On Line Training-Risk Management Benefits

Many countries now require companies to implement compliance policies for legal and risk management reasons. Some companies have implemented compliance policies for brand image and other reasons as well. A compliance program, properly implemented, not only increases a company’s brand image but reinforces ethical behavior, which in turn minimizes violation of local laws by upholding compliance of financial and legal rules.  In essence, a compliance program yields many benefits especially those associated with brand image.  Risk Management has become involved in the implementation and auditing of compliance programs and as such,  must not only  implement compliance programs that identify areas of risk but  Risk Managers or Compliance Officers must train executives and employees in compliance areas deemed important by the company. To understand compliance in general and the reasons for compliance training one needs to review the history of compliance in the United States.

US Compliance History

Background

In November 1991, an innovative piece of legislation was enacted in the United States that had a profound effect on corporate America. This has reverberated throughout the world. The legislation was the US Federal Sentencing Guidelines (“Guidelines”).

The Guidelines

The Guidelines are used by judges to determine the appropriate sentence for corporations convicted of a federal crime.   According to the Guidelines, a corporation may be sentenced or fined for federal offenses connected with antitrust, securities, bribery, fraud, money laundering, criminal business activities, extortion, embezzlement, conspiracy, etc.  As you can see it is quite broad and covers many “illegal” activities.      When deciding on an appropriate sentence, judges were for the first time asked to consider whether the corporation had an “effective compliance program” before the violation took place or, in other words, whether the corporation took appropriate steps to prevent and detect violations of law.  Therefore, in order for courts to reduce or mitigate criminal sanctions, companies must now have a compliance program in place. The Guidelines were amended in 2004 (Revised Guidelines).

The Revised Guidelines

The Revised Guidelines recognize that effective compliance and ethics requires more than policies and procedures, it also entails a focus on organizational culture that promotes law abidance. In other words, a major focus is on compliance and ethics. For the first time, a set of laws creates a legal mandate for compliance.  It looks at:

The Revised Guidelines also recognize seven elements in a proper compliance program. The current Revised Guidelines list seven elements of an “effective compliance program” as being:

 Establishment of Compliance Program

The establishment of a compliance program anywhere in the world usually consists of adopting a company code of conduct, with perhaps specific policies governing local conditions. However, because of the U.S. requirements, many organizations have adapted compliance policies that conform to U.S. standards. Because of the Revised Guidelines, specific elements to a valid compliance program are required. They are:

The basics—what is needed?

 Code of Conduct

A company’s compliance programs’ code of conduct should incorporate various principles. Primarily, five basic principles should be followed or reflected in the code. The five principles a company’s compliance code of conduct should incorporate are as follows:

The company complies with local laws and ethical standards of society.

The company maintains and promotes an ethical organizational corporate culture.

The company respects customers, shareholders, and employees.

The company cares for the environment as well as the health, and safety of its customers and society.

The company is a socially responsible corporate citizen.

U.S. Compliance Program Code of Conduct

To establish an “effective compliance program” under the guidelines and other U.S. laws, a foreign company normally goes beyond its local code or domestic code of conduct. Its employees must be familiar with the specific laws that govern their conduct in the jurisdiction in which they work.

If a company has a branch or division in the United States, it must have a U.S. Code of Ethics, which is designed to inform employees in the United States about the specific laws and standards governing their conduct. Having a compliance program is mandated by the U.S. Sentencing Guidelines.

Compliance Training

To have an effective compliance program, a company must also hold compliance training after it “launches” the compliance program. Areas of training should be covered and how the training should be given is of major interest.     It is best if the company offers local compliance training covering the relevant laws and practices where people are located. Training can be given in person, online via web-based training, or by other media. It must be given on a regular basis.  Lately, it is becoming apparent to many companies and organizations that on-lining training is perhaps the most efficient and economical method of compliance training if properly implemented.  This is especially true if on-line training can be conducted on a local level or micro level allowing subsidiaries and/or affiliated companies and divisions to conduct on line training targeted to select groups of employees and functions as well.

Local Training

Training on the code of conduct can be given by HR or by Legal.

-Local training in antitrust, anti-harassment, anti-discrimination, and anti-retaliation, ethics, illegal business practices, financial integrity, customs, etc.

-The majority of the local training will be online.

-The goal is to equip employees to handle compliance issues.

-Training should help employees to identify potential wrongdoing.

-Training should help employees understand their role in the compliance scheme.

-It should let them know what to report and how to report.

The U.S. Compliance Program: Reporting Wrongdoing

In the United States, having an effective reporting system has come to mean one that encourages reporting by allowing for a variety of reporting avenues including anonymous reporting systems.

If an employee was limited to one avenue of reporting (i.e., to his supervisor), it is likely he would not report wrongdoing if his supervisor was involved.

In the United States, a company should allow for employee reporting normally as follows.

Employee Reporting 

On-line compliance training should cover all employees to the extent possible.  For compliance programs to be effective, normally all employees are required to promptly report all known or suspected violations of applicable laws or of the compliance program, including corporate policies. Reports of such violations shall be promptly made to a manager; the compliance officer, risk manager if any; HR; or to the Law Department. If any employee wishes, he or she may report violations anonymously via an anonymous e-mail (or by phone) system. All reports should be promptly and thoroughly investigated.

To the extent possible and permitted by law, the company must take reasonable precautions to maintain the confidentiality of those individuals who report legal or compliance-related violations. 

Training Programs

Training programs may vary depending on the needs of a particular company. Training programs may consist of instructor-led training, Internet-based, or E-learning programs or even a combination of both. It is up to the company to decide which training program fits the needs of its employees as well as suits its budgetary constraints.  In fact, companies in the United States are scrambling around trying to decide on how to handle training programs for the BOD and executive management that is required which includes deciding on what form the training should take, its content as well as the frequency of the training.  However, it is apparent, especially for multinational companies or companies in general that lack in house training facilities, e-learning is becoming the easiest and most effective compliance training tool for a number of reasons.  First, it is much easier for most employees of any company to access a computer and therefore the internet.  Many companies have streamlined over the years and have outsourced the training function to independent third parties. Second, it is more effective to target certain groups of employees across corporate departments with customized e-learning compliance programs than try and offer in house training in person.

Risk Assessment of Compliance Programs

A risk assessment or legal risk management audit (LRM) is vital in the implementation and continued success of any compliance program. Not only do the U.S. Federal Sentencing Guidelines require a periodic risk assessment of a compliance program, but conducting a periodic risk assessment has an upside as well. By conducting a periodic or annual assessment of the compliance program, not only is the company or organization receiving valuable feedback on the program from employees and management which will help it improve the compliance program but it is also will be in compliance with the U.S. Federal Sentencing Guidelines. By conducting an LRM audit of the compliance program, a company should be able to:

E-Learning  Or On-Line Initiatives

Many corporations are implementing an enterprise –wide compliance e-learning program on line.  In order to meet a compliance training effort that exceeds the minimum requirements of the US Scenting Guidelines or a local country’s laws, Risk Managers or Compliance Managers are having to implement certain key or tactical steps that sufficiently address the E-leaning needs of the company.  Such steps include:

-       Determining goals and estimated budget

-       Assembling staff to implement E-Learning

-       Creating a Code of Conduct Training Plan

-       Determining a 3-5 year Compliance Training Program

-       Receiving proposals from E-Training Vendors

-       Choosing Vendors and customizing E-Learning Programs

-       Launching E-Learning Compliance Programs

-       Measuring effectiveness of E-Learning Programs

 E-Learning Issues

E-Learning Compliance Programs involve a substantial amount of technology issues.  A company’s Legal Department or Risk Management Department may not be equipped to deal with all of the issues.   The technology issues need to be addressed up front at the beginning not only during the E-Learning Vendor selection process but during the planning stage with the company’s IT department.  The right internal parties must be involved and sufficient time must be invested in determining what technology requirements will need to be addressed and E-Learning Compliance programs properly deployed.  Issues that should be addressed include:

-       Bandwidth constraints that preclude the use of video based programs;

-       Difficult integrations between a vendor’s data and an organization’s Human Resources Information System (HRIS) resulting in a botched administration of the program;

-       Corruption of training records which undermine the integrity of the system

To address the issues and facilitate the smooth implementation of the E-Learning program, a Risk Manager of Law Department will have to ask and answer the following questions:

1. What is the required minimum network infrastructure necessary to run the E-Learning based training programs?

2. Will the programs be hosted internally or externally?

3. What will the organization use as a Learning Management System?

4. How will the programs be technically administered and will it be integrated to the organization’s HRIS?

  Current Practices for Technology and Record Keeping

Companies that have trouble free E-Learning Compliance Programs have developed a number of practices that have led to successful implementation of E-Learning programs,  Such practices can be narrowed down to six basic steps or practices and are as follows: (i) companies have avoided using excess video in E-Learning programs that may take up bandwidth constraints. Companies have found that using technologies that can avoid network bottlenecks work best ;( ii) Companies have found ways to leverage E-Learning for non-networked employees.  Though some employees are not usually on a network, such as floor managers or industrial workers, Companies are able to create kiosks or ad hoc E-Learning training centers that connect employees;(iii) Companies work with vendors to limit the need for multiple sign ons/passwords.  Most employee already have multiple passwords to access various corporate systems; (iv) Companies work with external vendors to maintain the security of the corporate systems. Corporations must be satisfied with the E-Vendor’s security protocol and to take steps before the launch of the E-Learning Program to avoid hacking;(v) The technical sophistication of E-Learning vendors varies widely. Companies have found it necessary to conduct test integrations with possible vendors ;(vi) Prior to officially launching the E-Learning Program, Companies have required a pilot test program to filter out bugs and provide fixes prior to launching the programs.

    E-Learning In a Corporate Setting- What next

When implementing appropriate on-line or E-Learning Programs in a corporate setting for compliance or other legal or risk management concerns, Risk Managers must be involved at the beginning planning stages.  An enterprise-wide compliance E-Learning initiative is a complex process with multi-part undertakings that are integrated with other parts of a compliance program or ERM program.  A Risk Manager should conduct due diligence on the potential vendor.  Progress will have to be reported to the Board of Directors as part of the Compliance Process.  Therefore, all internal steps will have to be coordinated with relevant departments to confirm the effective and proper implementation of the E-Learning based Programs.  This also means that organizations will likely rely more and more on E-Learning based vendors who are able to satisfy the organization’s technology issues including systems integration and customization of programs.

      Conclusion

As jurisdictions are requiring more and more compliance based training programs, E-Learning Compliance Programs will become the dominant training vehicle of the future.   More and more companies and organizations will migrate over to E-Learning based training.  Companies will have to decide whether to host such programs internally or externally.  Due to cost efficiencies, more and more companies will opt to have external E-Learning Vendors host such training provide such training can be efficiently integrated into the organization’s HR network ( HRIS) or a company’s  learning management system ( LMS).  This presents great opportunities for E-Learning Training providers or vendors provided such vendors can address the technical issues that are inherent in any organization.  Risk Managers and /or Compliance Officers must grapple with the issues the company faces when trying to implement an E-Learning based ERM training program.  For a successful implementation, both Risk Managers and E-Learning Vendors must work together to address all issues a company will face when migrating over to On-Line or E-Learning Programs.  The future appears bright for those vendors offering On-Line training, especially in a corporate context.

Seoul Train StationWhen Managing Risk- Change Matters

One of the main drivers of my success over the years has been the ability to “change”.  If you look around you, change is everywhere.  In fact  it is the only constant in life.  Everything changes whether we like it or not, just as in the picture showing the new Seoul Train Station and the old one in the background. (more…)

When negotiating any transaction, dispute or potential problem, the Pre Negotiation Stage is important.  Do you know your BATNA?  But the other two stages ( the Negotiation Stage and Post Negotiation Stage) are of course important as well and can be seen as extensions of the Pre Negotiation Stage.  A little bit about them below.

The Negotiation Stage 

The negotiation stage or middle stage of the negotiation process involves numerous decisions too. Once parties have finalized the pre-negotiation stage, decisions still have to be made involving such issues as when, where, and how negotiations will take place.

For instance, parties may start negotiations via e-mail to negotiate minor items before concluding negotiations over the phone. Or they may start negotiations over the phone and wrap up with face-to-face negotiations. Or they may start with using email to negotiate minor items, phone conferences to settle some other items and then meet face to face to conclude the most important items and issues. Therefore, decisions have to be made on how to negotiate to one’s own advantage.

During the negotiation stage, internal and/or external parties and stakeholders may play a part in the outcome. Decisions must be made whether to include them or not. If third parties are involved in negotiations, one or both of the main parties may try to develop coalitions. Third parties may, in fact, add more problems and issues to negotiations or at least bring an added dimension to the discussions.

Parties must also decide upon a venue for negotiations. Many parties prefer a neutral site. However, those negotiators in a strong position may prefer negotiations to be held in their own office. It is all about tactics and to a certain degree perception of the other party’s position.

Post-negotiation

An equally important stage is the last stage of negotiations or the post-negotiation stage. This stage results in an agreement or resolution. Hopefully an enforceable one at that.

Parties must also decide whether to reduce an agreement to writing or leave it verbal—or a little bit of both. There are several sub- processes in this stage, such as concluding an agreement, drafting it in writing, and having the parties review it and approve it. Of course, each party may need its home office or upper management to approve the agreement as well.

Parties may want their respective Law Departments or outside lawyers to review the negotiated agreements. Agreements need to be reviewed to determine if they indeed resolve the dispute, and if the agreements are enforceable. A non-enforceable agreement usually does not solve the matter in dispute.

Miscellaneous Issues 

There are a number of miscellaneous issues that parties need to consider when using negotiations as a legal risk management or LRM tool. As negotiations are in fact voluntary, they require the informed consent or assent of the parties. This leads to a number of questions that must be asked.

So both parties must decide if they want to negotiate, and if so, when, where, and how. Maybe delays will benefit one or the other party or maybe not.

It is obvious that negotiation is an important LRM tool. However, to be adequately used as a method to decrease risk of litigation, the parties on both sides (of the negotiation) must be adequately trained in negotiation techniques and must have a proper negotiation mind-set. If the parties come to the table properly prepared, ready to negotiate and seek an amicable outcome, negotiation can be a powerful resolution process and risk mitigation tool.  If not, it may lead to a lost opportunity and an unfavorable result.

E-discovery- Document Protocols

One of the most onerous facets of US litigation is E-discovery.  Many non US companies are unaware of the requirements of E-discovery which places a non US company at a distinct disadvantage if it is involved in US litigation.  Though some non US companies are forced to learn about E-Discovery because of numerous lawsuits in the US, many companies outside of the US still do not understand the basic concepts.  However, as more and more international companies are finding out, the cost of doing business in the US happens to be the cost of litigation.  More and more foreign companies doing business in the US are embroiled in lawsuits.  And more and more companies are having to deal with E-discovery.  The problem is that failure to follow E-discovery rules when involved in US litigation can not only lead to sanctions and fines but to the loss of the lawsuit itself.

What is discovery?  It is the process of exchanging information and documents between parties in litigation.  What is E-discovery? It is the process of exchanging electronic documents and information in litigation.  As I point out above, E-discovery in the US is subject to certain requirements, many of them onerous, that if not complied with can lead to burdensome and invasive sanctions by the court.  Therefore, it is extremely important that a detailed E-discovery process be implemented prior to litigation as part of an overall legal risk management process.

I suggest that companies need to follow a number of steps to ensure compliance with E-discovery rules but to have a good handle on the document production process.  What are the basic steps?

Initial Steps

  1. Hold Memorandum- when the company learns it is a named party to a lawsuit, the company must issue a Hold Memorandum to its employees.   The Hold Memorandum specifies the length and scope of document preservation required by the lawsuit. At this point, if the company has an auto-deletion program to delete electronically stored documents- that program must be suspended. All relevant documents including electronic documents must be preserved.
  2. Data Preservation- at this point, the company must begin preserving potentially relevant electronically stored documents.  It is a normal rule of thumb to save and preserve all electronically stored documents that are potentially relevant in the litigation.
  3. Interviews- the company must identify those custodians of the relevant records and interview them to determine the relevancy of the records.
  4. Data Storage Locations- possible locations of all potentially relevant electronically stored information should be identified and efforts must be made to preserve the complete contents of the storage media.
  5. Formulate Retrieval, Search, Review and Production Methods- in order to comply with US E-discovery rules, the company needs to work with an outside E-discovery vendor to ensure the retrieval, search, review and production methods are properly put into place.
  6. Technical Requirements- the litigation may put a strain on the IT department.  The company needs to determine whether E-discovery demands will require additional IT resources.
  7. Formerly Request Data-the company’s law department may have to formerly request access to data, especially of it involves obtaining data outside of the US

Collection

Besides the above steps, additional steps must be put in place to ensure proper collection of documents.

  1.  Confirm Retrieval Requirements- the company must work with its outside vendor to confirm requirements for and methods of gathering the required electronic documents.
  2.  Identify Systems for data retrieval- the company and outside vendor needs to determine which data systems should be searched for relevant electronic data and how those systems will be searched.
  3. Prepare Collection Plans- the company needs to notify the records custodians and respective department heads (if any) that data will be copied form the record custodian’s computers, external hard drives, and other places where electronic data is stored.
  4. Perform Quality Control Checks- throughout the collection process steps must be taken to make certain that the data collected is actually intact and in the proper format.
  5. Backup- for safety reasons backup copies of the data collected must be made.

Staging

  1. Review Environment- the selected review environment will be crucial in the efficient and accurate review of the collected data.  A decision must be made as to the review platform.  E-discovery vendors can help in this process.

Review

  1.  The data must be reviewed to determine whether the data is indeed relevant and subject to discovery or not relevant and not subject to discovery.  Also data must be reviewed to determine if it is privileged and not subject to production.  To decrease actual human review and the associated expenses, automated review systems should be used.  The E-discovery vendor can help determine what process to use.
  2. Reviewers- if there is a large amount of data, reviewers must be uses. They also must be properly trained against unintentional production of data.
  3. Attorney reviewers- attorney reviewers will eventually be needed to review documents.  They must be picked either by the E-discovery vendor or outside law firm.
  4. Privilege Review- the final review of documents must determine which documents are privileged and not subject to release to the other party and which documents are not privileged and must be handed over to the other party.

Production

  1. A decision must be made on the format for production. Which format will be used? This is normally decided by the parties after the initial discovery conference takes place.
  2. Copy Production- the files that will be produced must be copied onto media
  3. QC- the copies to be produced must go through a QC process
  4. Delivery -   the documents to be produced are actually copied onto media in the format agreed upon and are physically delivered to the opposing counsel.

These are the basic steps of E-discovery.  As you can see it is quite complicated.  In order to adequately handle handle E-discovery in US litigation it is important to retain an E-discovery vendor or outside provider that can provide E-discovery solutions and help with the collection of ESI. This however, must be part of a E-discovery process.   Failure to implement an E-discovery process as part of an overall Risk Management plan can spell disaster, especially for those companies involved with US litigation on a regular basis.

Myungdong 004I found myself wandering around Seoul today.  I stumbled upon a backstreet of Itaewon filled with European restaurants, new coffee shops, boutiques with coffee shops, boutiques with restaurants and even a boutique that would take care of your dog while you shopped.  One coffee shop had a French bakery inside and another coffee shop was inside a French bakery. (more…)

namsan 005 (2)Most organizations know it is hard to see what is coming around the bend. In today's complex society, organizations face a myriad of obstacles including regulatory issues, government fines and investigations, scandals,crisis and  lawsuits.  How do companies prepare for whats coming around the bend before it hits them in the face. (more…)

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram