Preventive Law Step #4: Compliance Policies & Training


“Step four! I can give you more.”
Joey McIntyre, NKOTB  

The Ballad of Cory Rupshin (A Law School Exam Hypothetical) 

Conundrum, Inc., is a growing medical device company. Conundrum sold a product called the Compli-X, which had radically innovated products currently in the market to be more broadly accessible and cost-effective than its predecessors. 

The Compli-X had been garnering attention and accolades across the U.S. medical community and showed no signs of slowing down. In fact, this product had done so well that Conundrum owned most of the U.S. market share for this particular type of device, and Conundrum believed there could be an international market as well. 

Conundrum’s Vice President of Sales, Cory Rupshin, had solid physician customer contacts in India, China and Brazil. An avid golfer, he rented out major golf resorts in each country for “spare no expense” extravaganzas to lure these physicians to begin using Compli-X . . . “the ol’ wine and dine, on company dime” as Cory often bragged about his expensive boondoggles.

Around the same time, Accelerate Corp. had brought a product to market that was viewed as a substantial competitor to the Compli-X, particularly since it cost about 25% less. Accelerate was successfully rolling out its product in California when it appeared on Cory’s radar.

Understanding the imminent threat, Cory directed that all Compli-X product in California be sold below cost to slow Accelerate’s momentum and force it out of the market. Cory hoped this maneuver would also send a message to future competitors that Conundrum did not mess around.

Content with himself, Cory sat back down at his desk and smiled. The celebration was short-lived, however, as he received an e-mail from one of Conundrum’s customers in Florida that she had been experiencing failures with the Compli-X, resulting in patient surgeries. Then another message from a physician in New Jersey. And another . . . then another!

All told, the same issue with the Compli-X had resulted in over 50 patients needing surgical intervention. Cory quickly went downstairs and paid a visit to Angie Neer, Conundrum’s R&D specialist. After some additional testing, Angie discovered some structural instabilities in the Compli-X, warning of even more problems in the future.

Cory sat down, looked at the financials, and saw how much money the Compli-X was making for Conundrum. “No need to pull this product over a few failures,” he mumbled to himself. “Probably the doctors’ fault anyway, and we can withstand a few lawsuits.” After all, he had completed one year of law school before dropping out, further convincing Conundrum’s CEO, Hedi Inna-Sand, that he could moonlight as the company’s general counsel (“Why spend $250,000 a year on hiring a lawyer when I went to law school?” he would not-so-gently remind her.)

Sure enough, those lawsuits did come, along with several requests that Conundrum produce e-mails and records relating to its handling of the Compli-X problems. Conundrum did not store electronic records in the cloud, and the back-up tapes they used were cleared and rotated every 30 days. “Good luck getting those e-mails,” Cory chuckled to himself.

Constance Ethyks, Conundrum’s Director of Sales who reported directly to Cory, had become increasingly uneasy about his actions related to the Compli-X. She finally summoned the strength to walk into his office and voice her concerns.

Cory smiled, gold tooth twinkling, and gently warned Constance, “Do you have any idea how much business I bring in for this company? I’ll fire you in a heartbeat if you say anything negative about me. Like I’m going to be taken down by some snotty little girl. Ha!”

Shortly after a dejected Constance walked out of his office, Cory received a call from Ms. Inna-Sand, asking him to come to her office to discuss a letter she had just received from reception. “What is it?” Cory blurted. “Well Cory, it looks like a subpoena from the Department of Justice involving our Compli-X sales in India, China and Brazil.”

Back to Life, Back to Reality

Law school students regularly enjoy fact patterns like these during exam week. Spot all the issues, recite the relevant laws for each, apply the facts to those laws, provide your conclusions . . . and then pray the professor agrees with you. Fun, no? It’s one of the bloodless lobotomizing techniques we lawyers undergo during our three-year committal.

Now, most scenarios within your business will hopefully not be as blatant or pervasive as Cory’s actions. However, there are many legal and regulatory exposures potentially facing your company, necessitating some level of formal compliance. This is where a seasoned Preventive Lawyer can step in and provide immediate value.

