Another Take on Messaging Apps

messaging

For nearly three years now, the Securities and Exchange Commission has fired off one enforcement action after another at the financial services industry for employees’ improper use of messaging apps. Today let’s consider two contrarian voices that raise a fair question: exactly how are firms supposed to satisfy this nearly impossible compliance goal? Those contrarian…

Read More

Lessons From Deere FCPA Sanction

Deere

Deere & Co. is paying $10 million to settle one of the more colorful FCPA cases we’ve seen in a while, replete with Thai massage parlors, envelopes of cash, sketchy overseas agents — and even a few lessons about compliance fundamentals from due diligence of acquisitions to program remediation. Let’s take a look. The Securities…

Read More

K-Cup Disclosures Cost Keurig $1.5M

K-cups

Well here’s news that will wake up all you sustainability reporting enthusiasts: the Securities and Exchange Commission just fined coffee giant Keurig Dr. Pepper $1.5 million for making misleading disclosures about the recyclability of those little K-cups.  The SEC announced the enforcement action Tuesday morning. According to the settlement order, Keurig stated in its annual…

Read More

Another Pre-Taliation Sweep!

pre-taliation

The Securities and Exchange Commission’s campaign against companies using pre-taliation language in their employment contracts continues, with seven businesses sanctioned this week for making employees sign away their eligibility for whistleblower rewards. In total the companies will pay more than $3 million in penalties. The SEC announced its enforcement action Monday morning. The worst offender,…

Read More

A Fresh Example of Poor Control Environment

control environment

The Securities and Exchange Commission has charged a Massachusetts company with allowing a poor control environment and weak segregation of duties, which in turn allowed one of the company’s corporate finance directors to inflate his division’s financial performance for years. The company in question is Circor International, a maker of industrial valve systems for the…

Read More

More Lessons on Cyber Control Failures

cybersecurity

We have another glimpse into modern cybersecurity threats and the control weaknesses that allow those threats to happen, courtesy of an enforcement action against a financial services firm that twice was duped by hackers into selling their customers’ assets.  The financial services firm is Equiniti Trust Co., a registered transfer agent — that is, a…

Read More

Another Round of Messaging Fines

messaging

The crackdown on employees’ use of off-channel messaging apps continues! The Securities and Exchange Commission just announced settlements with a whopping 26 financial firms for messaging offenses, and those firms will collectively pay more than $390 million in civil penalties — although three firms that self-reported their offenses will pay much less.  By now we…

Read More

SEC Lawsuit Against SolarWinds Gutted

SolarWinds

A federal judge has dismissed a high-profile lawsuit that the Securities and Exchange Commission filed last year against software firm SolarWinds and its chief information security officer, finding that SEC rules requiring companies to have strong internal accounting controls cannot be interpreted to include cybersecurity measures.  The SEC filed its lawsuit against SolarWinds and the…

Read More

UnitedHealth’s Big Cyber Compliance Mess

unitedhealth

UnitedHealth filed its latest quarterly earnings report today, complete with an update on the staggering costs of a ransomware attack the healthcare giant suffered earlier this year — and if anyone needs a fresh example of how cyber attacks can tie your company into compliance knots, pull up a chair. The attack itself happened in…

Read More

Internal Accounting Controls and Cyber Risk

control environment

Today I want to return to that recent enforcement action against RR Donnelley, where the Securities and Exchange Commission cited faulty internal accounting controls at Donnelley as grounds to impose a $2.1 million sanction over the company’s poor handling of a cybersecurity incident. What are internal control professionals supposed to make of an enforcement action…

Read More