Preventive Law Step #4: Compliance Policies & Training

“Step four! I can give you more.”
– Joey McIntyre, NKOTB 

The Ballad of Cory Rupshin (A Law School Exam Hypothetical) 

Conundrum, Inc., is a growing medical device company. Conundrum sold a product called the Compli-X, which had radically innovated products currently in the market to be more broadly accessible and cost-effective than its predecessors.

The Compli-X had been garnering attention and accolades across the U.S. medical community and showed no signs of slowing down. In fact, this product had done so well that Conundrum owned most of the U.S. market share for this particular type of device, and Conundrum believed there could be an international market as well.

Conundrum’s Vice President of Sales, Cory Rupshin, had solid physician customer contacts in India, China and Brazil. An avid golfer, he rented out major golf resorts in each country for “spare no expense” extravaganzas to lure these physicians to begin using Compli-X . . . “the ol’ wine and dine, on company dime” as Cory often bragged about his expensive boondoggles.

Around the same time, Accelerate Corp. had brought a product to market that was viewed as a substantial competitor to the Compli-X, particularly since it cost about 25% less. Accelerate was successfully rolling out its product in California when it appeared on Cory’s radar.

Understanding the imminent threat, Cory directed that all Compli-X product in California be sold below cost to slow Accelerate’s momentum and force it out of the market. Cory hoped this maneuver would also send a message to future competitors that Conundrum did not mess around.

Content with himself, Cory sat back down at his desk and smiled. The celebration was short-lived, however, as he received an e-mail from one of Conundrum’s customers in Florida that she had been experiencing failures with the Compli-X, resulting in patient surgeries. Then another message from a physician in New Jersey. And another . . . then another!

All told, the same issue with the Compli-X had resulted in over 50 patients needing surgical intervention. Cory quickly went downstairs and paid a visit to Angie Neer, Conundrum’s R&D specialist. After some additional testing, Angie discovered some structural instabilities in the Compli-X, warning of even more problems in the future.

Cory sat down, looked at the financials, and saw how much money the Compli-X was making for Conundrum. “No need to pull this product over a few failures,” he mumbled to himself. “Probably the doctors’ fault anyway, and we can withstand a few lawsuits.” After all, he had completed one year of law school before dropping out, further convincing Conundrum’s CEO, Hedi Inna-Sand, that he could moonlight as the company’s general counsel (“Why spend $250,000 a year on hiring a lawyer when I went to law school?” he would not-so-gently remind her.)

Sure enough, those lawsuits did come, along with several requests that Conundrum produce e-mails and records relating to its handling of the Compli-X problems. Conundrum did not store electronic records in the cloud, and the back-up tapes they used were cleared and rotated every 30 days. “Good luck getting those e-mails,” Cory chuckled to himself.

Constance Ethyks, Conundrum’s Director of Sales who reported directly to Cory, had become increasingly uneasy about his actions related to the Compli-X. She finally summoned the strength to walk into his office and voice her concerns.

Cory smiled, gold tooth twinkling, and gently warned Constance, “Do you have any idea how much business I bring in for this company? I’ll fire you in a heartbeat if you say anything negative about me. Like I’m going to be taken down by some snotty little girl. Ha!”

Shortly after a dejected Constance walked out of his office, Cory received a call from Ms. Inna-Sand, asking him to come to her office to discuss a letter she had just received from reception. “What is it?” Cory blurted. “Well Cory, it looks like a subpoena from the Department of Justice involving our Compli-X sales in India, China and Brazil.”

Back to Life, Back to Reality

Law school students regularly enjoy fact patterns like these during exam week. Spot all the issues, recite the relevant laws for each, apply the facts to those laws, provide your conclusions . . . and then pray the professor agrees with you. Fun, no? It’s one of the bloodless lobotomizing techniques we lawyers undergo during our three-year committal.

Now, most scenarios within your business will hopefully not be as blatant or pervasive as Cory’s actions. However, there are many legal and regulatory exposures potentially facing your company, necessitating some level of formal compliance. This is where a seasoned Preventive Lawyer can step in and provide immediate value.

In the case of Conundrum, for example, at least some of the following compliance policies would have been helpful had they been put in place (before everything started hitting the fan):

  • Anti-Corruption Policy, helping Cory understand that providing expensive gifts to physicians in India, China and Brazil to secure Compli-X business may actually have constituted bribing foreign government officials;

  • Antitrust Policy, to combat Cory’s illegal use of predatory pricing strategies to eliminate competition from Accelerate;

  • Adverse Event/Incident Reporting Policy as well as Corrective & Preventive Action Policy, to ensure issues with the Compli-X were appropriately reported to the FDA and that those issues were further corrected in the market, including a voluntary recall if necessary;

  • Document Retention Policy, to ensure documents responsive to litigation proceedings were not inadvertently (and unlawfully) destroyed in the normal course; and

  • Employment Policy with robust Anti-Harassment, Anti-Discrimination & Anti-Bullying as well as whistle-blower language, explicitly prohibiting Cory’s behavior toward Constance and further encouraging Constance to come forward with information related to Cory’s illegal practices.

Go-getter law students seeking bonus points might additionally list the following as examples of how Conundrum could further minimize compliance exposure:

  • Advertising and Marketing Approval Policy, to ensure Compli-X promotional materials and product labeling contain appropriate language;

  • Workplace Safety Policy, to provide a safe and productive work environment for all employees on the manufacturing floor throughout the making of Compli-X;

  • Insurance Claim Reporting Policy, ensuring timely and appropriate notification and shepherding of potential insurance claims involving Compli-X failures (and Cory’s inappropriate interactions with Constance) directly with the carrier;

  • Cybersecurity Policy, to minimize Conundrum’s legal and business exposure to cyber events (e.g., denial of service, data breach), particularly since it stored numerous confidential documents that could be accessed.

Of course, your company may not be a medical device manufacturer, and I’m certain it doesn’t make products similar to the Compli-X (which is a completely made-up product). However, there are likely numerous laws and regulations governing your specific industry and value chain.

Long story short, it is important to understand the relevant legal and regulatory landscape surrounding your business, and then develop written compliance policies to minimize your company’s exposure to that potentially rocky terrain.

I Think of All the Education That I Missed . . .

Keep in mind it’s not enough to just develop these written policies. Equally important is training company personnel regularly on these policies in order to individually convey specific requirements, updates and best practices. This means developing training modules and tracking attendance and performance.

Being proactive in compliance education has the additional benefit of generating buy-in, further establishing managerial accountability for potentially non-compliant activities of subordinates. All of this contributes to a culture of compliance, where legal and regulatory exposures are incorporated into day-to-day business decision-making.

And when an investigation or lawsuit invariably commences, you can confidently demonstrate to that investigating body:

  • Our company has written policies governing such infractions;

  • We regularly educate our managers on these policies; and

  • We have a culture of compliance with the laws and regulations governing our industry.

It should go without saying this can and does minimize exposure to worst-case outcomes.

As one of the nation’s only practices focused exclusively on Preventive Law, KEEFER is skilled at identifying enterprise-wide compliance issues relevant to your business, developing relevant written policies, educating key stakeholders to generate buy-in, and then implementing and training personnel on these policies.

KEEFER is your ounce of prevention.

You May Also Like
Keefer Favicon

We’re changing the way businesses approach law. As a trusted partner, we help you navigate the legal world so you can focus on what you do best.


Stay tuned to find out where Chris will be presenting in the new year!

Ounce of Prevention Tool

Ready to integrate Preventive Law into your business-decision making? Download our top five ways to begin.