Richard Steinberg 270004HRBG firstname.lastname@example.org | | Tags:  risk openpages dodd-frank grc sec whistleblowing | 0 Comments | 645 Visits
The SEC’s final rules implementing Dodd-Frank’s whistle blowing provisions failed to remove angst among compliance officers and general counsels. While there are some incentives for potential whistleblowers to first report alleged misconduct via internal reporting channels, there’s no requirement to do so – and many are concerned the internal channels will be bypassed. And going outside is on the rise. It’s been reported that in only seven weeks after the SEC’s program began, there were 334 whistleblower filings. Compliance officer concerns are well founded – that bypassing internal channels will deprive the company of being able to investigate and fix problems before they grow, and company personnel will need to play catch up with investigations in reaction to SEC probes.
We can point to many resolved whistle blowing cases for clear evidence of the potential impact of the SEC’s still relatively new program. One homeowner delinquent on her mortgage ultimately received $18 million for reporting suspected use of fraudulent documents in the bank’s foreclosure process. It’s said that in acting against this homeowner – an attorney and career insurance fraud investigator – the bank “picked the wrong person at the wrong time in the wrong place,“ but the robo-signing and other compliance failures were widespread and surfaced from a number of sources. Nonetheless, this individual was one of six whistleblowers receiving $46.5 million said to be part of the five-bank $25 billion settlement. In an unrelated case, a member of a major bank’s quality control team who reportedly was displeased that the misconduct wasn’t reported to regulators, decided to do so herself – ending up with a settlement of $31 million. And there are many more.
Worth noting is a recent survey that indicates more than one-third of American workers have seen misconduct on the job. While many instances of misconduct have been reported through internal channels, it appears the vast majority have not. Why? The survey shows it’s because of fear of not being able to remain anonymous, and of retaliation. Those two factors, plus the possibility of monetary reward, are reported as key factors in incentivizing internal reporting. And the survey also shows two-thirds of respondents didn’t know about the SEC’s program – at least not yet.
Certainly it’s in a company’s interest to be first to know about alleged misconduct, and compliance officers are working hard to upgrade policies, training, communications, and the internal whistleblower systems, all to encourage internal reporting. Actions to ensure anonymity, with positive responses and nothing close to retaliation, are expected to help. Some companies have begun to pay bounties for valued reports. There are indications that when employees believe their reports will be taken seriously without adverse repercussions, there’s increased likelihood for internal reporting. Law firms and others have provided guidance on which companies are acting. However, it remains to be seen the extent to which the possibility of a huge, life-changing payday by the SEC will be too much to resist. Time will tell.
Regular readers of this blog undoubtedly are familiar with the FCPA and related Justice Department and SEC enforcement activities. On a personal note, I remember well when the FCPA was enacted, as I took on responsibility in my firm for providing our clients with analysis, guidance, and support materials to help deal with the new law. Emphasis was put as much on the Act’s internal control provisions, which require (with somewhat different terminology) effective systems of internal control over financial reporting – this of course, long before SOX. Companies did look at their internal control systems for opportunities for strengthening, but without required management reporting or auditor involvement, we did not see the kind of focus that came in more recent years under SOX. Significant attention was given to the bribery provisions, though with little regulatory enforcement activity for many years, attention subsequently waned.
But life under the FCPA now is very different. It’s reported that in the last four years 58 companies paid almost $4 billion in settlements – including Siemens (whose securities are traded in the U.S.) paying $800 million each to the German and U.S. regulators – and 42 individuals have been convicted. Early this year, for example, an oil company executive was sentenced to a two and one-half prison term. “I am truly sorry,” he said, “I lost touch.” At the moment some 78 companies are reportedly under investigation, including the likes of Alcoa, Avon, Goldman Sachs, HP, Pfizer, and Wal-Mart – it remains to be seen whether they will be formally charged. And we know that Rupert Murdoch’s News Corporation, among others, is in regulators’ sights.
There has been pushback by business, saying regulators have been overzealous and thereby stifling legitimate business initiatives – especially so with their going after not only companies but individual executives as well. The United States Chamber of Commerce is looking to have the law amended, with a Chamber official recently noting “The last time I checked, we were not living in a police state.” But enforcement officials don’t seem to be perturbed, with the assistant Attorney General making clear that the Department is expanding its staff and enforcement actions are on the rise. With that said, discussions between the groups have begun, and desired guidance may be forthcoming.
What to do? Clearly there’s no silver bullet. Close attention needs to be paid to ensuring strong compliance programs – which, importantly, the DOJ has said it will look to in a positive way when considering enforcement actions. Yes, further clarity has been requested from the Department in that regard, and we know about concerns with Dodd-Frank’s whistleblower provisions, but that shouldn’t stop compliance officers and senior managements from continuing efforts to strengthen internal programs. Many law and other firms have provided guidance on identifying high-risk areas and steps to be taken, which certainly are worth serious consideration. Among important areas of focus are risk assessment, policy management, clear authorities and fixed responsibility among line managers, real time communication, close monitoring by line management as well as compliance and internal audit personnel, and immediate and decisive action when red flags appear. It’s not easy, but with the Act in place and regulators expanding scope, close attention is critical.
