How compliance has moved into regulators’ crosshairs, and why your board should care (Part 1)

The role that policies and procedures have within an organization has evolved into a statutorily required component

When Target suffered its recent data security breach, the top headlines focused on how the personal information of up to 70 million individuals was compromised and that key leadership departed as a result. Looking one level deeper, another notable headline that has received less attention is how the Federal Trade Commission (FTC) is investigating the breach and may utilize its authority pursuant to Section 5 of the FTC Act to enforce unfair or deceptive acts and practices based on the company’s data security policies.

As the Target case demonstrates, the role that policies and procedures have within an organization has evolved from an internal control into a statutorily required component of many financial services organizations. In addition to the increased attention focused on developing policies and procedures in order to comply with legal requirements, regulatory agencies have emphasized the role that a board of directors must have in overseeing an organization’s overall risk management program, including the participation in the development of policies and procedures.

Contributing Author

author image

Kelly Lipinski

Kelly Lipinski is a member in McGlinchey Stafford's Cleveland office. Her practice focuses on compliance and regulatory matters involving the consumer financial industry. She regularly...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.