Preventive Law Step #4: Compliance Policies & Training


“Step four! I can give you more.”
Joey McIntyre, NKOTB  

The Ballad of Cory Rupshin (A Law School Exam Hypothetical) 

Conundrum, Inc., is a growing medical device company. Conundrum sold a product called the Compli-X, which had radically innovated products currently in the market to be more broadly accessible and cost-effective than its predecessors. 

The Compli-X had been garnering attention and accolades across the U.S. medical community and showed no signs of slowing down. In fact, this product had done so well that Conundrum owned most of the U.S. market share for this particular type of device, and Conundrum believed there could be an international market as well. 

Conundrum’s Vice President of Sales, Cory Rupshin, had solid physician customer contacts in India, China and Brazil. An avid golfer, he rented out major golf resorts in each country for “spare no expense” extravaganzas to lure these physicians to begin using Compli-X . . . “the ol’ wine and dine, on company dime” as Cory often bragged about his expensive boondoggles.

Around the same time, Accelerate Corp. had brought a product to market that was viewed as a substantial competitor to the Compli-X, particularly since it cost about 25% less. Accelerate was successfully rolling out its product in California when it appeared on Cory’s radar.

Understanding the imminent threat, Cory directed that all Compli-X product in California be sold below cost to slow Accelerate’s momentum and force it out of the market. Cory hoped this maneuver would also send a message to future competitors that Conundrum did not mess around.

Content with himself, Cory sat back down at his desk and smiled. The celebration was short-lived, however, as he received an e-mail from one of Conundrum’s customers in Florida that she had been experiencing failures with the Compli-X, resulting in patient surgeries. Then another message from a physician in New Jersey. And another . . . then another!

All told, the same issue with the Compli-X had resulted in over 50 patients needing surgical intervention. Cory quickly went downstairs and paid a visit to Angie Neer, Conundrum’s R&D specialist. After some additional testing, Angie discovered some structural instabilities in the Compli-X, warning of even more problems in the future.

Cory sat down, looked at the financials, and saw how much money the Compli-X was making for Conundrum. “No need to pull this product over a few failures,” he mumbled to himself. “Probably the doctors’ fault anyway, and we can withstand a few lawsuits.” After all, he had completed one year of law school before dropping out, further convincing Conundrum’s CEO, Hedi Inna-Sand, that he could moonlight as the company’s general counsel (“Why spend $250,000 a year on hiring a lawyer when I went to law school?” he would not-so-gently remind her.)

Sure enough, those lawsuits did come, along with several requests that Conundrum produce e-mails and records relating to its handling of the Compli-X problems. Conundrum did not store electronic records in the cloud, and the back-up tapes they used were cleared and rotated every 30 days. “Good luck getting those e-mails,” Cory chuckled to himself.

Constance Ethyks, Conundrum’s Director of Sales who reported directly to Cory, had become increasingly uneasy about his actions related to the Compli-X. She finally summoned the strength to walk into his office and voice her concerns.

Cory smiled, gold tooth twinkling, and gently warned Constance, “Do you have any idea how much business I bring in for this company? I’ll fire you in a heartbeat if you say anything negative about me. Like I’m going to be taken down by some snotty little girl. Ha!”

Shortly after a dejected Constance walked out of his office, Cory received a call from Ms. Inna-Sand, asking him to come to her office to discuss a letter she had just received from reception. “What is it?” Cory blurted. “Well Cory, it looks like a subpoena from the Department of Justice involving our Compli-X sales in India, China and Brazil.”

Back to Life, Back to Reality

Law school students regularly enjoy fact patterns like these during exam week. Spot all the issues, recite the relevant laws for each, apply the facts to those laws, provide your conclusions . . . and then pray the professor agrees with you. Fun, no? It’s one of the bloodless lobotomizing techniques we lawyers undergo during our three-year committal.

Now, most scenarios within your business will hopefully not be as blatant or pervasive as Cory’s actions. However, there are many legal and regulatory exposures potentially facing your company, necessitating some level of formal compliance. This is where a seasoned Preventive Lawyer can step in and provide immediate value.

In the case of Conundrum, for example, at least some of the following compliance policies would have been helpful had they been put in place (before everything started hitting the fan):

  • Anti-Corruption Policy, helping Cory understand that providing expensive gifts to physicians in India, China and Brazil to secure Compli-X business may actually have constituted bribing foreign government officials;

  • Antitrust Policy, to combat Cory’s illegal use of predatory pricing strategies to eliminate competition from Accelerate;

  • Adverse Event/Incident Reporting Policy as well as Corrective & Preventive Action Policy, to ensure issues with the Compli-X were appropriately reported to the FDA and that those issues were further corrected in the market, including a voluntary recall if necessary; 

  • Document Retention Policy, to ensure documents responsive to litigation proceedings were not inadvertently (and unlawfully) destroyed in the normal course; and

  • Employment Policy with robust Anti-Harassment, Anti-Discrimination & Anti-Bullying as well as whistle-blower language, explicitly prohibiting Cory’s behavior toward Constance and further encouraging Constance to come forward with information related to Cory’s illegal practices.

