Posts by Matt Kelly
Another Crenshaw Speech on SEC Policy
SEC commissioner Caroline Crenshaw was at it again last week, delivering another speech about what the Securities & Exchange Commission should do to be a more effective regulator for current times. Compliance professionals should heed her words, since Crenshaw is shaping up to be the resident progressive theorist among the five commissioners. That matters in…
Read MoreParsing Biden’s Cybersecurity Order
Earlier this week the Biden Administration issued an executive order to strengthen the federal government’s cybersecurity and oversight of the larger “software supply chain” that involves government contractors. IT auditors, risk managers, privacy officers, and related compliance professionals should prepare now for what’s coming soon. The order is most immediately a response to that ransomware…
Read MoreCompliance Jobs Report: May 14
Another full Compliance Jobs report this week. We have new hires in the fintech world, at Microsoft, Galderma, and a bunch of healthcare firms; and job openings from Atlanta to Boston to Dallas. Our Meme of the Week goes out to people paying ransomware attackers. As always, thank you to all the compliance people sending…
Read MoreA Suspicious Activity, Cybersecurity Mess
A broker-dealer firm in Colorado has agreed to pay $1.5 million to settle charges with the SEC that the firm failed to file suspicious activity reports about cybersecurity thieves trying to take over customers’ accounts. It’s a sobering example of how weak cybersecurity controls can spill over into regulatory compliance trouble. The firm in question…
Read MoreAn Interesting Whistleblower Award
Here’s something you don’t see every day: two recipients of a whistleblower award from the Securities and Exchange Commission fighting over how to split $22 million between them. The SEC announced the award on Monday, and as usual, we know little about the case itself. Apparently the misconduct happened at a financial firm, which at…
Read MoreCompliance Jobs Report: May 7
This week’s Compliance Jobs Report has a bundle of promotions, at Siemens, GSK, Wells Fargo, Spirion, and elsewhere. We also have new hires at SpartanNash, American Physician Partners, Allianz, and more; plus a few job leads at companies with the word “Discover” in the name. And don’t forget our Meme of the Week! As always,…
Read MorePCAOB Stands Pat on Data Analytics
The PCAOB released an update Thursday on its thinking about how to use data analytics and related technologies in financial audits, and it seems that the regulator will maintain for now its belief that no new auditing standards to address technology are necessary. For several years now, the PCAOB has run a small task force…
Read MoreSAP, Part II: The Gritty Compliance Details
Today we return to that enforcement action imposed on business software giant SAP, which last week settled charges that it had violated U.S. export control law in the 2010s by offering software patches, upgrades and cloud-based services to users in Iran. Our first post on the case was more a summary of the overall facts,…
Read MoreAnother Example for SOX & Cybersecurity
From time to time I’ve written about how poor cybersecurity and software patch management leads to faulty internal financial controls. Now a bank in Tennessee has disclosed a cybersecurity breach that seems to demonstrate the case. The bank, First Horizon Corp. ($FHN), disclosed the breach in an SEC filing last week. The breach wasn’t large,…
Read MoreSAP Nailed on Sanctions Violations
Software firm SAP is paying $13.1 million to settle charges that the company and its business partners violated U.S. sanctions law in the 2010s by offering software patches and upgrades to users in Iran and allowing Iranian customers access to SAP’s cloud-based technology services. The settlement was announced Thursday by the U.S. Justice Department, along…
Read More