How A Law Firm Can Become The Go To Law Firm 

When using outside counsel, most companies, especially those that have affiliates or subsidiaries, need a comprehensive approach. Unfortunately, some companies hire law firms on a case-by-case or ad hoc basis. Sometimes divisions of the same company hire different law firms without thinking about potential issues of legal talent and failure to obtain high-quality legal services on a consistent and reasonably priced basis.

If a company has an in-house Law Department, it is incumbent on the in-house Law Department to develop processes to select and use outside counsel on a consistent basis with a focus on quality, reasonable fees, and, of course, success. Such success is normally the result of a long-term relationship in which outside counsel becomes a member of the company’s “team,” learns the business, and can, therefore, provide timely legal and business advice.  A General Counsel knows that a vital part of a Legal Risk Management Program is having a go to law firm that can handle major legal issues in an effective and efficient manner.  So the General Counsel is always looking for the firm that can deliver.

If a company does not have a large legal staff  or does not have an in-house counsel, it must look toward retaining a law firm, which in essence acts as an in-house counsel. In other words, the law firm becomes an “outside general counsel.” By hiring an outside general counsel, a company obtains a firm that can consistently and responsibly evaluates legal issues, decide how to handle them, and implement a comprehensive legal strategy.

In essence, more and more companies as well as General Counsel are only looking for law firms that can add value and either help the in house law department add value or add value to the company’s bottom line.  In today’s ultra competitive legal marketplace, only the law firms that can add value are thriving.  Law firms are no longer just a provider of legal services- they are a business partner!  So the question becomes how can a law firm position itself to add value and become the “go to law firm” or “firm of choice”.    Law firms know that when dealing with a company it is essential to meet the General Counsel ( if the company has one) and develop a working relationship.  But that is not enough.  The days of becoming the go to law firm solely based on relationships are over.  Having a good working relationship is of course also necessary.  But its all about value add. 

IT IS ALL ABOUT VALUE ADD

Here are 12  steps to take to become the  firm that adds value-

  1.  Know the business!   Understand the major issues facing the business?  Take time to understand how the company works !
  2. Develop a relationship with the GC!  Go out and meet him.  Call him on the phone.
  3. Meet the Assistant General Counsel as well and/or other senior lawyers.
  4. Be responsive- At All Times!
  5. 24/7-   is the new response time.
  6. Don’t create “busy work”. The GC knows what is important.
  7. Work with the GC to fit in with the GC’s outside staffing guidelines
  1. Responsiveness is important!  Communicate any and all significant case developments!
  2. GC’s love litigation plans and well drafted budgets

           (i)    It requires a well drafted pitch proposal to RFPs.

         (ii)    What are the major issues in the litigation or matter?

        (iii)    Be willing to follow the GC’s requested billing format ( and stick to it).

  1. Go the extra mile!! Do whatever it takes!
  1. Learn  the organization works!!

(i)  What are it’s A/R, billing, credit , accounting and procurement processes?

(ii)  What are the main business issues involving its manufacturing or services?

  1. Don’t take the GC or company  for granted – ever! 

If a law firm can internalize these 12 steps it is well on its way to become the company’s firm of choice.  The GO TO LAW FIRM!

 

TO ADEQUATELY PROTECT  AND DEFEND A COMPANY AS WELL AS  MITIGATE THE RISK OF SELLING PRODUCTS  IN THE US, NUMEROUS PROCESSES AND PROCEDURES NEED TO BE IMPLEMENTED.

Product Liability Risk Management-   

Companies that sell products in the US have to be worried about product liability related litigation as well as class actions and government investigations.   Product liability claims, product recall cases and related litigation not only hurt a company's brand image and reputation but also results in the enormous expenditure of litigation costs and legal fees including costs related to product incidents, lost profits, management and employee time as well as increased insurance costs and recall expenditures.  To defend and mitigate the risk of product liability litigation in the U.S., companies should focus on processes that prevent potential product liability claims and litigation that can prevent or  minimize not only lclaims and litigation but the exposure of legal fees and costs.  As potential sources of product liability include product design issues, manufacturing and distribution issues and product promotion and service issues, it is only fitting that most processes and procedures that I recommend to limit exposure to product liability claims cover such areas of risk.  Such processes  to manage prouct liability risk are summarized in checklist form  below. If used properly they can prevent, minimize and transfer  a company's product liability risk.  