Go-getter law students seeking bonus points might additionally list the following as examples of how Conundrum could further minimize compliance exposure: 

  • Advertising and Marketing Approval Policy, to ensure Compli-X promotional materials and product labeling contain appropriate language;

  • Workplace Safety Policy, to provide a safe and productive work environment for all employees on the manufacturing floor throughout the making of Compli-X;

  • Insurance Claim Reporting Policy, ensuring timely and appropriate notification and shepherding of potential insurance claims involving Compli-X failures (and Cory’s inappropriate interactions with Constance) directly with the carrier;

  • Cybersecurity Policy, to minimize Conundrum’s legal and business exposure to cyber events (e.g., denial of service, data breach), particularly since it stored numerous confidential documents that could be accessed.

Of course, your company may not be a medical device manufacturer, and I’m certain it doesn’t make products similar to the Compli-X (which is a completely made-up product). However, there are likely numerous laws and regulations governing your specific industry and value chain. 

Long story short, it is important to understand the relevant legal and regulatory landscape surrounding your business, and then develop written compliance policies to minimize your company’s exposure to that potentially rocky terrain.

I Think of All the Education That I Missed . . .

Keep in mind it’s not enough to just develop these written policies. Equally important is training company personnel regularly on these policies in order to individually convey specific requirements, updates and best practices. This means developing training modules and tracking attendance and performance.

Being proactive in compliance education has the additional benefit of generating buy-in, further establishing managerial accountability for potentially non-compliant activities of subordinates. All of this contributes to a culture of compliance, where legal and regulatory exposures are incorporated into day-to-day business decision-making. 

And when an investigation or lawsuit invariably commences, you can confidently demonstrate to that investigating body:

  • Our company has written policies governing such infractions;

  • We regularly educate our managers on these policies; and 

  • We have a culture of compliance with the laws and regulations governing our industry.

It should go without saying this can and does minimize exposure to worst-case outcomes.

As one of the nation’s only practices focused exclusively on Preventive Law, KEEFER is skilled at identifying enterprise-wide compliance issues relevant to your business, developing relevant written policies, educating key stakeholders to generate buy-in, and then implementing and training personnel on these policies.

KEEFER is your ounce of prevention. Contact us to learn more.

The Preventive Law Physical: An Important Part of Maintaining Business Health


“Care is an absolute. Prevention is the ideal.”
- Christopher Howson

At its core, Preventive Law is about helping businesses look around corners and anticipate business and legal risks before they materialize. Using the preventive medicine analogy, it’s like a physical for your business during times of health designed to discover and treat areas of potential “disease.” Preventive Lawyers aim to keep their clients healthy . . . here are the top five items they address to ensure long-term business health:

Commercial Contracts

Businesses are often required to enter into numerous agreements with everyone from purchasers and distributors to vendors and suppliers. It’s amazing how many businesses do not have formalized processes for reviewing, negotiating and developing these contracts. Instead, several individuals in several different departments are given free rein to sign anything as a matter of “routine business” without fully understanding the exposure to the company.

Preventive Lawyers are adept at reviewing contracts with key third parties and then helping you understand potential areas of concern warranting further attention. Opportunities for further negotiation or clarification can then be explored with the other side . . . especially if that legalese contract hides unrealistic liabilities or impossible performance items within the fine print!

Prospectively, the Preventive Lawyer can further help your company develop pre-qualification and contracting policies and procedures to minimize being blind-sided, including:

  • Ensuring these third parties have appropriate safety qualifications and insurance levels;

  • Preparing a standard set of contracts favorable to you, which can then be tailored and used in different settings (instead of simply reacting to the other side’s forms); and

  • Identifying and training the appropriate manager(s) to own the contracting process.

Business Governance and Due Diligence

Your business may be a corporation, limited liability company, or some other form of legal entity. Most such entities have formalities that must be followed. If they are not, a whole host of problems can arise, including:

  • Void or voidable business transactions;

  • Potential violations of legal duties owed to other shareholders;

  • The ability of third parties to disregard the business structure and go after you individually; and

  • Government investigations.

Remember, what may seem fair to you is not necessarily what is required under the law. Preventive Lawyers can help you understand the difference, and then take steps to make sure your business is running on all cylinders in accordance with the law.

Speaking of business transactions, appropriate due diligence is a necessary component of entering into significant acquisitions. Sometimes things progress so quickly that important items are missed or overlooked. It is critical that businesses be proactive during these transactions to determine potential exposure to avoidable risks.

