| This week's sponsor is EMC. |  | Case Study: Accounts Payable Automation
Download this case study to learn how a premier global supplier of integrated systems to the motor vehicle industry, used EMC's BRT APx Solution to improve efficiency and reduce overall costs, while receiving the strategic ability to better monitor and manage their overall AP business process and working capital. |
What's New
Data notification breach bills resurface
Dodd-Frank "conflict minerals" rules spur debate
Companies aim for FCPA bribery clarification
Proxy rule nixed by appellate court Editor's Corner: Time is ripe for biometric security solutions Tip of the Week
Bloomberg to enter e-discovery market Also Noted: IBM
How to mitigate risk with social media; Tine to go beyond PCI-DSS? and much more... News From the Fierce Network:
1. Wall Street interns learn the hard way
2. Chinese reverse merger ligitation mounts
3. What to make of the credit rating agencies
 | Leveraging Predictive Analytics in the Data Center to Manage Performance & Risk - August 9, 12 pm ET
Complex IT environments are generating massive amounts of performance, metric, and alert data every day. It’s becoming increasingly difficult to sort through this information in a timely manner to take actionable steps to manage risk & minimize outages, improve operational efficiencies, or identify new growth opportunities. View this webcast to learn more. |
| 
Time is ripe for biometric security solutions
For all those believers in the NFC-based mobile payment revolution--and there are plenty of true believers right now--security issues cannot be ignored. We noted elsewhere a recent study that found that the percentage of smart-phone equipped respondents who believe mobile banking is either "unsafe" or "very unsafe" zoomed from 26 percent up to 40 percent in just 12 months. Which raises the question: Which companies will take the reins when it comes to security solutions? Will any entity come out with anything truly new in terms of authentication?
We raise the issue in light of recent research from Goode Intelligence that predicts the market for mobile phone biometric security services will grow significantly over the next five years, from $30 million now to more than $161 million in 2015. So far, we're seeing few signs of eventual mass market adoptions. Apart from the Motorola ATRIX tablet, which includes a biometric fingerprint sensor feature, real applications have been scant. But there's a lot of development work underway. Unisys, for example, is said to be working on some biometric security tools. More companies will find themselves under pressure to do more on the security front. As NFC-based payments heat up, you have to wonder if the likes of ISIS (owned by the big telcos), Google, card companies and the many banks eyeing the market plan to respond with biometrics-based solutions. Hopefully, we see more of these services rolled out to protect remote services, like NFC-based payments as well as to protect devices. George Peabody, Director of Emerging Technologies Advisory Service at Mercator, points out in a release that "authentication is the heart of payments and online security. Smartphones with hardware-based security capability, especially via NFC and fingerprint readers, will give consumers, enterprise users, and the government unprecedented control over their payment and security interactions." The early biometric applications will likely be fingerprint readers and voice-based products, which could be marketed for the Wow factor as well as the security factor. But you can imagine a wider variety of applications. Biometric Intelligence and Identification, for example, has come up with a product that incorporates iris, facial and fingerprint recognition into a smartphone-enabled solution, giving nearly instantaneous identification results to a law enforcement official. For banks and broker dealers that want to go the extra mile for employees who use smartphones to make trades and access sensitive client data, something likes this might be the ultimate solution. Obviously, it'll be expensive. In any case, we fully expect more biometric solutions to crop up. - Jim Read more about: Google, mobile banking, Security Solutions, Biometrics
back to top |
|
Today's Top News Data notification breach bills resurface
We've noted that in the past, companies are much better off with a single federal law than with a patchwork of state laws, which in the end tend to prove more costly. So it goes with data breach notification. The much-publicized breaches at RSA, Sony, Epsilon and others--not to mention the varying response and remediation practices of each company--have created quite a stir among lawmakers, and the idea of a preemptive federal law has cropped up. According to CIO, several lawmaker have proposed laws that in theory would obviate the many state laws, including California's SB 1386. We've seen congressional proposals from Democrats and Republicans on this. All require that companies notify customers when a breach occurs. One bill would require notification of the breach to the FTC and actual customers within 48 hours. While a federal law would be superior to the patchwork of state laws, a big battle looms over how onerous the federal notification requirements will be. Companies will fight for maximum flexibility and discretion. Figuring out what sort of information is most useful in a breach situation is tricky because all breaches are different. And in some cases, as with various crimes, withholding information maybe the smart enforcement move. It will be interesting to see what exactly the final bill requires. Hopefully, it will be flexible enough to well serve end customer, companies and law enforcement officials-which doesn't sound easy. For more:
- here's the article Related articles:
Media obsession with "hacktivists" misses the point
Morgan Stanley loses discs with critical customer data
Facing blame for breaches, companies get tough on employees Read more about: breaches, data breach, Crimes, State Laws
back to top |
Dodd-Frank "conflict minerals" rules spur debate
When it comes to Dodd-Frank, we're still waiting on a host of specific rules proposals. The most controversial and media-worthy items are the big-ticket items affecting Wall Street, such as the derivatives clearing, market structure and others. Getting much less attention is Section 1502, which requires the SEC to set forth new disclosure rules for companies concerning conflict minerals that originated in the Democratic Republic of the Congo or an adjoining country. Specifically, companies would be required to disclose whether they use "conflict minerals" that are "necessary to the functionality or production" of a product that they either manufacture or contract to be manufactured that originate from the region. The conflict minerals, as defined by the SEC, are cassiterite, columbite-tantalite, gold, wolframite or their derivatives. The goal of this provision is to curb violence in the region. Because these minerals are used in many products--from jewelry to cell phones to jet engines to computers--companies are concerned that an unduly broad rule set would make compliance difficult and expensive. The exact rules have not been released, but some companies, to their credit, are taking early steps with compliance in mind. According to CFO.com, this involves taking a detailed look through the supply chain. Companies that have invested in making their supply chains as transparent as possible will have an advantage. As of now, companies big and small have a lot of work to do. The likes of TriQuint and Caterpillar "have surveyed their suppliers for information but haven't always had luck getting all the data they need. Some smaller suppliers are either unaware of the provision, lack the resources to comply, or are convinced it doesn't apply to them." The bottom line is that compliance will be a headache. The National Association of Manufacturers has studied the issue and estimates public companies and their suppliers will face $9 billion to $16 billion in added compliance costs. The SEC plans to vote on the regulation perhaps as early as August. As it looks now, companies on calendar years will be asked file the disclosures in early 2013, meaning they will need to start their due diligence in fiscal 2012. For more:
- here's the article Related articles:
Dodd-Frank director changes about to hit
The reform effort: Hedge funds and private equity funds Read more about: compliance costs, Wall Street, Supply Chains, Supply Chain
back to top |
Companies aim for FCPA bribery clarification
Perhaps it was inevitable that the stepped-up enforcement of the Foreign Corrupt Practices Act (FCPA) would spawn a backlash. Lots of companies have been targeted for prosecution, and lobbyists for big companies have taken up the cause, seeking some changes and clarifications to the controversial law. The Washington Post highlights an interesting debate: Should companies be able to bribe employees of foreign companies? The law as currently interpreted bans bribes to such employees, considering them "foreign officials." Several companies have been prosecuted for bribing employees of state-owned utilities and other companies. Some of you might be shocked that this is even an issue, that we would even be discussing legitimizing bribes to such employees. But the debate--in the eyes of companies--is really about clarifying the law. So perhaps it would be wise to make clear through some legislative tweaks that bribes to employees of state-owned companies are indeed against the law. The law perhaps should be amended to clear up other grey areas. Lots of companies say they are targeted for the wrong reasons, that simple payments for entertainment or transportation have been interpreted as bribes. They would like a change to give companies the benefit of doubt when it comes to gifted items or services worth less than $250. Companies also want the FCPA to apply only to companies that are 50 percent or more owned by the government. I'm not sure that will fly. But in any case, it does look like there are changes coming to the FCPA, as lobbyists for big business take aim. For more:
- here's the article Related articles:
FCPA compliance sustainability--can financial controls help?
