Preventive Law Step #4: Compliance Policies & Training


“Step four! I can give you more.”
Joey McIntyre, NKOTB  

The Ballad of Cory Rupshin (A Law School Exam Hypothetical) 

Conundrum, Inc., is a growing medical device company. Conundrum sold a product called the Compli-X, which had radically innovated products currently in the market to be more broadly accessible and cost-effective than its predecessors. 

The Compli-X had been garnering attention and accolades across the U.S. medical community and showed no signs of slowing down. In fact, this product had done so well that Conundrum owned most of the U.S. market share for this particular type of device, and Conundrum believed there could be an international market as well. 

Conundrum’s Vice President of Sales, Cory Rupshin, had solid physician customer contacts in India, China and Brazil. An avid golfer, he rented out major golf resorts in each country for “spare no expense” extravaganzas to lure these physicians to begin using Compli-X . . . “the ol’ wine and dine, on company dime” as Cory often bragged about his expensive boondoggles.

Around the same time, Accelerate Corp. had brought a product to market that was viewed as a substantial competitor to the Compli-X, particularly since it cost about 25% less. Accelerate was successfully rolling out its product in California when it appeared on Cory’s radar.

Understanding the imminent threat, Cory directed that all Compli-X product in California be sold below cost to slow Accelerate’s momentum and force it out of the market. Cory hoped this maneuver would also send a message to future competitors that Conundrum did not mess around.

Content with himself, Cory sat back down at his desk and smiled. The celebration was short-lived, however, as he received an e-mail from one of Conundrum’s customers in Florida that she had been experiencing failures with the Compli-X, resulting in patient surgeries. Then another message from a physician in New Jersey. And another . . . then another!

All told, the same issue with the Compli-X had resulted in over 50 patients needing surgical intervention. Cory quickly went downstairs and paid a visit to Angie Neer, Conundrum’s R&D specialist. After some additional testing, Angie discovered some structural instabilities in the Compli-X, warning of even more problems in the future.

Cory sat down, looked at the financials, and saw how much money the Compli-X was making for Conundrum. “No need to pull this product over a few failures,” he mumbled to himself. “Probably the doctors’ fault anyway, and we can withstand a few lawsuits.” After all, he had completed one year of law school before dropping out, further convincing Conundrum’s CEO, Hedi Inna-Sand, that he could moonlight as the company’s general counsel (“Why spend $250,000 a year on hiring a lawyer when I went to law school?” he would not-so-gently remind her.)

Sure enough, those lawsuits did come, along with several requests that Conundrum produce e-mails and records relating to its handling of the Compli-X problems. Conundrum did not store electronic records in the cloud, and the back-up tapes they used were cleared and rotated every 30 days. “Good luck getting those e-mails,” Cory chuckled to himself.

Constance Ethyks, Conundrum’s Director of Sales who reported directly to Cory, had become increasingly uneasy about his actions related to the Compli-X. She finally summoned the strength to walk into his office and voice her concerns.

Cory smiled, gold tooth twinkling, and gently warned Constance, “Do you have any idea how much business I bring in for this company? I’ll fire you in a heartbeat if you say anything negative about me. Like I’m going to be taken down by some snotty little girl. Ha!”

Shortly after a dejected Constance walked out of his office, Cory received a call from Ms. Inna-Sand, asking him to come to her office to discuss a letter she had just received from reception. “What is it?” Cory blurted. “Well Cory, it looks like a subpoena from the Department of Justice involving our Compli-X sales in India, China and Brazil.”

Back to Life, Back to Reality

Law school students regularly enjoy fact patterns like these during exam week. Spot all the issues, recite the relevant laws for each, apply the facts to those laws, provide your conclusions . . . and then pray the professor agrees with you. Fun, no? It’s one of the bloodless lobotomizing techniques we lawyers undergo during our three-year committal.

Now, most scenarios within your business will hopefully not be as blatant or pervasive as Cory’s actions. However, there are many legal and regulatory exposures potentially facing your company, necessitating some level of formal compliance. This is where a seasoned Preventive Lawyer can step in and provide immediate value.

