SEC commissioner Caroline Crenshaw was at it again last week, delivering another speech about what the Securities & Exchange Commission should do to be a more effective regulator for current times. Compliance professionals should heed her words, since Crenshaw is shaping up to be the resident progressive theorist among the five commissioners. That matters in…
Read More
Earlier this week the Biden Administration issued an executive order to strengthen the federal government’s cybersecurity and oversight of the larger “software supply chain” that involves government contractors. IT auditors, risk managers, privacy officers, and related compliance professionals should prepare now for what’s coming soon. The order is most immediately a response to that ransomware…
Read More
Another full Compliance Jobs report this week. We have new hires in the fintech world, at Microsoft, Galderma, and a bunch of healthcare firms; and job openings from Atlanta to Boston to Dallas. Our Meme of the Week goes out to people paying ransomware attackers. As always, thank you to all the compliance people sending…
Read More
A broker-dealer firm in Colorado has agreed to pay $1.5 million to settle charges with the SEC that the firm failed to file suspicious activity reports about cybersecurity thieves trying to take over customers’ accounts. It’s a sobering example of how weak cybersecurity controls can spill over into regulatory compliance trouble. The firm in question…
Read More
Here’s something you don’t see every day: two recipients of a whistleblower award from the Securities and Exchange Commission fighting over how to split $22 million between them. The SEC announced the award on Monday, and as usual, we know little about the case itself. Apparently the misconduct happened at a financial firm, which at…
Read More
This week’s Compliance Jobs Report has a bundle of promotions, at Siemens, GSK, Wells Fargo, Spirion, and elsewhere. We also have new hires at SpartanNash, American Physician Partners, Allianz, and more; plus a few job leads at companies with the word “Discover” in the name. And don’t forget our Meme of the Week! As always,…
Read More
The PCAOB released an update Thursday on its thinking about how to use data analytics and related technologies in financial audits, and it seems that the regulator will maintain for now its belief that no new auditing standards to address technology are necessary. For several years now, the PCAOB has run a small task force…
Read More
Today we return to that enforcement action imposed on business software giant SAP, which last week settled charges that it had violated U.S. export control law in the 2010s by offering software patches, upgrades and cloud-based services to users in Iran. Our first post on the case was more a summary of the overall facts,…
Read More
From time to time I’ve written about how poor cybersecurity and software patch management leads to faulty internal financial controls. Now a bank in Tennessee has disclosed a cybersecurity breach that seems to demonstrate the case. The bank, First Horizon Corp. ($FHN), disclosed the breach in an SEC filing last week. The breach wasn’t large,…
Read More
Software firm SAP is paying $13.1 million to settle charges that the company and its business partners violated U.S. sanctions law in the 2010s by offering software patches and upgrades to users in Iran and allowing Iranian customers access to SAP’s cloud-based technology services. The settlement was announced Thursday by the U.S. Justice Department, along…
Read MoreAbout Us
Technically, Radical Compliance is the personal blog of Matt Kelly, long-time writer and observer of the corporate compliance and GRC scene. I was a writer, editor, and publisher at Compliance Week, 2003 through 2015; some of you may know me from my career there. I also speak frequently at compliance conferences and other events, and will pretty much shoot the breeze on any compliance topic with anyone who asks.
