Lessons learned?

I am not sure what to say about the Nunes memo about the DOJ and the FBI and the FISA court, and classified information and governance and compliance.  Too political to be educational.

So, the right-hand news item instead.  “Fed Limits Wells Fargo Growth, Replaces Directors,” The Wall Street Journal, February 3, 2018 A1.  Following a pretty bad year or two, following the customer cramming schedule or the auto insurance.  A former CEO. Lower bonuses.  Now the government takes control of a large bank and replaces the directors.  Restricts the bank’s future growth.  A 6% stock value drop, before this week’s really bad sell-off.  Cost: $300-400 million. Government says, “We cannot tolerate pervasive and persistent misconduct at any bank ….”

What’s the value of compliance?  Is it the possible loss of your ability to control your company?  Is this a lesson for directors, in that they may lose their positions (but they don’t have to refund their fees)(yet- the derivative suits are coming soon).  They didn’t even do that to BP!  The Chief Risk Officer is also retiring later this year.

Business case for compliance or better risk management?  For knowing what’s going on in your company?  Not sure what the lesson is for the shareholders.

Advertisements

Leave a comment

Filed under Board, Business Case, Compliance, Compliance, Compliance Verification, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Inform market, Inform shareholders, Internal controls, Oversight, Oversight, Protect assets, Risk, Risk Assessment, Risk assessment, Supervision, To report

Information from unusual places

What if you get information from an unexpected source?  What’s that worth?

“Stanford’s Aid Whistleblower,” The Wall Street Journal, February 1, 2018 B5.  A second-year MBA student does a study of scholarship decisions and blows the whistle on his own school.  Based on information found on a shared drive.

The information is there.  Are you aware what it says?  What’s it worth to have that analysis before someone else does it?  Is this something that Stanford wished wasn’t found, eight years later, on a shared drive?

Is this post about the value of information or the value of managing who gets access to what?  Or something else?

Leave a comment

Filed under Access, Controls, Duty, Duty of Care, Governance, Information, Interconnections, Internal controls, IT, Protect assets, Security, Value

Vendors

“U.S. Probes Supplier to VW,” The Wall Street Journal, February 1, 2018 B2.  Engineering firm under criminal investigation for alleging helping VW cook the emissions tests – altering the nature of the information provided to the government.  See also, “Robert Bosch Workers Face Probe,” The Wall Street Journal, February 1, 2018 B3. (Similar allegations, but involving Chrysler).

Are you concerned about your vendors?  Do you make sure they comply with law?  Do you appreciate the data that confirms your own compliance?  What’s it worth to have that data be accurate?

Were this a blog about Crisis Management and Emergency Response, there would be an entry here about what you should do when you hear that someone else in your industry has been doing something bad.

Leave a comment

Filed under Accuracy, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Data quality, Definition, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Oversight, Protect assets, Protect information assets, Third parties, Value, Vendors

What’s information worth?

“Cryptocurrency Exchange to Pay Back Customers,” The Wall Street Journal, January 29, 2018 B4.  Company to pay customers back $426 million after hack of cryptocurrency.

What is cryptocurrency except information that people agree has a certain value?  If that information is hacked, isn’t it the same as a theft of a client account?

No Christmas bonus for you, I guess.

Leave a comment

Filed under Board, Controls, Corporation, Definition, Duty, Governance, Information, Internal controls, Protect assets, Protect information assets, Security, Value

Early warning system

You discover a product flaw.  One of the first things on your crises management list of things to do is notify your biggest (or best) customers.

“Intel Told China of Flaw Before U.S.,” The Wall Street Journal, January 29, 2018 A1.  Intel tells its Chinese customers of a security flaw in Intel chips before telling the US government.  Flaws discovered in June 2017.  Not disclosed to the market until after a website in the UK reports on them in January 2018.

Who thought waiting to tell the US government was a good idea?  Where are they now and what are they doing (and for whom)?

Getting information early increases the value of that information to you.  Six months?  What happened in the meantime?  What did the Board know?  Did they approve the communications plan?

Leave a comment

Filed under Board, Communications, Corporation, Directors, Duty, Duty of Care, Governance, Inform market, Information, Oversight, Security, To report, Value

Snoopy cried

“Shares of MetLife Plunge on Big Charge,” The Wall Street Journal, January 31, 2018 B16. MetLife needed to increase its reserves after “losing track of possibly tens of thousands of retirees owned monthly pension payments.”  Loses 9% of share value (and this was before the big drop this week!).  This was after they reduced their reserves earlier, resulting in increased revenues.  The day earlier, “Pension Snafu Hits MetLife Results,” The Wall Street Journal, January 30, 2018 B1. A “records mistake.”  Huh?

People have been and will be fired.  Will any senior executives take the hit?  What exactly is the company’s business?  Where was the Board on this?  Do they refund any of their fees?  At least the company admitted a material weakness in its financial systems.  Is the CFO nervous about what he/she signed?  Did the boost affect anyone’s bonus?  Did this affect the market?

This was not a records mistake.  It was a conscious decision.  Who decided to reduce the reserves and just forget about the pensioners who weren’t easy to find?

Leave a comment

Filed under Accuracy, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Data quality, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Investor relations, Oversight, Oversight

Willie Sutton?

Willie Sutton (a famous bank robber) was reportedly asked, “Why do you rob banks?” He reportedly said, “Because that’s where the money is.” https://www.snopes.com/quotes/sutton.asp

“Hackers Plunder Crypto Exchange,” The Wall Street Journal, January 27, 2018 B5. More than $500 million in credits hacked from the Coincheck site in Japan.  One assumes virtual banks are easier to rob than brick and mortar banks.

This is a concrete example of the cost of a cyber breach.  But it also follows on from an earlier post (Law School Exam Question) equating cash money and information, in terms of value.

If businesses (including the Board of Directors) treated information assets as cash, and managing, protecting, and controlling the organization’s information as currency, would that be “information governance”?  Why do they handle information assets differently?  Why should the Board and the officers get a pass on this?  The shareholders certainly don’t.

Leave a comment

Filed under Board, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Oversight, Ownership, Protect, Protect assets, Protect information assets, Security, Third parties, Value