In the case of Conundrum, for example, at least some of the following compliance policies would have been helpful had they been put in place (before everything started hitting the fan):

  • Anti-Corruption Policy, helping Cory understand that providing expensive gifts to physicians in India, China and Brazil to secure Compli-X business may actually have constituted bribing foreign government officials;

  • Antitrust Policy, to combat Cory’s illegal use of predatory pricing strategies to eliminate competition from Accelerate;

  • Adverse Event/Incident Reporting Policy as well as Corrective & Preventive Action Policy, to ensure issues with the Compli-X were appropriately reported to the FDA and that those issues were further corrected in the market, including a voluntary recall if necessary; 

  • Document Retention Policy, to ensure documents responsive to litigation proceedings were not inadvertently (and unlawfully) destroyed in the normal course; and

  • Employment Policy with robust Anti-Harassment, Anti-Discrimination & Anti-Bullying as well as whistle-blower language, explicitly prohibiting Cory’s behavior toward Constance and further encouraging Constance to come forward with information related to Cory’s illegal practices.

Go-getter law students seeking bonus points might additionally list the following as examples of how Conundrum could further minimize compliance exposure: 

  • Advertising and Marketing Approval Policy, to ensure Compli-X promotional materials and product labeling contain appropriate language;

  • Workplace Safety Policy, to provide a safe and productive work environment for all employees on the manufacturing floor throughout the making of Compli-X;

  • Insurance Claim Reporting Policy, ensuring timely and appropriate notification and shepherding of potential insurance claims involving Compli-X failures (and Cory’s inappropriate interactions with Constance) directly with the carrier;

  • Cybersecurity Policy, to minimize Conundrum’s legal and business exposure to cyber events (e.g., denial of service, data breach), particularly since it stored numerous confidential documents that could be accessed.

Of course, your company may not be a medical device manufacturer, and I’m certain it doesn’t make products similar to the Compli-X (which is a completely made-up product). However, there are likely numerous laws and regulations governing your specific industry and value chain. 

Long story short, it is important to understand the relevant legal and regulatory landscape surrounding your business, and then develop written compliance policies to minimize your company’s exposure to that potentially rocky terrain.

I Think of All the Education That I Missed . . .

Keep in mind it’s not enough to just develop these written policies. Equally important is training company personnel regularly on these policies in order to individually convey specific requirements, updates and best practices. This means developing training modules and tracking attendance and performance.

Being proactive in compliance education has the additional benefit of generating buy-in, further establishing managerial accountability for potentially non-compliant activities of subordinates. All of this contributes to a culture of compliance, where legal and regulatory exposures are incorporated into day-to-day business decision-making. 

And when an investigation or lawsuit invariably commences, you can confidently demonstrate to that investigating body:

  • Our company has written policies governing such infractions;

  • We regularly educate our managers on these policies; and 

  • We have a culture of compliance with the laws and regulations governing our industry.

It should go without saying this can and does minimize exposure to worst-case outcomes.

As one of the nation’s only practices focused exclusively on Preventive Law, KEEFER is skilled at identifying enterprise-wide compliance issues relevant to your business, developing relevant written policies, educating key stakeholders to generate buy-in, and then implementing and training personnel on these policies.

KEEFER is your ounce of prevention. Contact us to learn more.

Preventive Law Step #3: Due Diligence


“Step three! It’s just you and me.”
- Jordan Knight, NKOTB

Let’s say your company is growing to the point where you are considering acquiring a competitor or expanding operations to a new region. First and foremost, I’d like to congratulate you on this huge success! And to ensure it remains a success, please be proactive and conduct adequate due diligence prior to closing these transactions.

So what exactly is due diligence? Simply put, it’s an in-depth review, analysis and evaluation of the target business or real estate deal to make sure there are no red flags that could come back to bite you. In other words, it’s like looking under the hood of the car to make sure you’re not buying a lemon (or worse, something that could blow up on the road).

Make a List, Check it Twice

When starting the due diligence process, it is wise to start with a checklist of items to request from the other side. For example, in the event you are merging with or acquiring another business, your initial list should generally include some form of the following subjects:

  • Company/organizational information

  • Financial/tax records

  • Contracts/agreements

  • Licenses/permits

  • Assets

  • Liabilities

  • Employment information

  • Claims/litigation

There will be many subparts to each of the above subjects, with specific documents and follow-up items requested depending on the type and complexity of the transaction.

As responsive information and documents start rolling in, you can decide whether you have enough information to satisfy concerns related to a particular subject . . . or you can request supplemental information and documents and start chasing rabbits down holes in the event potential red flags emerge.

This Could Happen to You!

The due diligence process should not be taken lightly, as failure to uncover and address landmines within your target can be problematic. Consider the following potential scenarios involving your prospective acquisition target:

  • It has a shareholder who owns a significant percentage of the company, but is conspicuously absent in company minutes, consents and resolutions involving key decisions.

  • It has operations in several states, but has failed to appropriately register to do business in half of them.

  • It has recently received a demand letter from a lawyer with regard to a potential class action involving a product defect.

  • It has received several letters from local and state environmental agencies with regard to overflow of hazardous waste into a nearby river.

  • It has a significant union presence, and the local union has filed several recent unfair labor practice charges against the company.

  • It sells products primarily through direct-to-consumer channels but has not implemented appropriate cybersecurity measures, including procuring cyber insurance.

  • Its land and equipment are largely tied up by third-party lenders, with additional judgment liens filed in the local recorder’s office.

  • It has a long-standing relationship with an overseas factory that is notorious for harsh employee conditions.

These are just a small number of issues that could be uncovered during the due diligence process, but you’ll likely want to learn more about them before deciding whether to proceed with closing. Having a robust checklist up front, and then following up with additional requests based on findings can ensure no stones are left unturned.

Seasoned Preventive Lawyers are skilled in navigating the due diligence process. In the event potential red flags are uncovered, Preventive Lawyers can help you understand and assess the risk of exposure and then discuss legal and business strategies to minimize this exposure, including whether or not to ultimately proceed with closing.

Open Your Eyes, Look Within

Due diligence is not only necessary in business mergers, acquisitions or real estate settings, but it can also provide the framework to maintaining ongoing business health. Consider the preventive medicine analogy, where your business undergoes an annual physical to assess health and treat areas of potential “disease.” The physician will perform a “review of systems,” including assessing cardiovascular, pulmonary, neurological, gastrointestinal and musculoskeletal systems, among many other things (cue latex gloves!).

Conducting regular business self-exams utilizing an abridged diligence methodology—or a “review of business systems”—can identify current business health as well as targeted opportunities for improvement before potential exposures start to multiply. For example, a business physical might include:

  • Review of existing business entities to ensure alignment with tax strategies and opportunities, as well as mitigation of legal and business risks;

  • Review of business formalities conducted during the year to ensure legal compliance as well as accurate and appropriate business story-telling through minutes, consents and resolutions;

  • Review of existing and prospective geographical presence to ensure appropriate state-based registrations;

  • Review of existing and prospective license, permit and regulatory registration requirements to ensure ongoing compliance;

  • Review of contract practices to ensure proactive negotiation and development practices are being followed, and that business counterparts are compliant with quality and safety standards, insurance levels or other contractual requirements;

  • Review of business continuity practices to ensure there is not over-reliance on a key supplier or vendor that could result in a business interruption;

  • Review of legal, regulatory and contractual compliance programs to ensure appropriate training and documentation is taking place;

  • Review of insurance program to ensure risk transfer practices align with existing enterprise-wide exposures, and that vague or ambiguous language is addressed and clarified before claims arise;

  • Review of potential claims against third-parties, as well as claims by third-parties against the company that could be tendered to an insurance carrier; and

  • Review of existing claims and lawsuits to ensure litigation strategies are business-forward.

An experienced Preventive Lawyer can serve as the “internist” to perform this physical, evaluate the overall health of your business, and then take affirmative steps to treat symptoms or refer to a specialist when indicated.

Long story short, due diligence is a necessary component of significant business transactions. As one of the nation’s only practices focused exclusively on Preventive Law, KEEFER can peek under the hood of target businesses or real estate to make sure you’re not buying lemons . . . and can further be deployed to look under the hood of your own business to make sure it’s consistently operating at optimal health.

KEEFER is your ounce of prevention. Contact us to learn more.

Preventive Law Step #2: Business Governance


“Step two! There’s so much we can do.”
- Donnie Wahlberg, NKOTB

There are reasons why new business owners form corporations, limited liability companies or other legal entity forms. Branding and credibility in the marketplace are of course important, but limiting personal liability is the primary driver. In other words, owners set up these business forms to shield themselves from personal liability in the event something goes wrong with the business . . . can you blame them?

When you set up a business entity, you are required to proactively govern that entity from the initial documentation all the way through growth and global domination (cue Dr. Evil laugh). Failing to do so could mean losing the protections these entity forms offer, in addition to many other issues.

You Gotta Keep ‘Em Separated . . .

Business entities such as corporations and limited liability companies must be kept appropriately separate from the individuals forming them. In order to ensure this separation, certain formalities will need to be followed. Typical formalities include:

  • Maintaining separate business accounts;

  • Holding annual meetings, as well as special meetings for important business decisions;

  • Business record-keeping, including meeting minutes, resolutions and agreements for important transactions;

  • Maintaining accurate financial records; and

  • Regulatory reporting in some securities-related settings.

