Category Archives: Compliance

December 3, 2018 · 6:35 am

Those pesky Romulans!

You may not be old enough or nerdy enough to remember the Romulan cloaking device from the original Star Trek.  But I do/am.

“Fake Signals and Illegal Flags: How North Korea Uses Clandestine Shipping to Fund Regime,” The Wall Street Journal, November 29, 2018 (online). How do shipments still arrive in and leave from North Korea, notwithstanding the various sanctions on the regime there?  Apparently, it’s blue smoke and mirrors.

I raise this here for two reasons.  First, in the North Korean story this is a bunch of information being generated that is deliberately false, and the compliance types struggle to deal with it in order to enforce the applicable rules.  The enforcers use satellites and data analytics; the shippers use deception and semi-legal and illegal stratagems.

Second, what extremes might your employees go to to avoid being detected when they are doing something they know is wrong, and how well prepared are you to deal with it?  Do you have the proper controls and investigative procedures?  What should you look at to confirm that what you’re being told is true?

 

Leave a comment

Filed under Collect, Compliance, Compliance, Compliance (General), Controls, Corporation, Data quality, Directors, Duty, Employees, Governance, Information, Internal controls, Management, Oversight, Policy, Supervision, Third parties, To report, Use

November 19, 2018 · 10:01 am

Another one

“UC System is Sued for Data On Admissions,” The Wall Street Journal, November 16, 2018 A2.  Is the state university using race inappropriately in making admissions decisions?

The government has different obligations with respect to information than a private company.  Government also collects a lot of information.  What controls are in place to allow and to prevent the disclosure of this information?  What about for non-core activities, like running the state’s university system?

 

Leave a comment

Filed under Access, Collect, Compliance, Compliance, Controls, Duty, Governance, Government, Internal controls, Management, Third parties, To report, Use

November 19, 2018 · 9:50 am

External governance

“Rebuke at Wells Shows Clash,” The Wall Street Journal, November 15, 2018 B1.  Chief administrative officer (and former head of HR) at Wells placed on leave after the Office of the Comptroller of the Currency criticizes the oversight that she and the bank’s chief auditor provided.

If your company interacts with government regulators (and whose doesn’t?), is the government effectively a part of your governance structure?  Or is government a separate component of Governance, whether that is Compliance Governance or Information Governance?  Or just “Governance”?

And what does it say about communications when the government holds up a senior official for poor oversight?  What about the board?  Highly visible to the worker bees.

Leave a comment

Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Government, Internal controls, Management, Oversight, Oversight, Third parties, To report

October 28, 2018 · 12:08 pm

What’s worse than a tweet?

“FBI Probes Tesla Over Production Figures,” The Wall Street Journal, October 27, 2018 A1.  FBI conducts a criminal investigation into whether Tesla knowingly overstated anticipated production figures and thereby misled investors.

What if Tesla knew at the time that it couldn’t and wouldn’t meet the production targets it was then continuously providing the market?  When does mere puffery become criminal?  What controls would you need to have to prevent this at your company?

Do you have them?  Are they enforced?

Leave a comment

Filed under Accuracy, Collect, Communicate, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Data quality, Duty, Duty of Care, Governance, Internal controls, Investor relations, Management, Oversight, To report

September 28, 2018 · 6:30 pm

Sunk ship

“SEC Sues to Oust Musk From Tesla Over Tweets,” The Wall Street Journal, September 28, 2018 A1.  The SEC sued to remove Elon Musk as the CEO of Tesla, after Mr. Musk tweeted about funding for taking the company private.  See also https://infogovnuggets.com/2018/08/11/loose-lips-revisited/.

So, if the CEO doesn’t follow the rules, how much do the shareholders get hurt?  Ten percent (or $5 billion).  What’s Compliance worth to them?

Take that and smoke it.

 

Leave a comment

Filed under Communicate, Communications, Compliance, Compliance, Compliance (General), Duty, Employees, Governance, Information, Management

July 23, 2018 · 10:49 am

CEO Charged

“SEC Charges Ex-CEO With Insider Trading,’ The Wall Street Journal, July 11, 2018 B12.  Ex-CEO charged with giving his paramour inside information (and money) to buy stocks.

From a compliance perspective, it is good to see that the people at the top of the shop get charged, too.  Helpful training reminder.  If the CEO doesn’t obey the law, what can you expect of the other employees?

Leave a comment

Filed under Compliance, Compliance, Compliance (General), Controls, Duty, Employees, Governance, Internal controls, Management, Third parties

July 8, 2018 · 6:55 pm

Contracts matter, too

This blog often deals with Compliance, both compliance with law and compliance with company policy.  But another aspect of Compliance is the corporation’s compliance with its own contracts.

“Professor Wins College-Freedom Case in Wisconsin,” The Wall Street Journal, July 7, 2018 A3.  Private university penalizes professor for posting a factual post online, despite  academic freedom protections he had in his contract; professor wins back pay and reinstatement.

So, does your compliance program cover your organization’s compliance with its own contracts?  Does your compliance training mention that point?  Is contract compliance more or less important than ethics?  Or is it part of ethics?  How strong are your processes around contract compliance?

I just ask the questions.

 

Leave a comment

Filed under Compliance, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Internal controls, Management, Third parties

May 29, 2018 · 4:38 pm

A Mayor’s challenge

“Probes, Cyberattack Distract Atlanta as It Pitches Amazon,” The Wall Street Journal, May 29, 2018 A3.  Investigations of former mayor and the aftermath of a ransomware attack hamper efforts to entice Amazon to the city.

Corporations should conduct structured risk assessments.  Do cities?

One assumes Atlanta has done a risk assessment and identified the risk of official misconduct.  Did it also capture the risk of a cyberattack?  Did the risk assessment suggest that if these risks occurred, Atlanta would lose the chance of phenomenal growth?

 

Leave a comment

Filed under Business Continuity, Communicate, Compliance, Compliance, Controls, Duty, Duty of Care, Governance, Government, Internal controls, IT, Management, Operations, Oversight, Protect assets, Risk assessment, Security, Third parties

May 4, 2018 · 9:27 am

Three returning contestants

And all on the same page.

  1. “U.S. Indicts VW’s Former CEO,” The Wall Street Journal, May 4, 2018 B1. Former CEO indicted in March for conspiracy and wire fraud following the emissions cheating scandal.  Do CEOs go to jail?
  2. “Facebook Has Dual Standard On Privacy,” The Wall Street Journal, May 4, 2018 B1. If you’re in a special group in Facebook, you get an alert if someone accesses your profile; if you’re a muggle, or don’t work at Facebook, you don’t.  Maybe this will change?
  3. “Theranos Hurt Big-Name Investors,” The Wall Street Journal, May 4, 2018 B1.  Company said it had the technology to do a wide range of blood tests based on a few drops of blood.  It didn’t, and a host of big-name investors lost a bundle. Is this a governance issue, an information issue, or a compliance issue?  Don’t believe everything you hear; it’s costly.  And don’t serve as a director without doing your own due diligence.

Leave a comment

Filed under Access, Accuracy, Board, Compliance, Compliance, Compliance, Controls, Corporation, Culture, Data quality, Duty, Duty of Care, Employees, Governance, Internal controls, Oversight, Oversight, Policy, Protect information assets, Supervision

March 25, 2018 · 11:57 pm

Ethics

When you need to hide relevant information from your clients, you are often doing something that’s not ethical.

“BofA to Pay Fine Over ‘Marking’ of Trades,” The Wall Street Journal, March 24, 2018 B10.  Bank hid the fact that it was routing its clients’ trades through high-speed trading firms.  Millions of times.  Apparently, the scheme was well known by bank employees, and was to hide the bank’s practices from major clients who would have objected.  And they did it anyway.  Cost: $42 million fine, and a loss of a lot of face.

You’d think a bank would have a policy or maybe even a culture against lying, cheating, or stealing.  Who’s getting fired?

 

Leave a comment

Filed under Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Duty, Employees, Governance, Management, Oversight, Policy, To report