Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.

Odds & Ends in Compliance

Matt Kelly | April 2, 2012

Sometimes the news around corporate compliance, risk, and governance just comes too fast and furious to keep pace. Various items on my mind today…

Your mystery regulator. Last week I had the privilege of hosting another Compliance Week executive roundtable, where we met with compliance and risk officers from the banking sector to talk about the Dodd-Frank Act. The conversation spanned a wide range of concerns, mostly orbiting around the complaint of too many regulators demanding too much data. One specific subject that came up for discussion: the Office of Financial Research, the regulatory agency nobody watches.

Who are these people? What do they want? When will they start pestering financial firms like every other self-respecting regulatory does? The ten of us at the roundtable pondered those questions for a few minutes, and didn't have many good answers. But we all suspected that the OFR will make itself more visible in coming months.

We do know that the OFR has several dozen staffers today, and plans to reach 275-300 people by mid-2014. The OFR published its strategic framework just last month, which outlined an ambitious (and predictable) agenda. Foremost, the OFR will build a data center and research arm to study financial transactions, and use that research to help the Treasury Department's Financial Stability Oversight Council set policy. The OFR is also working on other projects such as a global system of Legal Entity Identifiers and various research papers.

That's a lot of data the OFR will be collecting, folks. Compliance officers in the banking sector would do well to keep the OFR's future demands in mind as you grapple with your IT systems.

And who's in charge there? The Senate Banking Committee voted last week to approve Dr. Richard Berner as director; expect the full Senate to take up the nomination soon. One other interesting detail: one employee at OFR is the always- thoughtful David Blaszkowsky, who formerly led XBRL compliance at the Securities and Exchange Commission. Blaszkowsky is all about how to tag data for sophisticated analysis, so I'm not surprised his expertise landed him here.

Daily Deal: Groupon stock, 13 percent off. Nobody should take delight in a company's misfortunes, but we should all take note of the financial restatement Groupon disclosed last Friday—since it is a perfect example of why the JOBS Act, due to be signed into law this week, is an outstandingly bad idea.

My disdain for the JOBS Act is no secret. The law has almost nothing to do with its alleged purpose of creating jobs at small businesses, and everything to do with its real purpose of taking companies public more quickly, regulatory oversight be damned. This is what happens when you do that. The JOBS Act creates a new class of “emerging growth companies,” defined as those with less than $1 billion in annual revenue, and exempts them for five years from all sorts of governance provisions, such as an external auditor's review of internal control over financial reporting.

Groupon has run afoul of the SEC in the past, when the agency rejected the company's self-created accounting metric that pretty much said when you exclude reality, business is booming. Under the JOBS Act, conversations like that will now happen confidentially, and investors won't know about possible mismanagement until far later in the IPO process, if at all.

Reality did finally intrude on Groupon last week. It restated results for the fourth quarter, cut net income by $22.6 million, and saw its already unimpressive stock price fall another 13 percent. Let's see supporters of the JOBS Act explain to Groupon investors how that helps America's capital markets.

Battle of the Frameworks. Norman Marks, the aficionado of all things audit over at SAP, launched a project last week that needs your help: a survey to determine the most popular standard for risk management. The survey is free, anonymous, and independent, so do take it when you have a few spare minutes.

Marks crafted his survey as a choice between the COSO Enterprise Risk Management Framework or ISO 31000 (the global standard for risk management that the ISO fans use), and then published the survey on the popular governance chat room run by Dan Swanson. That, naturally, prompted a flurry of discussion about all the other risk management frameworks out there, such as the AS/NZS 4360 standard crafted by standard-setters in Australia and New Zealand. Vigorous discussion continues to this day, as my email in-box can attest.

We'll follow up with Marks in due course to get the results of his survey and publish them here, for all those interested in such things. Frameworks are not necessarily the sexiest of subjects, in a field that isn't terribly sexy to begin with—but they do matter, and help compliance officers keep focus on the versatile systems they need to manage the many risks they face. So the more input about which ones are effective, the better.