Fraud and Corruption
I believe software is essential in managing user access risk, not only for SOX but also for other business risks. In fact, the potential harm from inappropriate access is typically greater for other business risk (such as the possibility of disruption of activities such as revenue generation or manufacturing, reputation risk, and the protection of valuable intellectual property) than it is for SOX.
On December 20, 2016, the Financial Transactions and Reports Analysis Centre of Canada released new guidelines in respect of politically exposed persons and heads of international organizations. A separate guideline was released for each of financial entities, securities dealers, life insurance companies, agents and brokers and money services businesses. The Guidelines will be effective June 17, 2017.
An interesting interview with Eugene Soltes, the Jakurski Family Associate Professor of Business Administration at Harvard Business School, appeared in the Harvard Business School’s Working Knowledge publication. According to the school, “his research focuses on how individuals and organizations confront and overcome challenging situations”. “Why White-Collar Criminals Commit Their Crimes” is an ‘author interview’, Soltes having written Why they do it: Inside the mind of the white-collar criminal. I have not read the book, but suggest that those with continuing responsibility for detecting and/or investigating fraud might want to do so.
The news about the Wells Fargo staff ‘scam’ (the word used in this article in SC magazine) is mind-boggling. What I found mind-boggling is that (according to CNN Money) Wells Fargo had to fire about 5,300 workers (out of a total staff estimated at 265,000, or 2% of all employees). When 2% of employees were fired, you have to assume that more people knew or should have known. The prevailing Wells Fargo culture in reality was to do what was right for the staff, not the customers!
A recent Mediation Settlement from the BC Privacy Commissioner has raised an issue of particular interest to law firms, and other organizations which must meet “Know Your Client” requirements. The item is brief, but seems to suggest that free legal advice doesn’t trigger the “Know Your Client” provisions imposed by various Law Societies for compliance with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. According to this Mediation Settlement, only paid legal advice triggers that obligation.
Have your provided comments on the COSO ERM draft? Please share your views on this important document. I submitted my comments some time ago. I realize that some of you prefer the ISO 31000:2009 global standard on risk management. But let’s recognize that nearly half of the risk management functions around the world are
influenced by if not using the COSO framework.
Pension and benefit plan provider breaches privacy law causing employee to lose life insurance coverage
Many of us have called service providers to change basic information, such as a mailing address. You pick up the phone, speak to a representative, and the change is made; no big deal, right? This seamless scenario may not always be the case. Any little misstep on an organization’s part can cause grief not only for the customer, but also for the organization itself. This proved to be true when an employee complained, to the Office of the Privacy Commissioner of Canada, that her employment pension and benefit provider disclosed her personal information to a third party without her consent.
U.S. online payment processor Dwolla fined $100,000 for misrepresenting data security practices: Lessons for Canadian companies
In March, 2016 the U.S. Consumer Financial Protection Bureau (“CFPB”) issued a Consent Order against Dwolla Inc., an online payment platform, for deceiving consumers about its information security practices. The CFPB levied a $100,000 civil monetary penalty against the company, a first for the CFPB. While Canada has different privacy and consumer protection regimes, the lessons from the Dwolla case point to a new direction in enforcement approaches.
As anyone who’s ever left a USB key in a Kinko’s knows, it’s easy to lose a mobile device containing sensitive user information. As a recent statement from the Newfoundland and Labrador’s Office of the Information and Privacy Commissioner shows, taking preemptive steps to make the user information on a mobile device more secure could protect the information – and your organization – if the device ever falls into the wrong hands.
Final amendments to Regulations to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act released.
On February 18, 2016, after a thorough and rigorous analysis which included closely monitoring the rewards-based whistleblower programs offered by the U.S. and Ontario, the Autorité des marchés financiers (the AMF) announced that it does not intend to offer financial rewards to whistleblowers. Instead, the AMF wishes to promote a whistleblower program that builds on existing measures.
This is not to suggest that written contracts provide perfect inoculation against lawsuits—litigants often misunderstand the obvious; written information may be open to multiple interpretations; and people sue even when they have no case. Two important considerations when making an agreement that you wish to be legally binding and enforceable in a court of law, are: