A participated in a webinar by Carole Stern Switzer of OCEG and Sumner Blount of CA, Inc. on Unified Governance, Risk and Compliance. Governance – the culture, policies, processes, laws and institutions the define the structure by which companies are directed and managed. Risk – the effect of uncertainty on business objectives. Compliance – The … Read more »
Nevada Law on Privacy of Personal Information
A Nevada law requiring encryption of customer personal information went into effect on October 1, 2008. See Nev. Rev. Stat. § 597.970. The legislation is short but potentially wide-ranging in scope. NRS 597.970 Restrictions on transfer of personal information through electronic transmission. [Effective October 1, 2008.] 1. A business in this State shall not transfer … Read more »
Additional Guidance on the Massachusetts Privacy Regulations
The Massachusetts Office of Consumer Affairs and Business Regulation has provided guidance regarding its new regulations requiring all entities that own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts to develop, implement and maintain a comprehensive written information security program and make specific computer information security requirements. I mentioned … Read more »
Sarbanes-Oxley Act Whistleblower Digest
The U.S. Department of Labor assembled a digest of whistleblower law under the Sarbanes-Oxley Act. On July 30, 2002, the Sarbanes-Oxley Act of 2002, P.L. 107-204 was signed into law by President Bush. Section 806 of the Act, to be codified at 18 U.S.C. § 1514A, is a whistleblower provision that provides protection for employees … Read more »
Why Use a Hotline?
Is it important to have a hotline for reporting violations? Reporting violations is a keystone for an effective compliance program. It can maximize the eyes watching for lapses in judgment and blatant violations. It can foster the reporting of issues and concerns as they occur or before a violation occurs. Read more »
Ethics as a Business Process
Adam Turteltaub wrote Ethics as a Business Process for the fall 2005 edition of GRC 360. Forward-looking companies are seeking to evolve business from soft art to hard science as a means to win in the marketplace, improve competitive advantage, achieve higher market valuations, ensure employee retention, foster fruitful partnerships and strengthen customer satisfaction. . … Read more »
Real Money Laundering
The October 2008 edition (.pdf) of The SAR Activity Review, Trends, Tips and Issues published by the Financial Crimes Enforcement Network, has a great story on page 29 about a marijuana smuggling and money laundering operation. The organization was concerned that the cash smelled like marijuana. The benk tellers even noticed the smell of marijuana … Read more »
Whistleblower Policies
I ran across a few examples of whistleblower policies and whistleblower protection policies and some material on developing a whistleblower policy. Developing a Policy Developing a Whistleblower Policy (.pdf) by the Delaware Valley Grantmakers. Whistleblower Policies: Lessons For Associations by Julia E. Judish of Pillsbury Winthrop Shaw Pittman LLP National Whistleblowers Center Whistleblower Policy Safeguards … Read more »
Establishing an Effective Complaint-Handling Process
Grant Thornton put together a comprehensive report: Hear that whistle blowing! Establishing an effective complaint-handling process. (August 2006, .pdf) They have developed the MACH process which consists of six basic steps: Receive the complaint; Analyze the complaint; Investigate the complaint; Resolve the complaint; Report the resolution of the complaint; and Retain the necessary documentation. Read more »
Code of Ethics and Whistleblower Programs
A corporate code of ethics is the flip side of the coin of a whistleblower policy: The code of ethics is the principal means of communicating to all staff a strong culture of legal compliance and ethical integrity, while the whistleblower policy is a way to implement such values. Read more »