“Most Bitcoin Trading Faked by Unregulated Exchanges, Study Finds,” The Wall Street Journal, March 23, 2019. More than 90% of reported trading in cryptocurrencies was fraudulent, study finds. “Of the roughly $6 billion in reported daily volume during four days in March, the firm calculated that about $273 million was legitimate.”
When do you suspect that the information your are being given isn’t true? What controls do you have in place, and what laws or regulations control? Is a bitcoin a security within the reach of the US securities laws? If not, who’s in charge?
Do you want a bit more control over this, or is “buyer beware” enough protection for the savyy investor?
The beat goes on.
“Prosecutors in 737 MAX Probe Focus on Boeing Disclosures to Regulators, Customers,” The Wall Street Journal, March 23, 2019. Did Boeing mislead customers or regulators?
If you are in a regulated business, be careful what you say and what you don’t say to regulators. Speaking untruth to power is ill-advised.
What controls do you have in place to make sure that what you say to regulators is the truth, the whole truth, and nothing but the truth? How do you monitor the effectiveness of those controls? Especially when an untruth may be a criminal offense? And how do you manage the retention or non-deletion of associated drafts and emails and such?
“House Democrats Probe White House Officials’ Email Use,” The Wall Street Journal, March 22, 2019. Did they use personal email accounts for government business?
One of the tricky things about Compliance is if you have a well-publicized case of another executive doing something that looks to be against the rules and he or she is not punished, it’s hard to enforce those restrictions against the next alleged violator.
So, what are the rules here? The ones on the books or the ones in practice? Does anyone in your company use personal email for company business? Is that against the rules? Do you enforce that rule? Or is the practice so widespread your policies/rules are unenforceable? Or is this just the distinction between employees of the White House and employees of the Department of State or the Justice Department?
“Samsung Probed U.S. Marketing Operation Over Dealings With Business Partners,” The Wall Street Journal, March 22, 2019. Looks like people were playing fast and loose with expense reporting policies and the like. Some employees “were let go for cause and without severance following the audit.”
This is a bit of a departure for this blog of late; I haven’t focused so much on pure compliance issues. But this is about Governance and Compliance, writ large. The employees here violated company policy – not laws (as far as we know). Co that’s Compliance (or not). Remember that an employee’s common law duty to his/her employer includes the obligation to comply not only with applicable law, but also with company policy and other lawful instructions from their managers. Violate that and you get fired, for cause.
Try telling your next potential employer that you got “laid off” “for cause.” That’s “Governance.”
If you have a content platform, do you need to play nice(r) with the competition?
“Google Fined $1.7 Billion in EU for Restricting Rivals’ Ads,” The Wall Street Journal, March 21, 2019. More money for prior practices affecting “the niche market of selling text ads on search results that appear on third-party websites.” Paid $1.6 billion, while defending legality of practices. Un huh.
When you’re a monopolist, you’re subject to different rules. How do you have to handle “your” information when dealing with competitors or others? Do you need more controls (Governance) in order to Comply?
“Publishers Sue Peloton for Use of Songs From Drake, Lady Gaga,” The Wall Street Journal, March 20, 2019. Allegedly, only some songs properly licensed.
Oops. You try to comply with the law in getting licenses from the right people, but fail. So you use their information improperly and face a suit for $150 million, right before your IPO.
Do you have controls in place (Governance) to make sure you don’t use copyrighted material without a license (if necessary)?
Do the controls around “exceptions” open up your entire program?
“College Admissions Scandal Relied on More Students Using SAT Accommodation,” The Wall Street Journal, March 19, 2019. Making allowances for a small group allowed cheaters to prosper.
You spend a lot of time developing controls to address the major risks. I imagine that SAT and ACT both spend a lot of time to prevent cheating in the normal exam-taking process. But what happened when they allowed exceptions? Were the controls as robust as they needed to be?
Do you have any exceptions to your normal control processes around Information? Should this be a wake-up call to review them? Do procedures around those exceptions need to be at least as robust as those around your base case? Do the granting of the exception and handling those “exceptional” students? What percentage of the total do the exceptions represent?