In the case of Conundrum, for example, at least some of the following compliance policies would have been helpful had they been put in place (before everything started hitting the fan):

  • Anti-Corruption Policy, helping Cory understand that providing expensive gifts to physicians in India, China and Brazil to secure Compli-X business may actually have constituted bribing foreign government officials;

  • Antitrust Policy, to combat Cory’s illegal use of predatory pricing strategies to eliminate competition from Accelerate;

  • Adverse Event/Incident Reporting Policy as well as Corrective & Preventive Action Policy, to ensure issues with the Compli-X were appropriately reported to the FDA and that those issues were further corrected in the market, including a voluntary recall if necessary; 

  • Document Retention Policy, to ensure documents responsive to litigation proceedings were not inadvertently (and unlawfully) destroyed in the normal course; and

  • Employment Policy with robust Anti-Harassment, Anti-Discrimination & Anti-Bullying as well as whistle-blower language, explicitly prohibiting Cory’s behavior toward Constance and further encouraging Constance to come forward with information related to Cory’s illegal practices.

Go-getter law students seeking bonus points might additionally list the following as examples of how Conundrum could further minimize compliance exposure: 

  • Advertising and Marketing Approval Policy, to ensure Compli-X promotional materials and product labeling contain appropriate language;

  • Workplace Safety Policy, to provide a safe and productive work environment for all employees on the manufacturing floor throughout the making of Compli-X;

  • Insurance Claim Reporting Policy, ensuring timely and appropriate notification and shepherding of potential insurance claims involving Compli-X failures (and Cory’s inappropriate interactions with Constance) directly with the carrier;

  • Cybersecurity Policy, to minimize Conundrum’s legal and business exposure to cyber events (e.g., denial of service, data breach), particularly since it stored numerous confidential documents that could be accessed.

Of course, your company may not be a medical device manufacturer, and I’m certain it doesn’t make products similar to the Compli-X (which is a completely made-up product). However, there are likely numerous laws and regulations governing your specific industry and value chain. 

Long story short, it is important to understand the relevant legal and regulatory landscape surrounding your business, and then develop written compliance policies to minimize your company’s exposure to that potentially rocky terrain.

I Think of All the Education That I Missed . . .

Keep in mind it’s not enough to just develop these written policies. Equally important is training company personnel regularly on these policies in order to individually convey specific requirements, updates and best practices. This means developing training modules and tracking attendance and performance.

Being proactive in compliance education has the additional benefit of generating buy-in, further establishing managerial accountability for potentially non-compliant activities of subordinates. All of this contributes to a culture of compliance, where legal and regulatory exposures are incorporated into day-to-day business decision-making. 

And when an investigation or lawsuit invariably commences, you can confidently demonstrate to that investigating body:

  • Our company has written policies governing such infractions;

  • We regularly educate our managers on these policies; and 

  • We have a culture of compliance with the laws and regulations governing our industry.

It should go without saying this can and does minimize exposure to worst-case outcomes.

As one of the nation’s only practices focused exclusively on Preventive Law, KEEFER is skilled at identifying enterprise-wide compliance issues relevant to your business, developing relevant written policies, educating key stakeholders to generate buy-in, and then implementing and training personnel on these policies.

KEEFER is your ounce of prevention. Contact us to learn more.

Preventive Law Step #3: Due Diligence


“Step three! It’s just you and me.”
- Jordan Knight, NKOTB

Let’s say your company is growing to the point where you are considering acquiring a competitor or expanding operations to a new region. First and foremost, I’d like to congratulate you on this huge success! And to ensure it remains a success, please be proactive and conduct adequate due diligence prior to closing these transactions.

So what exactly is due diligence? Simply put, it’s an in-depth review, analysis and evaluation of the target business or real estate deal to make sure there are no red flags that could come back to bite you. In other words, it’s like looking under the hood of the car to make sure you’re not buying a lemon (or worse, something that could blow up on the road).

Make a List, Check it Twice

When starting the due diligence process, it is wise to start with a checklist of items to request from the other side. For example, in the event you are merging with or acquiring another business, your initial list should generally include some form of the following subjects:

  • Company/organizational information

  • Financial/tax records

  • Contracts/agreements

  • Licenses/permits

  • Assets

  • Liabilities

  • Employment information

  • Claims/litigation

There will be many subparts to each of the above subjects, with specific documents and follow-up items requested depending on the type and complexity of the transaction.

As responsive information and documents start rolling in, you can decide whether you have enough information to satisfy concerns related to a particular subject . . . or you can request supplemental information and documents and start chasing rabbits down holes in the event potential red flags emerge.

This Could Happen to You!

The due diligence process should not be taken lightly, as failure to uncover and address landmines within your target can be problematic. Consider the following potential scenarios involving your prospective acquisition target:

  • It has a shareholder who owns a significant percentage of the company, but is conspicuously absent in company minutes, consents and resolutions involving key decisions.

  • It has operations in several states, but has failed to appropriately register to do business in half of them.

  • It has recently received a demand letter from a lawyer with regard to a potential class action involving a product defect.

  • It has received several letters from local and state environmental agencies with regard to overflow of hazardous waste into a nearby river.

  • It has a significant union presence, and the local union has filed several recent unfair labor practice charges against the company.

  • It sells products primarily through direct-to-consumer channels but has not implemented appropriate cybersecurity measures, including procuring cyber insurance.

  • Its land and equipment are largely tied up by third-party lenders, with additional judgment liens filed in the local recorder’s office.

  • It has a long-standing relationship with an overseas factory that is notorious for harsh employee conditions.

These are just a small number of issues that could be uncovered during the due diligence process, but you’ll likely want to learn more about them before deciding whether to proceed with closing. Having a robust checklist up front, and then following up with additional requests based on findings can ensure no stones are left unturned.

Seasoned Preventive Lawyers are skilled in navigating the due diligence process. In the event potential red flags are uncovered, Preventive Lawyers can help you understand and assess the risk of exposure and then discuss legal and business strategies to minimize this exposure, including whether or not to ultimately proceed with closing.

Open Your Eyes, Look Within

Due diligence is not only necessary in business mergers, acquisitions or real estate settings, but it can also provide the framework to maintaining ongoing business health. Consider the preventive medicine analogy, where your business undergoes an annual physical to assess health and treat areas of potential “disease.” The physician will perform a “review of systems,” including assessing cardiovascular, pulmonary, neurological, gastrointestinal and musculoskeletal systems, among many other things (cue latex gloves!).

Conducting regular business self-exams utilizing an abridged diligence methodology—or a “review of business systems”—can identify current business health as well as targeted opportunities for improvement before potential exposures start to multiply. For example, a business physical might include:

  • Review of existing business entities to ensure alignment with tax strategies and opportunities, as well as mitigation of legal and business risks;

  • Review of business formalities conducted during the year to ensure legal compliance as well as accurate and appropriate business story-telling through minutes, consents and resolutions;

  • Review of existing and prospective geographical presence to ensure appropriate state-based registrations;

  • Review of existing and prospective license, permit and regulatory registration requirements to ensure ongoing compliance;

  • Review of contract practices to ensure proactive negotiation and development practices are being followed, and that business counterparts are compliant with quality and safety standards, insurance levels or other contractual requirements;

  • Review of business continuity practices to ensure there is not over-reliance on a key supplier or vendor that could result in a business interruption;

  • Review of legal, regulatory and contractual compliance programs to ensure appropriate training and documentation is taking place;

  • Review of insurance program to ensure risk transfer practices align with existing enterprise-wide exposures, and that vague or ambiguous language is addressed and clarified before claims arise;

  • Review of potential claims against third-parties, as well as claims by third-parties against the company that could be tendered to an insurance carrier; and

  • Review of existing claims and lawsuits to ensure litigation strategies are business-forward.

An experienced Preventive Lawyer can serve as the “internist” to perform this physical, evaluate the overall health of your business, and then take affirmative steps to treat symptoms or refer to a specialist when indicated.

Long story short, due diligence is a necessary component of significant business transactions. As one of the nation’s only practices focused exclusively on Preventive Law, KEEFER can peek under the hood of target businesses or real estate to make sure you’re not buying lemons . . . and can further be deployed to look under the hood of your own business to make sure it’s consistently operating at optimal health.

KEEFER is your ounce of prevention. Contact us to learn more.