Erwin Boeren 270002C43V ERWIN.BOEREN@NL.IBM.COM | | Tags:  ibm solvency insight dashboarding governance grc openpages management reporting risk basel cognos ii compliance | 0 Comments | 1,298 Visits
With the brand-new IBM Cognos Insight you can now connect to your IBM OpenPages environment from your desktop. You always have that moment that you need the information on a report but just a bit different than the standard report provides to you. The solution is here now, IBM Cognos Insight!
Insight is a powerful, intuitive desktop solution, that can read many different data sources from Excel to datawarehouses. Even your real time IBM OpenPages environment!
And it is not only reporting and dashboarding but it also lets you create what if scenarios on the fly! How would my risk exposure be if in one risk category the loss impact increases with 15%? Two clicks and you know the answer! And then you can comment on your report, which gives your colleagues more information on the context the moment you share your workspace.
How easy can risk reporting be???
For more tour on how IBM Cognos Insight please look at : http
Blog post by Erwin Boeren
Senior Governance, Risk & Compliance specialist IBM
Twitter : http
Erwin Boeren 270002C43V ERWIN.BOEREN@NL.IBM.COM | | Tags:  erwin watson governance risk grc compliance management ii business analytics solvency ibm boeren basel | 0 Comments | 819 Visits
IBM Watson found a job as a risk expert!
IBM Watson goes to work in financial services as a risk expert. One of the largest Financial Services institutes and IBM now partner to enhance and simplify the consumer banking experience with faster, more accurate decisions, better risk assessment, and more targeted customer offers.
IBM Watson is transforming expectations for how technology can help individuals live and work in better ways. Its ability to make sense of vast quantities of unstructured information, communicate in natural human language, learn from experience, and offer confidence weighted responses is already a game changer in healthcare. Focusing these capabilities on financial services brings new possibilities for higher service levels to an expanded set of users.
For those who do
not know IBM Watson, Watson is an artificial intelligence computer system
capable of answering questions posed in natural language, developed in IBM's
DeepQA project. As a test of its abilities, Watson competed on the quiz show
Jeopardy!, in the show's only huma
Now what will that bring to our Financial Service clients? Potentially as an assistant to client service professionals to help deliver evidence-based recommendations across multiple areas of the bank, including: credit card; private banking; wealth management; and call centers. Since IBM Watson can think faster than any human being it is able to make cross checks, prevent fraud, determine risk, etc. It is able to analyze data such as client information, online news reports, blogs, Twitter feeds, analyst reports, regulations, credit ratings, and government securities filings which can help to suggest options targeted to a consumers' individual circumstances.
Blog post by Erwin Boeren
Senior Governance, Risk & Compliance specialist IBM
Richard Steinberg 270004HRBG email@example.com | | Tags:  dodd-frank risk risk_management openpages | 0 Comments | 485 Visits
If you’re in or work with the financial services industry, you probably know about the late December holiday "gift" from the U.S. Federal Reserve – proposed rules implementing provisions of the Dodd-Frank Act which could have a profound effect on how boards and managements deal with risk. In any event, you’ll want to keep in mind that the Fed is accepting comments only for the next month – until March 31.
The proposed rules are far-reaching, including requirements for risk-based capital and leverage, liquidity, stress tests, sing
The risk committee is required to "document and oversee, on an enterprise-wide basis, the risk-management practices of the company's worldwide operations." The committee would be chaired by an independent director, and at least one member needs to have risk-management expertise commensurate with the company's size, complexity, and other risk-related factors. Further, its members are expected to understand risk-management principles and practices relevant to the company, with specified experience in risk management. And there are rules for a committee charter, meetings, and documentation.
The committee’s responsibilities include reviewing and approving an appropriate risk-management framework commensurate with the company's size and other factors. The framework’s scope is outlined, including requirements for risk limits appropriate to each line of business, policies and procedures for risk-management practices, processes for identifying and reporting risks, monitoring compliance with risk limits and procedures, and specification of management's authority and independence to carry out risk-management responsibilities. Additionally, the larger covered companies will need to appoint a chief risk officer in charge of implementing and maintaining the risk-management framework and practices approved by the risk committee, with the rules specifying responsibilities and qualifications for the CRO and reporting relationships.
If not already under way, now is the time to analyze the proposal and its implication, and let the Fed know what changes are needed. If interested, you might want to tune into the upcoming IBM OpenPages webinar where I’ll be discussing the proposed rules, their implications and the challenges they present – March 8, 2:00 pm Eastern Time.