Strengthening Your Defenses

Cynthia MARCOTTE Stamer, Esq. Board Certified – Labor and Employment Law

Helping Management Manage

Managing Shareholder, Cynthia Marcotte Stamer, P.C. A Member of

STAMER│CHADWICK│SOEFJE PLLC 5851 LEGACY CIRCLE, 6TH FLOOR, PLANO, TEXAS 75024

MAILROOM 3948 LEGACY DRIVE, SUITE 106, BOX 397, PLANO TEXAS 75023 TELEPHONE: (469) 767.8872 TELECOPIER: (469) 814.8382

E-MAIL: [email protected] WWW.CYNTHIASTAMER.COM WWW.STAMERCHADWICKSOEFJE.COM

©2015 CYNTHIA MARCOTTE STAMER. ALL RIGHTS RESERVED.

mailto:[email protected]





http://www.cynthiastamer.com/





http://www.stamerchadwicksoefje.com/





©2010-2015 Cynthia Marcotte Stamer 2

THE FINE PRINT

This presentation or the accompanying materials is to be construed as an admission. The presenter reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues or be updated to reflect the current state of law in any particular jurisdiction or circumstance as of the time of the presentation. Parties participating in the presentation or accessing of these materials are urged to engage competent legal council for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance.

Circular 230 Compliance. The following disclaimer is included to ensure

that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.*

Healthcare Boards & Leaders Face

Increasing Demand & Liability For

Effectively Oversight of Their

Organization’s Compliance

Health Care Fraud, Privacy & Other Laws Generally Require Board Engagement &

Oversight As Part of Required Compliance

Federal Sentencing Guidelines & Other Up The Ladder Organizational & Leader Liability

Shareholder & Other Accountability

More


EFFECTIVE FRAUD & OTHER

COMPLIANCE PROGRAMS HELP:

Maintain HR and Business Effectiveness

Realize Financial, Performance, Administrative and Other Objectives

Maintain Investor Trust

Avoid Public Embarrassment

Meet Legal Mandates For Compliance Programs

Prevent & Mitigate Legal Violations

Meet Sarbanes-Oxley and Other Reporting & Internal Control Requirements


Fraud & Other Compliance Programs Also

Create Risks Requiring Management

Vicarious/Imputed Liability For Failing To Take Adequate Preventative/Corrective Action In Response To Information

Privacy Issues From Monitoring, Investigations

Employee/Vendor Suits From Discipline & Termination

FCRA, Wiretap, Other Investigation Liability

More


Duties & Risks

What Hat(s) Do You/Your

Organization Wear

Director

Partner

Corporate Officer

Compliance/Privacy

Officer

Risk Manager

VP Human Resources

Master/Servant

(Employee) Vs Agent

(Independent Contractor)

Plan Fiduciary

Lender

Financial Advisor

Statutory Duty

Co-Conspirator

Auditor

Tax Preparer

Insurer/Indemnifer

Other

Companies/Computers

Don’t Break The Law:

People Do

Unhappy Employees, Service Providers & Customers Most Likely Violators & Whistleblowers

Effective Compliance & Risk Management Requires Effective People Management

©2010-2015 Cynthia Marcotte Stamer

Fraud & Other Compliance

Management Is Performance

Management

Effective Compliance & Risk Management Requires Effective People Management

Unhappy Employees, Service Providers & Customers Most Likely Violators & Whistleblowers


Organizations and Employees Liability

Sources

Direct Violations By Organization or

Employee √ Personal Acts

√ Malfeasance or Nonfeasance of Others

Performance of Delegated Tasks


Organizations & Individual Management

Liability Sources

Imputed Liability of Organization or

Official √ Federal Sentencing Guidelines

√ HIPAA, Healthcare Fraud, Other Laws

√ Negligent Hiring or Supervision

√ Nondelegable Duty

√ Strict Liability


Federal Laws Making Business

Responsible For Prevention,

Detection & Redress of Fraud &

Other Illegal Acts



Organizational Liability Fraud & Other Illegal Acts, e.g.

HIPAA, FACTA & Other Data Security/Data Breech Laws

Cybercrime & CyberSecurity Laws

Healthcare Fraud

Tax Fraud

Copyright/Theft Of Intellectual Property

Sarbanes-Oxley/Securities

Fair Credit Reporting Act

Extortion/Threats In Interstate Communications

I-9 And Other Fraud/Misuse Of Visas, Permits Money Laundering

Fraud/False Statements Generally

Fraud And Related Activity - Id Documents

Bank Fraud

Malicious Mischief – Communications

Sale Or Receipt Of Stolen Goods, Etc

Many Others

Effective Sentencing Guidelines Or Other

Compliance Program

Effective Program:

“Get Out Of Jail

Free Card” (or

Reduce Penalty)

Ineffective or No

Program: “Go

Directly To Jail

Card”


Federal Sentencing Guidelines

Applicability

Federal Felony Offenses

Federal Class A Misdemeanor Offenses

Supreme Court Ruling Converts

Sentencing Mandate To Sentencing

Guideline

See http://uscode.house.gov/download/title_18.shtml


Federal Sentencing Guidelines

Organizational Liability Applicability

Businesses, Political Subdivisions, Other

Organizations,

Their Officials

Their Agents


Sentencing Guidelines Core Principles

Must Order Organization To Remedy Any Harm From Offense

If Criminal Purpose Of Organization, Set Fine High Enough To Destroy The Organization

For Any Other Organization, Base Fine On Offense Severity and Organization’s Culpability

Probation For Organization OK If To Ensure Order Fully Implemented Or Steps To Reduce The Likelihood Of Further Criminal Conduct Implemented


Sentencing Guidelines Formulary

Base Fine Is Greatest Of: √ Monetary Gain To The Defendant

√ Monetary Loss To Victim

√ Fine Amount Specified In The Fine Table

Increase or Decrease Base Fine Within

Established Guideline Range Based On

Culpability Score

Must Impose Sanction In Guideline


Sentencing Guidelines Formulary

Calculate Culpability Score √ Starting Score = 5 Points

√ Add Aggravating Factors

√ Subtract Mitigating Factors

If Effective Compliance Program, Subtract 3 Points

If Self-Reporting, Cooperation, Acceptance of Responsibility,

Subtract 1, 2 or 5 Points


Compliance vs. Defensibility

“Culture of Compliance”

Establishment of required “culture of ethics” and “internal controls” requires both written policies and procedures and practical operationalization


Compliance Is A Goal, Not A

Destination

Trip Planning Helps


Guiding Principles

Act or Speak In Haste,

Repent At Leisure



Guiding Principles

The Process is Often as

Important as the Result


Guiding Principles

Doing the right thing is one

thing,

Proving it in the court

house, another ...


IMPLEMENTING EFFECTIVE COMPLIANCE PROGRAM

Attorney-Client/Work Product & Other Evidentiary

Tools & Rules



Attorney-Client/Work Product & Other Evidentiary

Tools & Rules

Attorney-Client Privilege

Work Product Privilege

Communication Work Must Happen In Scope of/In Furtherance of Attorney Representation Of Client

Exceptions To Privilege √ Communication To Parties Outside Attorney-Client Relationship Can

Waive Privilege

√ Advice In Furtherance of Criminal Act

Involvement of Consultants or Others In Furtherance of Representation Vs. Outside Communication

Collaboration With Business Partners, Outside Service Provider Risks & Challenges

Employees & Agents With An Agenda


Consider Attorney-Client Privilege Before Starting

Legal & Operational Inventory To Define Minimum

Requirements

Audit Policies, Procedures and Practices

Assess Compliance Status and Risks

Design and Document Tailored Compliance Program

Document Decisions

Implement Compliance Program

Documented Ongoing Administration & Enforcement


Process Steps


Oversee Compliance

Consistently Enforce Standards Through Appropriate Disciplinary Mechanisms

When Detect Violation, Respond Appropriately Including Appropriate Compliance Plan Adjustments To Minimize Future Risks


Process Steps



Process Steps

Responsibility To Monitor Compliance To Specific High Level Person, Not To Individuals That Maintain Programs

Communicate and Conduct Training Tailored To Ensure Effectiveness

Establish/Communicate Compliance Standards and Procedures Reasonably Capable of Being Followed

