Login to RM Magazine
Print This Article
Save To My Articles
Email This Article
 
RIMS - Magazines
Vol. 57 - Issue: February 01, 2010 Avoiding Doc Ock

by Jim Boeckman
Avoiding Doc Ock

In a time of extreme pressure on bottom lines and budgets, enterprises of all types and sizes are working to contain their legal expenses. One recent study, for example, projects a 4.3% slide in corporate spending on outside counsel in 2010. And that comes on top of 2009's 10.8% drop. 

At the same time, the Obama administration has brought new vigor to enforcement efforts in many areas of concern to corporate America. The National Law Journal supplies an apt metaphor: "Alice Fisher, previously assistant attorney general of the criminal division at the Department of Justice, compared ramped up enforcement efforts to Dr. Octopus, one of the villains from the Spiderman movies. 'His arms just keep going and going and going,' she said."

The administration has made it clear that it will be extending its arms of enforcement in a number of areas that are often overlooked. The Wall Street Journal, for example, reports that "the Justice Department is increasing its prosecutions of alleged acts of foreign bribery by U.S. corporations, forcing them to take costly steps to defend against scrutiny. The crackdown under the [Foreign Corrupt Practices Act] now extends across five continents and penetrates entire industries." 

Likewise, that same paper stated that regulators plan "tougher antitrust enforcement that could affect pending antimonopoly court cases as well as merger plans...a sharp turn from the Bush administration's more forgiving approach." And in July, the SEC floated a proposal to require additional proxy disclosure for public companies regarding their board's role in the company's risk management process.

All this activity may, among other things, create a steady demand for legal professionals in federal agencies. A study by the Partnership for Public Service predicts that the federal government needs to hire more than 270,000 workers in "mission-critical" jobs, and the legal sector is one of five fields where more workers are needed. The Washington Post puts the number of legal hires needed at over 23,000.

To prepare for the increased scrutiny of this new federal "Doc Ock" threat, compliance officers should review and update their compliance efforts to ensure that their enterprises are not only reducing expenses but also devoting sufficient resources and attention to this complex-and often under the radar-issue. 

In the absence of a periodic analysis, many companies will expend too many resources responding to the "squeaky wheel" and "doing things the way they've always been done here"-or perhaps just "the way we've done them since SOX." Day-to-day activity can crowd out everything else since there is always the proverbial "we'll get to it tomorrow" excuse just over the horizon "when there's time." 

But failing to strengthen oversight and compliance processes regarding a number of emerging risks could mean tens-or even hundreds-of thousands of dollars later on attorneys' fees, fines and penalties. The following are a few burgeoning areas of vulnerability where Doc Ock may pose a threat, including several new areas that might be easily overlooked.
 
Social Media and Web 2.0
Facebook, Twitter, blogs and other social media tools all pose new ways to expose confidential information (yours and your customers'), as well as new forms of employee-related claims, such as "textual harassment." Confirm that your company's policies address how and when your staff can use these resources, especially on company time and on company-provided laptops, PDAs and cell phones. Also consider whether all time is effectively "company time" for workers who are, by policy or by practice, on call 24/7.

Trade Association Participation
Not everyone in your organization may have seen the recent Matt Damon movie The Informant, in which the conspirators used trade association meetings as a cover for price-fixing. Verify that all personnel who might need training on antitrust issues have been recently trained-and that you have the records to prove it to any regulator who comes calling. Program improvements may also be possible, including using web-based training for common legal issues such as antitrust and compliance, rather than taking a "we have our own customized program but we don't ever get time to do it" approach.

Foreign Subsidiaries 
In a recent case, the SEC extended its FCPA enforcement action to not only those involved in FCPA violations, but also to individuals based solely on their "control person" responsibilities-seeming to increase the risk that directors and officers could be held liable for FCPA violations without any culpable involvement or even knowledge of misconduct. Assess the business development and regulatory compliance practices and processes of your foreign outposts-including subsidiaries, joint ventures, distributors and sales representatives. This information will be vital not only in the event that the SEC or another enforcement agency comes knocking, but also in the event your company enters into merger negotiations, given the increased scrutiny on FCPA matters in the due diligence phase of M&A activities.

Contract Clauses
"Standard" contract clauses, such as prohibitions on hiring a counterparty's employees, "most favored customer" clauses (giving and getting) and license restrictions (inbound and outbound), may have become so ingrained in your company or your industry's contracting practices that they have not been given an in-depth review recently, especially from an antitrust perspective. Discuss with your counsel whether recent changes in your company, industry or general regulatory environment necessitate new thinking on these issues.

The "Cloud"
As the Google Docs website says, you can "create and share your work online, upload from and save to your desktop, edit anytime, from anywhere, pick who can access your documents, share changes in real time, [and] files are stored securely online." And best of all, assures Google, "it's free." This sales pitch may have proved irresistible to at least a few of your employees, especially those of a certain age or those who work away from the corporate office. They may see the prospect of increased productivity-or just an opportunity to thumb their nose at your IT department's procedures. Check with your IT department to see what policies and practices are in place to regulate if, and how, your employees-and contractors-use tools in the "cloud" to create, store and transmit files that include your confidential information. 


Jim Boeckman, creator of the Right-Tasking methodology that allows enterprises to optimize the allocation and cost of their legal resources, is an attorney with more than 20 years experience and the publisher of the monthly legal services newsletter Legal Expense Management Abstract.

 

Creating a Compliance Framework
In addition to knowing what to look for to ensure corporate compliance, you must also know how to look. And no matter whether you are trying to comply with Sarbanes-Oxley, the Foreign Corrupt Practices Act or an industry-specific regulation, having a procedural framework is imperative. These are the four basic steps to creating that framework. 

I. Interpret & Design 
The first step is to analyze and interpret the applicability of the compliance requirements. Companies have to adopt a comprehensive, enterprisewide view and assess all the applicable compliance requirements across the organization. Elements such as the future growth of the business will require that the compliance program be flexible. Legal, regulatory and risk management experts should be involved in this process. Based on the expert interpretation and assessment of the compliance requirements, the compliance process should be developed and embedded in the existing business and reporting processes. 

II. Implement 
This step effectively transforms the plan into action. A structured implementation plan includes clearly defined boundaries, assignments of tasks, internal training and awareness, reporting and creating process accountability. Each of these facets are critical to successful implementation. 

III. Update & Monitor 
Compliance requirements and their applicability should be continuously reviewed and the compliance program should be appropriately modified to meet those requirements. Monitoring is a very important element of the compliance enforcement program and the feedback gained must then be used to update the process. And remember: the skill set, independence and objectivity of the individuals performing the monitoring will directly impact improvement. 

IV. Report 
Lastly, no compliance program can be complete without adequate reporting. Appropriate qualitative and quantitative metrics should be defined, measured and reported to all key stakeholders for their decision making and action.
by Rajat Vig

Rajat Vig is the assistant vice president of risk and financial management for EXL Service, a provider of governance, risk and compliance services.

Risk and Insurance Management Society (RIMS) · 1065 Avenue of the Americas · 13th Floor · New York, NY 10018 · Phone:(212)286-9292

© Copyright 2010 Risk and Insurance Management Society, Inc.