Depending on the type of entity structure and number of business owners, there may also need to be by-laws or agreements in place which govern the relationships among the owners and the entity.

Now, some entity forms are more flexible than others as far as the formalities are concerned. Size, geography and ownership (e.g., privately-held vs. public) issues, among other considerations, all come into play in deciding one form over another. However, failure to follow minimum required formalities regarding your particular business form can have adverse effects, such as:

  • The ability of third-parties to disregard your business entity form (known as “piercing the veil”) and then go after you individually for something your business may have done wrong;

  • The inability to do business in certain states, including fines and penalties in those states for doing so;

  • Claims by minority shareholders that majority decision-makers were not authorized to undertake certain actions;

  • Events of separation (death, divorce or assignment of interests) resulting in third-parties having more control over the business than what was initially intended or desired; and

  • Possibly even a knock on the door from federal and state enforcement agencies for wrongdoing.

A good Preventive Lawyer, working hand-in-hand with your business accountant, can assist in choosing and then setting up the initial business entity, and can then work with your team to proactively govern the business to ensure business and legal risks are minimized.

. . . But Not Too Separate from the Others

Let’s say your widget-making business has grown to earn substantial revenues, owning a significant percentage of the widget-making industry. In order to spread the wealth (and also minimize your own burden), you set up a few more companies in different states which are owned primarily by your children and a small handful of worthy employees. Of course, you also retain some ownership as well and are ultimately responsible for certain baseline pricing decisions for your products among the family of widget-making businesses.

Depending on how you set up these business entities, this situation could actually be considered collusion among competing companies in violation of federal and state antitrust laws, subjecting you and your businesses to criminal and civil actions. In addition to a potential knock on the door from the Department of Justice involving felony charges and massive fines, other smaller competitors may be all too eager to file lawsuits against your businesses claiming they were somehow damaged as a result of an alleged conspiracy among your “competing” companies.

In order to avoid these competitive exposures, your family of widget-making business entities will need to have an appropriate unity of interest or purpose. In other words, these businesses can’t have the appearance of separate, independent decision-makers as far as the making and selling of widgets is concerned. And depending on the states you’re doing business in, there may be additional ownership and decision-making requirements from a competitive standpoint.

Being proactive in structuring your business entities on this front can be critical from a timing standpoint. If you wait too long, you may find your business has grown to a size where you have to obtain government approval before proceeding with a business restructure, planned merger or other substantial acquisition. In addition to initial business setup and on-going governance, a seasoned Preventive Lawyer can work with your team to develop strategies to minimize exposure to these competitive risks.

Call of Duty

Earlier, we talked about the necessity of following legal formalities with regard to your business form. This compliance can actually have a dual purpose . . . these signed minutes, consent resolutions, and agreements can tell a detailed story about what the company did, and why those running the company did it. Why is this important, you ask?

Decision-makers of the business are considered fiduciaries of the business, meaning they are under an obligation to not usurp business opportunities for their own personal gain. In other words, these decision-makers can’t allow personal interests to prevail over the interests of the business. An action by a business decision-maker is typically presumed to be valid as long as it is consistent with the exercise of honest business judgment or discretion. This is known as the “business judgment rule.”

In order to get the benefits of this deferential business judgment standard, it is imperative that minority owners have notice, full information and an opportunity to consent to the transaction. And given the size of the transaction, consequences to the business or other considerations, an independent special committee may also need to be engaged to evaluate potential fairness issues.

If there is evidence of self-dealing, the deferential business judgment presumption can be rebutted. In that case, the decision-maker will have to prove that the transaction was in fact in the best interests of the company, using a less-deferential “entire fairness” standard. This means the decision-maker will have to affirmatively demonstrate that the transaction was fair in both process and substance, with a court typically being the final say on the matter. A determination that the decision-maker breached a fiduciary duty could mean civil damages all the way up to having the business placed in receivership and liquidated. Not good.

Preventive Lawyers can be a great resource to assist your business with conducting annual and special business meetings and then preparing the minutes, resolutions and agreements to tell the business story correctly and in a detailed manner. Their proactive approach helps minimize fiduciary risks to the business.

Like contract development, business governance is not the sexiest part of running a business. However, it is equally as important in contributing to long-term success. As one of the nation’s only practices focused exclusively on Preventive Law, KEEFER can work with you on the governance front, minimizing exposure to registration, competitive and fiduciary risks before they become a reality.

KEEFER is your ounce of prevention. Contact us to learn more.