Compliance Week Coverage

Breaking Down Silos and Building Up Enterprise Compliance

May 22, 2013

Since the pace of change for most businesses is quickening, they need to be better than ever at adjusting to a fluctuating environment. For compliance that means structuring a program that is consistent, yet adaptable to evolving laws, regulations, markets, and third-party relationships. Inside, coverage of Compliance Week 2013 conference on breaking down silos and building up enterprise compliance.
 

Compliance Budgets Rising for Banks as Regulations Multiply

May 21, 2013

The onslaught of new regulations for financial institutions continues to make life difficult for compliance officers at financial services firms. In response, banks and insurers are increasing their compliance budgets, according to a survey by Thompson Reuters. Still many report the added resources aren't enough. "There's so much going on. It's the 'bombs bursting in air' kind of thing," says Richard Riese, senior vice president at the American Bankers Association Center for Regulatory Compliance.
 

After Three Years, Why Are Companies Losing Say-on-Pay Votes?

May 21, 2013

While many companies have revamped pay plans to pass muster with shareholders, plenty are still failing say-on-pay votes this proxy season, including Navistar International, Comstock Resources, Stillwater Mining, and many others. "Now that we are in the third year of say-on-pay, why are some companies still failing?" asks Brian Sohmers, a general manager at Equilar's. The answer has as much to do with performance as it does with pay. Details inside.
 

EU Set to Adopt More Stringent Data Privacy Laws

May 21, 2013

The European Parliament is working on a final proposal that would make the European Union's already stringent data privacy laws even tougher for businesses and would cast a wider net, requiring many U.S. companies to comply with European data protection regulation for the first time. The new laws, if passed, would require companies to report serious data breaches to regulators as soon as possible, meaning within 24 hours if feasible. More details inside.
 

Updated COSO Framework to Spark Review of Internal Controls

May 21, 2013

Now that COSO has completed the update of its widely used internal control framework, it's time for companies to determine where control changes might be in order. The good news is that the framework keeps the five core principles, but it also adds 17 new underlying principles that will likely require additional documentation. "Now you need to go one level below," says Christian Peo, a partner with KPMG.
 

Healthcare Companies Struggling Still With Sunshine Act Compliance

May 21, 2013

Drug companies and medical equipment makers are facing dark days ahead as they struggle with the cost, complexity, and even legal risks associated with the Sunshine Act. The Centers for Medicare & Medicaid Services estimate the total cost for Sunshine Act compliance will hit $269 million in year one and $180 million each year going forward. Manufacturers are "struggling to get their systems in place," says Michaeline Daboul, CEO of MMIS, a healthcare software provider.
 

Comp Committee Standards Arrive

May 14, 2013

Forget the Fourth of July: For companies listed on the New York Stock Exchange and Nasdaq, July 1 is independence day. That is when new standards go into effect for independence of board directors who serve on the compensation committee, and for hiring pay advisers—which may be the trickier part of compliance. Our complete look at following the standards is inside.
 

How to Avoid a Tax Probe in the Higher-Education Sector

May 14, 2013

The IRS has issued a report that contains a stern warning for non-profit colleges and universities, which could resonate through the entire not-for-profit sector: Watch out for how you treat unrelated business income and executive compensation if you want to protect your tax-exempt status. "All exempt organizations need to be aware of the importance of accurately reporting unrelated business income and providing appropriate executive compensation," said Lois Lerner, director of the IRS exempt organizations division.
 

Don't Be Fooled by the Lull in FCPA Enforcement Actions

May 14, 2013

It has been quiet on the Foreign Corrupt Practices Act front, with the Justice Department and the SEC bringing just three enforcement actions against companies so far in 2013, compared to a combined 19 last year and 48 in 2010. But don't be lulled by that eerie calm; lawyers say it won't be long before regulators are once again piling up FCPA settlements. "All signs indicate that those numbers will shoot back up," says John Davis, a partner at law firm Miller & Chevalier.
 

