Posts Tagged ‘cco liability’
Former Wells Fargo Execs Fined Millions
Three of the top risk assurance executives at Wells Fargo during its fake accounts scandal in the 2010s must all pay millions in fines for failing to challenge the bank’s misconduct aggressively enough — a dose of individual accountability that sounds good in theory, but might still leave audit, compliance, and risk management professionals rather…
Read MoreSolarWinds, Part III: ‘Following’ the NIST Framework
Today we return to the lawsuit the Securities and Exchange Commission has filed against SolarWinds, the IT services firm that suffered a disastrous cyber attack in 2020. How much does SolarWinds’ compliance with the NIST framework for cybersecurity — or its lack thereof — figure into this risk management morass? Quite a lot, at least…
Read MoreSolarWinds, Part II: This Is Not New
Today we continue our look at that lawsuit filed by the Securities and Exchange Commission against SolarWinds and its CISO for poor disclosure of the company’s cybersecurity issues. As unsettling as this case might be for compliance and audit professionals, is it really a ground-breaking moment in securities enforcement? Perhaps not. Let’s first appreciate what…
Read MoreA Deep Dive Into SEC’s SolarWinds Lawsuit
Heads up, compliance and internal audit professionals! The Securities and Exchange Commission just filed a potentially profound lawsuit against the tech company SolarWinds and its CISO for misleading investors about the state of that company’s cybersecurity defenses — defenses that were proven toothless during a cybersecurity breach in 2020. The lawsuit, filed Monday against SolarWinds…
Read MoreFresh Glimpses Into SEC Enforcement
The head of enforcement at the Securities and Exchange Commission has been on a bit of a publicity tour this week, making several speeches about the importance of strong compliance functions, enforcement measures such as monetary penalties and “compliance consultants,” and other issues dear to compliance professionals’ hearts. Most notably, enforcement chief Gurbir Grewal spoke…
Read MorePodcast: Delaware Law & Officer Liability
We have another Radical Compliance podcast today, this time talking about that recent Delaware Chancery Court ruling that opens the door to more personal liability risks for chief compliance officers and other corporate executives. To parse the implications of that ruling I called up Todd Haugh, professor of business ethics and law at Indiana University.…
Read MoreSEC Nails Activision on Culture Oversight
Activision-Blizzard has agreed to pay $35 million to settle charges from the Securities and Exchange Commission that the company didn’t have adequate processes to warn investors about its poor corporate culture. The company also settled charges that it violated whistleblower protection rules. The settlement was announced Friday morning, and I fear that this case may…
Read MoreDuty of Oversight, Part II
Today let’s take a closer look at that Delaware Chancery Court decision from last week that established a “duty of oversight” for corporate officers. It’s another evolutionary step in the oversight of corporate culture, which is always something corporate compliance and audit professionals need to watch closely. The decision involved the former head of HR…
Read MoreA Double Whammy of Accountability
Holy cow! The compliance world had two big stories break within the last 24 hours: one about a Wall Street bank trying to hold employees accountable for good behavior, the other about the legal risks for corporate executives who don’t. We can start with the Wall Street bank, because everyone loves to pick apart what…
Read MoreYe Olde CCO Certification Idea
Here’s an intriguing question about compliance officers certifying the effectiveness of their compliance programs: Could we trace this idea, at least partly, back to an FCPA opinion release the Justice Department published in 2020? This notion came to me from a sharp-eyed compliance officer who was reading the opinion release the other day. It involved…
Read More