Companies still struggle with FCPA Read more about: Corrupt Practices, Lobbyists, Bribes, Fcpa
back to top |
Proxy rule nixed by appellate court
In the ongoing war against Dodd-Frank, the detractors have notched another victory. Deciding a case brought by various business groups, a three-judge U.S. Court of Appeals for the District of Columbia panel unanimously nixed the so-called proxy access rule last week. The rule was hailed as a milestone in the long battle by corporate governance and shareholder advocates to open up access to proxy ballots. The new rules among other things allowed large shareholders to place board nominees directly on company-controlled proxy ballots alongside the slate of candidates put forward by management. Previously, shareholders' groups that wanted to put forward candidates had to pay to create and distribute another ballot. The requirement was controversial from the start, as companies complained that the measure would open the access to political interest in the form of unions, public pension funds and shareholder activists. The 3 judges, all Republican appointees, argued that the law was passed without due consideration given to the costs of compliance, that is, the high costs of fighting any alternative nominees, according to Reuters. This is a big blow for institutional investors, most of whom were strong advocates for the rule. The recent decision however leaves the door open for the SEC to reconsider the rule and put forward an new version. One issue for SEC commissioners and lawyers to consider is whether this measure has a chance at the Supreme Court. The knee-jerk answer would be that the current court would dump all over it, but you never know. For more:
- here's a Reuters article Related articles:
Small companies weigh in on IFRS move
The war on Dodd-Frank continues
Small companies win say-on-pay reprieve Read more about: shareholders, corporate governance, lawyers, Court Of Appeals
back to top |
Tip of the Week Bloomberg to enter e-discovery market
Most would agree that the e-discovery market is growing rapidly. By one estimate, the domestic market for such solutions is growing at a 25 percent compound annual rate. That has lots of companies and consultancies jockeying for position. Symantec for example just cleared a transaction to buy Clearwell Systems, and Discover Ready has acquired ACT Litigation Services. We're also seeing some new entrants move into the market. Bloomberg, for example, is reported by law.com to be building a comprehensive e-discovery service as part of its legal research offering. Rival LexisNexis also has designs on the market. Bloomberg remains mum on the details of its service. It has recently hired an executive from Autonomy, Harald Collet, to head up its efforts. He says the service will be developed in-house and may or may not be ready for launch in 2012. Collet also runs the unit that includes a search and analysis module for the Bloomberg Vault enterprise compliance product. That functionality is expected to play a big role in the eventual e-discovery product. Demand for enhanced features in this area is apparently heavy from financial services firms. One would expect that Vault customers would present Bloomberg with a built-in customer base for the e-discovery service. For more:
- here's the article Related articles:
E-discovery looms as a growth market
E-discovery spending slows a bit Read more about: financial services firms, Bloomberg, Symantec, Autonomy
back to top |
Also Noted
> Dodd Frank's silver lining: better directors? Article
> More on large trader reporting requirements. Article
> PCI should QSA training. Article
> Tine to go beyond PCI-DSS? Article
> E-commerce merchants get nervous. Article
> Country slow to beef up cyber attacks. Article
> What Enron tells us about Dodd Frank. Article
> How to mitigate risk with social media. Article And Finally... Info-mercial tricks that work. Article > Health Market Science Compliance Webinar: CMS 6028 and You - August 9 Join Mike Sharp, former pharmacy director, Indiana Office of Medicaid Policy and Planning, and HMS experts as they outline cost-effective prescriber enrollment options, easy access to current prescriber data and best practices for data integration & operational excellence. Learn more and register here.
| > Whitepaper: IT GRC Turning Operational Risks into Returns Recent financial upheavals have resulted in a wave of increased regulations. As a result, companies across the spectrum must implement an effective IT governance, risk and compliance (GRC) framework. Download this white paper to learn how to turn IT GRC processese into strategic assets. | |
No comments:
Post a Comment