Study: Deferred Comp Boosts Ethics

compensation

We have a fresh bit of ethics and compliance academic research to start our week: a study from Australia demonstrating that deferred compensation is indeed a good way to curb misconduct risk among employees — and can even boost employee productivity, too.  The study comes from Elizabeth Sheedy, business professor at Macquarie University and director…

Read More

A Compliance Experiment in GIFs

GIFs

Any compliance professional worth his or her salt knows that clever communication about ethics and compliance policies is crucial to winning over employees’ enthusiasm. So when a compliance officer (who shall remain anonymous) shared with me a prototype “anti-bribery compliance through GIFs” — well, that was too good not to publish.  Therefore we humbly submit…

Read More

Twitter Allegations: Begin at the Top

twitter

Corporate compliance and audit professionals might want to clear your schedules. The former head of security for Twitter has published a stunning whistleblower complaint against the company, alleging all manner of security failures at the social media giant — and that management then lied to the board and regulators about the severity of the problems. …

Read More

Fresh Approaches to Cybersecurity Risk

cybersecurity

Every regulator and their uncle is climbing aboard the cybersecurity bandwagon these days. Before that bandwagon starts rolling away with itself, however, we might want to ask whether corporate audit and compliance teams, and even the regulators themselves, are going about all this in the wisest way possible. Two recent posts on Radical Compliance capture…

Read More

Lessons in the HanesBrands Cyber Attack

Before we all forget, compliance and audit professionals should note that HanesBrands coughed up an ugly quarterly report last week — and one principal reason for that awful report was a ransomware attack that apparently cost HanesBrands $100 million in lost revenue.  The ransomware attack itself is not news; Hanes disclosed the matter on May…

Read More

Wisdom From a Compliance Dinosaur

dinosaur

The other week I had coffee with a veteran compliance officer passing through town. This CCO has worked at numerous global organizations, some of the biggest names in his industry and to the public at large. So when my friend — we’ll call him the Dinosaur, since that’s how he described himself — started talking…

Read More

Attestations for Cyber Controls

Last week I was in Atlanta speaking to a group of IT auditors. Conversation turned to the SEC’s proposals for expanded disclosure of cybersecurity risks, and attendees raised a good question: Does this mean that CISOs and other executives will need to attest that, yes, the company’s cybersecurity measures are effective? Under the text of…

Read More

I Talked Compliance With BlenderBot

AI

Everyone knows I’ll talk ethics and compliance with just about anybody. So when Facebook decided to roll out its new AI-driven chatbox, of course I swung by its website and started asking the bot what it thought of corporate compliance programs.  The bot, apparently named BlenderBot 3, was launched on Monday. People can strike up…

Read More

‘Reasonably Designed’ Programs, Part II

reasonably

Our post last week about the lack of clear standards for a “reasonably designed” compliance program drew lots of comment from compliance professionals — enough that the issue deserves continued exploration, since there’s plenty more to say on the subject.  First let’s consider a concrete example of the confusion that could arise here.  Imagine your…

Read More

‘Reasonable Design’ and CCO Certifications

reasonable

Today I want to revisit the Justice Department’s plans to have chief compliance officers certify the effectiveness of their compliance programs, to unpack a question that’s been bothering me. When the department says it wants certification that your program is reasonably designed to prevent future violations, what does “reasonable” actually mean?  Readers of Radical Compliance…

Read More