Another Crenshaw Speech on SEC Policy

SEC commissioner Caroline Crenshaw was at it again last week, delivering another speech about what the Securities & Exchange Commission should do to be a more effective regulator for current times. Compliance professionals should heed her words, since Crenshaw is shaping up to be the resident progressive theorist among the five commissioners. That matters in…

Read More

Parsing Biden’s Cybersecurity Order

cybersecurity

Earlier this week the Biden Administration issued an executive order to strengthen the federal government’s cybersecurity and oversight of the larger “software supply chain” that involves government contractors. IT auditors, risk managers, privacy officers, and related compliance professionals should prepare now for what’s coming soon. The order is most immediately a response to that ransomware…

Read More

Compliance Jobs Report: May 14

compliance jobs

Another full Compliance Jobs report this week. We have new hires in the fintech world, at Microsoft, Galderma, and a bunch of healthcare firms; and job openings from Atlanta to Boston to Dallas. Our Meme of the Week goes out to people paying ransomware attackers. As always, thank you to all the compliance people sending…

Read More

A Suspicious Activity, Cybersecurity Mess

cybersecurity

A broker-dealer firm in Colorado has agreed to pay $1.5 million to settle charges with the SEC that the firm failed to file suspicious activity reports about cybersecurity thieves trying to take over customers’ accounts. It’s a sobering example of how weak cybersecurity controls can spill over into regulatory compliance trouble.  The firm in question…

Read More

An Interesting Whistleblower Award

whistleblower

Here’s something you don’t see every day: two recipients of a whistleblower award from the Securities and Exchange Commission fighting over how to split $22 million between them. The SEC announced the award on Monday, and as usual, we know little about the case itself. Apparently the misconduct happened at a financial firm, which at…

Read More

Compliance Jobs Report: May 7

compliance jobs

This week’s Compliance Jobs Report has a bundle of promotions, at Siemens, GSK, Wells Fargo, Spirion, and elsewhere. We also have new hires at SpartanNash, American Physician Partners, Allianz, and more; plus a few job leads at companies with the word “Discover” in the name. And don’t forget our Meme of the Week! As always,…

Read More

PCAOB Stands Pat on Data Analytics

inspection

The PCAOB released an update Thursday on its thinking about how to use data analytics and related technologies in financial audits, and it seems that the regulator will maintain for now its belief that no new auditing standards to address technology are necessary. For several years now, the PCAOB has run a small task force…

Read More

SAP, Part II: The Gritty Compliance Details

compliance

Today we return to that enforcement action imposed on business software giant SAP, which last week settled charges that it had violated U.S. export control law in the 2010s by offering software patches, upgrades and cloud-based services to users in Iran. Our first post on the case was more a summary of the overall facts,…

Read More

Another Example for SOX & Cybersecurity

cybersecurity

From time to time I’ve written about how poor cybersecurity and software patch management leads to faulty internal financial controls. Now a bank in Tennessee has disclosed a cybersecurity breach that seems to demonstrate the case.  The bank, First Horizon Corp. ($FHN), disclosed the breach in an SEC filing last week. The breach wasn’t large,…

Read More

SAP Nailed on Sanctions Violations

Software firm SAP is paying $13.1 million to settle charges that the company and its business partners violated U.S. sanctions law in the 2010s by offering software patches and upgrades to users in Iran and allowing Iranian customers access to SAP’s cloud-based technology services.  The settlement was announced Thursday by the U.S. Justice Department, along…

Read More