The Top Five Corporate Compliance Challenges of 2010

Corporate compliance, difficult in the best of times, presents even more challenges in an economic downturn.  During the last year, companies did not generally increase compliance dollars.

Thus, moving forward in 2010, one of the biggest overall challenges facing compliance departments is the lack of adequate resources to ensure that compliance risks are addressed properly.  Without appropriate resources, a company’s litigation risk is increased across all categories of compliance.

This article sets forth the top five challenges that a company’s compliance department may face in 2010.

1. The Impact of Healthcare Reform Legislation

Congress is inching closer to passing what would be the most significant overhaul of the American healthcare system since the introduction of Medicare and Medicaid in 1965.  This healthcare reform legislation will increase substantially the number of people covered by healthcare insurance (estimated to increase by more than 30 million) if enacted in its current form, and thus greatly increase demand for pharmaceuticals, medical devices, and healthcare services.

Both the House of Representatives’ Affordable Health Care for America Act and the Senate’s Patient Protection & Affordable Care Act make the fundamental assumption that employers and their payroll professionals, human resource professionals, and benefits and compensation professionals will navigate each and every legislative stipulation, tax and reporting requirement and make it all happen in the real world of the marketplace.  Key provisions of both pieces of healthcare legislation will impose additional reporting requirements on corporations and penalties may attach if companies fail to properly report.  Companies will have to act swiftly to understand the legislation and to integrate best practices for compliance to avoid falling into areas of risk.

Additional litigation risk will result because the federal government will have to focus more on cost containment mechanisms as it pays for an even greater percentage of medical products and services.  This inevitably will lead to an increase in fraud and abuse investigations and an increase in penalties for corporations that fail to comply with regulations and requirements.  The urge to contain costs also likely will lead to increased use of home testing and monitoring.  In response to patient demands, that increased usage likely will present the potential for products liability litigation, regulatory approval issues relating to new information technology use, and privacy protection matters.

For companies not in the healthcare industry, the new regulations concerning healthcare insurance requirements may create litigation issues if employees argue that the law requires coverage or additional coverage.  For example, employers would be required to auto-enroll employees into health plans, and they would be required to provide comprehensive notice to automatically enrolled employees advising them of their opt-out rights and obligations under their plans.  Employers may be exposed to litigation, including whistleblower suits, if they do not properly inform their employees and if regulations are not closely followed.

2. Increased Regulatory Oversight and Enhanced Enforcement in Variety of Areas

Federal regulatory enforcement undoubtedly will increase in 2010.  The first year of a new administration is usually a transition year when regulatory agencies change courses.  In the second year, regulatory agencies are better prepared to step up enforcement efforts.  President Obama and several members of his cabinet and administration have made clear that areas of regulatory enforcement that were lax under the Bush Administration will be ramped up under the new administration.  In 2010, the corporate world should begin to experience the effects of the increased enforcement, especially related to financial reform, and regulations by the Environmental Protection Agency (“EPA”), the Occupational Safety & Health Administration (“OSHA”), the Food and Drug Administration (“FDA”), and the Consumer Product Safety Commission (“CPSC”).

Financial Reform

The federal government has targeted the financial sector in the wake of the mortgage securities collapse.  Congress created an entirely new federal agency – Troubled Asset Relief Program (“TARP”) – to oversee and regulate the bail-out.  Undoubtedly, more financial oversight by regulators and legislators, including potential congressional investigations and oversight of companies deemed “too big to fail” is on its way.

A host of new federal regulations include:

• imposing higher capital restrictions on banks and other financial institutions
• decreasing the weight given to the ratings of credit agencies in investment decisions and regulatory oversight
• providing government regulation of the over-the-counter derivatives market
• requiring banks to keep a portion of the debt they securitize as investments to ensure that they have some skin in the game
• instituting a mechanism for the orderly resolution of financial institutions who have become so large that their collapse would threaten the stability of the entire system.

These measures will increase litigation risks of companies in the financial sector by creating potential pitfalls in complying with the new regulations.

In addition, the Securities Exchange Commission (“SEC”) is increasing enforcement and modeling itself after a traditional prosecutor’s office.  The Chairman of the SEC, Mary Schapiro stated:  “We have been revitalizing our enforcement division, which under its new director — a highly accomplished former federal prosecutor . . . — is creating specialized units that can target particular types of fraud and misconduct — and have the specific know-how to bring complex cases quickly.  The Commission has removed procedural barriers to the staff’s investigative and litigation practices and eliminated a layer of management to put more investigators and attorneys on the front lines.”  These prosecutorial tools include increased use of cooperation agreements to facilitate whistleblowing and cooperation from witnesses.

On the substantive front, the SEC also will promulgate new rules that public companies must understand and incorporate into their procedures.  For example, new Executive Compensation and Corporate Governance Requirements – that will significantly increase registrants’ disclosure about executive compensation and corporate governance – go into effect February 28, 2010.

Environment/OSHA/Food and Drug Administration

The Bush Administration was widely viewed as being company-friendly on issues related to the environment, worker safety and food and drug issues.  Whether this perception actually reflected the reality does not change the likelihood of increased enforcement of regulations related to the environment and an increased concern about health and safety in the workplace and in the food supply.  The EPA will spend more money and resources to enforce existing environmental regulations, and likely will propose and enforce new environmental regulations, especially in the air and water area.  The CPSC, OSHA, and FDA will be looking at workplace hazards, the manufacture and labeling of consumer and food products, drug safety issues both with respect to approval and manufacturing.  They will all likely propose and pass new regulations for which companies must implement compliance procedures and training, and they will also increase their enforcement efforts.  In addition, compliance personnel will have to monitor these enforcement trends and ensure that the company reacts quickly to those that are promulgated.

3. Implications of Increased Use of Social Media

Many companies, in an effort to reach a broader audience with their products and services and to solidify their brand, are choosing to capitalize on the popularity of evolving social media and using alternative modes of communication to disseminate information to shareholders, clients, customers, and personnel.  Approximately 15.8% of Fortune 500 companies already have blogs with links to corporate Twitter accounts.

The use by companies of “social media” such as MySpace, LinkedIn, “sponsored post” blogs, YouTube, Facebook and Twitter will only continue to expand in 2010 as these forms of media continue to gain popularity.  Those companies that fail to engage with these new modes of communication will be at a disadvantage and will risk losing market share, branding opportunities, and revenue.

Companies, simultaneously, however, will be exposed to new potential risks in using these new social media forms.  It will fall to corporate compliance departments to foresee these risks and protect their companies from exposure to litigation.  Improper monitoring of the content of corporate Twitter, Facebook, and other such social media accounts can lead to the divulging of proprietary or trade secrets, claims of defamation and violations of privacy rights, data security breaches, violations of e-commerce regulation, infringement of intellectual property rights, false advertising claims, and vicarious liability for third-party acts.

Both the FDA and the FTC are currently holding public hearings regarding what changes in their regulatory and enforcement approaches are warranted by reason of this increased use of social media by companies.  Additionally, as the use of these forms of media increase, information transmitted through blogs, Twitter, and social networking Web sites may be discoverable.  Thus, if employees or other parties with information about the corporation engage in these forms of media, there is the risk that sensitive, confidential, and potentially damaging information will be made public and available to adversaries in subsequent litigation.

Because these forms of media are not regulated and there is almost no case law or legislation governing the boundaries in this area, in-house attorneys and compliance personnel will have to craft corporate social networking, blogging/Twitter policies without much guidance.  This can lead to potential exposure if the policies later prove to be ineffective.  In 2010, corporate compliance departments will have to catch up with these new phenomena to protect their companies in such an unclear landscape.

4. Anti-Fraud/Anti-Corruption Prosecution

In general, the prosecution of white collar crime slowed during the Bush Administration.  There is one glaring exception – the prosecution of cases under the Foreign Corrupt Practices Act (“FCPA”).  The increase of these cases has continued under the Obama Administration.  Compliance personnel for every company doing business overseas must pay attention to developments in the anti-corruption and international regulatory enforcement area, which includes the FCPA, anti-money laundering and import/export regulations.

The Department of Justice (“DOJ”) has made it clear that this is a priority in terms of enforcement.  Recently, the DOJ arrested 22 individuals at a Las Vegas trade show for FCPA violations based on evidence from undercover agents.  The government also is using industry and country-specific investigations to discover violations.  For example, a health care company doing business in China can be fairly certain that the government may be looking at it and its competitors due to the fact that hospitals in China are usually government-owned, meaning their employees are considered to be by DOJ “foreign officials” for FCPA purposes.

Compliance personnel should urge the company to implement an FCPA compliance program that addresses the risk that the company has in its overseas operations.  The U.S. government consults an index developed by Transparency International to chart the risk of corruption in specific countries.  This index can be a good tool for companies to measure their own risk when developing business abroad.

Companies should conduct anti-corruption due diligence for any overseas acquisition, merger or joint venture, as well as for the retention of any counterparty or agent/consultant.

5. Managing e-data and document productions for any litigation

The world of electronic-discovery (“e-discovery”) has arrived and will likely affect all litigation involving your company.  According to one report by Gartner, worldwide e-discovery revenue is forecast to surpass $1.2 billion—a 23% increase from 2009.  Recent changes to the Federal Rules of Civil Procedure as well as recent case law have made it clear that knowledgeable management of e-discovery must be undertaken.  For the most part, company counsel will have to deal with the ins and outs of the rules and obligations of e-discovery after litigation arises.

Corporate compliance personnel, however, should plan ahead and be proactive regarding likely e-discovery issues.  As a preliminary matter, the company should have a well-designed document retention policy that addresses those documents necessary for business.  Compliance personnel should work with counsel and IT teams to create customized records-management systems that reduce regulatory and litigation risks, streamline discovery processes, and serve each company’s long-term business objectives in a cost-effective manner.

The Authority on Managing Records and Information International has identified standards and best practices for records and the information management that can be used as a benchmark.  Moreover, compliance personnel should audit on a regular basis whether company employees are following the record retention policy.  In short, compliance personnel are key to ensuring that e-discovery, when it arrives in litigation, goes as smoothly as possible.

Conclusion

Compliance risks for U.S. companies will increase in 2010 – which is a difficult time due to the economic downturn.  The above five areas will generate some, if not most, of the increased risk facing a company.  Compliance personnel would be well-advised to look into these areas and make sure the company’s compliance program and policies are ready to handle risks in these areas.

**********

About the Author

Mark A. Srere is a member of the Government Enforcement and Corporate Compliance Committee of DRI – The Voice of the Defense Bar.

As a partner in Morgan Lewis’s Litigation Practice, Mr. Srere’s concentrates his practice in the criminal area, and he is a member of the Corporate Investigations and White Collar Practice.

He provides counseling to corporate clients on compliance issues and internal investigations, as well as providing a full range of services to clients that are targets of criminal prosecution, from grand jury appearances to trials.

Tags: EPA, FDA, financial reform, healthcare reform, list, mark srere, OSHA, regulatory oversight, sec, social media, tarp