    1. Product Risk Management Goals.
      1. Encourage correct product use, increase customer satisfaction and minimize possible injury from use.
      2. Improve ability to defend the company in the event of litigation by developing and substantiating defenses to liability, reducing exposure to liability, for example, by removing grounds to impose punitive damages.
      3. Assist in assuring regulatory compliance.  How robust is the company’s compliance procedures?
    2. Adopt Product Loss Control Policy and Procedures which include:
      1. Requiring product group or divisional officers to develop programs consistent with corporate guidelines.
      2. Establishment of a group Claims Defense Committee.
      3. As a part of the Research – Design – Development process, conduct formal hazard/failure evaluations on all new products.
      4. Publish Quality Control Standards and Procedures for all components, materials, and processes critical to product, service, safety, and reliability.
      5. Obtain Certificates of Insurance – Vendors endorsements – Hold Harmless Agreements from suppliers and sales outlet.
      6. Establish guidelines for development and review procedures manuals, instructions and labels.
    3. Product Management Consideration Respecting Limiting Potential Liability Exposure – Develop Checklist to include in Product Readiness Approval Objectives.
      1. Product Design Considerations
        1. Written procedures for the design program, including:
          1. Design choices – consideration of alternatives.
          2. Specifications – definition of acceptable ranges of variation for each characteristic to assure that all designs are reviewed before they are released to manufacturer.
        2. Establish design review committee.
        3. Establish written procedures for the development of specifications, and procedures that verify that specifications are accurately embodied in design.
        4. During the Design – Evaluation and Consideration of:
          1. Users/owners of the products – tailor labeling (e.g., instructions for use, warnings, contraindications) to the users level of expertise.
          2. Determine types of people likely to be exposed to the product, consider unique risks to these groups.
          3. Tailor labeling and develop safety features to address the unique risks to the intended users.
      2. Labeling
        1. Establish a labeling review committee.
        2. Consider intended users/operations:
          1. if general consumers will be using the product: develop labeling that is non-technical and easy to understand, warn against all risks, including obvious risks, clearly state hazards and warn about consequences of improper use.
          2. if professional operators will be using the product: specify on the labeling that only qualified personnel may use/operate the device, stress contraindications and warn against unapproved uses, develop labeling that is easy to follow.
        3. Provide users with clear and concise directions, information, and precaution for use.
          1. ensure that the label is accurate, complete, visible and easily understood.
          2. provide information on labels affixed to the product or through inserts, packaging, or accepted pictographs.
          3. when it is not feasible to provide full information on a label affixed to the product, affix a label that refers users to inserts, handbooks, packaging or pictographs that will provide full information.
          4. Review all inserts and information on packaging for accuracy, and to assure that they are consistent with other labeling.
      3. Conduct Post-Sale Monitoring of Labeling
        1. Monitor adequacy and accuracy of labeling.
        2. Establish field service reporting to Loss Control Committee on how devices are used in the field and to give information on service and maintenance problems caused by users who misunderstand the labeling.
        3. Evaluate complaints failures and malfunctions.
        4. Evaluate all failures and malfunctions to determine whether they were caused by poor labeling or by user misunderstanding of the labeling.
        5. Monitor labeling practices in the industry.
      4. Marketing
        1. Review all published statements about the products including advertising, product listings and catalogues to assure that they do not: mislead users, encourage users to disregard directions and warnings contained in the labeling, or promote unapproved or inappropriate uses.
        2. Include provisions in distribution and purchasing agreements so that distributor and/or purchaser will:
          1. complete and return surveys and questionnaires
          2. notify the company of any product failures or malfunctions
          3. use the products in accordance with the instructions
