Blog Editor

Paul E. McGreal
Director, Corporate Compliance Center
Harry and Helen Hutchens Research Professor and Professor of Law
South Texas College of Law
Web Profile
Email

Resources

About Corporate Compliance Prof Blog
Email Editor Comments & Content

Federal Government Websites
Dept. of Health and Human Services (HHS)
Dept. of Justice (DOJ)
Dept. of the Treasury
Environmental Protection Agency (EPA)
Federal Trade Commission (FTC)
Financial Crimes Enforcement Network (FinCEN)
Occupational Health and Safety Administration (OSHA)
Public Company Accounting Oversight Board (PCAOB)
Securities and Exchange Commission (SEC)
United States Sentencing Commission (USSC)
United States Supreme Court

Federal Agency Resources
EPA: Environmental Audit Policy
FinCEN: Bank Secrecy Act Regs
FTC: Financial Privacy: Gramm-Leach-Bliley Act
HHS: Health Care Compliance Guidance
HHS: HIPAA Compliance
OSHA: Workplace Self-Audit Policy
PCAOB: Audit Standard No. 2
USSC: Organizational Sentencing Guidelines
USSC: Advisory Group on the Organizational Sentencing Guidelines
USSC: Post-Booker Developments

Federal Prosecutorial Resources
Antitrust Leniency Policy (DOJ)
Seaboard Report (SEC)
Thompson Memorandum (DOJ)

Private Organizations
ABA Business Law Section, Corporate Compliance Committee
Association of Corporate Counsel: America
Business Roundtable
The Conference Board
Corporate Compliance Center (South Texas College of Law)
Ethics Officers Association
Ethics Resource Center
Greater Houston Business Ethics Roundtable
Open Compliance and Ethics Group
Texas General Counsel Forum

Private Resources
Industry Specific
Defense Industry Initiative on Business Ethics and Conduct
Health Care Compliance Association
Risk Specific
Association of Certified Anti-Money Laundering Specialists
International Compliance Association (anti-money laundering)
NASD Rule 4350 (Corporate Governance)
NASD Rule 3011 (Anti-Money Laundering)
NYSE Listed Company Manual Section 303A (Corporate Governance)
Aspen
Transparency International (foreign bribery)
Transparency International: USA Anti-Bribery Toolkit

Case Law
Burlington Industries v. Ellerth
Faragher v. City of Boca Raton
Kolstad v. American Dental Association
United States v. Booker
Sentencing Law & Practice

Compliance and Ethics Publications
BNA/ACCA Compliance Manual
ethikos

Related Blogs
White Collar Crime Prof Blog
Sentencing Law & Practice

Free Legal Web Sites
Findlaw
JURIST

Blogware

Powered by TypePad

Notices

© Copyright 2005 by Law Professor Blogs, LLC. All rights reserved.

Monday, October 30, 2006

test

How Did You File Your Tax Return?
Hard copy via mail
Electronic copy via Internet
  
Free polls from Pollhost.com
Free polls from Go2poll.com

October 30, 2006 | Permalink | TrackBack (0)

Thursday, October 6, 2005

Article of Interest

This article courtesy of the Social Science Research Network:

"Some Skepticism about Increasing Shareholder Power"

Iman Anabtawi (UCLA School of Law)

This Article examines shareholder primacists' claims that making boards more accountable to shareholders would go a long way toward solving the agency problem between shareholders and managers and enhancing shareholder welfare. I argue that in the shareholder power debate over whether to vest corporate decisionmaking authority primarily in a firm's shareholders or in its board of directors, shareholder primacists underplay deep rifts among the interests of large-block shareholders - those shareholders most likely to make use of increased shareholder power. The argument for reapportioning decisionmaking authority within the firm away from boards toward shareholders assumes that shareholders are a monolith with the single, overriding objective of maximizing share value. Some of the most significant modern shareholders, however, have private interests that conflict with (1) the goal of maximizing shareholder value generally or (2) the interests of other shareholders who would choose to maximize shareholder value differently, given their peculiar characteristics. Such private interests may induce influential shareholders to engage in rent-seeking behavior at the expense of overall shareholder welfare. In light of this possibility, which I argue is substantial, we would do well to pause before implementing corporate governance measures designed to further empower shareholders.

October 6, 2005 in Publications | Permalink | TrackBack (0)

Wednesday, September 14, 2005

Article of Interest

Courtesy of the Social Science Research Network:

"Rock, Paper, Scissors: Choosing the Right Vehicle for Federal  Corporate Governance
Initiatives"

Fordham Journal of Corporate and Financial Law, Vol. 10, p. 225, 2005

Joan MacLeod Heminway (University of Tennessee College of Law)

This article acknowledges the trend toward federalizing aspects of corporate governance (as evidenced by, among other things, the Sarbanes-Oxley Act of 2002) and offers a model for institutional choice in federal corporate governance rulemaking.  Specifically, the article suggests a way to determine whether the components of a specific substantive rule of corporate governance should be legislated by Congress, regulated by the Securities and Exchange Commission, or established by the federal courts. Both the thesis of the article and the specific analytical framework it promotes are foundational in corporate governance scholarship and draw from previous research and scholarship in law (including constitutional law, administrative law, corporate law, and securities law), political science, and economics.

September 14, 2005 in Publications | Permalink | TrackBack (0)

Save the Date -- November Compliance Program in Houston

Moving to the front from September 6, 2005 (for obvious reasons of self-promotion).

BrochurecoverThe South Texas College of Law Corporate Compliance Center will host a one-and-a-half day program on November 17-18, 2005, that examines what companies are doing in response to the amended organizational sentencing guidelines.  Entitled "Where Are We Now?  Compliance Programs One Year After the Sentencing Guidelines Amendments," the program will cover recent developments and practical trends on:

  • The Board's role in the compliance program (including a panel discussion among in-house compliance professionals and experienced board members)
  • Extending the compliance program to suppliers and vendors
  • Training managers and supervisors on their compliance roles
  • Methods for evaluating the effectiveness of the compliance program
  • The government's evolving expections for compliance programs

Our keynote lunch speaker will be retired Delaware Chief Justice E. Norman Veasey, partner in the New York office of Weil, Gotshal & Manges, who will speak on the topic Federalism v. Federalization in Corporate Law and Lawyer Conduct.

Further information about the program can be found on the Center's web site, including the program brochureOn line registration is also available at the Center's web site.

September 14, 2005 in Conferences, Programs & Speeches | Permalink | TrackBack (0)

Tuesday, September 13, 2005

Ellerth/Faragher Update No. 1

Here is the first batch of Ellerth/Faragher updates, and it covers the period from September 2004 through April 2005.  I do not catalogue every case to address the defense, instead noting only those cases that shed light on what makes an employer's compliance program effective. Consequently, I omit cases either that reach a summary conclusion without helpful analysis,  or that deny the affirmative defense because the employee had properly pursued the employer's compliance processes.  Also, while I note unpublished opinions from the courts of appeals, I report only published opinions from the district courts.

(These summaries are taken from a discussion I wrote as co-reporter for the Corporate Compliance Survey of the Corporate Compliance Committee of the ABA’s Business Law Section.  The Survey is to be publsihed in the August 2005 issue of The Business Lawyer.  My co-reporter for the Survey was Jean K. FitzSimon, co-Chair of the Corporate Compliance Committee, and Senior Vice President and General Counsel of Whitehall Jewellers.)

Harmon v. Home Depot USA Inc., 130 Fed. Appx. 902, 904 (9th Cir. 2005).  Upholding summary judgment for an employer that "had a written sexual harassment policy. The policy had several means for reporting harassment including a toll-free number employees could call anonymously. Employees were trained on the policy when they started work. Employees signed a form stating they were trained and understood [employer's] non-harassment policy."

Olson v. Lowe's Home Centers Inc., 130 Fed. Appx. 380, 389 (11th Cir. 2005).  The employer took reasonable care to prevent harassment "by promulgating and effectively disseminating several fairly extensive anti-harassment policies to employees [that] enabled employees to bypass harassing supervisors and provided several different avenues for employees to report sexual harassment." The employer, however, was not entitled to summary judgment on its affirmative defense because a fact issue existed on whether the employee unreasonably failed to pursue employer's processes.

Clark v. United Parcel Service, Inc., 400 F.3d 341, 349-50 (6th Cir. 2005).  The employer's sexual harassment policy was sufficient because it at least "(1) require[d] supervisors to report incidents of sexual harassment; (2) permit[ted] both informal and formal complaints of harassment to be made; (3) provide[d] a mechanism for bypassing a harassing supervisor when making a complaint; and (4) and provide[d] for training regarding the policy." The employer, however, was not entitled to summary judgment on its affirmative defense because of fact issues regarding the reasonableness of its response to the harassment report.

Loughman v. Malnati Organization Inc., 395 F.3d 404, 407 (7th Cir. 2005).  Overturning summary judgment for the employer on the Ellerth/Faragher affirmative defense because first, simply securing the harasser's verbal assurance of no further harassment might be inadequate response to physical harassment, and second, "consistent stream of harassment . . . suggests that [employer's] policy was actually not very effective at all."

Hesse v. Avis Rent A Car System, Inc., 394 F.3d 624, 630-31 (8th Cir. 2005).  Evidence of the employer's corrective actions warranted summary judgment for employer on affirmative defense.

Petrosino v. Bell Atlantic, 385 F.3d 210, 226 (2d Cir. 2004).  While the employer had a sexual harassment policy and a reporting hotline, the employee raised a fact question about effectiveness of these measures by offering evidence that hotline operator refused her request to speak with a female counselor and then failed to investigate her claim.

Presley v. Pepperidge Farm, Inc., 356 F. Supp. 2d 109, 128 (D. Conn. 2005).  The employer had an adequate harassment policy because it had "posted written copies of the policy in multiple locations in the plant where [the alleged victim] worked[; the employer] informed newly hired employees of the policy during their orientation[; and] human resource officials walked around the floor of the plant to make themselves more accessible to employees." This was so even though "there were multiple versions of the policy in circulation at the time of" the alleged harassment because "all versions of the policy before the court prohibit any kind of sexual harassment, instruct employees to whom they can complain, assure that the company will take prompt and appropriate action, promise confidentiality, and ensure that employees will not be penalized or retaliated against for filing a complaint." However, a genuine issue of material fact existed as to whether the policy was adequately enforced.

Miller v. Edward Jones & Co., 355 F. Supp. 2d 629, 639 (D. Conn. 2005).  Even though the employer adequately investigated the harassment complaint, a fact issue prevented summary judgment on the Ellerth/Faragher defense because the employee claimed that "the company offered her no alternative other than to return to work in a two-person office alone with the man (her supervisor) who was continually harassing her."

Jones v. District of Columbia, 346 F. Supp. 2d 25, 48-49 (D. D.C. 2004).  The employer satisfied the first element of the Ellerth/Faragher defense because it "did have a written anti-harassment policy with complaint procedure, a copy of which was provided to [the alleged victim] during her training-before she began working at [the employer's workplace]. [The employer] took immediate corrective action upon receipt of [the] harassment complaint, issuing cease and desist letters to prevent further contact between [the alleged harasser and victim], and beginning an investigation into [the] allegations."

Talamantes v. Berkeley County School Dist., 340 F. Supp. 2d 684, 697 (D. S.C. 2004). A school district was found to have a reasonable sexual harassment policy because it: "adopted policies that prohibit sexual harassment and provided a complaint procedure that permits an alleged victim of harassment by a supervisor to bypass the supervisor with a complaint or grievance"; "[t]he policy expressly prohibits the type of conduct [the employee] alleges: physical conduct of a sexual nature, offensive comments or slurs, and visual harassment"; "[t]he policy also requires administrators to initiate a prompt investigation once they receive a complaint"; "the policy is distributed to . . . employees during their initial employment and annual orientation"; "supervisory employees, including custodial supervisors, receive sexual harassment training on an annual basis through memos and formal presentations"; and "[t]he policies themselves are available in the principal's office in every school in the District . . . as well as on the District's Internet website." Also, the court rejected the employee's claim that she was unaware of the employer's policy because the employee submitted a sexual harassment complaint in the form and manner prescribed by the policy.

Boyd v. Snow, 335 F. Supp. 2d 28, 36 (D. D.C. 2004).  A fact issue prevented summary judgment on the Ellerth/Faragher defense because of evidence that, among other things, the employer "did not offer to remove [the alleged victim] from the allegedly abusive environment."

Oleyar v. County of Durham, 336 F. Supp. 2d 512, 519 (M.D. N.C. 2004).  The employer "exercised reasonable care to prevent and promptly correct harassing behavior through an anti-discrimination policy of which [alleged victim] was apprized [sic]."

September 13, 2005 in Cases, Risk Spotlight | Permalink | TrackBack (0)

Compliance 101 -- The Ellerth/Faragher Defense

In a prior post I noted that an effective compliance and ethics program can prevent vicarious liability for supervisor sexual harassment under federal employment discrimination law.  In the coming week or so, I will devote several posts to updates on sexual harassment cases decided over the last few months, focusing on what these cases say about good and bad compliance practices.  As background for the coming posts, this post offers a brief description of the legal background.

In its 1998 decisions in Burlington Indus., Inc. v. Ellerth  and Faragher v. City of Boca Raton,  the United States Supreme Court held that employers were vicariously liable under federal employment discrimination law  for sexual harassment committed by their supervisory employees.  If the sexual harassment did not result in a tangible employment action, such as firing, demotion, or reduction of pay,  the employer can avoid vicarious liability by pleading and proving a two-element affirmative defense: "(a) that the employer exercised reasonable care to prevent and correct promptly any sexually harassing behavior, and (b) that the plaintiff employee unreasonably failed to take advantage of any preventive or corrective opportunities provided by the employer or to avoid harm otherwise."  Note that "reasonable care to prevent and correct promptly" the harassment-basically, a compliance program-is a necessary but not sufficient condition of the affirmative defense. Even if the employer has a state-of-the-art sexual harassment compliance program, the affirmative defense fails if the victim abided by the organization's program. Ironically, then, vicarious liability attaches despite the compliance program working precisely as intended.

The Court offered two elaborations on the affirmative defense, both of which have guided lower courts. First, "[w]hile proof that an employer had promulgated an anti-harassment policy with complaint procedure is not necessary in every instance as a matter of law, the need for a stated policy suitable to the employment circumstances may appropriately be addressed in any case when litigating the first element of the defense."  As noted above, drafting written compliance policies is one of the basic compliance tasks under the Sentencing Guidelines, so it is not surprising that the Court would expect a reasonable sexual harassment compliance program to have one. The lower courts have followed this logic,  denying the affirmative defense to employers that either had no written policy,  had a written employment discrimination policy that did not specifically address the type of harassment involved,  or did not consistently distribute or train employees on the sexual harassment policy.

Second, the cautious employer should also have a sexual harassment complaint procedure because an employee's unreasonable failure to use the procedure will "normally suffice to satisfy the employer's burden under the second element of the defense."  This is another area where lower courts have heeded the Court's dicta. For example, several courts have highlighted the need for employers to have a compliant procedure that allows employees to bypass an allegedly harassing supervisor.

September 13, 2005 in Cases, Compliance 101, Risk Spotlight | Permalink | TrackBack (0)

Friday, September 9, 2005

Article of Interest -- Role of General Counsel

The following article of interest is courtesy of the Social Science Research Network:

The Discrete Roles of General Counsel
Fordham Law Review, Vol. 74, December 2005

Deborah DeMott (Duke University School of Law)

This essay focuses on the position of general counsel within a publicly-held business corporation when the general counsel is an employee-officer of the corporation charged with overall responsibility for how the corporation's legal matters are handled. So situated, a general counsel's roles include furnishing legal advice to the corporation's board of directors, CEO, and other senior executives. But a contemporary general counsel often occupies other roles as well, each complex and additionally interlinked in many ways. These linkages may be beneficial to a corporation and society more generally. Nonetheless, general counsel's position has often been characterized as ambiguous, a characterization that suggests that not all occupants of the position succeed in balancing its
multiple roles in either a professionally or socially satisfactory manner. More generally, general counsel's dependence on one client may call into question counsel's capacity to bring an appropriate degree of professional detachment to bear. Indeed, some general counsel appear to have erred in a basic respect by misidentifying their client as individual members of the corporation's senior management in contrast to the corporate organization, an error shared by members of senior management themselves.

Several incidents over the past few years illustrate circumstances - including tensions among general counsel's roles - that may undermine the effectiveness with which a general counsel fulfills the reasonable expectations engendered by undertaking such roles. Although the prospect of tensions among general counsel's roles is not a newly-observed phenomenon, recent events heighten both their significance and the importance of resolving them carefully. By far the most visible events are criminal indictments, guilty pleas, and trials, as well as civil proceedings in which a general counsel is a defendant. While individual foibles may explain some incidents, that possibility does not foreclose the value of broader inquiry into a general counsel's position.

The essay begins with a brief history of the evolution of general counsel's position within large corporations. This history illustrates sharp fluctuations over time in the organizational power and professional status of general counsel and in the functions that general counsel has performed. Scholars using sophisticated social science methodologies have yet to investigate the situation and work of general counsel to the extent that social scientists have explored law firms and relationships between clients and external counsel. The essay nonetheless argues that implications for general counsel may stem from the more fully-developed body of social science inquiry into law firms and their partners. In particular, this body of work suggests that general counsel's position has a paradoxical quality: a lawyer who serves as general counsel of a large corporation holds the clearly defined power associated with a hierarchical position in a large bureaucratic organization, while the position itself is ambiguous in many ways that may prove troubling.

The essay then specifies four roles typically occupied by general counsel as a prelude to examining tensions among them. These are: (1) legal adviser within the corporation to its constituents in an individual professional capacity; (2) officer of the corporation and member of the senior executive team; (3) administrator of the corporation's internal (or in-house) legal department; and (4) agent of the corporation in dealings with third parties, including external (or outside) counsel retained by the corporation. Although earlier accounts of the position of general counsel tend not to single out these latter two roles as distinctive ones, the essay uses a selection of recent events to demonstrate their significance and their interrelationships with general counsel's other roles.

The essay concludes by examining recent developments and prospects for further change that may reshape general counsel's position. The relationships that underlie general counsel's power are under stress from a variety of directions, suggesting that further evolution is inevitable.

September 9, 2005 in Publications | Permalink | TrackBack (1)

Thursday, September 8, 2005

Thompson Memorandum -- MCI Enters Non-Prosecution Agreement

The White Collar Crime Prof Blog posted last week on the non-prosecution agreement between MCI and the US Attorney for the Southern District of New York regarding the WorldCom accounting problems.  (MCI being the successor to WorldCom.)  That post provided a great discussion of the government’s likely enforcement priorities.  Here, I’ll highlight the portion of the USA’s release that discusses the Thompson Memorandum in explaining why MCI was not prosecuted.  Prior posts explain the origins and content of the Thompson Memorandum, which sets forth the factors federal prosecutors are to consider in deciding whether to bring charges against an organization.  The USA’s release offers the following discussion of MCI’s behavior in relation to the Thompson Memorandum:

The decision by the United States Attorney not to pursue criminal charges against the company was based on the factors set forth in former Deputy Attorney General Larry Thompson’s memorandum entitled Principles of Federal Prosecution of Business Organizations. The decision was based on, among others, the following significant factors: (1) MCI’s full and complete cooperation with the Government’s investigation; (2) MCI’s prompt settlement of an enforcement action by the United States Securities and Exchange Commission (“SEC”), a settlement which included the payment of a $750 million civil monetary penalty, which provided restitution to victimized shareholders; (3) MCI’s substantial remedial actions since disclosure of the fraud, including the implementation of entirely new management and a new Board of Directors; and (4) the negative effect that charges against MCI would have on the company’s innocent employees and legitimate activities.

MCI self-reported its discovery of the fraudulent accounting entries that were at the heart of the WorldCom fraud in June 2002. Since that time, MCI has fully cooperated with the Government’s investigation, by, among other things, providing the Government with requested documents, making employees available for interviews with Government investigators in the United States, and making appropriate waivers of applicable privileges in order to make certain requested information promptly available to the Government. The Company identified for the Government early in the investigation the documents that it believed to be most relevant to the investigation and produced those and other documents to the Government in a format to permit efficient investigation by the Government.

Also, MCI has undertaken significant remedial measures over the last three years. Since the disclosure of the fraud, MCI has terminated virtually every employee who played even a tangential role in any aspect of the fraud involving WorldCom’s revenue or line cost accounting. MCI has completely new senior management. In addition, MCI’s Board of Directors has been completely replaced.  On November 26, 2002, the SEC obtained a judgment against MCI through which it obtained the full injunctive relief it sought against WorldCom. In addition, the judgment ordered WorldCom to undertake extensive reviews of its corporate governance and internal controls, and required WorldCom to establish a training and education program for WorldCom officers and employees to minimize the possibility of future violations of the federal securities laws. On July 7, 2003, the monetary settlement between MCI and the SEC was approved, thereby requiring MCI to pay $500 million in cash and approximately $250 in common stock to victims of the fraud.

In July 2005, MCI entered into an agreement with the Class and Ebbers. As part of that agreement, Ebbers agreed to turn over virtually all of his assets to a trust. Those assets will be sold in the coming months, with the proceeds being split between the Class and MCI. The Class will receive 75% of the proceeds of these sales, and MCI will receive 25% of the proceeds, except in the case of the Joshua Timberlands property, as to which MCI currently has a lien and for which the proceeds of any sale will be split 2/3 for the Class and 1/3 for MCI.

Because MCI has cooperated fully with the Government’s investigation, has implemented substantial remedial efforts, and has paid $750 million in restitution through the SEC, the public interest has been sufficiently vindicated by the successful criminal prosecution of the principal individual wrongdoers – Bernard Ebbers and Scott Sullivan. Moreover, criminal prosecution of the company would likely have a severe and unintended economic impact upon thousands of innocent MCI employees and could harm the impending merger between MCI and Verizon Communications Inc. Accordingly, the Office has determined, after carefully balancing all of the factors set forth in the Thompson Memorandum, that criminal prosecution of MCI would not serve the public interest, so long as MCI fully complies with the terms of the Non-Prosecution Agreement.

I have not been able to find a copy of the Non-Prosecution Agreement, but I will post a link if it becomes available.

Two observations.  First, as discussed in prior posts, the government gave great weight to MCI’s self-reporting and cooperation with the government.  Indeed, that is the first factor the government mentioned.  Also, the release explains what MCI’s cooperation entailed:

  • Turning over requested documents
  • Making employees available for interviews
  • Identifying for the government documents MCI believed to be most relevant
  • Making documents available in a format that aided the government’s investigation
  • Waiving applicable privileges when necessary

The last factor – waiving the privilege – is one that I have blogged on repeatedly before.  Also, this is an issue on which I respectfully disagree with one of my colleagues at White Collar Crime Prof Blog.  I am not troubled by the government seeking waiver of the attorney client privilege based on its assessment, on a case-by-case basis, that waiver is necessary to disclose all relevant facts.  Organization’s are not legally required to make such a waiver – it is part of the organization’s attempt to seek leniency from the government.  To get leniency, the organization needs to give something, and that might be waiver in the proper case.

Also, note that self-reporting is important.  In a prior post, I explained one federal prosecutor’s view of why self-reporting is important.

Second, MCI was not given a pass by the federal government.  As the release describes, the SEC extracted a pound of flesh – to the tune of $750 million in restitution.  Also, individual wrongdoers have been successfully prosecuted, most notably Bernie Ebbers.  The DOJ concluded that anything more would just be piling on.

September 8, 2005 in Compliance Developments, Enforcement Actions | Permalink | TrackBack (0)

Wednesday, September 7, 2005

Compliance and Electronic Storage of Client Confidences

ABA Model Rule of Professional Conduct 5.1(a) requires supervisory lawyers to ensure that their
firms or legal departments implement legal ethics compliance measures:

(a) A partner in a law firm, and a lawyer who individually or together with other lawyers possesses comparable managerial authority in a law firm, shall make reasonable efforts to ensure that the firm has in effect measures giving reasonable assurance that all lawyers in the firm conform to the Rules of Professional Conduct.

This requirement falls on individual lawyers and cannot be sloughed off on the firm or legal
department.  (New York and New Jersey allow discipline of law firms.)  Arizona Ethics Opinion
05-04 applies that state's version of Model Rule 5.1(a) (as well as other applicable rules) to a lawyer’s duty to protect client confidences.  A lawyer sought guidance on the following situation:    

The Inquiring Attorney has sought guidance from the Committee regarding the steps the lawyer’s firm must take to safeguard electronic client information from Internet hacking and viruses. The Inquiring Attorney’s firm has, until recently, kept documents which include confidential client information in electronic form on a computer system which is accessible only from computers within the law firm itself. Although the law firm had access to the internet, that access was through a separate computer system. Neither the computer system on which the client information was stored nor any computer which could access that information was ever connected to the internet.

The Inquiring Attorney’s firm now wishes to change that system and allow attorneys and staff to access the internet through the same computers they use to access the client information. Though the Inquiring Attorney does not specifically state this, it is assumed that firm attorneys and other employees will be able to access the client documents remotely. That is, an attorney or other employee may access this information from a computer outside the physical offices of the firm. Such access would be through the internet.

QUESTION PRESENTED

How do we protect the confidentiality and integrity of client information while continuing to increase reliance on internet for research, filings, communication, and storage of documents?

The reality of modern communication and data storage is that electronic information is vulnerable
to attack, unauthorized access, and destruction, and that many lawyers do not have the
technological knowledge to address those threats.  Nonetheless, the Arizona Bar interpreted its
rules to require its lawyers to adequate precautions and suggested how lawyers might do so:

. . . .  A panoply of electronic and other measures are available to assist an attorney in maintaining client confidences. “Firewalls” – electronic devices and programs which prevent unauthorized entry into a computer system from outside that system – are readily available. Recent upgrades in Microsoft operating systems incorporate such software systems automatically. A host of companies, including Microsoft, Symantec, McAfee and many others, provide security software that helps prevent both destructive intrusions (such as viruses and “worms”) and the more malicious intrusions which allow outsiders access to computer files (sometimes call “adware” or “spyware”).

Software systems are also readily available to protect individual electronic files. Passwords can be added to files which prevent viewing of such files unless a password is first known and entered. The files themselves can also be encrypted so that, even if the password protection is compromised, the file cannot be read without knowing the encryption key – something that is extremely difficult to break.

Precisely which of these software and hardware systems should be chosen – and the extent to which they must be employed – is beyond the scope and competence of the Committee. This is the kind of thing each attorney must assess. The expectation of the client that the client’s records and communications will be held in confidence is significant.

As set forth in the Comment to ER 1.6, an attorney must not only take reasonable precautions to protect client confidences, the lawyer must “act competently” in that regard. ER 1.1 requires, in general terms, that a lawyer act competently with regard to client representation. ER 5.1 and 5.3 require that a lawyer manage the lawyer’s firm and assistants in such a way as to be certain that the lawyer’s ethical responsibilities are discharged. Once again, it is the lawyer’s individual responsibility to know when the lawyer can act competently or not.

And the Opinion goes on to address lawyers who might profess technological ignorance:

It is not surprising that few lawyers have the training or experience required to act competently with regard to computer security. Such competence is, however, readily available. Much information can be obtained through the internet by an attorney with sufficient time and energy to research and understand these systems. Alternatively, experts are readily available to assist an attorney in setting up the firm’s computer systems to protect against theft of information and inadvertent disclosure of client confidences.

I find it interesting that the Opinion makes no mention of similar data protection requirements in other industries.  This is especially odd given that lawyers routinely advise their clients on compliance with such data retention requirements.  Why not put that same advice to work in one's own firm.  And for lawyers without familiarity with such regulations, the Opinion could have given further, concrete guidance by pointing the practicing bar to the vast compliance literature that discusses how to design, implement, and test such compliance measures.

September 7, 2005 in Risk Spotlight | Permalink | TrackBack (0)

Tuesday, September 6, 2005

Compliance 101 -- Motivating Employees

This is the next installment in my series covering the major changes from the November 2004 amendments to the organizational sentencing guidelines.  This week I cover the new guidelines’ treatment of incentives for participating in the compliance program.

When it comes to motivating employees, the original sentencing guidelines (in Application Note 3(k)(6) to section 8A1.2) spoke only in the negative: "The [company's compliance] standards must have been consistently enforced through appropriate disciplinary mechanisms, including, as appropriate, discipline of individuals responsible for the failure to detect an offense."   The amended guidelines (in section 8B2.1(6)) add the carrot to this stick:

The organization's compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.

The Commission explained that this amendment imposes "a duty to promote proper conduct in whatever manner an organization deems appropriate."  For example, instead of simply evaluating employees on whether their job performance meets certain tangible measures, the organization might also ask how the employee went about achieving those measures.  Did the employee act in a manner that promotes the organization's ethical values?  If so, the employee should be rewarded.

September 6, 2005 in Compliance 101, Sentencing Guidelines | Permalink | TrackBack (0)

Monday, September 5, 2005

Back to Blogging Tuesday

Personal and professional obligations have kept me off the blog for the long weekend.  I look forward to returning to posting tomorrow.

September 5, 2005 | Permalink | TrackBack (0)

Resources for Displaced NO Lawyers

The Law Librarian Blog has been posting information about resources for displaced NO lawyers, as well as information about the Fifth Circuit.  Here is information from the most recent post:

A number of academic and firm law libraries are offering free ILL/document delivery services, research services, temporary placements, and offers of office space to law librarians displaced by Katrina. The information is being posted on the AALL LawLibAssist blog.

September 5, 2005 | Permalink | TrackBack (0)

Thursday, September 1, 2005

FCPA -- The Bribe/Accounting Trap

The White Collar Crime Prof Blog had a recent post on the Foreign Corrupt Practices Act (FCPA) that reminds me of an important point to remember about that statute.  For the uninitiated, the FCPA has two parts: the accounting provision and the anti-bribery provisions.  The post at White Collar Crime Prof Blog discussed a violation of the FCPA’s accounting provision.  In this post, I raise an often ignored link between the accounting and anti-bribery provisions of the FCPA.  (Also, this is one of my favorite compliance statutes, so expect to a lot more on this compliance risk in the future.)

The accounting provision basically requires that all public companies keep accurate financial records and maintain internal controls adequate to produce such records.  For the text-minded, here is the relevant portion of the statute:

(2) Every issuer which has a class of securities registered pursuant to section 78l of this title and every issuer which is required to file reports pursuant to section 78o(d) of this title shall--

(A) make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer; and

(B) devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that--

(i) transactions are executed in accordance with management's general or specific authorization;

(ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets;

(iii) access to assets is permitted only in accordance with management's general or specific authorization; and

(iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.

Note that the accurate records requirement has no materiality threshold and no de minimis exception.  A person commits a crime if they “knowingly circumvent or knowingly fail to implement a system of internal accounting controls or knowingly falsify any book, record, or account described in paragraph (2),” regardless of the size of the transaction falsely recorded.

The ant-bribery provision is more akin to your typical criminal statute.  Loosely stated, an anti-bribery violation has the following elements:

(1)    A person covered by the statute

(2)    uses interstate or foreign commerce

(3)    to make an offer or payment of anything of value

(4)    to a foreign official

(5)    with a corrupt purpose

(6)    and to obtain or retain business.

Of course, there will be some gray areas as to what counts as something of value paid with corrupt intent to a foreign government official.  For example, what if a company pays for honeymoon airline tickets for the cousin of a government official who will participate in the decision whether to award business to the company?  While one court of appeals held that this was a prohibited bribe under the FCPA, the case had to be litigated for a long period of time to reach that conclusion.

But, some companies may box themselves into a corner under the FCPA’s accounting provision so that they cannot realistically litigate any anti-bribery issue.  Consider a company that makes a contribution to a foreign charity, and the charity is chaired by a foreign official who will participate in the decision whether to award business to the company.  The SEC brought a civil enforcement action against a company on similar facts.  At first, you might think that the company had a strong counter-argument – no money was paid directly to the government official, and the intent of the contribution was charitable and not “corrupt.”  One other fact, however, made the case a slam dunk for the government – the company knowingly recorded the payments on its books as something other than charitable contributions, which is a clear violation of the FCPA’s accounting provisions.  Given that the accounting violation was straightforward, the company settled the matter.  This teaches an important lesson: Even payments that are arguably allowed under the FCPA’s anti-bribery provisions will illegal under the counting provisions if the company knowingly misstates the payment on its books.  So, even if a company decides certain payments are legal, MAKE SURE that they are properly recorded.

September 1, 2005 in Cases, Enforcement Actions, Risk Spotlight | Permalink | TrackBack (0)

Compliance 101 -- The Caremark Case

Today, Compliance 101 gives a brief intro to perhaps the most famous court decision in compliance circles.

Dicta in the Delaware Chancery Court's 1996 decision in In re Caremark Int'l Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996), addressed the board's duty to oversee a corporation's legal compliance efforts. As part of its duty to monitor, the Board must make good faith efforts to ensure that a corporation has adequate reporting and information systems. The opinion described this claim as "possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment," with liability attaching only for "a sustained or systematic failure to exercise oversight" or "[a]n utter failure to attempt to ensure a reporting and information system."

In the decade since, this Delaware dicta has morphed into what has come to be known as a Caremark claim, as federal and state courts, both within and outside Delaware, have recognized a cause of action against boards for failing to take minimal steps to achieve legal compliance. As the phrases "utter failure" and "systematic failure" suggest, a board's Caremark duty is a relatively low one. Only egregious lapses breach this duty, such as when board members ignore obvious red flags signaling illegal behavior, fail to appoint an audit committee, or do not address obvious concerns like large loans to corporate insiders.

Here are a couple of good sources that discuss the Caremark case:

H. Lowell Brown, The Corporate Director's Compliance Oversight Responsibility in the Post Caremark Era, 26 Del. J. Corp. L. 1 (2001).

Charles M. Elson & Christopher J. Gyves, In Re Caremark: Good Intentions, Unintended Consequences, 39 Wake Forest L. Rev. 691 (2004).

September 1, 2005 in Cases, Compliance 101 | Permalink | TrackBack (0)

Wednesday, August 31, 2005

Compliance and Legal Ethics

Interesting compliance question for lawyers.  Today’s Wall Street Journal has a story (available
only to online subscribers) that describes how David Boies’ law firm has had to resign from
several recent engagements due to a conflict of interest:

Qwest Communications International Inc. and Tyco International Ltd., two major clients of the law firm of Boies, Schiller & Flexner LLP, paid millions of dollars to a
legal-document-management company that was partially owned by members of the family of star lawyer David Boies.

About half a dozen other Boies Schiller clients have used, or are using, the
document-management company, Amici LLC, to store and manage legal documents since the company's founding in 2002. One of Amici's founders was William F. Duker in Albany, N.Y. Mr. Duker, a lawyer and former associate of Mr. Boies, pleaded guilty to four felony counts and was sentenced to 33 months in prison in 1997 for falsely inflating legal bills to the federal government.

As reported, Adelphia Communications Corp. disclosed this week that Boies Schiller resigned as special counsel to the company at Adelphia's request after the cable company discovered business ties between Mr. Boies's family and Amici, which Adelphia also used. Adelphia asked Boies Schiller to resign about two weeks ago, after Adelphia discovered what it considered a conflict. Adelphia didn't know of any Boies family ties at the time it hired Amici.

Mr. Boies in an interview said yesterday he should have fully disclosed his children's' ownership interest in Amici. "I should have made certain that everyone knew about it," he said. He added that "a half dozen, or maybe eight Boies Schiller clients also use Amici."

Mr. Boies . . .  Said that Amici was only one of several companies that Boies Schiller
recommended to Tyco and that Tyco made its own independent decision. He added that Boies Schiller wasn't involved in Qwest's decision to retain Amici. Boies Schiller was counsel for both companies at the time they used Amici.

. . . .

Legal experts say that clients paying hefty fees to Boies Schiller for legal work might balk at the knowledge that partners and relatives of people in the law firm are reaping additional financial benefits form associated work, without the companies even knowing about it. There is, says Stanford University law school ethics expert Deborah Rhode, "an appearance of impropriety." It's really up to the client to select a document production firm, not the lawyers.

This situation might have raised a conflict of interest under Model Rule 1.7(a)(2), which states
that a conflict exists with a current client when “there is a significant risk that the representation
of one or more clients will be materially limited . . . by a personal interest of the lawyer.”  (I have
not looked at the NY ethics rules to find the parallel provision.)  And the comments to the Model
Rule specifically mention other business interests of the lawyer: “a lawyer may not allow related
business interests to affect representation, for example, by referring clients to an enterprise in
which the lawyer has an undisclosed financial interest.”  Here, it would be the financial interests of
family members providing legal support services that might exert the influence, affecting Mr.
Boies’ representation, as he might have an incentive to conduct the representation in a manner
that increases the work (and fees) paid to the family members.  Of course, this temptation may be
small, so the Model Rules allow a lawyer to still undertake representation if (among other things)
“each affected client gives informed consent, confirmed in writing.”  (Model Rule 1.7(b)(4)) So,
Mr. Boies is right that it would be prudent in cases like this to disclose the relationship to clients.

Note that there is yet another Model Rule provision that is relevant, this one more compliance-
related – Model Rule 5.1(a):

A partner in a law firm, and a lawyer who individually or together with other lawyers possesses comparable managerial authority in a law firm, shall make reasonable efforts to ensure that the firm has in effect measures giving reasonable assurance that all lawyers in the firm conform to the Rules of Professional Conduct.

I read this rule to require managing lawyers to implement legal ethics compliance programs within
their firms or departments, and that the failure to do so is a freestanding ethics violation,
regardless of whether another ethics violation occurs.  In a Boies-type situation, a managing
lawyer should put in place a system to identify financial interests of its lawyers and their
immediate gamily members that might cause a conflict with the lawyers’ personal interests under
Model Rule 1.7(a)(2).

August 31, 2005 in Compliance in the News | Permalink | TrackBack (1)