profit model that seems to be working well is selling stuff that doesn’t belong to you. Cuts your cost-of-goods-sold dramatically.
“Facebook Considered Charging for Access to User Data,” The Wall Street Journal, November 29, 2018 (online). Facebook considered charging people to access user data.
Now, I guess that’s marginally different than letting third parties see the “Facebook” user data (i.e., the data of the users of Facebook) for free, in order to develop apps or whatever. But isn’t it still the users’ information? Oh, and it might be somewhat contrary to what the CEO said to Congress about Facebook’s policy of never selling user data.
Filed under Access, Collect, Compliance, Controls, Corporation, Culture, Duty, Duty of Care, Governance, Information, Internal controls, Management, Oversight, Ownership, Ownership, Third parties, To report, Use, Value
You may not be old enough or nerdy enough to remember the Romulan cloaking device from the original Star Trek. But I do/am.
“Fake Signals and Illegal Flags: How North Korea Uses Clandestine Shipping to Fund Regime,” The Wall Street Journal, November 29, 2018 (online). How do shipments still arrive in and leave from North Korea, notwithstanding the various sanctions on the regime there? Apparently, it’s blue smoke and mirrors.
I raise this here for two reasons. First, in the North Korean story this is a bunch of information being generated that is deliberately false, and the compliance types struggle to deal with it in order to enforce the applicable rules. The enforcers use satellites and data analytics; the shippers use deception and semi-legal and illegal stratagems.
Second, what extremes might your employees go to to avoid being detected when they are doing something they know is wrong, and how well prepared are you to deal with it? Do you have the proper controls and investigative procedures? What should you look at to confirm that what you’re being told is true?
Filed under Collect, Compliance, Compliance, Compliance (General), Controls, Corporation, Data quality, Directors, Duty, Employees, Governance, Information, Internal controls, Management, Oversight, Policy, Supervision, Third parties, To report, Use
“Mueller Accuses Paul Manafort of Lying to FBI After Plea Agreement, The Wall Street Journal, November 26, 2018 (online). Did Manafort lie after he reached a plea deal?
Information is not limited to what you write in a document or an email. It includes verbal utterances. How do you control your “verbal utterances” when the penalty for lying to the FBI can result in 20 years in prison, regardless of what happened prior to your plea deal?
So, this involves Information (verbal statements are information), Compliance (lying to the FBI exposes you to 20 years’ in prison for each offense), and Governance (how do you avoid making an untrue utterance?). Do your policies and controls address verbal information, and, generally, not lying to the FBI? Need they?
“Marriott Says Starwood Data Breach Affects Up to 500 Million People,” The Wall Street Journal, November 30, 2018 (online). Data breach potentially affecting passports and credit cards of as many as 500 million guests at Marriott’s Starwood properties, which were acquired in 2016. They knew about this in September, but reflects a breach that may go back to 2014.
So, two years after an acquisition, the target’s information security practices blow up in the acquiror’s face. What does that say about the acquiror’s duty to integrate the data practices and controls around information protection?
Does your M&A team think about information governance issues? Is that an identified risk, with an identified (and owned) action plan? Did the Board identify this as a risk? What the value of this information considered part of the transaction value? How was that reflected?
Filed under Board, Compliance, Compliance Verification, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, IT, Management, Oversight, Protect, Protect assets, Protect information assets, Risk Assessment, Risk assessment, Security, Value