Compliance and Governance

Regulatory compliance and corporate governance many times go hand-in-hand, working together to keep organizations out of trouble with the government and, therefore, preventing disruptions that could damage reputation and the ability to continue operations. Every year, it seems, brings more concerns about compliance; regulators are now warning about social networking and its potential for problems. While it is important to ensure that compliance and governance are always on your radar, even 100% compliance isn't the answer to keeping you 100% safe from disruptions.

Is management been placing too much emphasis on compliance? (Item #1)   Businesses will not only have to monitor social networking communications, but they will have to capture the traffic, audit it and log it. (Item #2)   Do you have all your corporate-governance ducks in a row? (Item #3)  

Here are some steps that make the difference between a positive or negative audit experience. (Item #4)   ISO 31000 is a standard to help public, private or community enterprises, associations, groups or individuals manage risk effectively. (Item #5)   What do you know about the Red Flag Rule? (Item #6)  

As always, we look forward to hearing your comments & insights regarding business continuity. If you have a topic you'd like us to cover, email me at [email protected].

Bob Mellinger, President
Attainium Corp

1. The Dangers of Over-Reliance on Compliance

As much as management might like the definitive statement that this compliance provides (and certainly there are marketing benefits of such compliance), all these compliance efforts still say nothing about whether management has taken the time to do the necessary risk management.

2. Social networking boosts legal, regulatory compliance headaches

Popular social networking sites, such as Facebook, Twitter and LinkedIn, are causing a stir in the financial services community as well as other highly regulated industries as companies seek ways to control how the sites are used to communicate with potential clients and colleagues. Social networking sites have proved valuable for sales-lead generation, marketing and general broker-client relations, but regulators have been quick to take notice and to offer the same warnings they did more than a decade ago when e-mail and instant messaging (IM) became common.

3. What regulators would be looking for
in the corporate governance of a company

Corporate governance is a mechanism and process by which an organization is operated, directed and controlled in a transparent manner in the best long term interest of all stakeholders. Here are some of the structures and framework that are generally expected to be in place to ensure effective corporate governance.

4. Prepare for a regulatory compliance audit

Nowadays, practically every industry has its own host of mandates and regulations that must be complied with in order to achieve some form of certification in that space, and audits are an inescapable and often dreaded part of that process. However, good managers also understand that audits are an opportunity for learning and growth.

5. FAQ: An introduction to the ISO 31000 risk management standard

This FAQ provides an introduction to ISO 31000:2009, a new international standard aimed at helping organizations of all types and sizes to manage risk across the enterprise. The ISO 31000:2009 risk management standard was published in November 2009 by the International Organization for Standardization (ISO). ISO 31000:2009 is noteworthy, not only for its brevity but also for its emphasis on the fundamentals of enterprise risk management.,295582,sid195_gci1513592,00.html

6. FTC mandates compliance with its Red Flag Rule

The Red Flag Rule mandates that both financial institutions and creditors with covered accounts must have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. What distinguishes this rule from other rules relating to financial institutions (such as the Gramm-Leach-Bliley privacy rules), is that the Red Flag Rule applies to any firm that maintains an ongoing account through which a consumer is charged.

Quote of the Week:

"This isn't just a legal compliance issue for us. We consider the privacy issue to be an opportunity to reinforce our brand image."
-- Tom Warga

Contact Us:

Attainium Corp
15110 Gaffney Circle
Gainesville, VA 20155