Another Crenshaw Speech on SEC Policy

By Matt Kelly | May 16, 2021 |

SEC commissioner Caroline Crenshaw was at it again last week, delivering another speech about what the Securities & Exchange Commission should do to be a more effective regulator for current times. Compliance professionals should heed her words, since Crenshaw is shaping up to be the resident progressive theorist among the five commissioners. That matters in…

Read More
cybersecurity

Parsing Biden’s Cybersecurity Order

By Matt Kelly | May 14, 2021 |

Earlier this week the Biden Administration issued an executive order to strengthen the federal government’s cybersecurity and oversight of the larger “software supply chain” that involves government contractors. IT auditors, risk managers, privacy officers, and related compliance professionals should prepare now for what’s coming soon. The order is most immediately a response to that ransomware…

Read More
compliance jobs

Compliance Jobs Report: May 14

By Matt Kelly | May 14, 2021 |

Another full Compliance Jobs report this week. We have new hires in the fintech world, at Microsoft, Galderma, and a bunch of healthcare firms; and job openings from Atlanta to Boston to Dallas. Our Meme of the Week goes out to people paying ransomware attackers. As always, thank you to all the compliance people sending…

Read More
cybersecurity

A Suspicious Activity, Cybersecurity Mess

By Matt Kelly | May 12, 2021 |

A broker-dealer firm in Colorado has agreed to pay $1.5 million to settle charges with the SEC that the firm failed to file suspicious activity reports about cybersecurity thieves trying to take over customers’ accounts. It’s a sobering example of how weak cybersecurity controls can spill over into regulatory compliance trouble.  The firm in question…

Read More
whistleblower

An Interesting Whistleblower Award

By Matt Kelly | May 11, 2021 |

Here’s something you don’t see every day: two recipients of a whistleblower award from the Securities and Exchange Commission fighting over how to split $22 million between them. The SEC announced the award on Monday, and as usual, we know little about the case itself. Apparently the misconduct happened at a financial firm, which at…

Read More
compliance jobs

Compliance Jobs Report: May 7

By Matt Kelly | May 7, 2021 |

This week’s Compliance Jobs Report has a bundle of promotions, at Siemens, GSK, Wells Fargo, Spirion, and elsewhere. We also have new hires at SpartanNash, American Physician Partners, Allianz, and more; plus a few job leads at companies with the word “Discover” in the name. And don’t forget our Meme of the Week! As always,…

Read More
inspection

PCAOB Stands Pat on Data Analytics

By Matt Kelly | May 6, 2021 |

The PCAOB released an update Thursday on its thinking about how to use data analytics and related technologies in financial audits, and it seems that the regulator will maintain for now its belief that no new auditing standards to address technology are necessary. For several years now, the PCAOB has run a small task force…

Read More
compliance

SAP, Part II: The Gritty Compliance Details

By Matt Kelly | May 5, 2021 |

Today we return to that enforcement action imposed on business software giant SAP, which last week settled charges that it had violated U.S. export control law in the 2010s by offering software patches, upgrades and cloud-based services to users in Iran. Our first post on the case was more a summary of the overall facts,…

Read More
cybersecurity

Another Example for SOX & Cybersecurity

By Matt Kelly | May 2, 2021 |

From time to time I’ve written about how poor cybersecurity and software patch management leads to faulty internal financial controls. Now a bank in Tennessee has disclosed a cybersecurity breach that seems to demonstrate the case.  The bank, First Horizon Corp. ($FHN), disclosed the breach in an SEC filing last week. The breach wasn’t large,…

Read More

SAP Nailed on Sanctions Violations

By Matt Kelly | April 30, 2021 |

Software firm SAP is paying $13.1 million to settle charges that the company and its business partners violated U.S. sanctions law in the 2010s by offering software patches and upgrades to users in Iran and allowing Iranian customers access to SAP’s cloud-based technology services.  The settlement was announced Thursday by the U.S. Justice Department, along…

Read More

About Us

Technically, Radical Compliance is the personal blog of Matt Kelly, long-time writer and observer of the corporate compliance and GRC scene. I was a writer, editor, and publisher at Compliance Week, 2003 through 2015; some of you may know me from my career there. I also speak frequently at compliance conferences and other events, and will pretty much shoot the breeze on any compliance topic with anyone who asks.

Keep in Touch