Compliance Programs Archives | Page 2 of 8

Effective litigation management during a trial depends on the company’s attitude toward litigation as well as its controls over the law firm that handles the litigation on behalf of the company. Trials, especially in the United States are quite expensive and could involve the future existence of the companies involved. In the US and elsewhere, trials by their very nature are costly. Especially in the US. Normally, lawsuits settle prior to trial, as both sides know that juries can be fickle. Some companies will, therefore, never want to go to trial (or try to settle during trial), and some will decide to fight and go to trial anyway depending on their risk appetite. Many times, it is more advantageous for parties in litigation to settle prior to trial, as trials have become extremely expensive.

Disadvantages of trials include:

• High transaction costs
• Length of proceedings
• Negative publicity
• Business interruption
• Unpredictability of juries
• Lack of finality—the loser will always appeal

If a company decides to go to trial, it must control the outside law firm, manage the litigation process, and understand the potential dangers (including costs and expenses) it faces. Prior to trial, a company’s in-house lawyer should ask trial counsel a number of questions, including:

• What is the true evaluation of the case?
• What is the approximate cost of trial?
• What are the chances of settlement before trial?
• What are the main strategies of litigating the case?
• What witnesses and experts will be needed?
• How long will the trial last?
• What are the chances of winning?

If a company knows it only has a 30 to 40 percent chance of winning at trial, is the dispute worth going to trial for, or is settlement a better option? Remember, when managing litigation you should ask yourself if it is worth it. Consider the costs.

Recent privacy concerns have caused many countries to beef up their data privacy laws and regulations. The EU of course, is a case in point. As is Korea and others in the Asia Pacific Region. However, the data privacy issues a company faces, are really the tip of the proverbial iceberg. What about the electronically stored information (ESI) that companies have? Electronic data! ESI exposes a company to a myriad of risks, data privacy of course one of them. Besides the multi-dimensional universe of data privacy, cybersecurity is also very important today as many companies and governments continue to get hacked. Even cybersecurity insurance is getting popular. However, companies not only have to worry about getting hacked or running afoul of the latest data privacy laws and regulations. Companies must also consider what data to even store, where to store it, how long to store it and protocols to decide how to analyze and review it. Let alone- where to find it, if it gets lost. Failure to take the where, when and how into consideration can expose the company to unforeseen ESI issues- such as violating ESI discovery laws as well as the associated document retention risks.

Electronically Stored Information- Document Retention Risks and Concerns

If a company is involved with litigation in the United States, it has a duty to locate all relevant information, data, and documents—including ESI that are relevant to the case. This can be quite onerous, as it requires:

• Familiarity with document retention policies
• Involvement with IT personnel
• Communication to “key players” of the litigation hold
• Location and retrieval of all relevant information wherever that information might be

The legal risks facing a company that fails to handle the above requirements in an economical/efficient manner can be tremendous. Companies have been sanctioned millions of dollars for failing to abide by ESI requirements or, even worse, have lost the respective lawsuits, costing even more. What can a company do to mitigate the legal risks surrounding document management to comply with US legal requirements?

1. Plan of Action

A company must take steps to develop an adequate data and document management plan. It is not too surprising that even the IT Department itself may not have an adequate understanding of where all of the electronically stored documents are considering the plethora of handheld devices that may store documents and other electronic information. Therefore, a company’s management and IT folks need to sit down and map out where all of the documents are located if possible. A document management plan should take the following steps into consideration:

• Assess the company’s current use of technology documents.
• Locate all in the company’s possession.
• Use technology to leverage legal requirements.
• Retain experts or outside consultants to above or to help implement systems/processes.
• Implement policies and procedures addressing all legal risks posed by ESI.

2. Risk Assessment of ESI

To implement an appropriate plan of action, a company must conduct a risk assessment of its processes and capabilities by:

• Seeking proposals of vendors (outside experts)
• A top-to-bottom analysis
• ESI and paper documents
• Hardware and software
• Management of data
• Retention of data
• Litigation holds
• Disaster preparedness

3. ESI Implementation

The legal risks facing companies in today’s legal and regulatory climate, especially in the United States, are enormous. Failure to implement a data and document management program that not only addresses a company’s business concerns but legal obligations as well can be disastrous. The development and implementation of a Legal Risk Management Program (LRM) addressing these concerns is not a luxury but a necessity. It is highly recommended that a company implement a data and documentation management program that addresses ESI and all of its issues.

For risk managers or in-house counsel, the development of a comprehensive ESI program is crucial. Talk to your IT folks. If necessary, enlist the help of outside ESI consultants. Get your hands around your company’s ESI. Implement an ESI document management program and implement processes to handle all associated risks.

