Compliance Thoughts on My Mind

By Matt Kelly | July 12, 2017 |

Random thoughts about corporate compliance and ethics while waiting for Russian operatives to set up a meeting with me rather than Donald Trump Jr…

A compliance officer in financial services recently suggested to me that AML compliance functions should be merged with cybersecurity. After all, he said, both groups seek to identify the true intentions of parties wandering around their enterprise, and to stop wrongdoers from taking money out the door. When you think about it, his idea isn’t half bad.

Where the heck is our final COSO framework for enterprise risk management?

If lawmakers were serious about bipartisan efforts to ease financial regulation, they would start with easing regulation on community banks: much needed, sensible, and politically popular.

Let’s say Congress or the Securities and Exchange Commission do raise exemption threshold for compliance with Section 404(b) of the Sarbanes-Oxley Act. What company is then going to stop audits of internal control over financial reporting? Management still has to assess the effectiveness of ICFR under Section 404(a). If you stop ICFR audits and later suffer a restatement, those 404(a) assertions—which are almost always positive—become a bullseye on the company’s rear end for shareholder litigation.

I don’t get this lawsuit saying internal whistleblowers aren’t protected under the Dodd-Frank Act unless they report to the SEC first. If the Supreme Court upholds that position, they’ll just report to the SEC first. So the company still has a whistleblower on its hands, who can still allege retaliation any time, and you’re on the SEC’s radar screen to boot. This suit is terrible for compliance officers and short-sighted for companies.

Of course lawmakers aren’t serious about bipartisan efforts to ease financial regulation.

Anyone who believes that the slowdown in IPOs is due to SOX or other regulatory requirements is delusional. I’ll have a whole column devoted to that later this month, but for now: companies are staying private because they can. The true problem isn’t a company’s ability to go public; it’s the ability to stay public.

If you are a corporate compliance officer and not a member of Precheck and Global Entry, I question your sanity.

Non-compete agreements are spurious things. If you can’t protect company interests through non-disclosure agreements and trade secrets law, get a new employment lawyer.

President Trump’s principal problem is this: as he keeps doing what he does, an increasing number of politicians find that opposing Trump pays political dividends for their constituencies back home. It’s true of Democrats and foreign leaders now; and it will be true of Republicans in Democratic leaning districts soon enough. Already, even in Republican districts up for special election this spring, support of Trump didn’t cost anyone a majority of votes—but it did cost an awfully expensive minority of them.

The Financial Choice Act is a hodgepodge of unwise ideas, but the dumbest is to exempt vastly more companies from filing their financial statements tagged in XBRL (who have already been in compliance for years anyway). Few technologies have as much upside for as little cost as this one. My prediction: this idea will go away.

The point of SOX and Section 404 was to reduce the likelihood of financial restatements. Fifteen years on, restatements are down in frequency and magnitude. Like it or not, SOX compliance works.

Adam Turtletaub should be the next CEO of the Society of Corporate Compliance & Ethics. He’s top-notch—although, in fairness, so is everybody else at SCCE.

Writing the Compliance Jobs Report every Friday is the best part of what I do. I love seeing how compliance professionals move around and grow in their careers.

If Michael Piwowar were still acting chairman of the SEC, we wouldn’t have this hand-wringing about whether the CEO Pay Ratio Disclosure Rule might go into effect later this year after all. He’d just kill the rule unilaterally.

The longer I watch the compliance world, and the more complicated it becomes, the more I appreciate how much of the challenge is about smart information governance.

I have no problem with the SEC allowing all companies to submit confidential registration statements ahead of an IPO. It may suggest that they’re uneasy and scared, but it doesn’t mean they’re deliberately hiding bad accounting. I mean, look at Twitter and Snap. Their IPOs were wholly predicated on bad business models. They still went public.

The Trump Administration’s commission on election fraud is invitation to the largest, most damaging cybersecurity attack in U.S. history—just so President Trump, Jeff Sessions, and Kris Kobach can pursue their fantasy that people with dark skin vote illegally. Thank the Lord this idea is on hold, hopefully forever.

Hui Chen was 100 percent right to say the Justice Department can’t enforce corporate conduct laws with a straight face with President Trump behaving the way he does. He tramples every principle of good conduct he can find. If we truly ran the government like a corporation, he’d already be fired.

I have spent much time recently reading companies’ disclosure of how the new revenue recognition standard (coming in December!) might affect their financial picture. SEC officials have been warning companies that those disclosures really aren’t up to snuff. Those SEC officials have a point.

I am amazed at how much wisdom about compliance, ethics, and business conduct can be gained by raising small children.

Posted in General

Leave a Comment

You must be logged in to post a comment.