          4. refrain from using the product after failure or malfunction
          5. use the product only with compatible systems
          6. have the product serviced only by company service personnel or entities approved or certified
      5. Manufacturing and Distribution
        1. Comply with GMP requirements or other required manufacturing standards.
        2. Provide for different types of testing of devices, components, and materials at different stages of the manufacturing process.
        3. Assure through testing that the manufactured device meets design and performance specifications.
        4. Conduct failure-modes-and-effects analysis for all products.
        5. Address quality of equipment used in manufacturing.
        6. Address quality of software.
        7. Procedures for testing of components and materials obtained from suppliers, and procedures for auditing suppliers and contractors.
      6. Service
        1. Investigations - evaluate all service related complaints according to written procedures that set forth valid and uniform criteria to determine validity, seriousness, fault, repeatability, determine whether the complaint falls within government regulatory requirements.
        2. Responses to user complaints - letter or general change to process, new labeling.
        3. Repeat or clarify instructions in labeling.
        4. Provide new information on proper use or risks associated with use.
        5. Warn against further use of an obsolete or hazardous product
        6. Warn against misuse or unapproved use and supply information on the risks of such use.
        7. Advise when the product should be repaired.
        8. Require field-service personnel to submit standard forms giving information on product problems and contacts with users.
          1. repair only products about which they have sufficient information
          2. disclaim responsibility for the inherent quality of other companies' products
      7. Product Problems
        1. Establish written process to evaluate new information to determine proper response with regard to:
          1. devices in use
          2. devices in manufacture
          3. future devices and device changes
        2. Establish written procedures for:
          1. sending new information and warnings to users
          2. sending notification of obsolescence
          3. conducting safety upgrades
          4. conducting recalls
          5. assuring traceability of products to users
      8. Third-Party Service Providers
        1. Must provide reports about service and repairs to include:
          1. product repaired
          2. nature of work performed
          3. equipment and materials used
          4. identity of user and service
          5. place and date of repair
          6. condition of the product as received
        2. Written procedures for certification of third party service provider.  Audit to determine compliance with procedures.
      9. Review and Draft Manuals, Warnings and Labels and Establish a Review Committee to review:a)         Instruction Manuals
          1. In general, instruction manuals or guidebooks should contain the following information
          • The date of publication and a description of the manual(s) it is ______ any;
          • Disclaimers of express or implied warranties, if appropriate;
          • The name and description of the product and its overall function ___ other relevant product information, such as its model, lot, or serial number ____;
          • A summary safety section at the front, directing attention to the ____ product hazards;
          • Consistent restatements of all warnings that appear on product additional safety information, clearly distinguished from directions for _____;
      1. Review Warnings
        1. The warning must adequately indicate the scope of the danger;
        2. The warning must reasonably communicate the extent of seriousness of the harm that could result from misuse of the product;
        3. The physical aspects of the warning must be adequate to alert a reasonably prudent person to the danger;
        4. The warning must indicate the consequences that might result from failure to follow it;
    1. Insurance Considerations
      1. Conduct a risk assessment to create a business risk profile to identify factors that have the greatest financial impact and integrate appropriate risk transfer strategies to:
        1. Stabilize insurance costs;
        2. Mitigate extraordinary financial impact;
        3. Ensure cost effective protection against catastrophic losses;
        4. Leverage risk bearing capital;
        5. Optimize tax and accounting issues.
      2. Conduct an analysis of current coverages, amounts, deductibles, excess. 

