cybersecurity

We have another report on cybersecurity threats this week, one that demonstrates just how difficult it is for large organizations to address this risk effectively — because while the vulnerabilities themselves are squarely a CISO’s concern, the damage they can cause is very much a regulatory compliance problem. The report comes from Onapsis, a cybersecurity…

Read More

For several days now I’ve wanted to discuss risk management and compliance lessons we could learn from that cargo container ship trapped in the Suez Canal, but I was stuck on exactly what to say about it.  My thoughts finally dislodged (that’s the last pun, I promise) after reading a superb analysis in the Financial…

Read More
algorithms

Compliance professionals searching for cutting-edge policy management mishaps, turn your gaze toward Stanford University. The mess that the medical school endured last week with its bungled distribution of covid vaccines to employees offers lessons to us all.  What happened? According to press reports and many unhappy people on Twitter, Stanford Medicine started rolling out its…

Read More
goodwill

Today I want to circle back to that lawsuit the SEC filed last week against Sequential Brands for failing to impair its goodwill assets in a timely manner. It’s a glimpse of poor internal control that raises an intriguing question: How many other companies might be in a similarly precarious position?  After all, goodwill has…

Read More

My phone rang the other day; it was the U.S. compliance officer at a large global business whom I know quite well. “Hey,” he said, “you know the statistic that more than half of internal audit people have felt pressure to cover up awkward findings in their work? I have a complaint about that.” I…

Read More
internal control

Now that we’ve all had the weekend to contemplate the massive Goldman Sachs FCPA enforcement action from last week (because that’s how we all spend our free time, right?), let’s return to an issue that’s been on my mind since the settlement was announced.  How does a company strengthen an internal control, when that control…

Read More
goldman

All right compliance professionals, it’s here: Goldman Sachs has agreed to pay $4.3 billion to settle corruption charges for its role in the 1MDB scandal — making Wall Street’s premier investment bank responsible for the largest criminal penalty in FCPA history.  U.S. regulators announced the news today, although rumors of a settlement had been swirling…

Read More
internal control

For years regulators have talked about the importance of data analytics in enforcement actions. Now the SEC has demonstrated that point with two enforcement actions for poor internal control and earnings manipulation, driven by the agency’s in-house analytics team. So we can’t say nobody warned us.  The enforcement actions were announced Monday, against a carpet…

Read More
fcpa

Some days the WTF-o-meter just doesn’t go high enough, and such is the case with the latest FCPA enforcement action from the Securities and Exchange Commission. Fellow compliance travelers, prepare yourselves.  The SEC dinged World Acceptance Corp., a consumer loan business based in South Carolina, for a bribery operation the company’s Mexico subsidiary ran in…

Read More
Mr. Potato Head

Here’s one way to convey the importance of software patch management: a bunch of Canadian Tire retail stores had to close last week because “a downloading error” caused all purchases to be scanned at the checkout register as Mr. Potato Head.  The Toronto Star dug up this story last week. Five Canadian Tire stores in…

Read More