Oversight & Enforcement

Continuous Quality Improvement


IMPLEMENTING AN EFFECTIVE COMPLIANCE PROGRAM

POLICIES & PROCEDURES

Adopt Policy of Compliance With Law √ Use Attorney-Client Privilege, Work Product Other Tools

To Mitigate Risks

√ Audit/Analysis May Reveal Existing Noncompliance

√ Consider Potential Negative Evidence Resulting From Unprivileged Discussion of Compliance Sufficiency & Options For Compliance

√ Use Privilege To Provide Safe Haven To Discuss Prioritization

√ Prepare Documentation Within Privilege To Be Used Outside of Privilege To Document Rational Setting of Prioritizes, Actions Taken, Etc.



Know What You Need People To Do

Operational requirements to control/monitor access

and usage

Laws and regulations requiring/recommending

control/monitor access & usage

Contractual/external relations

requiring/recommending control/monitor access &

usage




Requirements/Advisability of Notifications/Disclosures To Government, Others

Potential Privilege Implications of Involvement Of Consultants, Business Partners, Employees, Others

Securing Information & Evidence

Evidence/Witness Tampering, Related Concerns

Retaliation, Whistleblower Risks




Confidentiality Procedure Design & Administration

Avoid Whistleblower, Impeding Investigations, Etc.

Concerns

Safeguarding & outlining appropriate handling of

proprietary information and proper sanctions

Data & System Use Policies

Special rules for especially sensitive information, e.g.: √ Trade Secrets

√ Third Party Confidential Information

√ PHI/Health Care Information

√ Financial Information

√ Personal Information



Who Needs To Do What - Your Team & Their Positions

Matching People To Required Performance

Right Credentials, Judgment & Skills For

the Job

Oversight & Management




Picking Your Team

Credential People With Access To Facilities, Computers & Data

√ Reference Checks

√ Criminal Background Checks

√ Credit Checks

√ Honesty

Staff-like Access (SLA) √ Contractor and Vendor access

Provide Required/Recommended Disclosures

Secure Required/Recommended Consents




Picking, Managing & Monitoring Your Team

Compliant Effective Background Check & Investigations Procedures

Credentialing

Investigation

Monitoring

Disclaimer of Privacy

Ownership of Business Relevant Facts

Duty To Report Information & Other Cooperation

Relevant Information/Actions Using Personal Equipment, Off-Duty Conduct

Post Termination Continuing Duty To Cooperate

Maintaining Confidentiality of Investigation

Anti-Retaliation & Other Whistleblower Safeguards





Questions relative to Background Checks & Investigation

√ Type of information to be obtained from potential employees,

vendors or contractors

√ CABI (Contractor Access Background Investigation)

√ Withholding or falsifying information from employer is just cause for

not being hired or dismissal

FCRA Consents & Other Privacy Liability Risk Management

Provide Required/Recommended Disclosures

Secure Required/Recommended Consents





Policy regarding updated background information

(affirmative reporting) √ Clearly outline expectations employer has of employee regarding change

in status (address, arrest, marital status, bankruptcy)

√ Require Notification of Criminal Charges, Other Events For Persons With

Sensitive Access

Tighten Requirements Based On >

Responsibility/Sensitivity of Position

Re-credential Periodically, When Job Changes





Directory Access

Review position description for NEEDED access.

Timely coordination between HR and IT & Other Key Sources of Participation √ Physical access & clearance with IT access

Limit access to sensitive information √ Strict policies & guidelines regarding need to know access

√ Unauthorized System Access Criminal/Civil Exposures

Educate Team Members About Limits On Information Access Requirements Upstream & Downstream



POLICIES & PROCEDURES TO CONSIDER INCLUDE:

Outsourced Services Heightened Risks

Credential -You Can’t Choose Your Relatives But You Can Choose Your Employees, Agents

Require/Enforce Contractual and Practical Safeguards

Restrict Rights

Terminate Access Promptly

Ongoing Oversight

Indemnification & Insurance




Strengthening Monitoring & Oversight Authority

Contractor/Business Partner/Customers

Contracts With Contractors & Other Business Partners

Include Suitable Investigation Provisions

Avoid Unintentionally Contracting To Require Waiver of

Legal Privileges Or Mandate Cooperation

Review Carefully Indemnification, Notice, Standards of

Performance, “Best Efforts”, Insurance, Information

Sharing, Cooperation In Defense, and Similar Provisions




Strengthening Monitoring & Oversight

Authority

Broaden Investigations & Monitoring Reach

Property, Equipment Not Owned By Corporation

Social Networking & Other Private Tools

Off-Duty Conduct

Other Specific Situations Raising Risk

Appropriate Notices, Consents, Disclaimers of Privacy

Learn From School District Spycam: Reasonable

Expectation of Privacy


Performance Management

Establish Compliance Standards and

Procedures Reasonably Capable of Being

Followed

Communicate Specific Expectations In Relevant,

Understandable Terms

Communicate Early & Often

Emphasize Particularly Important Requirements

By Requiring Acknowledgements, Other

Communicate and Conduct Training Tailored To

Ensure Effectiveness ©2010-2015 Cynthia Marcotte Stamer

ADMINISTERING EFFECTIVE COMPLIANCE PROGRAM

Performance Management

Monitor Compliance √ Management Oversight

√ Compliance/Fraud Hotlines

√ Audits

√ Testing

√ Other

Assign Oversight To Manager With Appropriate Skills,

Authority & Judgment

Consistently Enforce Standards Through Appropriate

Disciplinary Mechanisms

When Detect Violation, Respond Appropriately and To

Prevent Future Offenses




Investigation of Suspected Fraud/Misconduct

Act Immediately and Appropriately

Consider Privilege & Other Evidentiary Issues At

Beginning

Keep In Mind Investigation May Provide

Evidence For Government & Plaintiff Complaints



Investigations

IF YOU SUSPECT A COMPLIANCE CONCERN

Stop & Think Before Doing Or Saying Ill-Considered Things

Consider/Engage Attorney For Attorney-client Privilege

Designate Members Of Investigation Team And Counsel About Confidentiality/Non Retaliation



Investigations


Conduct an Internal Investigation Within Attorney-Client Privilege To Determine: √ To determine if a problem exists

√ To determine extent of problem

√ To prepare an action plan

√ To initiate corrective measure

√ To go to government, if appropriate

√ To prepare a defense

√ To plan other safeguards



Investigations


Secure & Protect Evidence

Criminal Sanctions Apply To

Tampering With A Record Or

Impeding An Official Proceeding

For Publically Traded And Private

Companies

Don’t Destroy Evidence!!!!!

The Martha Stewart Lesson



Investigations


Conduct Prompt, Legal Investigation Designed & Administered For Legal And Operational Effectiveness

Document Steps And Determinations In Course Of Investigation

Consider Need To Report & Document Rationale

Take Appropriate Corrective/Disciplinary Action & Document Rationale


Management Friendly Witness Presence Benefit or Harmful?

Written/Recorded Statement of Witness Vs. Interviewer Taking Statement?

Allow Witness Counsel, Union Representation, Other?

Adverse Impressions Risk From Differences In Interviewing Procedures For Different Witnesses

Context & Location of Investigation/Interviews

Tone & Conduct Matters

Other

IF YOU SUSPECT A COMPLIANCE CONCERN:

Structure & Collect Investigation To

Maximize Helpful Evidence

Effectiveness


Investigations

Plan To Manage Public/Fact-Finder Perceptions



Avoid Actions That Might Offend Juries, Others

“I filled out the

confidential

questionnaire, boss.

Only your

management class

instructor sees those

right?”


Investigations

Plan To Manage Public/Fact-Finder Perceptions


I

Internal vs. External Investigator

Investigator Independence/Appearance of Independence

Investigator Potential Quality As Witness

Special PI Licensure For Forensic Investigations In Texas

Investigator Understand Rules

Liability For Wrongful Acts of Investigator

Investigator Possess Other Sensitive Information Prefer Not To Expose

Jury/Government Potentially View Investigator As Intimidator

Law Firm Or Consultant Other Privilege Issues


Consider/Decide Who Should Conduct

Investigation



Handling & Investigating Electronic Evidence

Consider Potential Special Chain Of Custody/Evidentiary Concerns - See Secret Service Best Practices for Seizing Electronic Evidence Guide At www.ustreas.gov/usss/electronic_evidence.html