            In summary, companies wishing to  sell products in the US  must do the following to reduce the risk of product liability claims, class actions, regulatory issues and related litigation.  It is recommended that: 

                        1.         The company implement in the U.S.:

        1. Loss Control Procedures

        2. Committees to review warranties, labels, instruction manuals.

        3. Review of all advertisements.

        4. Review and implementation of adequate insurance policies.

        5. Implementation of a Product Risk Management Committee.

        6. Implement new procedures in service to address loss prevention, warnings and efficient investigations.

          2.           Work with the  factories to implement:

          1. Loss Control Strategies

          2. Risk Minimization

          3. Class Action Defense Strategies

          4. U.S. Regulatory Issues.

Risk Management for In House Lawyers 

Today, many in house lawyers  still think of risk management as the department that manages insurance policies.  Some may in fact think that risk management also encompasses handling bad publicity or maybe even covers a disaster recovery plan.  Many in house lawyers, as well as some corporate managers don’t believe risk management is part of their job description.  However, given the globalization of business, the increased volatility of todays’business climate and the changes in social media that has increased communication ten fold, risk management is now part of every manager’s job description, including the in house lawyer.

Risk management should be viewed as an essential part of everyday management, including legal management.  Managing a company’s risks is not only important but vital.  Until recently, lawyers have been trained to think reactively-  ie  to react to a threat or risks.  But given the recent changes in the global business environment, in house counsel must now learn to manage risks.  Such proactive management  encompasses a large area  of not  only pure legal risks but also business risks that could lead to legal threats and issues.  In essence, an in house counsel must now learn to proactively manage risks by minimizing risk, mitigating risks, transferring risks and eliminating risks.  All are in a sense a proactive response to a risk rather than a purely reactive response. 

The main role of in-house counsel in corporations or legal entities is now, of course, to mitigate legal risk in connection with the sale of products or services provided by the company. In essence how the company protects its success will be based in part on its ability to manage, control, and minimize legal risk, especially in a litigious society such as the US marketplace.  Legal counsel must take an active effort in developing strategies, systems, and processes that will minimize the legal risks faced by the company on a daily basis.  The area of risk management for in house counsel has become so large it can now be labeled “Legal Risk Management”  or  LRM. 

What is LRM?  First you must define LRM.  Legal risk is the probable occurrence of a future event or non-event that will have a negative impact on the company that could result in law suits, fines, investigations, crisis, reputational harm, financial harm and of course the destruction of the company’s brand or even the company.  Legal risks and business risks intertwine to such an extent that business risk have legal impact.  Therefore, in house counsel must become involved in the day to day management of business risk itself.  This leads to the question of a company’s appetite for risk.  For a company , as well as its in house lawyer, to properly manage risk- management has to understand what risk it is willing to take in the market place and what risk it is not willing to take.  Is it willing to buy inferior parts for its product and risk the probability of a product liability lawsuit in order to make a greater profit or not?  What does the Board of Directors think about risk?  Has the BOD ordered a risk audit of the whole company? Is the company willing to accept more risk than it currently accepts , and if so, what is the rate of return it needs to justify the additional risk?

A company may have competing objectives that result in increased risk or a decision to accept additional risk.  Does the company have a business model that compares the benefits over the potential increased risk?  If the company’s sales department wants to increase sales revenue by offering a one year warranty over its normal sixty day warranty has the company’s service department quantified the risk of increased costs to provide additional service? Is it worth it?

An in-house lawyer must also determine how the organization’s risk appetite compares to the risk appetite of its competitors in the market place.   What are the competitions’ risk policies towards its products and services?  If the company wants to become an innovator instead of a follower, is it willing to increase its exposure to risk?  If so, how much additional risk is it willing to take?  What about additional risk in product safety or service delivery?  Does the company in fact what to be a trend setter without additional risk?  How can it do that?

An in house lawyer must now think in terms of risk analysis.  The lawyer must use tools  to not only identify risk but provide a qualitative analysis a risk’s probability and its impact on the company’s objectives and bottom line.  Various tools include risk map, use of processes such as interviews of key personnel, procedures involving review of industry guidelines, internal procedures, risk diagrams, etc.  What risk analysis has been developed to gauge the safety controls in the manufacturing division’s product design protocols? How does the R&D division handle the potential risk of defective parts and materials?

Not only must the in house counsel identify risks but he must assess the inherent likelihood  and impact of the risk.  Will the impact of the risk be very minor or could it be a major event.  Once the in house counsel analyses the risks and assesses the potential impact of the risk, he can then determine how to handle the risk- such as risk mitigation, risk transference, risk avoidance and risk acceptance.  Though lawyers don’t like to admit it ( as lawyers by nature are risk averse) risk acceptance is an acceptable form of responding to a risk- especially when the risk cant be mitigated and the upside can bring potential gain.  Risk mitigation can be achieved through various means such as implementation of a loss control program.  Risk transfer can of course be achieved by such means as insurance, as a well drafted insurance policy covering a specific form of risk will result in the transfer of the risk to the insurer.

It is time that in house counsel realize they are in fact legal risk managers.  The law department of a corporation can serve it well by playing a substantial role in the corporate wide management of risk by proactively managing  potential risk instead of just reacting to it.  By working with cross corporate teams to manage risks through corporate governance, compliance, loss control, review of HR processes or product safety concerns besides just purely legal issues, a corporation’s law department increases its value to the company.  Instead of just a pure cost center, it can in fact become a profit center.

By controlling and managing legal risk, an organization is able to control its future.  Without adequate LRM processes, a company is exposed to claims, lawsuits, fines, and investigations.  Not a day goes by where some governmental investigation or lawsuit is not reported in the local newspaper.  These days it is a common occurrence. Therefore, it is imperative that an organization  and its in house legal team understand that by controlling and managing legal risk, an organization is able to control its future.  Without adequate LRM processes, a company is exposed to claims, lawsuits, fines, and investigations.  Not a day goes by where some governmental investigation or lawsuit is not reported in the local newspaper.  These days it is a common occurrence. Therefore, it is imperative that an organization understands the role that LRM plays in an organization and that adequate systems, processes, and procedures be implemented to minimize, control, and transfer such legal risk. 

Compliance Training- Get the Board of Directors Involved 

Legal risk management ( LRM) not only plays an important part in the success or failure of a corporation, but it is so important that it must be elevated to the Board of Directors for such LRM processes to be effective. As the Board of Directors ( BOD)  of a company owes a fiduciary duty and obligation to the corporation, such duty requires a Board of Directors that is fully informed and knowledgeable on major issues of risk. Whether it is compliance issues, SOX, currency risk, antitrust, M&A issues, ERISA or tax etc., the BOD must be fully informed about the potential risk to make the appropriate decisions involving the management of the company. Therefore, due to its very nature, the BOD cannot escape its fiduciary obligations with regard to understanding and approving LRM processes. 

Compliance is therefore a major area or risk prevention that the BOD must be informed about on a regular basis.  One of the hallmarks of a good compliance program is not only approval of the compliance program by the BOD but the fact the BOD is also trained on compliance as well.  Training the BOD on compliance of course has its own peculiarities and concerns apart from compliance training for the average employee. 

In fact, The Federal Sentencing Guidelines provides that a compliance training program must include training for the Board of Directors.  Though the Guidelines does not explicitly state that it does state that the organization must take steps to communicate its compliance program and ethics program to members of the organizations governing authority and high-level personnel.  A BOD’s fiduciary duty combined with the mandates of the Federal Sentencing Guidelines has in effect laid the groundwork for compliance training with the BOD.  Though of course, companies seek to share compliance data with their BOD, they must also train the BOD on compliance related topics to get the full protection as promised by the Guidelines. 

An effective compliance program for the Board of Directors should cover topics such as:

1. Discussing current trends and best practices in compliance programs

2. Describing the major components of an organization’s internal compliance program’s and explaining how it works,

3. Assessing how the internal compliance program measures up against other programs

4. Discussing risks and what the organization is doing to address, prevent , transfer and mitigate risk

5. Supporting documentation- a company needs to prove the Board of Directors has been substantially trained in the compliance program- therefore the company or organization will need to produce supporting documentation. Such documentation should include:

Having the Board of Directors attend training not only satisfies the Guidelines.  But it sends a powerful message across the organization and sets a tone so to speak that the organization takes ethics and compliance seriously and that compliance programs are important” at all levels of the corporation.  Also,if compliance training takes place in an On Line format- all the better as the Board of  Directors may take training outside an actual physical board meeting and save valuable board meeting time  for other activities. 

Once the company decides upon the training format for the Board, such as an e-learning format, it should also include a benchmarking module for the BOD.  The training program should include comparisons to compliance programs of other companies and peer organizations.  Benchmarking is one way for the Board of Directors to understand if the compliance program is meeting standard industry practices.  If it does not, the compliance officer or risk manager can ask the BOD to authorize more budgets to replicate the compliance programs of other companies that do meet industry standards. 

