You are here: Home / Archives for compliance

Information governance will boom in 2012 | Kroll Ontrack (Edward Clark)

January 8, 2012 By Leave a Comment

Businesses are likely to spend more on compliance and information governance in 2012 in a bid to reduce risks and improve data recovery.

According to Vijay Mhaskar from Symantec, writing for Information Week, information governance is to become a buzzword in 2012 and will be one of the year’s biggest storage and backup trends.

“Information is the great enabler, and the great disabler depending on how it is managed. Companies that will gain control over the risks and costs by protecting their information will enable the adoption of new mobile, social media and cloud technologies,” he explained.

via Information governance will boom in 2012.

Filed Under: From The News Tagged With: , , , , , , , ,

Getting Rid of Data: Why it s So Hard | Information Management

November 15, 2011 By Leave a Comment

Many organizations think they are taking the right approach to information overload: buy ever-cheaper storage solutions, lower compliance risk by saving all data and focus more resources on solutions for turning all this data into actionable intelligence. Unfortunately, storing and managing data stores that only get bigger with time is very expensive, and instead of reducing risk, it dramatically increases costs and risks associated with e-discovery.

According to Gartner, IT shops already spend between 2 and 3 percent of revenues on data management, which can add up to hundreds of thousands or even millions of dollars each year. And according to IDC, corporate data volumes grew by about 50 percent last year. The fact is, no matter how inexpensive storage devices become, the total cost of managing data will continue to grow. And while some data must be retained for its business, legal or compliance value, retaining data that has no such value increases the complexity and cost of every hold issued by the legal department in response to an e-discovery request.

ADVERTISEMENT

How can IT organizations defensibly dispose of data to control IT costs while satisfying the requirement for legal holds? The answer is a robust, cross-functional information governance program.

via Getting Rid of Data: Why it s So Hard.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Is Your Business Toxic-in the FCPA Compliance Context | Thomas Fox – JDSupra

September 29, 2011 By Leave a Comment

Is your business toxic? I do not mean that it had holds the type of sub-prime Collateral Debt Obligation assets which were so prominently mentioned in the press just a few years ago. I mean is your business so devoid of anything close to a best practices compliance program that you are not able to obtain loans, manage risk through insurance or other equally traditional business practices? Yesterday I wrote about the new types of insurance available for investigation of, and claims based upon, alleged violations of the Foreign Corrupt Practices Act (FCPA). This also included Directors and Officers liability coverage if such persons are made parties in a stock holder derivative action based upon violations of the FCPA. I also wrote about banks and other financial institutions which are now reviewing compliance programs to determine if they meet some type of minimum best practices. However, now the failure to have a minimum best practices compliance program in place may have a more drastic effect; it may deny you the ability to access your company’s value in the capital markets.

via Is Your Business Toxic-in the FCPA Compliance Context | Thomas Fox – JDSupra.

Filed Under: From The News Tagged With: , , , , , , , , ,

Creating Efficiencies In Your Anti-Corruption Compliance Program – Forbes

September 28, 2011 By Leave a Comment

Compliance convergence originates in the idea that many, if not all, compliance programs involve the collection and processing of information.  What makes compliance convergence not only possible but almost inevitable is that many different functions within an overall compliance program look for the same information.  Yet in many—if not most—organizations, information is not shared between compliance functions, tools that analyze information in one context are not utilized in others, resources dedicated to one area don’t cross-pollinate or otherwise make their information, decisions, or even their experience available for other areas.

Let’s spend a moment on a compliance officer’s most frequent effort, the root cause analysis.  Compliance until fairly recently has been immune from the relentless drive toward efficiency that has engulfed the business world.  In a lot of companies, there was fear that “efficiency” meant “budget cutting,” and that regulators would not look kindly on budget cutting in compliance.  But efficiency means more than controlling spend on a Salary and Benefits budget line.  And because compliance is notably bereft of businesspeople, there isn’t the natural drive to get the most out of each dollar.  In a lot of cases, especially in a crisis, there’s a spare-no-expense mentality that morphs into wildly useless expenditures on accounting firms and outside counsel, and on implementing their sometimes-overly-cautious recommendations.  Even recently, efforts to control costs within compliance programs have revolved around staff cuts or reassignments, rather than engaging in a true effort to identify and implement efficiencies.

The other root cause of compliance inefficiency—and one more relevant to the concept of convergence—is the subspecialization that regulations require.  Companies handle life risk by risk.  Banks have anti-money laundering risk, sanctions risk, FCPA/anti-corruption risk, operational risk, plus others.  They hire experts in each field to develop programs to assess and mitigate those risks.  Those experts develop their programs in somewhat of a vacuum.  They buy technology they “need,” they write up resource requirements, they write policies, develop procedures, and create training.  There is no overarching analysis, however, that would identify potential efficiencies among the various risks.

via Creating Efficiencies In Your Anti-Corruption Compliance Program – Forbes.

Filed Under: From The News Tagged With: , , , , , , , , ,

Information Retention: Help Customers Prepare for eDiscovery | The VAR Guy

September 28, 2011 By Leave a Comment

More Prepared Companies Fare Better

When facing an eDiscovery request, it’s clear that timely and thorough compliance are important to receiving a favorable outcome. Businesses adhering to best practices were able to respond to information requests in one-third of the time that unprepared businesses needed. Working with your customers to help them proactively implement an information retention policy will offer a measure of protection in the event of legal action. The case for putting a policy in place is pretty clear:  unprepared businesses suffer court-imposed sanctions more than four times as often, and find themselves in a compromised legal position nearly twice as much.

Your Call To Action

You can help keep your customers out of hot water by helping them be proactive and prepared to produce electronic records if needed. Here are a few ways to make sure your customers are ready.

Work with your customers to develop an information retention plan, or evaluate the effectiveness of their current plan.

As part of the plan preparation, help clients identify where all electronically stored information is stored.

Conduct litigation exercises with your clients to assess their preparedness level, and implement advanced legal hold processes to minimize the risk of noncompliance.

Ensure that your customers are using backup for recovery and archiving for discovery.

via Information Retention: Help Customers Prepare for eDiscovery | The VAR Guy.

Filed Under: From The News Tagged With: , , , , , , , , ,

What are GCs and Directors Thinking About Corporate Governance? | Law.com

August 17, 2011 By Leave a Comment

Risk

The top concerns for directors this year are operational risk, data security, and managing the company’s reputation.

Over 50 percent of GCs, meanwhile, cite major concerns about electronic discovery for litigation/ investigation, managing outside legal fees, and data security, too.

A bit further on down the line, at least a third of GCs consider governance/compliance, operational risk, the Foreign Corrupt Practices Act, and managing company reputation to be major concerns.

 

Dodd-Frank Act

Not many fans of the 2,300-page financial reform legislation in these parts. Directors and GCs were evenly aligned in their thoughts on Dodd-Frank: 94 percent of directors and counsel alike think the measures need to be re-evaluated, while 94 and 95 percent, respectively, think the law incentivizes employees to bypass internal whistleblower procedures and go straight to the SEC.

Additionally, most directors and GCs “agree that the ultimate impact of Dodd-Frank will be increased oversight, reduced earnings, and a less-attractive capital market environment for prospective public companies.”

 

Compliance

There’s some ambivalence amongst GCs about the possibility of regulatory actions against their companies. Fifty-six percent of general counsel said they are more fearful of regulatory action than in the previous year’s study, while 42 percent said their level of concern is about the same as before.

With regards to the Foreign Corrupt Practices Act, the landscape looks a little dicey: “Just 36% of responding general counsel serving companies subject to FCPA believe their board and management have done a good job with FCPA training and compliance. Another 63%. . .believe there is room for improvement.”

Finally, 69 percent of general counsel respondents think that regulatory compliance is what will increase their law department’s workload the most over the next year. That’s up from 37 percent of GCs who thought that way in 2009.

via What are GCs and Directors Thinking About Corporate Governance?.

Filed Under: From The News Tagged With: , , , , , , , , ,

Bloomberg Offers Finance Cloud Archiving For Microsoft Office 365

July 18, 2011 By Leave a Comment

With it users will get real-time policy management, search analytics, e-Discovery and secure archiving for corporate emails and messages, on top of whatever other email services that Office 365 users have subscribed to with the Exchange component of Office 365.

In a nutshell Bloomberg Vault functionality for Office 365 includes:

Integrated and secure archiving of all electronic communications as a hosted service.

Specialized features designed to help financial firms meet compliance requirements through real-time policy management,

e-Discovery and records retention

Biometric security for compliance officers to enhance access controls.

…Compliance mandates are increasingly complex and the capital costs can be significant. The aim of Bloomberg Vault-Office 365 is to help financial services organizations embrace the cloud and meet stringent regulatory requirements,” Harald Collet, global business manager for Bloomberg Vault.

via Bloomberg Offers Finance Cloud Archiving For Microsoft Office 365.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Another Lesson of News Corp Scandal: Beware Multi-Jurisdictional Bribery | Law.com

July 14, 2011 By Leave a Comment

Journalists around the world no doubt read deep meaning into Sunday’s final edition of UK tabloid News of the World. But according to corporate-corruption expert Alexandra Wrage, the News Corp scandal should send a message to all companies doing business in multiple jurisdictions: shore up your compliance programs or be ready to face multi-jurisdictional consequences.

Wrage, president of Annapolis, MD-based TRACE, a non-profit anti-bribery compliance organization, says more and more multinational organizations are going to be faced with multi-jurisdictional compliance issues going forward. She says that News Corp’s alleged bribing of public officials is emblematic; companies paying a bribe in one country can expect more than ever that they’ll face enforcement actions in two, three, or more countries.

“I’m trying to find new ways to impress upon companies why it’s important that they avoid bribery risk of any kind,” says Wrage. “But increasingly what gets their attention is the fact that these cases have an almost unlimited shelf life.”

Wrage says that countries that have traditionally not taken action against bribery are increasingly piggy-backing onto other countries’ actions. “If you are a country under huge pressure to bring an anti-bribery case, but you have fairly underdeveloped prosecutorial service and very few resources,” she says, “it is much easier for you to go after a company that has already settled in another country than for you to investigate and establish a case for yourself.”

Wrage says News Corp faces actions not only in the United States (where the company is incorporated) and the UK (where the alleged wrongdoing occurred), but also in Australia because of its secondary stock listing.

“Australia could bring an SEC-like action for books and records violations, assuming the payments were made and assuming they were not accounted for as bribes—which they never are,” notes Wrage.

via Another Lesson of News Corp Scandal: Beware Multi-Jurisdictional Bribery.

Filed Under: From The News Tagged With: , , , , , , , , ,

Unstructured data compliance costs firms an average of $2.1 million annually | Infosecurity (USA)

July 1, 2011 By Leave a Comment

The average cost of compliance associated with storing unstructured data is $2.1 million per year, according to a report prepared by the Ponemon Institute for software firm Novell.

The average compliance cost of unstructured data varies with the size of the organization. Companies with fewer than 5,000 employees have an average compliance cost of $1.23 million, while companies with more than 75,000 employees have an average compliance cost of $2.71 million, indicating that smaller businesses pay six times more per employee than larger businesses, according to the report.

Heavily regulated industries, such as financial services, pharmaceuticals, communications, and healthcare, have higher average compliance cost, incurring an average of $2.5 million annually, according to a review of 94 large US firms.

Ponemon breaks down compliance costs into the following activities: access governance, configuration management, assessment and audit, policy management, e-discovery, monitoring and scanning, backup and disaster recovery, specialized equipment cost, and specialized software costs.

A number of these activities include implementation of information security policies and regulations. For example, “access governance” includes cost associated with identity, authentication, provisioning, and access rights, which all have an information security component.

“Assessment and audit” includes compliance cost associated with review, evaluation, and verification of data storage based on the organization’s data security requirements, including regulatory compliance audits. “Policy management” includes cost associated with development, implementation, and enforcement of a company’s data storage policies, including those specified by laws and regulations. E-discovery involves the cost associated with discovery of electronic documents for litigation, data breach investigation, and compliance with the Health Insurance Portability and Accountability Act privacy rules.

The most expensive compliance cost associated with the storage of unstructured data are e-discovery, access governance, and internal auditing activities. Together, these activities cost businesses over $1.9 million on average annually.

via Infosecurity (USA) – Unstructured data compliance costs firms an average of $2.1 million annually.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,
« Older Posts