Search results for: policies and procedures
Microchip Meltdowns and Vendor Risk
Last week I cited the rising importance of vendor risk management as one of the big compliance events to watch in 2018. One week into the year, we have a great example of just how slippery this challenge can be. The example comes from Meltdown and Spectre, security flaws announced last week that exist in…
Read MoreQuick Case of Kickbacks and COI
We have a fresh example of kickbacks and conflicts of interest gone awry, thanks to a nifty case from the Securities and Exchange Commission this week that busted a rogue stock trader nicknamed “the Phantom.” The Phantom’s real name is Brian Hirsch, 42. The SEC charged Hirsch and one of his customers, Joseph Spera, accusing…
Read MoreOf Whistleblower Hotlines and Anti-Retaliation Programs
One of the most slippery tasks for any compliance officer is measuring the effectiveness of your program. And we all know one of the go-to metrics that compliance officers use, even if many secretly wonder how informative that metric really is. We speak, of course, about “hotline statistics.” Just last month, Convercent and Ethisphere published…
Read MoreTwo Examples of Compliance Issues in Trump 2.0
Today we have two more examples of what ethics and compliance in the Trump 2.0 era might look like: one demonstrating the need for compliance capabilities right now, the other suggesting the ethics and integrity pressures companies could face in the future — and both worth compliance professionals’ attention, because folks, this stuff is coming.…
Read MoreAnother Tale of Poor Cyber Practices
Here’s an interesting item for all you cybersecurity auditors and GRC professionals: the state of New York just fined PayPal $2 million for “failing to use qualified personnel to manage key cybersecurity functions,” which led to an inept rollout of new accounting processes and a subsequent privacy breach. The New York Department of Financial Services…
Read MoreRebutting Resistance to Compliance Investments
Earlier this week I visited one of the larger compliance vendors in the market to talk with their sales staff about the pressures compliance officers face. Our discussion quickly centered on two questions. First, why do some companies decide not to invest in compliance capabilities? And second, what are some possible arguments that might change…
Read MoreMetrics for Assessing AML Compliance Program
Financial crimes compliance is not easy, and that’s especially true for fintech firms — young, fast growing, and subject to a complicated thicket of anti-money laundering rules. Building an effective compliance program in that environment is not easy, and compliance officers need to tread carefully to get it right. To that end, in this post…
Read MoreGovernance Lessons From NRA
A New York state judge has ordered the National Rifle Association to implement a suite of corporate governance reforms meant to encourage transparency and enforce ethical conduct, after years of mismanagement by the NRA’s former leaders. It’s fascinating stuff for compliance officers, regardless of what you think about the NRA’s political positions. The judge’s ruling,…
Read MorePodcast: State of the Compliance Community
Today we have another Radical Compliance podcast, this time to talk about the community of ethics and compliance professionals and the challenges of keeping that community engaged. To unpack those issues I called up Gerry Zack, former CEO of the Society of Corporate Compliance & Ethics and the Healthcare Compliance Association. As compliance folks might…
Read MoreFinCEN Gives Advice on Deepfakes
FinCEN has published an alert warning financial firms about deepfakes and other AI-driven fraud schemes, along with several suggestions for how firms could improve their policies and procedures to spot fakes and stay on top of your suspicious activity reporting obligations. FinCEN published its guidance on Wednesday. It has no particular force of law, but…
Read More