For example:

  • If your business is acquiring another business, you should be reviewing and analyzing things like the target’s business records, financials, agreements, insurance policies, compliance policies, intellectual property, licenses/permits, leases, assets, liabilities, claims and litigation (among other things).

  • If you are acquiring real estate, you need to understand potential risks such as title, zoning and environmental concerns, as well as any maintenance or structural issues that could run with the property.

Preventive Lawyers are skilled at analyzing these documents and then identifying issues warranting further investigation so a business decision can be made about whether to gather more information or proceed to closing. And when a project is green-lighted for closing, the Preventive Lawyer can further assist in advocating and negotiating positions when necessary, as well as developing the necessary agreements to take the transaction through closing (hint, see above contract skills!).

Compliance Policies and Training

All businesses are required to adhere to some level of compliance obligations whether legal, regulatory or contractual. It is important to fully understand these obligations and the possible repercussions you could face if the requirements are not met. While I don’t want to be a fearmonger, the importance of being proactive and the possibility of exposure in these scenarios is just too critical. Believe me, I’ve seen it all.

Here are just a handful of examples:

  • Failure to comply with employment laws can lead to EEOC investigations, claims and lawsuits.

  • Failure to comply with product-based regulations could result in sanctions, including removal of your product from the market.

  • Failure to comply with cybersecurity laws could mean sanctions and other losses in the event of a data breach.

  • Failure to comply with contract provisions can lead to withholding of key supplies or even lawsuit.

  • Failure to comply with antitrust or anti-corruption laws could result in a visit from the Department of Justice.

Preventive Lawyers help their clients avoid exposures like these by identifying key compliance issues facing your company, and then working with your company to develop and implement policies to address these issues. This includes training executives and managers to ensure enterprise-wide understanding and acceptance of these policies and procedures.

Insurance and Litigation Management

Oh, insurance . . . the necessary evil. Insurance contracts are mazes of legal mumbo-jumbo, likely filed away somewhere in your office collecting dust. Many businesses purchase these expensive policies without fully understanding the coverage terms and requirements (this is especially true for brands and manufacturers with global supply chains, cybersecurity risks and employment exposures).

Imagine your company suffers a loss you expect to be insured but your claim is denied. You’re left feeling frustrated and helpless, wondering where you went wrong. Perhaps you inadvertently hadn’t selected a particular line of insurance you ultimately needed, or maybe the type of event was listed as an exclusion in the fine print. Maybe it’s denied because of timeliness. Or, perhaps it’s based on the insurer’s interpretation of a particular provision or exclusion that was tucked deep inside that maze. The consequences could be severe but can be avoided.

Now, imagine a case where your claim is accepted but requires litigation. Your insurer will likely assign one of its lawyers to defend you, which is all hunky dory, right? Not so fast. Without proper oversight, the insurer-counsel dynamic can lead to litigation strategies which are not in your best interests. I’ve seen too many scenarios like this throughout my career (and have represented all sides) where the insured’s interests were the last being protected. Unfortunately, this leads to skyrocketing premiums at renewal or worse . . . loss of insurance coverage altogether.

Preventive Lawyers are skilled at managing and negotiating your company’s relations with insurance brokers and carriers so your insurance program is appropriately reacting to your particular business risks. And when the time comes, Preventive Lawyers can further assist in asserting claims and managing those lawyers retained by the insurers to ensure that business-forward, cost-effective legal strategies are being implemented.

Day-to-Day Business and Legal Strategies

Doing my best Cliff Clavin impression, it’s a little-known fact that lawyers undergo a bloodless lobotomy during their three years in law school. This “procedure” results in a unique style of critical thinking that can be of great benefit to your business.

Lawyers are often ridiculed for the frequency they say “NO!” to any business decision-making which involves some level of risk. However, seasoned Preventive Lawyers are business-forward in their approach, seeing risk as an opportunity to negotiate and make better-informed decisions. Their goal is not to be a hindrance, but rather to help you know what you didn’t know before, and then develop more informed business decisions and strategies based on this information. In this methodical way, Preventive Lawyers can be a valuable sounding board when it comes to business dealings and negotiations.

The best Preventive Lawyers further understand that their guidance should be cost-effective, and have developed progressive retainer models fostering improved access. For businesses seeking to be proactive about maintaining their health, but are not interested in traditional billing models of big law firms, Preventive Law practices can be a strong alternative. As always, we’re here to help.

Preventive Law 101: Minimizing Business and Legal Exposure


Looking forward to presenting again at the Oregon State Bar. This year's Lunch and Learn topic will be, Preventive Law 101: Minimizing Business and Legal Exposure. For those of you unable to attend the Lunch and Learn on April 17, 2019, the course will be available online as well. Check it out!