As companies begin to dig out of the current pandemic and consider or re-evaluate business continuity plans, it is time for in-house counsel, risk managers and CLOs to consider ways in which to mitigate risks, including legal, operational and corporate. Here are a few considerations when contemplating risk assessments:

1. Conduct an Insurance Risk Assessment

i. Conduct a risk assessment of insurance policies. Such an assessment must be conducted to create a business risk profile to identify factors that have the greatest financial impact on the company as well as to identify appropriate risk transfer strategies to:

a) Stabilize insurance costs;
b) Mitigate extraordinary financial impact;
c) Ensure cost effective protection against catastrophic losses;
d) Optimize tax and accounting issues.

ii. Conduct an analysis of current coverage, amounts, deductibles, excess.
iii. Evaluate all insurance policies and insurance companies- coverage, costs, etc.
iv. Investigate establishment of captive insurance company.
v. Review insurance brokers to determine if the right programs are being put out to bid
vi. A review of all claims should be performed

2. Review Litigation Considerations of the Company and /or its Foreign Business Operations or Subsidiaries:

i. Affiliated companies or subsidiaries can be named as defendants. These companies will need coordination of defense and discovery matters. How do the companies handle this?

ii. Consider jurisdiction over foreign entities, including the parent entity.
a) Jurisdiction Issues
b) Maintaining Corporate Compliance

iii. Litigation Respecting Same Products in Multiple Jurisdictions-issue for electronics companies and home appliance manufacturers
iv. Insurance coverage-is it adequate? Has it been reviewed?
v. Litigation issues must be reviewed such as:

a) Coordinating billing from local counsel.
b) Insurance coverage notices and claims and updating carriers.
c) Budgeting for cases.

vi. Currently, many large US companies and subsidiaries of non-US based companies have numerous insurance related lawsuits involving class actions, product liability claims, bankruptcies, employment cases and antitrust and regulatory issues. These should be reviewed.

a) Product Liability Actions
b) Patent Actions
c) Regulatory Proceedings and Investigation
d) Commercial Disputes
e) Product Liability Costs

3. Consider Typical Legal Theories on which a Plaintiff May Base a Products Liability Claim and Class Actions In US and Elsewhere:

i. Breach of Express Warranty.
ii. Breach of Implied Warranty.
iii. Negligence.
iv. Strict Liability.
v. Deceptive and Unfair Trade Practices ("DUTP").
vi. Consumer Class Actions

4. TO ADEQUATELY PROTECT AND DEFEND AND MITIGATE THE RISK OF A COMPANY AND ITS U.S. AND FOREIGN SUBSIDIARIES, NUMEROUS PROCESSES AND PROCEDURES SHOULD BE IMPLEMENTED AND REVIEWED BY LEGAL COUNSEL AND/OR RISK MANAGERS. SUCH PROCESS GOALS ARE:

i. Product Risk Management Goals.

a). Encourage correct product use, increase customer satisfaction and minimize possible injury from use.
b). Improve ability to defend the company in the event of litigation by developing and substantiating defenses to liability, reducing exposure to liability, for example, by removing grounds to impose punitive damages.

ii. Adopt Product Loss Control Policy and Procedures which include:
1. Requiring product group or divisional officers to develop programs consistent with corporate guidelines.
2. Establishment of a group Claims Defense Committee.
3. As a part of the Research – Design – Development process, conduct formal hazard/failure evaluations on all new products.
4. Publish Quality Control Standards and Procedures for all components, materials, and processes critical to product, service, safety, and reliability.

iii. Product Management Consideration Respecting Limiting Potential Liability Exposure – Develop Checklist to include in Product Readiness Approval Objectives Including Product Design Considerations:

a) Written procedures for the design program, including:
b) Design choices – consideration of alternatives.
c) Specifications – definition of acceptable ranges of variation for each characteristic to assure that all designs are reviewed before they are released to manufacturer.
d) Establish a design review committee.

iv. Marketing

a) Review all published statements about the products including advertising, product listings and catalogues to assure that they do not: mislead users, encourage users to disregard directions and warnings contained in the labeling, or promote unapproved or inappropriate uses.
b) Include provisions in distribution and purchasing agreements so that distributor and/or purchaser will:
(i) complete and return surveys and questionnaires
(ii) notify the company of any product failures or malfunctions

Before a crisis breaks out, it’s always a good idea for the company’s risk manager or the risk management department (RMD) if one exists to review his or her role, or in case of the RMD, its role within an organization. In today’s environment, including COVID 19 virus issues, it is very important. In order to understand the risk management department’s area of responsibility within an organization, I think it best to for the head of risk management to work with his supervisor in drafting corporate guidelines covering the risk management’s area or responsibility which can then be disseminated throughout the organization. No only should the RM or RMD’s are of responsibility be covered but each individual within the RMD should have his or her position and are of responsibility described in detail as well. It’s best to have everything outlined before the RMD has to contend with a crisis, especially a pandemic.

Areas of responsibility should include the purpose and policy of the RMD in the organization, the functions and execution points of the RMD (who does what, when, how, reporting lines, etc.) as well as a detailed outline of the procedures and processes of the RMD. Procedures and processes can include:

-conducting risk assessments of the organizations’ divisions and departments
-developing solutions for the various risk management issues
-developing business continuity plans
-coordination with various departments to assist with compliance issues
-oversee loss control concerns
-develop training for the organization’s employees covering various risk related areas of concern such as product safety, etc.

(I) Are you prepared to handle risk events relating to your stakeholders or not?
(II) In a crisis management event, such as a pandemic, are you ready to address your customers?
(III) Do you have the right information to communicate to your regulators?
(IV) What are the risk management process to use in case you have major employment related issues?
(V) Do you have a business continuity plan in place?
(VI) Have you coordinated your plans with Legal?

Providing effective risk management leadership requires the risk manager to understand what his or her role within the organization is as well as who the major stakeholders really are and what risk management reporting processes actually exist or should exist. Once a risk manager can answer the questions, the manager as well as the RMD itself is ready to provide effective risk management leadership.

In order to understand the risk management department’s area of responsibility within an organization, I think it best to for the head of risk management to work with his supervisor in drafting corporate guidelines covering the risk management’s area or responsibility which can then be disseminated throughout the organization. No only should the RM or RMD’s are of responsibility be covered but each individual within the RMD should have his or her position and are of responsibility described in detail as well. It’s best to have everything outlined before the RMD has to contend with a crisis, especially a pandemic.

-conducting risk assessments of the organizations’ divisions and departments
-developing solutions for the various risk management issues
-coordination with various departments to assist with compliance issues
-oversee loss control concerns
-develop training for the organization’s employees covering various risk related areas of concern such as product safety, etc.

Besides managing risk, risk managers must also have a knack for good stakeholder management. In fact, in order to provide effective leadership in today’s corporate world, risk managers and those who have a risk management function, must understand the significance of good stakeholder management. Considering the high employee and investor turnover rates it is no wonder that risk managers must take the lead in providing risk management information to various stakeholders not only from a compliance perspective but from a profit/loss perspective as well.
Who are the various stakeholders that a risk manager must concern himself or herself with? Of course the more sophisticated a company, the more stakeholders there might be. Nonetheless, the main stakeholders of any company or organization usually include:

1. Employees
2. Upper Management including the Board
3. Customers
4. Suppliers
5. Regulators
6. Investors
7. Business partners; and
8. Credit Analysts

The first step in leadership for any risk manager when looking at stakeholders is to ask the hard questions such as: (I) Are you prepared to handle risk events relating to your stakeholders or not? (ii) In a crisis management event, such as a pandemic, are you ready to address your customers? (iii) In case of litigation, do you have the right information to communicate to your regulators? , and (iv) What are the risk management process to use in case you have major employment related issues?
Providing effective risk management leadership requires the risk manager to understand what his or her role within the organization is as well as who the major stakeholders really are and what risk management reporting processes actually exist or should exist.

Once a risk manager can answer the questions, the manager as well as the RMD itself is ready to provide effective risk management leadership.

In the past I have commented on crisis management and the tools needed to handle crisis in today’s business environment. It is clear however, that an international crisis, such as the COVID 19 virus, is harder to deal with than a domestic crisis. A pandemic, or potential pandemic as the CVOVID 19 virus is, by its very nature, an international crisis. Therefore, In essence, the COVID 19 virus presents international crisis problems, issues and concerns to many companies, organizations and even governments. Like other international crisis, the COVID 19 virus crisis is of course harder to handle than domestic crisis. Why? Because of international considerations, an international crisis is harder to manage than a domestic crisis. As it is more complex, companies caught up in an international crisis have to pay more attention to international, cultural, and communication issues than they would in a purely domestic scenario. Cross-border crisis management has become very important. Therefore, an international crisis requires a number of steps, including:

• Planning for an international crisis
• Appointing a crisis manager
• Establishment of a crisis management team
• Knowledge of foreign situation and its impact
• Communications
• Cross-border management of the crisis

The principle focus of any crisis management strategy, especially in an international contest, is communications. All crisis management plans call for effective crisis communications, which many times are not always executed. Inadequate or failed communications lead to bad publicity, unhappy stakeholders, and potential disaster. An effective crisis communication strategy is necessary for any international crisis. A number of companies and even governments have failed to defuse international crisis because of poor communications.
An effective crisis communication strategy is necessary when dealing with an international crisis .A number of processes are need to implement an effective crisis communication strategy to manage an international crisis, including:

• Creation of the crisis communication team.

• Identify key spokespersons who will speak for the organization. Who are they? What are their roles?

• Training on cultural issues, if the crisis involves other cultures.

• Establishment of communication procedures and protocols. Who communicates to whom and why?

• Identify key messages to communicate to key stakeholders and groups.

• Has a budget been approved for the crisis?

• Have the facts surrounding the crisis been established?

• How will the company use social media?

• Identify third party consultants that can add value to the communication and PR process- whether it is a PR Communications firm or a third party company.

• Has a communications war room been set up to handle communications?

Though companies try and resolve the crisis at hand and spend significant sums of money to do so, if they fail to properly communicate to the media and the public, they in effect have lost and can expect outrage and consumer dissatisfaction to such an extent that the very existence of the company can be threatened. This is particularly so for cross boarder crisis as the failure to manage international communications can lead to cultural issues which play out in the press or on social media.

So remember, a company doing business internationally has to plan for eventual crisis which may pose a potential threat to the company. If it fails to handle communications properly, it faces not only a potential loss of business but a negative impact on its brand.