Compliance on My Mind This Week

Random thoughts about ethics and compliance while reviewing my 2018 policy manual…

Yes! The Society of Corporate Compliance & Ethics and the Institute of Internal Auditors will be holding their major conferences in 2018 at the same time and place: Oct. 22-24 in Las Vegas. SCCE at Caesar’s Palace, IIA one block south at Aria. Sometimes fate smiles on the travel budget.

Remember, tax compliance folks: thanks to tax reform, your firm now needs to reassess the value of any tax-deferred assets it’s carrying on the books, and many will need to take a write-down on those assets for the fourth-quarter. This change affects mostly banks, and over time tax reform will pour plenty more money into the company coffers, but for this quarter, you’ll feel a squeeze.

One of the most important annual reports that ethics and compliance officers should read every year is the Edelman Trust Report. Trust is the glue that holds a corporate culture together, and these days, that glue is weakening. I’ll be curious to see what the Edelman Report for 2018 says.

A fool and his money are soon parted. You can say the same about bitcoin investors in the last few weeks, and I don’t have much sympathy for them.

The FCPA Corporate Enforcement Policy is a fair and reasonable enforcement tool in the hands of someone responsible, such as deputy attorney general Rod Rosenstein. I do wonder how it could be abused by someone else with less interest in policing against bribery.

Compliance and audit executives often like to talk about “fraud, waste, and abuse,” especially if you work in the government sector. Here’s a nifty visual chart, courtesy of the Government Accountability Office, plotting what those words mean. The GAO report was examining fraud, waste, and abuse within the Center for Medicare & Medicaid Services, but the chart is useful to any industry.


For the last five years at the start of every football season, I’ve said, “I just wonder whether this is the year Tom Brady will finally show his age.” Then Brady would play another superb season. So this year I decided to shut up.

Let’s suppose you’re a retailer with 60 million customer records. From a securities law standpoint, which is the more material event: a breach of 40 million customer names, or a breach of 100,000 complete records (names, addresses, birthdates, credit card numbers, etc.)? That is, which one should require a company to file a Form 8-K with the SEC?

You’re goddamn right I’ll try to organize a paintball contest between SCCE and IIA conference attendees in Vegas.

That preposterous, $25,000 Cone of Silence that EPA director Scott Pruitt is building, at taxpayer expense, might be the stupidest waste of money in the whole Trump Administration — and really, that’s a tough prize to win.

Yes, the new accounting standard for revenue recognition strained financial reporting departments in 2017, and will do so again in 2018. Still, the new standard for lease accounting coming at the end of 2018 is likely to be the bigger deal for corporate balance sheets.

Now that the Securities and Exchange Commission and the Public Company Accounting Oversight Board are back to full manpower, I’ll be curious to see how SEC chairman Jay Clayton tries to orchestrate a retreat from the investor protections of the Sarbanes-Oxley Act. Read between the lines of his speeches, and you can practically hear Clayton shout, “Don’t you understand? This is why Donald Trump appointed me to the job!”

The Kelly Law of Third-Party Risk Management: the better your firm is at managing third-party risk, the more attractive you are as a third-party to others. That’s the real business imperative for corporate compliance these days, and it will only become more true in the future.

The truth is that many companies have improved their management of cybersecurity risk in recent years — some to the point that that cybersecurity may no longer be one of the top operational risks they face. But try telling that to your board, worried about the optics of saying cybersecurity isn’t a top risk. The board will look at you like you have three heads.

President Trump’s smears against the FBI are appalling. They’re not surprising, given how insecure, ignorant, and venal Trump is — but they are appalling.

If Diehard were set on Good Friday, would we call it an Easter movie? If it were set on July 3, would we call it a July 4th movie? No. So why the hell do we call it a Christmas movie just because it’s set on Christmas Eve? The plot is holiday agnostic.

I expect the Patriots to win the Super Bowl in 2018, too.

Defense contractors are supposed to be in compliance with new cybersecurity requirements under the DFARS acquisition rule by Dec. 31. We all know that many government contractors are nowhere near this goal, correct?

Rod Rosenstein got off to a terrible start as deputy attorney general, but now he’s the most important bulwark against President Trump’s effort to undo the rule of law in this country. If he leaves his job, we all know Trump will consider it a lesson learned and nominate a suck-up like so many others in the Administration today.

Who would have guessed one year ago that Uber would be the 2017 poster boy for corporate misconduct? And yet, here we are. So we shouldn’t dwell too much on which company will fill that role in 2018. We’ll know it when we see it.

Leave a Comment

You must be logged in to post a comment.