Category Archives: Compliance

Contracts matter, too

This blog often deals with Compliance, both compliance with law and compliance with company policy.  But another aspect of Compliance is the corporation’s compliance with its own contracts.

“Professor Wins College-Freedom Case in Wisconsin,” The Wall Street Journal, July 7, 2018 A3.  Private university penalizes professor for posting a factual post online, despite  academic freedom protections he had in his contract; professor wins back pay and reinstatement.

So, does your compliance program cover your organization’s compliance with its own contracts?  Does your compliance training mention that point?  Is contract compliance more or less important than ethics?  Or is it part of ethics?  How strong are your processes around contract compliance?

I just ask the questions.

 

Advertisements

Leave a comment

Filed under Compliance, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Internal controls, Management, Third parties

A Mayor’s challenge

“Probes, Cyberattack Distract Atlanta as It Pitches Amazon,” The Wall Street Journal, May 29, 2018 A3.  Investigations of former mayor and the aftermath of a ransomware attack hamper efforts to entice Amazon to the city.

Corporations should conduct structured risk assessments.  Do cities?

One assumes Atlanta has done a risk assessment and identified the risk of official misconduct.  Did it also capture the risk of a cyberattack?  Did the risk assessment suggest that if these risks occurred, Atlanta would lose the chance of phenomenal growth?

 

Leave a comment

Filed under Business Continuity, Communicate, Compliance, Compliance, Controls, Duty, Duty of Care, Governance, Government, Internal controls, IT, Management, Operations, Oversight, Protect assets, Risk assessment, Security, Third parties

Three returning contestants

And all on the same page.

  1. “U.S. Indicts VW’s Former CEO,” The Wall Street Journal, May 4, 2018 B1. Former CEO indicted in March for conspiracy and wire fraud following the emissions cheating scandal.  Do CEOs go to jail?
  2. “Facebook Has Dual Standard On Privacy,” The Wall Street Journal, May 4, 2018 B1. If you’re in a special group in Facebook, you get an alert if someone accesses your profile; if you’re a muggle, or don’t work at Facebook, you don’t.  Maybe this will change?
  3. “Theranos Hurt Big-Name Investors,” The Wall Street Journal, May 4, 2018 B1.  Company said it had the technology to do a wide range of blood tests based on a few drops of blood.  It didn’t, and a host of big-name investors lost a bundle. Is this a governance issue, an information issue, or a compliance issue?  Don’t believe everything you hear; it’s costly.  And don’t serve as a director without doing your own due diligence.

Leave a comment

Filed under Access, Accuracy, Board, Compliance, Compliance, Compliance, Controls, Corporation, Culture, Data quality, Duty, Duty of Care, Employees, Governance, Internal controls, Oversight, Oversight, Policy, Protect information assets, Supervision

Ethics

When you need to hide relevant information from your clients, you are often doing something that’s not ethical.

“BofA to Pay Fine Over ‘Marking’ of Trades,” The Wall Street Journal, March 24, 2018 B10.  Bank hid the fact that it was routing its clients’ trades through high-speed trading firms.  Millions of times.  Apparently, the scheme was well known by bank employees, and was to hide the bank’s practices from major clients who would have objected.  And they did it anyway.  Cost: $42 million fine, and a loss of a lot of face.

You’d think a bank would have a policy or maybe even a culture against lying, cheating, or stealing.  Who’s getting fired?

 

Leave a comment

Filed under Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Duty, Employees, Governance, Management, Oversight, Policy, To report

Who are your employees, anyway?

“Firm Settles Russia Probe,” The Wall Street Journal, December 12, 2017 A5.  Company working on US defense projects had Russian employees who lacked appropriate security clearances (and who stored some material on servers in Russia).

No fine reported; company to institute new security protocols and thereby resolve criminal complaint.

One would have thought someone would have gotten more than their hands slapped over this one.

Leave a comment

Filed under Access, Compliance, Compliance, Controls, Corporation, Duty, Governance, Government, Internal controls, Management, Oversight, Protect

Covert units

It’s a bad sign when you establish a covert unit.

“Uber Formed Covert Unit to Steal Trade Secrets, Ex-Employee Says,” The Wall Street Journal, November 29, 2017 A1. According to a former security employee, Uber “had a team dedicated to stealing [competitors’] trade secrets and helped employees dodge regulators’ scrutiny.”

This information was in a letter read to the jury in the Alphabet/Uber trade secret litigation.  Ouch.

What does it say about the company’s commitment to compliance with law (including the rights of others)?  Are RICO charges far behind?

If Uber loses the case, will shareholders sue the directors who allowed this to happen?

 

Leave a comment

Filed under Board, Compliance, Compliance, Controls, Corporation, Culture, Culture, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Management, Oversight, Oversight, Supervision

Violating company policy

Who gets fired for violating company policy?  How often is it a senior executive?

“Visa Cites Behavior In Firing Executive,” The Wall Street Journal, December 4, 2017 B3.  We don’t know what the violation was.  Yet.  But he was a high-flyer, handling the Apple and PayPal partnerships.

Does this send a message to the rest of the organization?  Does it depend on the policy he violated?

Does your company publish information on how many people have been disciplined for violations?  If not, why not?

Leave a comment

Filed under Compliance, Compliance, Controls, Corporation, Duty, Employees, Governance, Internal controls, Management, Oversight, Policy