If you’re unfamiliar with the term “happy law,” it pertains to heading off legal trouble before it develops. So much of business law pertains to preventively reviewing policy and process shortcomings before they lead to legal violations that IB reached out to a variety of legal experts to explain how employers can deploy the “stay-out-of-jail” card.
Not the get-out-of-jail card — because by the time you need one of those, it might be too late to contain the damage — but the stay-out-of jail card, which requires ongoing vigilance. Whether you have the ability to thoroughly vet your organization from the inside, whether you need to hire out, or whether you prefer to do both just to make sure you’ve covered all the bases, here are the legal realities that provide context for today’s business operations.
Sympathetic labor pains
No area of business law changes more frequently, and is violated more often, than employment law. With agencies at virtually all levels of government established to hear complaints from employees (or former employees) who believe they have been wronged, and a labor-friendly National Labor Relations Board inclined to side with workers, business operators ignore established and emerging employment law at their own peril.
“It’s definitely an area of high day-to-day risk,” says attorney Sarah Platt, a shareholder in von Briesen & Roper. “I don’t know if I’d say it’s the type of company risk that other areas of law might be, especially in one-time circumstances, but in terms of consistent operational issues, it absolutely is.
“There are a lot of different laws in place and a lot of different requirements of employers, and many of them are changing. So it’s important to keep up with the different layers of regulation and how they work together.”
With such a fluid situation, a thorough review of the employee handbook should be conducted at least every couple of years, but narrow reviews can coincide with a change in the law or a new application of the law generated by court proceedings, a new point of emphasis by state or federal agencies, a major business change such as an acquisition, or a sudden growth spurt or workforce cutback. Companies may also want to conduct such reviews in the event the organization becomes involved in a new type of business. “You might suddenly find yourself in a situation where laws that used to apply to you might not apply to you any longer,” says attorney Lynn Stathas, a shareholder with Reinhart Boerner Van Deuren.
Reviews can work any number of ways. They can be done internally, whether they involve legal counsel or human resources professionals who know what to look for, or they can be conducted by an outside attorney or a consultant. And the reviews should not only examine whether the policies are consistent with the law, but also whether they are an accurate reflection of your actual practices.
They should also examine any written policy that pertains to employer expectations, existing employment or affirmative action contracts (developed as a result of government contracting), processes that involve hiring or orienting new employees, benefits packages, employee classifications, job/position descriptions, employee-relations policies, insurance coverage, and complaint procedures — including whistleblower mechanisms.
For example, the hiring process is about more than conducting job interviews and maintaining records relating to the interviews, it’s also about the process for writing advertisements, placing ads, developing an employment application, and conducting reference or background checks.
In a sense, the firing process actually begins with the job review, a formal process that you should consistently follow and one that is designed to identify performance issues. If an employer has identified performance issues and has worked with the employee to address them, the employee won’t be surprised by a firing and the company will be in the best position to part ways and defend its decision.
“You just globally look at all the different aspects of the employment relationship, what you’re doing, what you are required to do, and where you might have shortfalls, with the goal being that you will identify and resolve any weaknesses before you find out about them through a lawsuit or a governmental audit,” Stathas noted.
One of the areas in the regulatory crosshairs is the classification of employees. A company might believe that someone is appropriately classified as an exempt employee and might be paying him or her on an exempt basis, only to find out the worker actually is an hourly employee and is owed considerable overtime pay.
(Continued)
In addition, regulators are closely examining independent contractor relationships. An employer might retain some labor in the context of what it believes to be a genuine independent contractor relationship, only to find the individual doesn’t meet all of the applicable tests and should be classified as an employee, which could lead to back taxes or other issues that weren’t anticipated or budgeted for.
Adding to the compliance challenge is the fact that there are slightly different tests applied by states and the federal government. They are related but not identical. “Those are two areas where we are seeing a lot of activity, and in fact where more [government] investigators are actively out there doing audits and uncovering issues,” Stathas says. “What will typically happen is there may be a disgruntled employee who may file a complaint over their particular situation, and an audit is triggered, and once one agency finds out about a potential problem, it creates a chain reaction and you might expect to hear from other governmental auditors as well.”
Employee handbook reviews bring varying investments, which depend on the size of the organization (“The larger your workforce, the more laws that come into play,” Stathas says), the complexity of the review, the industry and its regulatory environment, and how much repair work needs to be done, but subsequent reviews will be much easier.
In some cases, it makes sense to have both internal and external audits — not just to cover all the bases, but also to keep the process in-house for subsequent reviews. “Actually, that’s often a very efficient way of doing it because if you have the internal resources, you can get things in order so that it’s much more efficient for a third party to come in, take a look, and identify issues,” Stathas says. “The smaller businesses might not have someone in house with the expertise to do it the first time, but after walking through with an attorney or a consultant, and understanding what they need to look for and what they need to be doing after that first time through, it will be even easier.”
If it’s necessary to conduct an investigation into alleged misconduct, it can be handled by outside counsel. If a company has a sophisticated HR department or vendor, it might have people who are skilled and equipped to conduct an investigation. No matter who conducts the investigation, Platt says, the inquiry is all about documenting the allegations and detailing what the investigation uncovered, what conclusions can be drawn from it, and how the company should respond to it. “Just make sure it’s done in a meticulous way, where you follow up on all the details to either come to a conclusion about what happened — or at least come as close as you can — and identify an appropriate remedy,” she states. “In a lot of cases, just conducting an investigation is an important step. The outcome can go in different directions, depending on the facts, but you need to make sure you haven’t just ignored the allegation.”
No more Mr. Nice IRS
Perhaps no acronym strikes more fear in the hearts of American businessmen than IRS. Given recent scandals, all that talk about a kinder, gentler Internal Revenue Service has been laid to rest, and attorney Steve Tumbush, a shareholder in Murphy Desmond law firm, says employers need to lean on their accountants to stay off the agency’s radar screen.
Accomplishing this does not require a thorough audit, it simply involves a thorough reporting of business income — all sources of income. The Wall Street Journal recently reported that thousands of small business owners have received letters from the IRS questioning whether they are underreporting their business income. The matter is at the heart of what triggers tax audits, according to Tumbush, who represents corporate taxpayers before the IRS, the Wisconsin Department of Revenue, and other agencies.
The theory of the IRS is that all income is taxable, and Tumbush notes that IRS audits begin at the service center level, where people initially file their returns. The IRS has processes for selecting individuals and businesses for audit; typically, they start with simply matching up what is being disclosed with the information they receive from schedule K-1s, 1099s, and W-2 wage and tax statements.
To the extent the business is a pass-through entity like an S-Corp or a limited liability company, including an LLC partnership, accurate income reporting is especially important. The term pass-through means the taxes of the businesses are “passed through” to the tax return of the people who own the business. The accountants who handle returns for partnerships are obligated to provide K-1s to the partners and to the IRS (which has computer programs to compare what’s being reported on various forms), and what’s being disclosed by the accountants for the S Corps and the LLCs is each partner’s allocation of taxable income.
For cross-checking purposes, the IRS has always used W-2s and 1099s. More recently, the agency has focused on the K-1s to monitor the allocation of activity within pass-throughs, and “most businesses are conducted through an LLC or an S-Corp these days,” Tumbush notes.
Given today’s level of computing power and connectivity, the IRS’s ability to compare and contrast has never been greater. “It’s not just the matching up, because they have these programs in place that can raid returns,” Tumbush added. “They call it the discriminate function system, a mathematical technique used to identify whether what you have been reporting might put you into a higher level of examination.”
Sustainable self-reporting
Small Wisconsin businesses are more likely to encounter the state Department of Natural Resources than the federal Environmental Protection Agency. Whatever the case, knowing your company’s environmental obligations and knowing that you are either in compliance with them or can take steps to get into compliance is good for business for a couple of reasons — one, it provides a sense of comfort if the DNR conducts a site inspection. Two, it will impress your customers, which is especially important in an environmentally conscious community like Madison.
So says attorney Linda Bochert, a partner in the Land and Resources Practice Group at Michael Best & Friedrich. “The word sustainability gets thrown around a lot, as does the term ‘green’ and all of that terminology that is used from a marketing point of view, but it is meaningful,” Bochert says. “In the consumer’s eyes, we’re seeing that consumers are interested in knowing: Do you have a sustainability program? Are you paying attention to the issues associated with compliance? Are you locally sourcing products?”
For environmental compliance, Bochert says two Wisconsin statutes, which the DNR administers, are of particular importance. One governs the state’s environmental compliance audit program for regulated facilities that fall within the DNR’s regulatory jurisdiction.
If a company gives the DNR notice of its intent to conduct a compliance audit, and if it conducts a thorough audit and provides the agency with a detailed report on what was found, and if shortcomings are corrected within a prescribed period of time, the company will not face state enforcement.
Talk about a golden opportunity to stay out of jail. In this context, “They won’t bring any kind of lawsuit against you, or sue you, or seek any kind of enforcement for the offense,” Bochert says. “It allows for self-enforcement as long as you find it yourself, fix it, and report on it. The only kicker is you have to tell the DNR in advance that you are going to conduct the audit.”
(Continued)
The audit can be done by the company or an outside consultant. “The point is to encourage companies to do audits. If you go back years before the statute, there was always this tension of ‘well, if I do an audit, and I find something, now I know. Now I know I have to deal with it. Am I exposing myself to possible state enforcement?’”
The other statute pertains to the state Green Tier Program, which has an audit component to it. Under Green Tier, a business simply commits to go above and beyond the minimum environmental requirements and perform at a superior level. A company will set its own goals for how it intends to perform better and report on its progress, and then it will periodically audit itself against the commitment to achieve those goals.
“There is a lot of public disclosure and transparency associated with the Green Tier Program,” Bochert stated. “Again, the idea is to recognize that a lot of companies have incorporated the concepts of environmental compliance into their everyday way of doing business, that it’s a natural component for them, and many do much more than the minimum of what the regulations require.”
Bochert cited the example of a manufacturing operation that contains equipment that uses chemicals. There may be wastewater that comes off the equipment that must be treated before it’s discharged either to a stream or to the Madison Metropolitan Sewerage District. The manufacturer might have a piece of equipment that creates an air emission that is restricted under the Clean Air Act.
An auditor, typically an environmental consultant, would examine the process the manufacturer uses to make its product. The auditor would look at things like materials used, how they are used, and the waste they put out. “Generally, the environmental regulations apply to that waste, whether it’s an emission to the air or wastewater to a treatment system, or material that goes to a landfill or needs to be handled as though it’s hazardous waste,” Bochert explained.
Collaring crime
Companies in regulated industries generally understand the importance of internal controls, but there are significant differences when it comes to engaging their respective cultures in whistleblower programs and follow-up.
Attorney Patrick Coffey, who heads up the compliance and white-collar defense practice for Whyte Hirschboeck Dudek, has conducted internal reviews, audits, and investigations. He says the current focus of regulatory enforcement is the financial markets, as financial market players are experiencing an increased level of scrutiny and attention from federal enforcement authorities. “There is a corresponding increase, then, in the nature and volume of internal review, internal compliance, and related investigative activity,” Coffey says.
Businesses in different industries face different regulatory environments and risk, so they have their own tailored compliance and audit activities. There is a significant amount of regulatory advice and guidance that’s provided to regulated companies; from there, the issue becomes whether the policies, procedures, and the activities undertaken to monitor and audit risk serve as mitigation in the event that a problem is uncovered.
Coffey and other white-collar attorneys spend a great deal of time on effectiveness assessments. “There needs to be an assessment of what those risks are, how they apply to that business, and then obviously some prioritizing,” he says. “Because there are so many regulatory requirements, the focus needs to be on the most significant issues that pose substantial possible risk to a company if left unaddressed.”
While auditing is a common feature, there is growing use of hotlines and other reporting mechanisms inside companies. Whistleblowers are being encouraged under a variety of regulatory regimes — the Securities and Exchange Commission has a new whistleblower hotline that is getting a fair amount of use — but more organizations consider them to be invaluable parts of their compliance programs. To be effective, they must be sustained in an open and receptive culture where individuals feel comfortable enough to raise issues of concern with managers, compliance officers, and others in positions of authority.
Considering the elevated risk of enforcement, there is a premium on a company’s ability to conduct a thorough investigation and head off costly regulatory enforcement action. According to Coffey, there is an appreciation of the need for compliance programs in regulated settings, but there is a wide range of success in their implementation. Some organizations don’t do enough to advertise or encourage reporting, while others heavily promote the company’s commitment to compliance, the available reporting mechanisms, and the prohibition against retaliation.
“You don’t want an individual to raise an issue over a hotline and then have the matter go into a black hole where that individual doesn’t have any understanding of what, if any, actions were ultimately taken by the company in response,” Coffey says. “All types of issues will be presented, but effective corporate compliance programs are the ones that really do have an openness and have opportunities on the part of employees to raise a concern.”
International relations
Wisconsin businesses are becoming more enthusiastic foreign traders, which could expose them to some risk. Scott Shaffer, Wisconsin practice leader in forensic and valuation services for Grant Thornton, performs investigations on behalf of companies that uncover some type of fraud. He says there is a strong federal crackdown on violations of the Foreign Corrupt Practices Act, which prohibits a company from offering to bribe or bribing foreign government officials, intermediaries, or political parties.
If they do and U.S. authorities find out about it, they face crippling fines. Shaffer noted that Siemens was fined more than $1 billion by the Department of Justice and the Securities and Exchange Commission for violating the FCPA, and companies like Ralph Lauren Corp., Eli Lilly, and Oracle have been subject to SEC enforcement actions.
The three most common kinds of financial fraud are asset misappropriations, corruption schemes, and financial statement fraud, but the most common is misappropriation. There are a number of reasons business funds are misappropriated, and investigators look at the fraud triangle: the opportunity to commit fraud (often due to weak internal controls); the incentive to commit fraud, which could include personal reasons like gambling or womanizing; and rationalization.
Shaffer’s investigations focus on what caused the fraud, how it happened, and what controls are needed to prevent a recurrence. Compliance reviews would take a risk-based approach focused on the countries the client company deals with and which countries are known for corruption.
Companies that do business overseas should have an anti-corruption policy that clearly defines and prohibits any bribery, both public and commercial. The anti-corruption policy also should have a whistleblower hotline, and people should be trained on it. Companies that use foreign agents should assert the right to audit those agents, and the policy itself should be audited periodically.
Shaffer says external audits alone don’t keep companies out of trouble; he claims that only 3% of external audits are effective at identifying fraudulent activity. He also contends that compliance programs and strong internal auditing offer the most effective prevention, as do remediation plans that follow an internal investigation.
In many cases, there is a simple failure of internal controls. “We’ve seen some clever fraud,” Shaffer noted. “We’ve also seen some very obvious fraud. I conducted an investigation awhile back on a privately held company whose head of credit set up a fictitious accounts receivable, started issuing credits against that receivable, and authorized the company to make payments to that dummy customer to offset the credits.
“What happened was the credit supervisor would send AR a request for payment to accounts payable, which would cut the check, and on the instruction of the check request would have it routed back to her. Then she took physical possession of the check and deposited it in her husband’s bank account. It was a pretty simple breakdown of internal controls.”
Click here to sign up for the free IB ezine – your twice-weekly resource for local business news, analysis, voices, and the names you need to know. If you are not already a subscriber to In Business magazine, be sure to sign up for our monthly print edition here.