A legal risk management program to be effective must be elevated to the Board of Directors.  This includes the implementation of a risk assessment as well as a compliance program.  It is important that the Board becomes involved with legal risk management, especially compliance, as a Board’s fiduciary duty and obligations under the Federal Sentencing Guidelines requires it.  How a company conducts such risk assessment, compliance program implementation and training depends in large part on the efforts or the company’s risk manager and/or compliance officer. 

On Line Training-Risk Management Benefits

Many countries now require companies to implement compliance policies for legal and risk management reasons. Some companies have implemented compliance policies for brand image and other reasons as well. A compliance program, properly implemented, not only increases a company’s brand image but reinforces ethical behavior, which in turn minimizes violation of local laws by upholding compliance of financial and legal rules.  In essence, a compliance program yields many benefits especially those associated with brand image.  Risk Management has become involved in the implementation and auditing of compliance programs and as such,  must not only  implement compliance programs that identify areas of risk but  Risk Managers or Compliance Officers must train executives and employees in compliance areas deemed important by the company. To understand compliance in general and the reasons for compliance training one needs to review the history of compliance in the United States.

US Compliance History

Background

In November 1991, an innovative piece of legislation was enacted in the United States that had a profound effect on corporate America. This has reverberated throughout the world. The legislation was the US Federal Sentencing Guidelines (“Guidelines”).

The Guidelines

The Guidelines are used by judges to determine the appropriate sentence for corporations convicted of a federal crime.   According to the Guidelines, a corporation may be sentenced or fined for federal offenses connected with antitrust, securities, bribery, fraud, money laundering, criminal business activities, extortion, embezzlement, conspiracy, etc.  As you can see it is quite broad and covers many “illegal” activities.      When deciding on an appropriate sentence, judges were for the first time asked to consider whether the corporation had an “effective compliance program” before the violation took place or, in other words, whether the corporation took appropriate steps to prevent and detect violations of law.  Therefore, in order for courts to reduce or mitigate criminal sanctions, companies must now have a compliance program in place. The Guidelines were amended in 2004 (Revised Guidelines).

The Revised Guidelines

The Revised Guidelines recognize that effective compliance and ethics requires more than policies and procedures, it also entails a focus on organizational culture that promotes law abidance. In other words, a major focus is on compliance and ethics. For the first time, a set of laws creates a legal mandate for compliance.  It looks at:

The Revised Guidelines also recognize seven elements in a proper compliance program. The current Revised Guidelines list seven elements of an “effective compliance program” as being:

 Establishment of Compliance Program

The establishment of a compliance program anywhere in the world usually consists of adopting a company code of conduct, with perhaps specific policies governing local conditions. However, because of the U.S. requirements, many organizations have adapted compliance policies that conform to U.S. standards. Because of the Revised Guidelines, specific elements to a valid compliance program are required. They are:

The basics—what is needed?

 Code of Conduct

A company’s compliance programs’ code of conduct should incorporate various principles. Primarily, five basic principles should be followed or reflected in the code. The five principles a company’s compliance code of conduct should incorporate are as follows:

The company complies with local laws and ethical standards of society.

The company maintains and promotes an ethical organizational corporate culture.

The company respects customers, shareholders, and employees.

The company cares for the environment as well as the health, and safety of its customers and society.

The company is a socially responsible corporate citizen.

U.S. Compliance Program Code of Conduct

To establish an “effective compliance program” under the guidelines and other U.S. laws, a foreign company normally goes beyond its local code or domestic code of conduct. Its employees must be familiar with the specific laws that govern their conduct in the jurisdiction in which they work.

If a company has a branch or division in the United States, it must have a U.S. Code of Ethics, which is designed to inform employees in the United States about the specific laws and standards governing their conduct. Having a compliance program is mandated by the U.S. Sentencing Guidelines.

