Continuing from https://infogovnuggets.com/2019/01/04/catching-up-again/
- Pot calling the kettle black
“Comey Tells House Panel He Suspected Giuliani Was Leaking FBI Information to Media,” The Wall Street Journal, December 10, 2018. Former FBI Director Comey, who admitted to leaking information to a reporter through a law school professor, complains that someone else did it, too.
- Yes, we have no privacy
“Thieves Can Now Nab Your Data in a Few Minutes for a Few Bucks,” The Wall Street Journal, December 10, 2018. Following the series of major hacks of privacy data (e.g., Marriott, LinkedIn, Equifax, and Yahoo), “Every American person should assume all of their data is out there,” said one FBI agent. Comforting.
- Duty to report
“New Report Shows Olympics Executives Concealed Knowledge of Nassar Allegations,” The Wall Street Journal, December 11, 2018. Executives knew information about sexual abuse allegations, and failed to report. To whom did they breach a duty?
- Interesting intersection of the right to petition the government and your right to privacy
“U.S. Investigating Fake Comments on ‘Net Neutrality,’” The Wall Street Journal, December 11, 2018. “Earlier this year, the FCC said it would upgrade its website to try to prevent fakery. … Several federal agencies warn that it is a felony to send falsified comments to the federal government when posting on websites soliciting opinions on federal rulemaking.” What if the comments were anonymous?
- Lying or overspending on your expense account can get you canned
“Under Armour Ousts Two Executives After Review of Expenses,” The Wall Street Journal, December 11, 2018. Complying with company policy and procedures is sort of kind of like a job requirement. Even if you signed Jordan Spieth. But how were they to know how much was too much?
- Weakest link?
“Amazon, Amid Crackdown on Seller Scams, Fires Employees Over Data Leak,” The Wall Street Journal, December 11, 2018. Employees bribed for access to inside information. What’s your information worth to you? To the briber? To the (former) employee? Do you have a policy against taking bribes?
- Collateral impact
“Nissan-Renault Scandal Shows It’s Hard to Keep Car Alliances On Track,” The Wall Street Journal, December 12, 2018. A scandal at your business partner can affect your company’s relationships. Is that Governance?
- How do you deal with rumors? Are they “information,” too?
“Super Micro Finds No Malicious Hardware in Motherboards,” The Wall Street Journal, December 12, 2018. This contradicts a prior report from Bloomberg. How do you govern other sources of information? Is using a trusted third party to investigate just standard crisis management planning?
- Should Compliance be more congenial?
“Banks Get Kinder, Gentler Treatment Under Trump,” The Wall Street Journal, December 13, 2018. Regulators are urged to be more collegial with the banks they regulate. Is that better “Governance,” in the short term or in the long term?
- What does it say?
“Renault Sticks With Carlos Ghosn as Internal Probe Finds No Illegality,” The Wall Street Journal, December 13, 2018. What does it say to the rank-and-file when the Chairman gets arrested? And when he’s thereafter kept in place? The Board may have some explaining to do.
- What can your employer do with your information?
“U.S. Companies Asked to Disclose More About Their Workers,” The Wall Street Journal, December 14, 2018. Pension funds ask employers to disclose more information than the SEC currently requires. Whose decision is that? When and how can you object?
- Watch your contractors
“Chinese Hackers Breach U.S. Navy Contractors,” The Wall Street Journal, December 15, 2018. What’s this information worth, both to the US and to China? How much do you look at the security at your vendors who process or create information for you? Are they a weaker link than your employees? (See item 6, above.)
- Information and Governance and Compliance
“PG&E Falsified Gas Safety Records, California Claims,” The Wall Street Journal, December 15, 2018. From the explosion in San Bruno in 2010 (after which PG&E couldn’t find a bunch of inspection records relating to hundreds of miles of its pipelines) to more recent claims about fudging the records on pipeline locations, PG&E has had this problem for awhile. For now, these are just allegations. But what impact on every claim made against the company, and every claim made by it? If they falsify safety records, do they falsify bills, too? “The [state regulator] last month expanded a continuing probe of PG&E’s safety practices and said it would explore the way the company is structured and managed.” There seems to be a link between record-keeping and management and compliance and culture.
- Facebook, again
“Facebook Bug Potentially Exposed Unshared Photos of Up 6.8 Million Users,” The Wall Street Journal, December 15, 2018. One almost gets the idea that protecting your privacy is not a high priority for them.
Filed under Board, Collect, Communicate, Communications, Compliance, Compliance (General), Controls, Corporation, Culture, Data quality, Directors, Duty, Employees, Governance, Information, Internal controls, Investor relations, IT, Management, Oversight, Oversight, Ownership, Privacy, Protect, Protect assets, Records Management, Security, Supervision, Technology, Third parties, To report, Use, Value, Vendors
“Boeing Withheld Data On Potential Hazards,” The Wall Street Journal, November 13, 2018 A1. Did Boeing fail to disclose potential problems with its new flight-control feature? Was that a factor in the Lion Air crash in Indonesia, killing 189 people?
Maybe this feature didn’t factor into the crash; we’ll have to wait for the cockpit voice recorder and the flight data recorder. But if you know something and don’t tell other people who would like to know — well, that’s bad. Even if you didn’t want to confuse them by providing them too much information. Was it better “marketing” to tell their customers that they wouldn’t need as much training?
How do you decide how much information to provide your customers? Are there problems you don’t mention? Why?
Filed under Access, Accuracy, Communicate, Communications, Controls, Corporation, Data quality, Duty, Duty of Care, Governance, Information, Internal controls, Management, Risk assessment, Third parties
“FBI Probes Tesla Over Production Figures,” The Wall Street Journal, October 27, 2018 A1. FBI conducts a criminal investigation into whether Tesla knowingly overstated anticipated production figures and thereby misled investors.
What if Tesla knew at the time that it couldn’t and wouldn’t meet the production targets it was then continuously providing the market? When does mere puffery become criminal? What controls would you need to have to prevent this at your company?
Do you have them? Are they enforced?
Filed under Accuracy, Collect, Communicate, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Data quality, Duty, Duty of Care, Governance, Internal controls, Investor relations, Management, Oversight, To report
“Ex-Salix Official to Pay Fine,” The Wall Street Journal, September 29, 2018 B10. A company’s CFO understated the company’s inventories held by wholesalers; fined $1 million.
“Under-reporting,” also known in lay circles as lying, is generally not a good thing, especially for a CFO. See also, “Lender’s Unit Resolves SEC Case,”The Wall Street Journal, September 29, 2018 B10.
Filed under Accuracy, Communicate, Communications, Compliance, Compliance (General), Controls, Duty, Employees, Governance, Internal controls, Third parties
“SEC Sues to Oust Musk From Tesla Over Tweets,” The Wall Street Journal, September 28, 2018 A1. The SEC sued to remove Elon Musk as the CEO of Tesla, after Mr. Musk tweeted about funding for taking the company private. See also https://infogovnuggets.com/2018/08/11/loose-lips-revisited/.
So, if the CEO doesn’t follow the rules, how much do the shareholders get hurt? Ten percent (or $5 billion). What’s Compliance worth to them?
Take that and smoke it.
“Probes, Cyberattack Distract Atlanta as It Pitches Amazon,” The Wall Street Journal, May 29, 2018 A3. Investigations of former mayor and the aftermath of a ransomware attack hamper efforts to entice Amazon to the city.
Corporations should conduct structured risk assessments. Do cities?
One assumes Atlanta has done a risk assessment and identified the risk of official misconduct. Did it also capture the risk of a cyberattack? Did the risk assessment suggest that if these risks occurred, Atlanta would lose the chance of phenomenal growth?
Filed under Business Continuity, Communicate, Compliance, Compliance, Controls, Duty, Duty of Care, Governance, Government, Internal controls, IT, Management, Operations, Oversight, Protect assets, Risk assessment, Security, Third parties
“Hundreds of Cryptocurrencies Show Hallmarks of Fraud,” The Wall Street Journal, May 18, 2018 A1. Plagiarism, promises of future returns, and fake executives found in offering materials for cryptocurrency companies.
What can investors expect if they invest in these companies?
“Wells Fargo Fires A Top Official, The Wall Street Journal, November 18, 2017 B1. Head of commercial lending canned because he said bad things to a fellow employee about regulators (and how they were affecting golden parachute payments) .
Think about that. He didn’t write it down; he just said it. Not outside the company, even.
True, his firing may have been expedited by all the other legal issues Wells Fargo has been having. But he may not have gotten much of a parachute.
Information controls apply to unwritten information, too.
Filed under Communicate, Communications, Compliance, Controls, Culture, Definition, Duty, Employees, Governance, Information, Internal controls, Management
“A Hot Startup Misled Advertisers,” The Wall Street Journal, October 13, 2017 A1. Outcome Health apparently misled advertisers as to how many units their ads were appearing on. The investigation continues.
How would your employees react if ask to provide inflated numbers to potential customers? How would your investors react after a story appears on page one, above the fold? Probably reflects in the valuation of the company. And what about your company’s extensive political contacts?
Filed under Accuracy, Board, Communicate, Compliance, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Culture, Data quality, Directors, Duty, Duty of Care, Employees, Governance, Inform market, Inform shareholders, Information, Internal controls, Investor relations, Managers, Oversight, Oversight, Policy, Protect assets, Protect information assets, Use, Value
I normally cite to The Wall Street Journal. But occasionally I come across something elsewhere worthy of note. One of my sources is the Business Law Prof Blog. There was a post there today titled “Omissions Liability: Tempest in a Teapot or Gathering Storm?”
At issue, can there be Rule 10b-5 liability (dealing with securities fraud) for not saying something, when you had knowledge and something akin to a duty to disclose. There’s a Supreme Court case (Leidos, Inc. v. Indiana Public Retirement System) pending that may resolve the issue.
Is a corporation’s failure to say something in itself information, and if so, is that silence itself information that must be governed in order to be compliant? How do you manage/govern silence?
Filed under Board, Business Case, Collect, Communicate, Communications, Compliance, Compliance, Compliance, Controls, Corporation, Directors, Duty, Governance, Inform market, Inform shareholders, Investor relations, Management, Third parties, To report