Five former Home Depot employees claim the company lacked adequate customer data protection tools and that executives discouraged security system improvements that could have helped prevent the widespread hack of its payment systems earlier this month. Also in compliance and governance news this week: The Securities and Exchange Commission (SEC) vowed to put insider trading practices under closer scrutiny, and a study found that good corporate governance, combined with environmental and social factors, contribute to better stock performance.
Former Home Depot staffers reveal inadequate customer data protection
Home Depot’s in-store payment system did not include encryption tools to protect customers’ payment card data, according to five former employees interviewed by Bloomberg Businessweek. This vulnerability possibly opened the door for the payment system hack that could have begun in early April; the company revealed it Sept. 8.
One former information security manager also disclosed that a Symantec check of Home Depot’s security systems two months ago revealed out-of-date antivirus systems. The former staffers also claimed there was high employee turnover in the company’s information security department, and that technology executives preferred “C-level security” processes because ambitious upgrades would have been too expensive.
SEC fines corporate executives for late insider trade notices
The SEC has filed charges against 36 companies and individuals for allegedly failing to comply with security rules for reporting insider transactions. These charges are part of a broader SEC strategy to take a closer look at how executives and insiders manage stockholdings and trades.
The SEC used algorithms to identify insiders who allegedly broke the rules, including 13 officers and directors, 15 shareholders and six companies. The cases showed filing delays of insider transaction reports that ranged from weeks to years. Except for one case still being contested, all enforcement actions were settled for sanctions that totaled $2.6 million.
Andrew Ceresney, the SEC’s enforcement chief, said that the actions were “the first time where we have systematically brought a series of cases in this area,” and that their purpose was to urge companies, investors and executives to improve compliance. Some legal experts, however, felt that such technical rule breaches are low-hanging fruit for the SEC when compared with proving insider trading by company executives.
Governance, environmental and social factors boost stock performance
Improving compliance processes benefits the business, according to a study conducted by the Smith School of Enterprise and the Environment at the University of Oxford and Arabesque Asset Management. The study found that companies that practice good corporate governance and target environmental and social issues improve stock price performance and lower capital costs. Workforce relations, environmental management and executive compensation all had a strong effect on these improvements, according to the study.
“We believe that the most successful future investors will be those with continuous research programmes that analyze a range of ESG (environmental, social and governance) factors,” said Andreas Feiner of Arabesque. The report was based on about 200 academic research studies, industry reports and books.