Don’t Start Frantically Searching The Computer Because It Changes The Evidence

√ Erodes Your Evidence Quality

√ May Expose You/Company To Evidence Tampering Charges

Image Computer Before Taking Further Steps

Manage Unauthorized Access, Wiretap & Other Legal Risks

http://www.ustreas.gov/usss/electronic_evidence.html


Interviewing Witnesses

Scripted Notification To Witness Orally & In Writing Of

Investigation, Anti-Retaliation & Other Key Policies

Advise If Investigation Is Of A Complaint

Do Not Promise Confidentiality

Explain Confidentiality Requirements

Remind Of Policy Against Retaliation Where Applicable

Provide Information About Who To Contact With Added

Information, Concerns



Interviewing Witnesses

Listen Don’t Tell

Gather Evidence, Not Conclusions

Ask Open Ended Questions

Let Witness Speak

Avoid Interpretation, Forming Opinions In Collection of Testimony

Avoid Documenting Testimony Where Witness Opinions Appear As Corporate Admissions Because Interviewer Documents Testimony Statements As His Opinions



Get The Facts

√ Who?

√ What Did He/She Do?

√ What Did He/She Say?

√ When Did This Happen?

√ Where There Any

Witnesses?

√ Has This Happened

Before?

√ Has This Happened to

Others?

√ E-Mail or Other Evidence

√ Other

?

Ask Witness


Get the Facts

Get The Full Story Before Forming/Writing Opinions

Listen to What the Person Is Telling You

Avoid Being Judgmental

Remain Objective

Be Noncommittal √ Avoid making statements that could be admission

√ Avoid making statements that could be evidence of management

affirmation/adoption of prohibited action


SUGGESTIONS TO ENHANCE DEFENSE

Handle Complaints Properly √ Take Seriously

√ Investigate

√ Take Action (Call Ginger, Mark or Marti)

Probe For Possible Retaliation or Other

Improper Agendas

Get Help on Personnel Decisions


Document √ Counseling

√ Discipline

√ Evaluation

√ Objectives

But Be Careful on Wording Used; Consult

with Counsel, Human Resources



Successful Liability Management and

Achievement of Business Objectives

Depends Largely On Effective

Management of People & Processes

Managing People & Changing

Performance - Opportunity With Risk



Employees & Contractors Actions Key Risk & Liability

Determinant

Internal/External People Create Or Minimize

Risk By Actions

HR Data Creates Cyber Crime And Other Risks


Effective Management of People Is Key

Employees & Contractors Key Players In Preventing, Detecting

Fraud/ Other Risks

Employees & Contractors Most Common Offenders

Inside Jobs Create Special Organizational Liability

Risks

Internal/External People Create Or Minimize Risk By

Actions

HR Data Creates Cyber Crime And Other Risks

HR Management/Administration of Internal Controls

Creates Special Risks

Other


HR Enforcement Liability Risks

1 In 4 Employers Will Be Sued By Employee (2004 Chubb Study)

Most Legally Protected Persons

Most Likely Plaintiff

Plaintiff Most Likely To Win

Could Trigger Political Repercussions

Whistleblowers

Size And Availability Of Judgments And Other Sanctions Rising


Human Resources Growing Perils

Most legally protected persons

Most likely plaintiff

Plaintiff most likely To win

Could trigger political repercussions

Likely to raise interest of regulators

Size and availability of judgments and

other sanctions rising


Manage Human Resources To Avoid

Employment & Employee Benefit

Liabilities

Whistleblower

Age

Sex

Race

Disability

Religion

Family leave

Privacy

National origin

Employee benefit

laws

Sexual harassment

Union

Workers’

compensation

Privacy

Employee

background checks

Tax laws

Due process

Contracts

Other


Managing People to Manage

Third Party And Business Risks

Criminal liability

prevention

Civil liability

prevention

Accreditation

Regulatory

enforcement

Realize financial,

performance,

administrative and

other objectives

Public

embarrassment

Operational

disruptions


Fraud Prevention, Detection Special

Human Resources Management

Exposures

Privacy

Fair Credit Reporting Act Background Check &

Investigations

Discrimination

Retaliation/Whistleblower

Other


Fraud Prevention, Detection Special

Human Resources Management

Exposures

Effective Human Resources Performance

Documentation Best Defense Against

Whistleblower, Retaliation & Other Employee,

Service Provider Claims


Documentation & Document Retention √ Regulations Requiring Documentation &

Documentation Retention Are Designed To Help

Prove You Wrong

√ Create & Retain Mandated Documentation In Manner

That Captures Compliance

√ Design Processes, Documentation Retention To

Create, Retain & Preserve Other Evidence

Supporting Compliance, Other Needs



Plan & Implement For Success

DEVOTE REASONABLE RESOURCES TO PREVENT

THE PREVENTABLE

Document reasonable decisions

where prevention not merited in

advance

Document reasonable business

judgments based on legally appropriate

considerations why broader

investigation, other action not warranted

Document safeguards, other actions

to preserve compliance ©2010-2015 Cynthia Marcotte Stamer


Managing & Using Technology

Special Considerations

Pre-Existing Technology Use Creates Own Risks/Records

Volume of Information Creates Investigation & Oversight Challenges

Emails, Other Electronic Data Distribution

Electronic Discovery & Meta Data Considerations Impact Data Retention & Investigations

Just Because You Didn’t Keep It Doesn’t Mean Someone Else Didn’t


Managing & Using Technology

E-Mail & Other Electronic Evidence Special Considerations

Just Because You Haven’t Found It Doesn’t Mean

Someone Else Doesn’t Have It


TECHNOLOGY TOOLS CAN HELP:

Record And Document Actions

Minimize Effort For Management & Oversight

Restrict Access To People Without Need

Grant Access To People With Need

Manage Use By Authorized Users To Appropriate

Purposes

Deter/Prevent Improper Actions

Alert Management To Potential Compliance Concerns


12-Tips To Help Strengthen Your

Defenses

1. Use Attorney-client Privilege, Work Product & Other Evidentiary Rules Strategically

2. Pre-plan Your Prosecution & Defense Strategy As Design & Administer Of Internal Controls, Audits & Investigations

3. Structure & Administer Fraud & Other Management Efforts To Minimize Overall Organizational Liability

4. Strengthen HR, Contractor & Customer Relations Management Policies, Processes Effective HR Management, Oversight & Discipline Key To Effective Internal Controls & Risk Management

5. Make Your Corporate Policy To Do The Right Thing

6. Devote Reasonable Resources & Efforts To Distinguishing Right From Wrong & Document Efforts


12-Tips To Help Strengthen Your

Defenses

6. Devote Reasonable Resources & Efforts To Distinguishing Right From Wrong & Document Efforts

7. Prioritize Prevention, Management & Audit Efforts Based On Well-documented Defensible Priorities That Documents Reasonable Decision Making

8. Monitor, Audit, Investigate & Discipline Using Legally Defensible Processes Designed To Promote Defensibility

9. Adopt & Use Background Check, Privacy Disclaimers & Other Policies To Broaden Investigatory Powers & Defensibility

10. Systematize Documentation & Record Retention To Capture & Preserve Beneficial Evidence

11. Strengthen Witness & Other Evidence Gathering Processes & Procedures

12. When Bad Things Happen, Act Quickly To Limit Damage & Implement Processes To Deter Risks


THE HARSH REALITY Data Collection, Possession & Use Creates Risk


©1938 PARKER BROTHERS, INC.

A Closing Reminder

Cyber Crime & Identity

Theft Are Covered By:

√ Federal Sentencing

Guidelines

√ Sarbanes-Oxley


The world is a scary place at times…


Risk Management & Compliance Resources

Publications, Training & Other Resources

E-Mail [email protected]

Cynthia Marcotte Stamer Board Certified – Labor and Employment Law, Texas Board of Legal Specialization

Helping Management Manage Direct Telephone: (972) 588.1860 Mobile Telephone: (469) 767.8872

Primary Office16633 Dallas Parkway, Suite 600Addison, Texas 75001

Plano Office 3948 Legacy Drive Suite 106, Box 397, Plano, Texas 75023

[email protected]

www.cynthiastamer.com

