More Cybersecurity Lessons From Morgan Stanley

Last week I had a post about the SEC’s recent cybersecurity enforcement action against Morgan Stanley, examining the internal control failures that allowed a now-former employee to swipe the personal data of 730,000 customers. Well, if you’d like to consider that enforcement action from another angle, go read John Reed Stark’s excellent piece on what…

Read More

Boring Lessons on Cybersecurity Controls

qualitatively material

Last week the Securities and Exchange Commission dinged Morgan Stanley $1 million for poor cybersecurity controls. The case is an excellent primer on policy management, compliance, and cybersecurity risks, so let’s take a look. The case centers on Morgan Stanley Smith Barney, one of the bank’s subsidiaries; and a financial adviser there named Galen Marsh.…

Read More

Better Compliance Strategies for Email Risk

Harvey Pitt, a former chairman of the Securities and Exchange Commission, had a pithy observation about corporate compliance called the Pitt Rule of Discovery: “A document necessary for a company’s defense shall not be found when needed, unless the document actually makes the company’s situation worse—in which case, said document will be discovered at the…

Read More

More on Useful Compliance Dashboards

Last month I wrote a post about what should be included in a chief compliance officer’s dashboard—that is, which metrics convey the most useful information that helps CCO decision-making. The column was heavily circulated on LinkedIn and I received great ideas from compliance professionals, so today we’re going to have a follow-up based on those…

Read More

The ‘This Seems Weird’ Control for Data Privacy

qualitatively material

Not long ago I heard the story of a CEO who was the victim of attempted “spear phishing”—where some outside hacker impersonates the boss, and via email asks employees at the company to reply back with valuable information. In this specific case, the hacker posed as the CEO and contacted a junior member of the…

Read More

Dueling Perspectives on Compliance & Yates Memo

penalties

There we were—me, the Lawyer from a large law firm in the United States, and the Ethics Consultant who works with large companies here and in Europe. We were talking about the Yates Memo, and its possible consequences for companies under investigation by the Justice Department. First, a refresher for anyone unfamiliar with the Yates…

Read More

More on Compliance, Audit, and Supply Chain Fraud

Deloitte today published some fresh research confirming what many compliance officers probably already suspect: supply chain fraud continues to be a serious problem for many companies, and one that most organizations aren’t terribly adept at fighting. The fundamental problem is how to fit modern anti-fraud procedures into global corporations’ convoluted payment approval process. We have…

Read More

Three Lessons From Qualcomm FCPA Settlement

rankings

Nothing beats a good “princeling” case under the Foreign Corrupt Practices Act for tough, teachable moments that a compliance officer should study. We have that example today, since Qualcomm just paid $7.5 million in fines and penalties to the SEC for its princeling offenses. So let’s take a look. The facts are straightforward. Qualcomm makes…

Read More

Of Whistleblower Hotlines and Anti-Retaliation Programs

One of the most slippery tasks for any compliance officer is measuring the effectiveness of your program. And we all know one of the go-to metrics that compliance officers use, even if many secretly wonder how informative that metric really is. We speak, of course, about “hotline statistics.” Just last month, Convercent and Ethisphere published…

Read More

Going Nuts Over Contract Management Systems

Perhaps other people—ne’er-do-wells and losers, obviously—think that contract management is boring. Well, that’s not the case here at Radical Compliance, so we were delighted earlier today to see a quick essay on subject posted on LinkedIn. Let’s get into it. The post was written by Martin Lønstrup, senior legal adviser at Maersk Oil in Houston.…

Read More