Six months ago I predicted six events to watch in corporate compliance for 2015. With the year half over—and in the interests of holding people accountable, including yours truly—now seems a good time to revisit those predictions and see how the year has been unfolding so far.
The risk of political risk. I’ll be honest: when I talked in January about political risks translating into business risks much more quickly, Russia and Ukraine were the countries I had in mind. Greece was not. Yet six months later, Greece seems to be the spark that could ignite all manner of financial risk across Europe.
I did cite North Korea’s hack attack against Sony as another example of political risk disrupting business. The recent hack into the U.S. Office of Personnel Management—traced back to someone in China, even if we don’t know exactly who—is another example of the cybersecurity era we are entering, where nations can attack a company and “rogue actors” can attack nations. We have no idea how to exist in that Kafkaesque world yet. Lord knows when we will.
The COSO enterprise risk management update. At the end of 2014 COSO announced that it would develop an update of its ERM framework, first published in 2004. Cynic that I am, I wondered why this update, and why now? Will an ERM framework eventually become the preferred standard for some enhanced compliance obligation in the future, Sarbanes-Oxley on steroids?
Perhaps not. Our own columnist Rick Steinberg wrote an article examining the ERM project and quelled a good bit of that cynicism, and so far COSO has assembled a strong advisory committee to help chart the course. Even a proposed framework (let alone a final one) isn’t likely to arrive until 2016, but so far COSO is doing a solid job to put together a solid ERM framework—no matter what other parties might do with it after that.
The Walmart settlement. Well, sooner or later Walmart will settle its Foreign Corrupt Practices Act case with the Justice Department. Hasn’t settled yet. Don’t know when it will.
As I said in January, the most interesting part for me will be what compliance monitor requirement Walmart might receive (since the company has tried mightily to enhance its compliance program), rather than any monetary fines (since the company has ample cash). Stay tuned.
The rise of the Republicans. Here I specifically meant Dan Gallagher and Michael Piwowar, the two Republican commissioners on the Securities and Exchange Commission. Sure enough, Gallagher caused a stir last month when he complained about the SEC taking enforcement actions against compliance officers at investment advisory firms, a compliance contretemps that even produced a counter-statement from Commissioner Luis Aguilar, Gallagher’s political opposite.
Piwowar, meanwhile has been continuing his quest for more openness at the Financial Stability Oversight Council, and he is gaining allies: in January MetLife filed a lawsuit against the FSOC over MetLife’s designation as a Systemically Important Financial Institution, and access to FSOC’s rather shadowy operations are a big part of MetLife’s grievance.
Gallagher will leave the SEC later this summer, and business media everywhere mourn the passing of his always colorful quotes.
Bewilderment at the revenue recognition standard. What was true in January remains true today: implementing the new standard for revenue recognition will be enormously difficult, and most companies were not in position to adopt the standard by its original deadline of 2017. No wonder the Financial Accounting Standards Board voted earlier this year to delay the deadline to 2018.
More telling will be FASB’s efforts to keep its standard consistent with the international version adopted by the International Accounting Standards Board—which also voted earlier this year to delay its effective date to 2018. FASB and IASB have since done more work to stay in step with each other, and that collaboration is what you should watch as you push through your own implementation program for the next two years.
Audits under the new COSO internal control framework. I have to say, this prediction may have been the dog that didn’t bark—or at least, the growling about audits this year were only muttered under the breath of internal auditors. Things certainly didn’t erupt into the public and painful experience they might have.
Audit Analytics research finds, to no surprise, that large filers are well ahead of smaller filers in adopting the 2013 COSO framework. (Also to no surprise: 40 percent of smaller filers aren’t even disclosing what framework they use to test internal controls.)
We still have six months left in 2015, with plenty of developments in corporate compliance to come: the Petrobras scandal driving more anti-corruption enforcement in Brazil; numerous new Dodd-Frank compliance rules adopted by the SEC; the Walmart FCPA settlement (seriously, where is it?); and much more. So far, 2015 is shaping up to be a year that will keep you all plenty busy.
Post your own predictions for latter 2015 or other comments on LinkedIn.