PCAOB Pushes for More Scrutiny of Related-Party Transactions

May 14, 2013

Auditors will soon have to follow new rules requiring them to dig deeper into transactions that appear out of the ordinary and to scrutinize business dealings with executives' family members, large shareholders, former executives, and other related-party transactions. Some say the PCAOB's proposal on related-party transactions is long overdue. "The proposed new standard gets rid of the old 'don't worry too much about this' mentality," says Brian Mayhew, associate professor at the University of Wisconsin in Madison.
 

Companies Prepare for Disclosure on Social Media

May 07, 2013

After the SEC clarified that companies can use social media outlets to announce material information, several companies, including Netflix, GE, and AutoNation, filed details with the SEC on their intentions to disclose information on sites such as Twitter and Facebook. Some corporate communication specialists, however, are urging caution. "I think there are some pitfalls," says Laurie Green, a partner with the law firm Holland & Knight. "There are liabilities that go with it."
 

Tying Pay to Compliance: Will Walmart's Plan Work?

May 07, 2013

Walmart will soon begin basing a portion of compensation for top executives, including CEO Michael Duke, on the company's ability to meet compliance goals, as it works to move past a massive bribery scandal. Compensation advisers say the move, while rare, could be the beginning of a trend. "It certainly has the potential to draw imitators," says Chris MacDonald, senior fellow at Duke University's Kenan Institute for Ethics.
 

Cracking the Code: Codes of Conduct That Actually Work

May 07, 2013

Nearly every company has a code of conduct. At some it's a commonly cited guide to behavior at the organization. At others, it gets more use as a beverage coaster. The difference may lie in how the document is crafted. Codes of conduct that are too long, use legalese, or are short on examples are more likely to gather coffee rings than to spur employees to uphold company values. More details inside.
 

EU's Extraction Payments Rules Go Beyond Dodd-Frank

May 07, 2013

European companies in the oil, gas, mining, and logging industries will soon be required to reveal more about the payments they make to governments for the rights to extract resources in the counties in which they operate. The EU directive goes beyond what a similar Dodd-Frank Act regulation requires by including the forestry industry and private companies. More inside.
 

Lessons From SEC's First FCPA Non-Prosecution Agreement

May 07, 2013

Last month the SEC struck a deal with clothing retailer Ralph Lauren Corp. not to prosecute the company for alleged violations of the Foreign Corrupt Practices Act in exchange for the payment of fines and other concessions. Ralph Lauren Corp.'s actions—it conducted a thorough investigation and quickly self-reported the violation—provide new insights on how to win credit from government agencies when allegations of corruption arise. Full details inside.
 

Making Changes to Pay Plans? Don't Forget the Accounting

May 07, 2013

When companies make changes to their executive compensation plans they often overlook the accounting consequences. As public companies gravitate toward performance-based plans, for example, they face more mark-to-market accounting. And adding clawback provisions creates other accounting headaches. Some changes leave accountants scratching their heads: "It certainly must not be accountants designing these plans," says Doug Reynolds, a partner at Grant Thornton.
 

Are All NLRB Rulings Since Early Last Year Invalid?

April 30, 2013

Several companies, including Starbucks, McDonald's, and Time Warner, are contesting the validity of decisions made by the National Labor Relations Board, due to a dispute over the legitimacy of President Obama's recess appointments to the board. An appeals court ruled earlier this year that the appointments weren't legal. As the case heads to the Supreme Court, labor lawyers are urging companies not to discount recent NLRB decisions or to make major changes to labor practices. More inside.
 

U.K. DPAs Could Come With More Strings Attached

April 30, 2013

The British government formally approved the use of deferred prosecution agreements in the United Kingdom last week. While the new prosecutorial tool should help Britain settle more bribery cases, increased judicial involvement in the negotiations are likely to mean stricter terms for companies that enter into them, with fewer guarantees. "The ultimate sanction power will lie with the judge," says Kathleen Harris, a partner in the London office of law firm Arnold Porter.
 

Updated HHS Guidelines Could Ease Self-Reporting Process

April 30, 2013

The Department of Health and Human Services is making it easier for healthcare providers and drug and medical device companies to self-report instances of fraud in hopes enforcement agencies will go easier on them. It updated the Self-Disclosure Protocol, first issued in 1998, to bring together in one place all the processes for self-disclosing fraud. The bad news? It also condenses the timeframe for companies to conduct an internal investigation. More inside.
 

In Search of Insolvency Clues

April 30, 2013

Investors have demanded better warning signs for insolvency recently, and the Financial Accounting Standards Board has been working on identifying ways to require companies to send up a red flag when concerns about continuing as a going concern arise. It's no easy task. "Everyone wants to know what the magic warning sign is, but I can't say there's a single one," says Esther DuVal, managing director at CBIZ Corporate Recovery Services.
 

Shop Talk: The Benefits and Risks of BYOD

April 30, 2013

Companies are increasingly allowing employees to use their own devices for work and putting policies in place to govern it. Known as "bring your own device," or BYOD, such policies can improve productivity and cut IT costs, but they come with lots of risks. During our latest executive forum, hosted with Crowe Horwath in Chicago this month, compliance and risk-management executives discussed how to address those risks.
 
 

The Fine Art of Knowing Your Customer

April 30, 2013

Developing an effective customer risk-assessment program requires banks and other companies to get to know every aspect of their customers. These programs call for gradually intensifying levels of due diligence that are designed to produce an accurate portrait of the customer. In the latest installment of our GRC Illustrated Series, we look at how to know your customer.
 

Despite Talk of Basel III's Demise, It's Not Going Away

April 23, 2013

To hear some critics tell it, Basel III, an international accord that sets new bank capital requirements, is on life support, felled by resistance from banks and delays from the global regulators. But don't trash the file just yet. Plenty of banking experts say the accord, while in need of refinements, isn't going anywhere. "I don't think Basel III is going to get scrapped in the United States," says Charles Horn, a partner with the law firm Morrison & Foerster.
 

Ruling Finds Communication With Federal Regulators Not Privileged Information

April 23, 2013

A recent district court ruling could push banks and other companies to be more careful with what they share with regulators, including the information they provide on compliance with certain regulations. A judge ordered Bank of China to provide plaintiffs in a lawsuit with information, including internal-analyses of its compliance systems, proposed actions, and changes to its compliance procedures that generally have been considered privileged in the past. More inside.
 

Ethics & Compliance Training for the Hardest Groups of All

April 23, 2013

Any compliance program worth its salt has been training senior executives for years now on the importance of ethics and compliance. In the real world, however, compliance officers have several more crucial employee groups to worry about, too: hourly employees, middle managers, overseas employees. How do you train these types effectively? Three experienced compliance officers share their best tips and advice inside.
 

How H-P Is Tackling Conflict Minerals Compliance

April 23, 2013

While some companies are struggling to get compliance with the SEC's conflict minerals rule on track to meet a May 2014 deadline, others have been working on the problem for years. Hewlett-Packard, for example, began tracing conflict minerals in the supply chain in 2007, long before the SEC adopted a rule last August. H-Ps conflict mineral efforts serve as a case study on getting compliance with the rule off the ground. More inside.
 

KPMG Insider-Trading Scandal Leaves Some Clients in the Lurch

April 23, 2013

An insider-trading scandal has left KPMG reeling, but it has also created a crisis for audit clients pulled into the fray, including Skechers and Herbalife. The companies must find new auditors and submit to new audits going back as far as 2010, which could require a substantial amount of rework. "The new audit firm would not want to rely on anything that team did," says Brian Fox, founder of audit services firm Confirmation.com.
 

Conflict Minerals Rule Compliance Is Off to a Slow Start

April 16, 2013

Many companies are finding it difficult to get started on compliance with an SEC rule requiring disclosure of conflict minerals in the supply chain, according to new research. Those that have begun are struggling with vague language of the regulation and limited visibility into the supply chain. With a May 2014 deadline, the clock is ticking. "It's game time," says Barbara Kipp, a partner in PwC's risk assurance services practice.
 

How Compliance and HR Can Get It Together

April 16, 2013

Compliance and human resources have always had a love-hate relationship. Now some companies are finding that getting them aligned can yield large benefits for both functions and improve the organizational culture. That collaboration, while vital, can be hard won, however. Inside, we look at ways to break down the barriers and foster better communication and cooperation between compliance and HR.
 

A Global Tour of Compliance Frameworks

April 16, 2013

What compliance standards exist around the world that are comparable to the U.S. Federal Sentencing Guidelines as blueprints for building robust compliance programs? To answer this question, Compliance Week set out to conduct a country-by-country analysis of compliance frameworks. What we found is that outside the United States, the compliance guardrails are far less sturdy. Details inside.
 

The End of U.K. GAAP

April 16, 2013

U.S. companies will have to start producing financials for all their British subsidiaries under a new financial reporting rulebook next year, as the United Kingdom phases out its version of Generally Accepted Accounting Principles. While most public U.K. companies moved to International Financial Accounting Standards by 2005, private companies and subsidiaries have had the option to remain on U.K. GAAP. In 2015, that will no longer be an option. More details inside.
 

Information Governance: How to Destroy Data ... for Good

April 16, 2013

Compliance Week concludes our six-part series on information governance this week with a natural endpoint: how to handle your data once it's ready for final destruction. Techniques to destroy data are less effective than you'd think, but litigation and privacy risks make the final phase of governance vital. "If you leave data around, it can come back and bite you," says Doug Miles of AIIM. More inside.
 

Weighing the Compliance and Regulatory Risks of India

April 09, 2013

From rampant corruption to bureaucratic red tape, doing business in India is fraught with compliance and regulatory challenges. "Bribery and corruption remain the biggest risks of doing business in India," says Dinesh Anand, head of forensic services at KPMG in India. For many companies, however, the benefits of its growing economy and skilled workforce outweigh those perils. More inside.
 

SEC's Social Media Guidance Raises as Many Questions as it Answers

April 09, 2013

Last week the Securities and Exchange Commission approved the use of social media sites such as Facebook and Twitter to make company announcements. While some criticized the agency for taking so long to embrace modern communication technology, others quickly pointed out that the guidance raises lots of new questions on using social media to disclose material information. Details inside.
 

When Buybacks Get Complex, So Does the Accounting

April 09, 2013

Companies flush with cash are conducting increasingly complex stock buybacks, some with thorny accounting implications. Buybacks with forward repurchases, written put options, and those involving derivatives, for example, can invite accounting scrutiny. "Essentially you are pulling very complicated accounting rules down upon yourself," says Bruce Pounder, director of professional programs at training firm Loscalzos.
 

The Corrections: Battle Lines Drawn Over Dodd-Frank Act Fixes

April 09, 2013

After Congressional Republicans failed in repeated attempts to repeal the Dodd-Frank Act completely, they are taking a new tack—looking for smaller fixes—that is finally starting to get some bipartisan support. "The current Congress is more open to making tweaks that need to be made to make the law workable," says Christina Crooks, senior manager of government affairs for Financial Executives International.
 

Info Governance: Tracking Data After It Has Left the Building

April 02, 2013

Given the network of third parties that most companies maintain, keeping tabs on data both inside and outside an organization is increasingly critical. Add to that the legions of road-warrior employees and the ever expanding data storage capabilities on their smartphones and tablets, and the job only gets harder. In the fifth installment of our series on the lifecycle of information governance, we look at tracking data as it leaves the company.
 

