IT Compliance Advisor

Aug 21 2014   7:58PM GMT

Regulatory compliance challenges mount in recession’s wake

Fran Sales Fran Sales Profile: Fran Sales

Chief Compliance Officer
Data brokering
Data privacy
Employee training
personal data
Safe Harbor

U.S. companies, particularly those in the financial services industry, continue to wrestle with compliance regulations: Recent headlines show that the current regulatory environment remains a top issue for CEOs and that many companies have difficulty measuring the effectiveness of compliance training programs. Meanwhile, in recent weeks, PricewaterhouseCoopers was fined for watering down a bank report, and a complaint filed with the Federal Communications Commission (FCC) alleges that 30-some U.S. tech giants are violating Safe Harbor agreements.

Regulatory issues No. 1 challenge for U.S. CEOs

The regulatory environment in the wake of the recent recession is the top issue that could have the most impact on business operations, according to a Forbes Insight and KPMG study. Of the 400 U.S. CEOs surveyed across all major industries, 34% reported spending more time with government officials and regulators than they did before the downturn, or are considering doing so.

Financial services is among the sectors most affected due to the sheer number of regulations requiring transparency and risk reduction processes, according to Forbes. Companies also face additional regulatory costs, such as those related to revamping data monitoring systems to remain compliant. KPMG representatives advised CEOs to extract business value from mandated compliance processes, such as by using regulatory data to analyze sales and compile insight into product profitability.

PwC hit by penalties for diluting bank report

Wall Street consulting firm PricewaterhouseCoopers (PwC) is facing heat from New York financial regulators. The firm, according to interviews and confidential documents reviewed by The New York Times, watered down its report on one of the world’s largest banks, Bank of Tokyo-Mitsubishi UFJ. PwC agreed to pay a $25 million fine, and one of its regulatory consulting units cannot undertake assignments from New York-regulated banks for two years.

In 2007, the Bank of Tokyo-Mitsubishi recruited PwC to quantify its improper transactions with U.S.-blacklisted countries. The initial draft of PwC’s report showed that the bank excluded names of Iranian customers to evade detection. The consulting firm, however, under pressure from Bank of Tokyo-Mitsubishi’s legal team and executives, deleted or diluted harsh characterizations and critical passages when it filed the report, according to the Times‘ sources.

This case highlights how authorities are reassessing their relationships with consulting firms, according to the Times. While regulators have previously ignored these firms’ potential conflicts with banking institutions, federal authorities are now releasing guidelines for employing consultants.

Compliance officers struggle to measure training effectiveness

Many firms, especially those in financial services, have improved their compliance and ethics training programs but are finding it difficult to measure their efficacy, according to two Navex Global researchers who spoke with Thomas Reuters. Chief compliance officers also have difficulty making a business case for investing in such programs, said the researchers.

The best training programs, the researchers found, are those customized to the needs of a particular job and contribute to an organization-wide “culture of compliance” that encourages ethical behavior. There is a gap in compliance training, the researchers said, because effectiveness measures vary widely. To improve training, the researchers advised partnering with other business groups within an organization to draw on their expertise, as well as investing more in manager training.

U.S. tech titans violating Safe Harbor, FTC complaint claims

More than 30 large tech companies are violating their Safe Harbor commitment to keep European citizens’ data private, according to a complaint filed with the Federal Trade Commission (FTC). The Washington, D.C.-based Center for Digital Democracy (CDD) claimed that these firms, which include AOL, Adobe, Salesforce, Datalogix and Marketo, are “compiling, using and sharing EU consumers’ personal information without their awareness and meaningful consent.”

In the complaint, the CDD also claimed that the aforementioned tech firms are involved in “data profiling,” entangled in a “web of powerful multiple data broker partners who, unknown to the EU public, pool their data on them so they can be profiled and targeted online.” It also alleges that the FTC is failing to enforce Safe Harbor regulations by neglecting to impose sanctions. Currently, the U.S. and EU are negotiating a new data privacy agreement that could give European citizens the same rights of redress as U.S. citizens should their data be used wrongly.

7  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • cacsindia
    Great post, I appreciate you and I would like to read your next post. Thanks for sharing this useful information regulatory compliance consulting firms
    10 pointsBadges:
  • ToddN2000
    We are great at making rules for people to follow. We lack in the enforcement of the rules. Some would rather pay fines than comply. IT may be a cheaper alternative for them.
    136,490 pointsBadges:
  • Fran Sales
    thanks for the input, Todd. What do you think would change that mindset? particularly w/ the FTC and the SEC being picky with its enforcement cases. 
    3,315 pointsBadges:
  • ToddN2000
    For me rules are rules. If you do not administer the same punishment for the same crime, you will always find those that will play the odds and violate the rules in question. I know it was only a TV show I was watching but it may have been true. A person was doing illegal activities and was make around 15 million a month. They were taken to court and they plead guilty for the offense and were given a fine of 50,000 dollars. Just a drop in the bucket. They will not change their practice because their rewards out weight the fines.
    136,490 pointsBadges:
  • TheRealRaven
    But was "50,000 dollars" the legally allowed fine? If so, then enforcement was proper. It wasn't the problem. The problem in that case would be weak laws or regulations. And then, are even stronger laws/regulations needed?

    If "50,000 dollars" was just a minimum fine and much larger was legally allowed for whatever the offense was, enforcement (or more accurately, punishment) would indeed be the problem. If so, then again perhaps laws/regulations should also be stronger.

    I.e., perhaps the only answer is always stronger laws/regulations.
    37,005 pointsBadges:
  • ToddN2000
    It is still funny to me as to some laws. If you Google funny laws by state, it make for some fun reading. The issue way well be are laws need to be reviewed as time goes by. Some of the fines/punishments no longer fit the crimes of today.. Getting these laws to be changed is another issue and involves political motivation. That is another issue on it's own. If a company wants to skirt the laws they just lobby the politician to vote in their favor or make large campaign contributions.
    136,490 pointsBadges:
  • TheRealRaven
    I play with the thought that all laws should always have a classification that results in, say, 5, 10 and 25 year lifetimes. Laws are created as being in one of the classes. When expiration comes around, the legislative body either lets it expire or reaffirms it for another period.

    Primary advantages are that problem laws automatically go away and, after a couple decades, legislative bodies are spending more time voting on reaffirmations than inventing new messes.
    37,005 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: