Strengthening Your Defenses
-
Upload
cynthia-stamer -
Category
Documents
-
view
13 -
download
0
Transcript of Strengthening Your Defenses
Cynthia MARCOTTE Stamer, Esq. Board Certified – Labor and Employment Law
Helping Management Manage
Managing Shareholder, Cynthia Marcotte Stamer, P.C. A Member of
STAMER│CHADWICK│SOEFJE PLLC 5851 LEGACY CIRCLE, 6TH FLOOR, PLANO, TEXAS 75024
MAILROOM 3948 LEGACY DRIVE, SUITE 106, BOX 397, PLANO TEXAS 75023 TELEPHONE: (469) 767.8872 TELECOPIER: (469) 814.8382
E-MAIL: [email protected] WWW.CYNTHIASTAMER.COM WWW.STAMERCHADWICKSOEFJE.COM
©2015 CYNTHIA MARCOTTE STAMER. ALL RIGHTS RESERVED.
©2010-2015 Cynthia Marcotte Stamer 2
THE FINE PRINT
This presentation or the accompanying materials is to be construed as an admission. The presenter reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues or be updated to reflect the current state of law in any particular jurisdiction or circumstance as of the time of the presentation. Parties participating in the presentation or accessing of these materials are urged to engage competent legal council for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance.
Circular 230 Compliance. The following disclaimer is included to ensure
that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.*
Healthcare Boards & Leaders Face
Increasing Demand & Liability For
Effectively Oversight of Their
Organization’s Compliance
Health Care Fraud, Privacy & Other Laws Generally Require Board Engagement &
Oversight As Part of Required Compliance
Federal Sentencing Guidelines & Other Up The Ladder Organizational & Leader Liability
Shareholder & Other Accountability
More
©2010-2015 Cynthia Marcotte Stamer 4
EFFECTIVE FRAUD & OTHER
COMPLIANCE PROGRAMS HELP:
Maintain HR and Business Effectiveness
Realize Financial, Performance, Administrative and Other Objectives
Maintain Investor Trust
Avoid Public Embarrassment
Meet Legal Mandates For Compliance Programs
Prevent & Mitigate Legal Violations
Meet Sarbanes-Oxley and Other Reporting & Internal Control Requirements
©2010-2015 Cynthia Marcotte Stamer 5
Fraud & Other Compliance Programs Also
Create Risks Requiring Management
Vicarious/Imputed Liability For Failing To Take Adequate Preventative/Corrective Action In Response To Information
Privacy Issues From Monitoring, Investigations
Employee/Vendor Suits From Discipline & Termination
FCRA, Wiretap, Other Investigation Liability
More
©2010-2015 Cynthia Marcotte Stamer 6
Duties & Risks
What Hat(s) Do You/Your
Organization Wear
Director
Partner
Corporate Officer
Compliance/Privacy
Officer
Risk Manager
VP Human Resources
Master/Servant
(Employee) Vs Agent
(Independent Contractor)
Plan Fiduciary
Lender
Financial Advisor
Statutory Duty
Co-Conspirator
Auditor
Tax Preparer
Insurer/Indemnifer
Other
Companies/Computers
Don’t Break The Law:
People Do
Unhappy Employees, Service Providers & Customers Most Likely Violators & Whistleblowers
Effective Compliance & Risk Management Requires Effective People Management
©2010-2015 Cynthia Marcotte Stamer
Fraud & Other Compliance
Management Is Performance
Management
Effective Compliance & Risk Management Requires Effective People Management
Unhappy Employees, Service Providers & Customers Most Likely Violators & Whistleblowers
©2010-2015 Cynthia Marcotte Stamer
Organizations and Employees Liability
Sources
Direct Violations By Organization or
Employee √ Personal Acts
√ Malfeasance or Nonfeasance of Others
Performance of Delegated Tasks
©2010-2015 Cynthia Marcotte Stamer
Organizations & Individual Management
Liability Sources
Imputed Liability of Organization or
Official √ Federal Sentencing Guidelines
√ HIPAA, Healthcare Fraud, Other Laws
√ Negligent Hiring or Supervision
√ Nondelegable Duty
√ Strict Liability
©2010-2015 Cynthia Marcotte Stamer
Federal Laws Making Business
Responsible For Prevention,
Detection & Redress of Fraud &
Other Illegal Acts
©2010-2015 Cynthia Marcotte Stamer
©2010-2015 Cynthia Marcotte Stamer 12
Organizational Liability Fraud & Other Illegal Acts, e.g.
HIPAA, FACTA & Other Data Security/Data Breech Laws
Cybercrime & CyberSecurity Laws
Healthcare Fraud
Tax Fraud
Copyright/Theft Of Intellectual Property
Sarbanes-Oxley/Securities
Fair Credit Reporting Act
Extortion/Threats In Interstate Communications
I-9 And Other Fraud/Misuse Of Visas, Permits Money Laundering
Fraud/False Statements Generally
Fraud And Related Activity - Id Documents
Bank Fraud
Malicious Mischief – Communications
Sale Or Receipt Of Stolen Goods, Etc
Many Others
Effective Sentencing Guidelines Or Other
Compliance Program
Effective Program:
“Get Out Of Jail
Free Card” (or
Reduce Penalty)
Ineffective or No
Program: “Go
Directly To Jail
Card”
©2010-2015 Cynthia Marcotte Stamer
Federal Sentencing Guidelines
Applicability
Federal Felony Offenses
Federal Class A Misdemeanor Offenses
Supreme Court Ruling Converts
Sentencing Mandate To Sentencing
Guideline
See http://uscode.house.gov/download/title_18.shtml
©2010-2015 Cynthia Marcotte Stamer
Federal Sentencing Guidelines
Organizational Liability Applicability
Businesses, Political Subdivisions, Other
Organizations,
Their Officials
Their Agents
©2010-2015 Cynthia Marcotte Stamer
Sentencing Guidelines Core Principles
Must Order Organization To Remedy Any Harm From Offense
If Criminal Purpose Of Organization, Set Fine High Enough To Destroy The Organization
For Any Other Organization, Base Fine On Offense Severity and Organization’s Culpability
Probation For Organization OK If To Ensure Order Fully Implemented Or Steps To Reduce The Likelihood Of Further Criminal Conduct Implemented
©2010-2015 Cynthia Marcotte Stamer
Sentencing Guidelines Formulary
Base Fine Is Greatest Of: √ Monetary Gain To The Defendant
√ Monetary Loss To Victim
√ Fine Amount Specified In The Fine Table
Increase or Decrease Base Fine Within
Established Guideline Range Based On
Culpability Score
Must Impose Sanction In Guideline
©2010-2015 Cynthia Marcotte Stamer
Sentencing Guidelines Formulary
Calculate Culpability Score √ Starting Score = 5 Points
√ Add Aggravating Factors
√ Subtract Mitigating Factors
If Effective Compliance Program, Subtract 3 Points
If Self-Reporting, Cooperation, Acceptance of Responsibility,
Subtract 1, 2 or 5 Points
©2010-2015 Cynthia Marcotte Stamer
Compliance vs. Defensibility
“Culture of Compliance”
Establishment of required “culture of ethics” and “internal controls” requires both written policies and procedures and practical operationalization
©2010-2015 Cynthia Marcotte Stamer
©2010-2015 Cynthia Marcotte Stamer 22
Guiding Principles
The Process is Often as
Important as the Result
©2010-2015 Cynthia Marcotte Stamer 23
Guiding Principles
Doing the right thing is one
thing,
Proving it in the court
house, another ...
©2010-2015 Cynthia Marcotte Stamer 24
IMPLEMENTING EFFECTIVE COMPLIANCE PROGRAM
Attorney-Client/Work Product & Other Evidentiary
Tools & Rules
©2010-2015 Cynthia Marcotte Stamer 25
IMPLEMENTING EFFECTIVE COMPLIANCE PROGRAM
Attorney-Client/Work Product & Other Evidentiary
Tools & Rules
Attorney-Client Privilege
Work Product Privilege
Communication Work Must Happen In Scope of/In Furtherance of Attorney Representation Of Client
Exceptions To Privilege √ Communication To Parties Outside Attorney-Client Relationship Can
Waive Privilege
√ Advice In Furtherance of Criminal Act
Involvement of Consultants or Others In Furtherance of Representation Vs. Outside Communication
Collaboration With Business Partners, Outside Service Provider Risks & Challenges
Employees & Agents With An Agenda
©2010-2015 Cynthia Marcotte Stamer 26
Consider Attorney-Client Privilege Before Starting
Legal & Operational Inventory To Define Minimum
Requirements
Audit Policies, Procedures and Practices
Assess Compliance Status and Risks
Design and Document Tailored Compliance Program
Document Decisions
Implement Compliance Program
Documented Ongoing Administration & Enforcement
IMPLEMENTING EFFECTIVE COMPLIANCE PROGRAM
Process Steps
©2010-2015 Cynthia Marcotte Stamer 27
Oversee Compliance
Consistently Enforce Standards Through Appropriate Disciplinary Mechanisms
When Detect Violation, Respond Appropriately Including Appropriate Compliance Plan Adjustments To Minimize Future Risks
IMPLEMENTING EFFECTIVE COMPLIANCE PROGRAM
Process Steps
©2010-2015 Cynthia Marcotte Stamer 28
IMPLEMENTING EFFECTIVE COMPLIANCE PROGRAM
Process Steps
Responsibility To Monitor Compliance To Specific High Level Person, Not To Individuals That Maintain Programs
Communicate and Conduct Training Tailored To Ensure Effectiveness
Establish/Communicate Compliance Standards and Procedures Reasonably Capable of Being Followed
Oversight & Enforcement
Continuous Quality Improvement
©2010-2015 Cynthia Marcotte Stamer 29
IMPLEMENTING AN EFFECTIVE COMPLIANCE PROGRAM
POLICIES & PROCEDURES
Adopt Policy of Compliance With Law √ Use Attorney-Client Privilege, Work Product Other Tools
To Mitigate Risks
√ Audit/Analysis May Reveal Existing Noncompliance
√ Consider Potential Negative Evidence Resulting From Unprivileged Discussion of Compliance Sufficiency & Options For Compliance
√ Use Privilege To Provide Safe Haven To Discuss Prioritization
√ Prepare Documentation Within Privilege To Be Used Outside of Privilege To Document Rational Setting of Prioritizes, Actions Taken, Etc.
©2010-2015 Cynthia Marcotte Stamer 30
IMPLEMENTING AN EFFECTIVE COMPLIANCE PROGRAM
Know What You Need People To Do
Operational requirements to control/monitor access
and usage
Laws and regulations requiring/recommending
control/monitor access & usage
Contractual/external relations
requiring/recommending control/monitor access &
usage
©2010-2015 Cynthia Marcotte Stamer 31
IMPLEMENTING AN EFFECTIVE COMPLIANCE PROGRAM
POLICIES & PROCEDURES
Requirements/Advisability of Notifications/Disclosures To Government, Others
Potential Privilege Implications of Involvement Of Consultants, Business Partners, Employees, Others
Securing Information & Evidence
Evidence/Witness Tampering, Related Concerns
Retaliation, Whistleblower Risks
©2010-2015 Cynthia Marcotte Stamer 32
IMPLEMENTING AN EFFECTIVE COMPLIANCE PROGRAM
POLICIES & PROCEDURES
Confidentiality Procedure Design & Administration
Avoid Whistleblower, Impeding Investigations, Etc.
Concerns
Safeguarding & outlining appropriate handling of
proprietary information and proper sanctions
Data & System Use Policies
Special rules for especially sensitive information, e.g.: √ Trade Secrets
√ Third Party Confidential Information
√ PHI/Health Care Information
√ Financial Information
√ Personal Information
©2010-2015 Cynthia Marcotte Stamer 33
IMPLEMENTING AN EFFECTIVE COMPLIANCE PROGRAM
Who Needs To Do What - Your Team & Their Positions
Matching People To Required Performance
Right Credentials, Judgment & Skills For
the Job
Oversight & Management
©2010-2015 Cynthia Marcotte Stamer 34
IMPLEMENTING AN EFFECTIVE COMPLIANCE PROGRAM
POLICIES & PROCEDURES
Picking Your Team
Credential People With Access To Facilities, Computers & Data
√ Reference Checks
√ Criminal Background Checks
√ Credit Checks
√ Honesty
Staff-like Access (SLA) √ Contractor and Vendor access
Provide Required/Recommended Disclosures
Secure Required/Recommended Consents
©2010-2015 Cynthia Marcotte Stamer 35
IMPLEMENTING AN EFFECTIVE COMPLIANCE PROGRAM
POLICIES & PROCEDURES
Picking, Managing & Monitoring Your Team
Compliant Effective Background Check & Investigations Procedures
Credentialing
Investigation
Monitoring
Disclaimer of Privacy
Ownership of Business Relevant Facts
Duty To Report Information & Other Cooperation
Relevant Information/Actions Using Personal Equipment, Off-Duty Conduct
Post Termination Continuing Duty To Cooperate
Maintaining Confidentiality of Investigation
Anti-Retaliation & Other Whistleblower Safeguards
©2010-2015 Cynthia Marcotte Stamer 36
IMPLEMENTING AN EFFECTIVE COMPLIANCE PROGRAM
POLICIES & PROCEDURES
Picking, Managing & Monitoring Your Team
Questions relative to Background Checks & Investigation
√ Type of information to be obtained from potential employees,
vendors or contractors
√ CABI (Contractor Access Background Investigation)
√ Withholding or falsifying information from employer is just cause for
not being hired or dismissal
FCRA Consents & Other Privacy Liability Risk Management
Provide Required/Recommended Disclosures
Secure Required/Recommended Consents
©2010-2015 Cynthia Marcotte Stamer 37
IMPLEMENTING AN EFFECTIVE COMPLIANCE PROGRAM
POLICIES & PROCEDURES
Picking, Managing & Monitoring Your Team
Policy regarding updated background information
(affirmative reporting) √ Clearly outline expectations employer has of employee regarding change
in status (address, arrest, marital status, bankruptcy)
√ Require Notification of Criminal Charges, Other Events For Persons With
Sensitive Access
Tighten Requirements Based On >
Responsibility/Sensitivity of Position
Re-credential Periodically, When Job Changes
©2010-2015 Cynthia Marcotte Stamer 38
IMPLEMENTING AN EFFECTIVE COMPLIANCE PROGRAM
POLICIES & PROCEDURES
Picking, Managing & Monitoring Your Team
Directory Access
Review position description for NEEDED access.
Timely coordination between HR and IT & Other Key Sources of Participation √ Physical access & clearance with IT access
Limit access to sensitive information √ Strict policies & guidelines regarding need to know access
√ Unauthorized System Access Criminal/Civil Exposures
Educate Team Members About Limits On Information Access Requirements Upstream & Downstream
©2010-2015 Cynthia Marcotte Stamer 39
IMPLEMENTING AN EFFECTIVE COMPLIANCE PROGRAM
POLICIES & PROCEDURES TO CONSIDER INCLUDE:
Outsourced Services Heightened Risks
Credential -You Can’t Choose Your Relatives But You Can Choose Your Employees, Agents
Require/Enforce Contractual and Practical Safeguards
Restrict Rights
Terminate Access Promptly
Ongoing Oversight
Indemnification & Insurance
©2010-2015 Cynthia Marcotte Stamer 40
IMPLEMENTING AN EFFECTIVE COMPLIANCE PROGRAM
POLICIES & PROCEDURES
Strengthening Monitoring & Oversight Authority
Contractor/Business Partner/Customers
Contracts With Contractors & Other Business Partners
Include Suitable Investigation Provisions
Avoid Unintentionally Contracting To Require Waiver of
Legal Privileges Or Mandate Cooperation
Review Carefully Indemnification, Notice, Standards of
Performance, “Best Efforts”, Insurance, Information
Sharing, Cooperation In Defense, and Similar Provisions
©2010-2015 Cynthia Marcotte Stamer 41
IMPLEMENTING AN EFFECTIVE COMPLIANCE PROGRAM
POLICIES & PROCEDURES
Strengthening Monitoring & Oversight
Authority
Broaden Investigations & Monitoring Reach
Property, Equipment Not Owned By Corporation
Social Networking & Other Private Tools
Off-Duty Conduct
Other Specific Situations Raising Risk
Appropriate Notices, Consents, Disclaimers of Privacy
Learn From School District Spycam: Reasonable
Expectation of Privacy
IMPLEMENTING AN EFFECTIVE COMPLIANCE PROGRAM
Performance Management
Establish Compliance Standards and
Procedures Reasonably Capable of Being
Followed
Communicate Specific Expectations In Relevant,
Understandable Terms
Communicate Early & Often
Emphasize Particularly Important Requirements
By Requiring Acknowledgements, Other
Communicate and Conduct Training Tailored To
Ensure Effectiveness ©2010-2015 Cynthia Marcotte Stamer
ADMINISTERING EFFECTIVE COMPLIANCE PROGRAM
Performance Management
Monitor Compliance √ Management Oversight
√ Compliance/Fraud Hotlines
√ Audits
√ Testing
√ Other
Assign Oversight To Manager With Appropriate Skills,
Authority & Judgment
Consistently Enforce Standards Through Appropriate
Disciplinary Mechanisms
When Detect Violation, Respond Appropriately and To
Prevent Future Offenses
©2010-2015 Cynthia Marcotte Stamer
©2010-2015 Cynthia Marcotte Stamer 44
ADMINISTERING EFFECTIVE COMPLIANCE PROGRAM
Investigation of Suspected Fraud/Misconduct
Act Immediately and Appropriately
Consider Privilege & Other Evidentiary Issues At
Beginning
Keep In Mind Investigation May Provide
Evidence For Government & Plaintiff Complaints
©2010-2015 Cynthia Marcotte Stamer 45
ADMINISTERING EFFECTIVE COMPLIANCE PROGRAM
Investigations
IF YOU SUSPECT A COMPLIANCE CONCERN
Stop & Think Before Doing Or Saying Ill-Considered Things
Consider/Engage Attorney For Attorney-client Privilege
Designate Members Of Investigation Team And Counsel About Confidentiality/Non Retaliation
©2010-2015 Cynthia Marcotte Stamer 46
ADMINISTERING EFFECTIVE COMPLIANCE PROGRAM
Investigations
IF YOU SUSPECT A COMPLIANCE CONCERN
Conduct an Internal Investigation Within Attorney-Client Privilege To Determine: √ To determine if a problem exists
√ To determine extent of problem
√ To prepare an action plan
√ To initiate corrective measure
√ To go to government, if appropriate
√ To prepare a defense
√ To plan other safeguards
©2010-2015 Cynthia Marcotte Stamer 47
ADMINISTERING EFFECTIVE COMPLIANCE PROGRAM
Investigations
IF YOU SUSPECT A COMPLIANCE CONCERN
Secure & Protect Evidence
Criminal Sanctions Apply To
Tampering With A Record Or
Impeding An Official Proceeding
For Publically Traded And Private
Companies
Don’t Destroy Evidence!!!!!
The Martha Stewart Lesson
©2010-2015 Cynthia Marcotte Stamer 48
ADMINISTERING EFFECTIVE COMPLIANCE PROGRAM
Investigations
IF YOU SUSPECT A COMPLIANCE CONCERN
Conduct Prompt, Legal Investigation Designed & Administered For Legal And Operational Effectiveness
Document Steps And Determinations In Course Of Investigation
Consider Need To Report & Document Rationale
Take Appropriate Corrective/Disciplinary Action & Document Rationale
©2010-2015 Cynthia Marcotte Stamer 49
Management Friendly Witness Presence Benefit or Harmful?
Written/Recorded Statement of Witness Vs. Interviewer Taking Statement?
Allow Witness Counsel, Union Representation, Other?
Adverse Impressions Risk From Differences In Interviewing Procedures For Different Witnesses
Context & Location of Investigation/Interviews
Tone & Conduct Matters
Other
IF YOU SUSPECT A COMPLIANCE CONCERN:
Structure & Collect Investigation To
Maximize Helpful Evidence
Effectiveness
ADMINISTERING EFFECTIVE COMPLIANCE PROGRAM
Investigations
Plan To Manage Public/Fact-Finder Perceptions
©2010-2015 Cynthia Marcotte Stamer
©2010-2015 Cynthia Marcotte Stamer 51
Avoid Actions That Might Offend Juries, Others
“I filled out the
confidential
questionnaire, boss.
Only your
management class
instructor sees those
right?”
ADMINISTERING EFFECTIVE COMPLIANCE PROGRAM
Investigations
Plan To Manage Public/Fact-Finder Perceptions
©2010-2015 Cynthia Marcotte Stamer 52
I
Internal vs. External Investigator
Investigator Independence/Appearance of Independence
Investigator Potential Quality As Witness
Special PI Licensure For Forensic Investigations In Texas
Investigator Understand Rules
Liability For Wrongful Acts of Investigator
Investigator Possess Other Sensitive Information Prefer Not To Expose
Jury/Government Potentially View Investigator As Intimidator
Law Firm Or Consultant Other Privilege Issues
IF YOU SUSPECT A COMPLIANCE CONCERN:
Consider/Decide Who Should Conduct
Investigation
©2010-2015 Cynthia Marcotte Stamer 53
IF YOU SUSPECT A COMPLIANCE CONCERN:
Handling & Investigating Electronic Evidence
Consider Potential Special Chain Of Custody/Evidentiary Concerns - See Secret Service Best Practices for Seizing Electronic Evidence Guide At www.ustreas.gov/usss/electronic_evidence.html
Don’t Start Frantically Searching The Computer Because It Changes The Evidence
√ Erodes Your Evidence Quality
√ May Expose You/Company To Evidence Tampering Charges
Image Computer Before Taking Further Steps
Manage Unauthorized Access, Wiretap & Other Legal Risks
IF YOU SUSPECT A COMPLIANCE CONCERN:
Interviewing Witnesses
Scripted Notification To Witness Orally & In Writing Of
Investigation, Anti-Retaliation & Other Key Policies
Advise If Investigation Is Of A Complaint
Do Not Promise Confidentiality
Explain Confidentiality Requirements
Remind Of Policy Against Retaliation Where Applicable
Provide Information About Who To Contact With Added
Information, Concerns
©2010-2015 Cynthia Marcotte Stamer
IF YOU SUSPECT A COMPLIANCE CONCERN:
Interviewing Witnesses
Listen Don’t Tell
Gather Evidence, Not Conclusions
Ask Open Ended Questions
Let Witness Speak
Avoid Interpretation, Forming Opinions In Collection of Testimony
Avoid Documenting Testimony Where Witness Opinions Appear As Corporate Admissions Because Interviewer Documents Testimony Statements As His Opinions
©2010-2015 Cynthia Marcotte Stamer
©2010-2015 Cynthia Marcotte Stamer 56
Get The Facts
√ Who?
√ What Did He/She Do?
√ What Did He/She Say?
√ When Did This Happen?
√ Where There Any
Witnesses?
√ Has This Happened
Before?
√ Has This Happened to
Others?
√ E-Mail or Other Evidence
√ Other
?
Ask Witness
©2010-2015 Cynthia Marcotte Stamer 57
Get the Facts
Get The Full Story Before Forming/Writing Opinions
Listen to What the Person Is Telling You
Avoid Being Judgmental
Remain Objective
Be Noncommittal √ Avoid making statements that could be admission
√ Avoid making statements that could be evidence of management
affirmation/adoption of prohibited action
©2010-2015 Cynthia Marcotte Stamer 58
SUGGESTIONS TO ENHANCE DEFENSE
Handle Complaints Properly √ Take Seriously
√ Investigate
√ Take Action (Call Ginger, Mark or Marti)
Probe For Possible Retaliation or Other
Improper Agendas
Get Help on Personnel Decisions
©2010-2015 Cynthia Marcotte Stamer 59
Document √ Counseling
√ Discipline
√ Evaluation
√ Objectives
But Be Careful on Wording Used; Consult
with Counsel, Human Resources
SUGGESTIONS TO ENHANCE DEFENSE
©2010-2015 Cynthia Marcotte Stamer 60
Successful Liability Management and
Achievement of Business Objectives
Depends Largely On Effective
Management of People & Processes
©2010-2015 Cynthia Marcotte Stamer 62
Employees & Contractors Actions Key Risk & Liability
Determinant
Internal/External People Create Or Minimize
Risk By Actions
HR Data Creates Cyber Crime And Other Risks
©2010-2015 Cynthia Marcotte Stamer 63
Effective Management of People Is Key
Employees & Contractors Key Players In Preventing, Detecting
Fraud/ Other Risks
Employees & Contractors Most Common Offenders
Inside Jobs Create Special Organizational Liability
Risks
Internal/External People Create Or Minimize Risk By
Actions
HR Data Creates Cyber Crime And Other Risks
HR Management/Administration of Internal Controls
Creates Special Risks
Other
©2010-2015 Cynthia Marcotte Stamer 64
HR Enforcement Liability Risks
1 In 4 Employers Will Be Sued By Employee (2004 Chubb Study)
Most Legally Protected Persons
Most Likely Plaintiff
Plaintiff Most Likely To Win
Could Trigger Political Repercussions
Whistleblowers
Size And Availability Of Judgments And Other Sanctions Rising
©2010-2015 Cynthia Marcotte Stamer 65
Human Resources Growing Perils
Most legally protected persons
Most likely plaintiff
Plaintiff most likely To win
Could trigger political repercussions
Likely to raise interest of regulators
Size and availability of judgments and
other sanctions rising
©2010-2015 Cynthia Marcotte Stamer 66
Manage Human Resources To Avoid
Employment & Employee Benefit
Liabilities
Whistleblower
Age
Sex
Race
Disability
Religion
Family leave
Privacy
National origin
Employee benefit
laws
Sexual harassment
Union
Workers’
compensation
Privacy
Employee
background checks
Tax laws
Due process
Contracts
Other
©2010-2015 Cynthia Marcotte Stamer 67
Managing People to Manage
Third Party And Business Risks
Criminal liability
prevention
Civil liability
prevention
Accreditation
Regulatory
enforcement
Realize financial,
performance,
administrative and
other objectives
Public
embarrassment
Operational
disruptions
©2010-2015 Cynthia Marcotte Stamer 68
Fraud Prevention, Detection Special
Human Resources Management
Exposures
Privacy
Fair Credit Reporting Act Background Check &
Investigations
Discrimination
Retaliation/Whistleblower
Other
©2010-2015 Cynthia Marcotte Stamer 69
Fraud Prevention, Detection Special
Human Resources Management
Exposures
Effective Human Resources Performance
Documentation Best Defense Against
Whistleblower, Retaliation & Other Employee,
Service Provider Claims
©2010-2015 Cynthia Marcotte Stamer 70
Documentation & Document Retention √ Regulations Requiring Documentation &
Documentation Retention Are Designed To Help
Prove You Wrong
√ Create & Retain Mandated Documentation In Manner
That Captures Compliance
√ Design Processes, Documentation Retention To
Create, Retain & Preserve Other Evidence
Supporting Compliance, Other Needs
SUGGESTIONS TO ENHANCE DEFENSE
DEVOTE REASONABLE RESOURCES TO PREVENT
THE PREVENTABLE
Document reasonable decisions
where prevention not merited in
advance
Document reasonable business
judgments based on legally appropriate
considerations why broader
investigation, other action not warranted
Document safeguards, other actions
to preserve compliance ©2010-2015 Cynthia Marcotte Stamer
©2010-2015 Cynthia Marcotte Stamer 73
Managing & Using Technology
Special Considerations
Pre-Existing Technology Use Creates Own Risks/Records
Volume of Information Creates Investigation & Oversight Challenges
Emails, Other Electronic Data Distribution
Electronic Discovery & Meta Data Considerations Impact Data Retention & Investigations
Just Because You Didn’t Keep It Doesn’t Mean Someone Else Didn’t
©2010-2015 Cynthia Marcotte Stamer 74
Managing & Using Technology
E-Mail & Other Electronic Evidence Special Considerations
Just Because You Haven’t Found It Doesn’t Mean
Someone Else Doesn’t Have It
©2010-2015 Cynthia Marcotte Stamer 75
TECHNOLOGY TOOLS CAN HELP:
Record And Document Actions
Minimize Effort For Management & Oversight
Restrict Access To People Without Need
Grant Access To People With Need
Manage Use By Authorized Users To Appropriate
Purposes
Deter/Prevent Improper Actions
Alert Management To Potential Compliance Concerns
©2010-2015 Cynthia Marcotte Stamer 76
12-Tips To Help Strengthen Your
Defenses
1. Use Attorney-client Privilege, Work Product & Other Evidentiary Rules Strategically
2. Pre-plan Your Prosecution & Defense Strategy As Design & Administer Of Internal Controls, Audits & Investigations
3. Structure & Administer Fraud & Other Management Efforts To Minimize Overall Organizational Liability
4. Strengthen HR, Contractor & Customer Relations Management Policies, Processes Effective HR Management, Oversight & Discipline Key To Effective Internal Controls & Risk Management
5. Make Your Corporate Policy To Do The Right Thing
6. Devote Reasonable Resources & Efforts To Distinguishing Right From Wrong & Document Efforts
©2010-2015 Cynthia Marcotte Stamer 77
12-Tips To Help Strengthen Your
Defenses
6. Devote Reasonable Resources & Efforts To Distinguishing Right From Wrong & Document Efforts
7. Prioritize Prevention, Management & Audit Efforts Based On Well-documented Defensible Priorities That Documents Reasonable Decision Making
8. Monitor, Audit, Investigate & Discipline Using Legally Defensible Processes Designed To Promote Defensibility
9. Adopt & Use Background Check, Privacy Disclaimers & Other Policies To Broaden Investigatory Powers & Defensibility
10. Systematize Documentation & Record Retention To Capture & Preserve Beneficial Evidence
11. Strengthen Witness & Other Evidence Gathering Processes & Procedures
12. When Bad Things Happen, Act Quickly To Limit Damage & Implement Processes To Deter Risks
©2010-2015 Cynthia Marcotte Stamer 78
THE HARSH REALITY Data Collection, Possession & Use Creates Risk
©2010-2015 Cynthia Marcotte Stamer 79
©1938 PARKER BROTHERS, INC.
A Closing Reminder
Cyber Crime & Identity
Theft Are Covered By:
√ Federal Sentencing
Guidelines
√ Sarbanes-Oxley
©2010-2015 Cynthia Marcotte Stamer 81
Risk Management & Compliance Resources
Publications, Training & Other Resources
E-Mail [email protected]
Cynthia Marcotte Stamer Board Certified – Labor and Employment Law, Texas Board of Legal Specialization
Helping Management Manage Direct Telephone: (972) 588.1860 Mobile Telephone: (469) 767.8872
Primary Office16633 Dallas Parkway, Suite 600Addison, Texas 75001
Plano Office 3948 Legacy Drive Suite 106, Box 397, Plano, Texas 75023
www.cynthiastamer.com