Internal Audit Continues a Push Into Risk Management

April 02, 2013

The role of internal audit continues to evolve. New requirements from Nasdaq and the Federal Reserve emphasize practices such as analyzing the effectiveness of risk management, monitoring compliance with stated risk tolerances, and other risk-based responsibilities. "Stakeholders are stepping up their expectations of internal auditors," says Richard Chambers, CEO of the Institute of Internal Auditors.
 

Legal Departments Struggle With Technology Shifts

April 02, 2013

Cloud-based storage and the ubiquity of smart phones and tablets are pushing legal teams in charge of e-discovery to the limit. Two separate surveys released in March indicate that the legal department is falling behind on managing electronic discovery. The studies also reveal a significant lack of communication and collaboration among legal, IT, records management, and other business units.
 

Shop Talk: Managing Privacy Risks in a Mobile World

April 02, 2013

Companies are quickly realizing the many benefits of mobile computing, but they see, too, that the convenience comes with a catch. Speed and agility bring with them unique privacy challenges and a complex patchwork of data privacy laws. During our latest executive forum, hosted with TRUSTe in Boston last month, compliance and risk managers discussed how to put the right policies and controls in place to mitigate data privacy risks.
 
 

Companies Respond to Increased Whistleblower Protections

March 26, 2013

Most companies are finding they need to add more protections for an expanding group of potential whistleblowers, as new regulations proliferate on retaliation against employees who raise concerns. In addition to programs created by the Dodd-Frank Act, federal agencies have strengthened and added to protections in existing whistleblower programs, too. More details inside.
 

Russia Anti-Bribery Law Sets New Compliance Standards

March 26, 2013

Russia's recently enacted anti-corruption law goes where none have gone before, by requiring organizations that operate in Russia to put a compliance program in place and to develop systems to cooperate with law enforcement even before any corruption is identified. Still, some are skeptical that it will be enforced evenly by Russian regulators. "Enforcement is still very erratic," says Delphine Nougayrède, a partner in the Moscow office of law firm DLA Piper.
 

Regulators Issue Very Real Regulations on Virtual Currencies

March 26, 2013

As the use of virtual currencies explodes, such as those used to buy items in online gaming apps, regulators have issued new guidance that defines entities that qualify as money services businesses. "MSBs" must register with the Treasury Department's Financial Crimes Enforcement Network and follow a host of recordkeeping and reporting rules aimed at preventing money laundering and other crimes. Details inside.
 

Big Companies Filing More Restatements, But on Smaller Matters

March 26, 2013

The largest public companies filed more financial restatements for the second straight year in 2012, although the significance of their restatements overall continued to decline. More restatements on smaller matters could be due to increased pressure from regulators to improve audit quality. "There is the potential some of what we are seeing here is connected to inspection reports," says Chris Wright, managing director at consulting firm Protiviti.
 

e-Discovering the Cloud

March 26, 2013

Moving data-heavy components such as e-mail and collaboration systems to the cloud is a no-brainer, right? Not so fast. Companies that don't consider the cloud's implications on e-discovery could suffer major headaches later in excess litigation costs or damages resulting from poor recordkeeping. "You can see it as a train wreck waiting to happen if you don't think about these things in advance," says Michael Lackey, a partner at law firm Mayer Brown.
 

One for All or All for One? The Unit-of-Account Problem

March 26, 2013

One of the issues that adds greatly to the complexity of accounting is the concept known as "unit of account." The question is whether to make accounting decisions item by item, or based upon some grouping of items. Inside, Columnist Scott Taub surveys the unit-of-account issue and calls for some consistency and common principles in applying unit of account in accounting standards.
 

Analyze This: The Value of Business Risk Assessments

March 26, 2013

An effective business risk assessment program requires addressing a number of soul-searching questions in an objective manner: How much risk should we assume? Where is our business going? How well do we even define risk? In the latest installment of our GRC Illustrated Series, we look at how to conduct a rigorous self-analysis to make better risk-management decisions.