If you’re reading this on Friday morning, I’ll be on my bike riding from New York border to Sturbridge for the unofficial Day Zero ride of the Pan Mass Challenge. The official start is Saturday morning, when I’ll ride from Sturbridge to Bourne, and then from Bourne to Provincetown on Sunday. That will be almost 300 miles of bike riding, surrounded by thousands of other riders raising money to fight cancer.
Thanks to so many of you who read Compliance Building for your generous donations and kind words. I have my donor list and those kind words printed and tucked into the back pocket of my jersey. I’ll keep them with me over the three days of cycling I have to complete this weekend.
If you have not contributed, there is still plenty of time to make a donation to fight cancer. I love seeing donation messages pop up while I’m riding. Donate here: http://pmc.org/egifts/DC0176
As for compliance-related matters, here are some of the stories that recently caught my attention.
Let’s Ride, Walmart’s Compliance Chief (and Cyclist) Urges Company Employees
by Sue Reisinger
Law.com
Daniel Trujillo, Walmart Inc.’s executive vice president and global chief ethics and compliance officer, is a triathlete who can often be seen riding his bike to work. Now Walmart is using Trujillo’s love for the sport by having him lead its new bike-to-work program.
https://www.law.com/corpcounsel/2019/07/30/lets-ride-walmarts-compliance-chief-and-cyclist-urges-company-employees/?slreturn=20190701073035
…
He recently blogged about the program, noting that only a small group of employees, including several in-house counsel, now bike to the office in Bentonville, in northwest Arkansas. The company already supports a popular “bike-to-work Fridays” concept, and the goal of the new program is to have 10% of the home office workforce riding bikes to work by 2023.
When Sanctions and Cybersecurity Collide
By Matt Kelly
Radical Compliance
Compliance professionals talk constantly these days about cybersecurity, third-party risk, and sanctions compliance. Now we have an example from the news that is one headache-inducing brew of all three — and also, I fear, a harbinger of compliance and risk challenges to come.
http://www.radicalcompliance.com/2019/07/31/when-sanctions-cybersecurity-collide/
The company in question is Hikvision, a Chinese maker of security cameras. Last year Congress passed the National Defense Authorization Act, which bans the use of Hikvision cameras by U.S. government agencies, for fear that the Chinese government might hack into the cameras to spy on American interests.
Disclosure and Notification Considerations When Managing a Crisis
by Cleary Gottlieb Steen & Hamilton LLP
NYU Law’s Compliance & Enforcement blog
One of the first things a company should consider in a crisis is whether disclosure to authorities is mandatory. Mandatory disclosure obligations vary widely across legal regimes and may be imposed by Congress, government regulators, self-regulatory bodies, or even stock exchanges. For example, regulated entities may face immediate disclosure obligations to report violations of financial laws to FINRA (Rule 4530) or annual disclosure obligations to report misconduct to the CFTC in the entity’s chief compliance officer report (although earlier disclosure of a crisis may be advisable). Often the relevant laws, rules, and regulations do not specify what information must be disclosed, injecting substantial discretion into what is otherwise a mandatory obligation.
https://wp.nyu.edu/compliance_enforcement/2019/07/31/disclosure-and-notification-considerations-when-managing-a-crisis/