Compliance Training

To have an effective compliance program, a company must also hold compliance training after it “launches” the compliance program. Areas of training should be covered and how the training should be given is of major interest.     It is best if the company offers local compliance training covering the relevant laws and practices where people are located. Training can be given in person, online via web-based training, or by other media. It must be given on a regular basis.  Lately, it is becoming apparent to many companies and organizations that on-lining training is perhaps the most efficient and economical method of compliance training if properly implemented.  This is especially true if on-line training can be conducted on a local level or micro level allowing subsidiaries and/or affiliated companies and divisions to conduct on line training targeted to select groups of employees and functions as well.

Local Training

Training on the code of conduct can be given by HR or by Legal.

-Local training in antitrust, anti-harassment, anti-discrimination, and anti-retaliation, ethics, illegal business practices, financial integrity, customs, etc.

-The majority of the local training will be online.

-The goal is to equip employees to handle compliance issues.

-Training should help employees to identify potential wrongdoing.

-Training should help employees understand their role in the compliance scheme.

-It should let them know what to report and how to report.

The U.S. Compliance Program: Reporting Wrongdoing

In the United States, having an effective reporting system has come to mean one that encourages reporting by allowing for a variety of reporting avenues including anonymous reporting systems.

If an employee was limited to one avenue of reporting (i.e., to his supervisor), it is likely he would not report wrongdoing if his supervisor was involved.

In the United States, a company should allow for employee reporting normally as follows.

Employee Reporting 

On-line compliance training should cover all employees to the extent possible.  For compliance programs to be effective, normally all employees are required to promptly report all known or suspected violations of applicable laws or of the compliance program, including corporate policies. Reports of such violations shall be promptly made to a manager; the compliance officer, risk manager if any; HR; or to the Law Department. If any employee wishes, he or she may report violations anonymously via an anonymous e-mail (or by phone) system. All reports should be promptly and thoroughly investigated.

To the extent possible and permitted by law, the company must take reasonable precautions to maintain the confidentiality of those individuals who report legal or compliance-related violations. 

Training Programs

Training programs may vary depending on the needs of a particular company. Training programs may consist of instructor-led training, Internet-based, or E-learning programs or even a combination of both. It is up to the company to decide which training program fits the needs of its employees as well as suits its budgetary constraints.  In fact, companies in the United States are scrambling around trying to decide on how to handle training programs for the BOD and executive management that is required which includes deciding on what form the training should take, its content as well as the frequency of the training.  However, it is apparent, especially for multinational companies or companies in general that lack in house training facilities, e-learning is becoming the easiest and most effective compliance training tool for a number of reasons.  First, it is much easier for most employees of any company to access a computer and therefore the internet.  Many companies have streamlined over the years and have outsourced the training function to independent third parties. Second, it is more effective to target certain groups of employees across corporate departments with customized e-learning compliance programs than try and offer in house training in person.

Risk Assessment of Compliance Programs

A risk assessment or legal risk management audit (LRM) is vital in the implementation and continued success of any compliance program. Not only do the U.S. Federal Sentencing Guidelines require a periodic risk assessment of a compliance program, but conducting a periodic risk assessment has an upside as well. By conducting a periodic or annual assessment of the compliance program, not only is the company or organization receiving valuable feedback on the program from employees and management which will help it improve the compliance program but it is also will be in compliance with the U.S. Federal Sentencing Guidelines. By conducting an LRM audit of the compliance program, a company should be able to:

E-Learning  Or On-Line Initiatives

Many corporations are implementing an enterprise –wide compliance e-learning program on line.  In order to meet a compliance training effort that exceeds the minimum requirements of the US Scenting Guidelines or a local country’s laws, Risk Managers or Compliance Managers are having to implement certain key or tactical steps that sufficiently address the E-leaning needs of the company.  Such steps include:

-       Determining goals and estimated budget

-       Assembling staff to implement E-Learning

-       Creating a Code of Conduct Training Plan

-       Determining a 3-5 year Compliance Training Program

-       Receiving proposals from E-Training Vendors

-       Choosing Vendors and customizing E-Learning Programs

-       Launching E-Learning Compliance Programs

-       Measuring effectiveness of E-Learning Programs

 E-Learning Issues

E-Learning Compliance Programs involve a substantial amount of technology issues.  A company’s Legal Department or Risk Management Department may not be equipped to deal with all of the issues.   The technology issues need to be addressed up front at the beginning not only during the E-Learning Vendor selection process but during the planning stage with the company’s IT department.  The right internal parties must be involved and sufficient time must be invested in determining what technology requirements will need to be addressed and E-Learning Compliance programs properly deployed.  Issues that should be addressed include:

-       Bandwidth constraints that preclude the use of video based programs;

-       Difficult integrations between a vendor’s data and an organization’s Human Resources Information System (HRIS) resulting in a botched administration of the program;

-       Corruption of training records which undermine the integrity of the system

To address the issues and facilitate the smooth implementation of the E-Learning program, a Risk Manager of Law Department will have to ask and answer the following questions:

1. What is the required minimum network infrastructure necessary to run the E-Learning based training programs?

2. Will the programs be hosted internally or externally?

3. What will the organization use as a Learning Management System?

4. How will the programs be technically administered and will it be integrated to the organization’s HRIS?

  Current Practices for Technology and Record Keeping

Companies that have trouble free E-Learning Compliance Programs have developed a number of practices that have led to successful implementation of E-Learning programs,  Such practices can be narrowed down to six basic steps or practices and are as follows: (i) companies have avoided using excess video in E-Learning programs that may take up bandwidth constraints. Companies have found that using technologies that can avoid network bottlenecks work best ;( ii) Companies have found ways to leverage E-Learning for non-networked employees.  Though some employees are not usually on a network, such as floor managers or industrial workers, Companies are able to create kiosks or ad hoc E-Learning training centers that connect employees;(iii) Companies work with vendors to limit the need for multiple sign ons/passwords.  Most employee already have multiple passwords to access various corporate systems; (iv) Companies work with external vendors to maintain the security of the corporate systems. Corporations must be satisfied with the E-Vendor’s security protocol and to take steps before the launch of the E-Learning Program to avoid hacking;(v) The technical sophistication of E-Learning vendors varies widely. Companies have found it necessary to conduct test integrations with possible vendors ;(vi) Prior to officially launching the E-Learning Program, Companies have required a pilot test program to filter out bugs and provide fixes prior to launching the programs.

    E-Learning In a Corporate Setting- What next

When implementing appropriate on-line or E-Learning Programs in a corporate setting for compliance or other legal or risk management concerns, Risk Managers must be involved at the beginning planning stages.  An enterprise-wide compliance E-Learning initiative is a complex process with multi-part undertakings that are integrated with other parts of a compliance program or ERM program.  A Risk Manager should conduct due diligence on the potential vendor.  Progress will have to be reported to the Board of Directors as part of the Compliance Process.  Therefore, all internal steps will have to be coordinated with relevant departments to confirm the effective and proper implementation of the E-Learning based Programs.  This also means that organizations will likely rely more and more on E-Learning based vendors who are able to satisfy the organization’s technology issues including systems integration and customization of programs.

      Conclusion

As jurisdictions are requiring more and more compliance based training programs, E-Learning Compliance Programs will become the dominant training vehicle of the future.   More and more companies and organizations will migrate over to E-Learning based training.  Companies will have to decide whether to host such programs internally or externally.  Due to cost efficiencies, more and more companies will opt to have external E-Learning Vendors host such training provide such training can be efficiently integrated into the organization’s HR network ( HRIS) or a company’s  learning management system ( LMS).  This presents great opportunities for E-Learning Training providers or vendors provided such vendors can address the technical issues that are inherent in any organization.  Risk Managers and /or Compliance Officers must grapple with the issues the company faces when trying to implement an E-Learning based ERM training program.  For a successful implementation, both Risk Managers and E-Learning Vendors must work together to address all issues a company will face when migrating over to On-Line or E-Learning Programs.  The future appears bright for those vendors offering On-Line training, especially in a corporate context.

Seoul Train StationWhen Managing Risk- Change Matters

One of the main drivers of my success over the years has been the ability to “change”.  If you look around you, change is everywhere.  In fact  it is the only constant in life.  Everything changes whether we like it or not, just as in the picture showing the new Seoul Train Station and the old one in the background. (more…)

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram