This blog is now at http://tatetalk.com – click to receive blog posts by email
I have merged my blogs into one. The new blog will have the same great posts, but more of them. Please click on the new blog and register to receive new blog posts by email. Click on the following link for the new blog, http://tatetalk.com/.
Thank you. Dave Tate
Starting New Blog – LawRiskGov – Please Follow Me There
I will be switching over to a new blog, http://lawriskgov.com. The new blog exists but I am working on the look, format and color. Future posts will be to the new blog. I may not be able to carryover the posts from this blog to the new blog, but this blog will still exist. Please follow me to the new blog. Thank you.
Dave Tate, Esq. (San Francisco)
Holding the Line on Charging Older People Higher Insurance Rates Under the Patient Protection and Affordable Care Act
Limit on health insurance rates for older (over age 50) adults limited to 3 times the rates for younger adults under the Patient Protection and Affordable Care Act, Click Here for Article.
Companies Reporting Hacking
Companies are more often publicly reporting hacking, according to article, Read Here.
Persuade With Participation, Part One: Learn from Early Rhetoric – From the Persuasive Litigator
An interesting discussion about persuasion from the Persuasive Litigator, Click Here.
National Center on Elder Abuse – Discussing What Is Elder Abuse
A good discussion and link from the National Center on Elder Abuse, discussing what is elder abuse, Click Here for article.
Dave Tate, Esq. (San Francisco)
Link – Management Is (Still) Not Leadership – I Like This To-The-Point Article by John Kotter
I like the following article by John Kotter. It is a worthwhile read. Management Is (Still) Not Leadership – for the article Click Here. I have copied and pasted the following from Mr. Kotter’s discussion, but please read the entire article – it won’t take long to read:
“Mistake #1: People use the terms “management” and “leadership” interchangeably. This shows that they don’t see the crucial difference between the two and the vital functions that each role plays.
Mistake #2: People use the term “leadership” to refer to the people at the very top of hierarchies. They then call the people in the layers below them in the organization “management.” And then all the rest are workers, specialists, and individual contributors. This is also a mistake and very misleading.
Mistake #3: People often think of “leadership” in terms of personality characteristics, usually as something they call charisma. Since few people have great charisma, this leads logically to the conclusion that few people can provide leadership, which gets us into increasing trouble.
In fact, management is a set of well-known processes, like planning, budgeting, structuring jobs, staffing jobs, measuring performance and problem-solving, which help an organization to predictably do what it knows how to do well. Management helps you to produce products and services as you have promised, of consistent quality, on budget, day after day, week after week. In organizations of any size and complexity, this is an enormously difficult task. We constantly underestimate how complex this task really is, especially if we are not in senior management jobs. So, management is crucial — but it’s not leadership.
Leadership is entirely different. It is associated with taking an organization into the future, finding opportunities that are coming at it faster and faster and successfully exploiting those opportunities. Leadership is about vision, about people buying in, about empowerment and, most of all, about producing useful change. Leadership is not about attributes, it’s about behavior. And in an ever-faster-moving world, leadership is increasingly needed from more and more people, no matter where they are in a hierarchy. The notion that a few extraordinary people at the top can provide all the leadership needed today is ridiculous, and it’s a recipe for failure.”
Regards,
Dave Tate, Esq. (San Francisco)
NBIM/Government Pension Fund Global Publishes Corporate Governance Note
The following is a link to the Harvard Law School Forum on Corporate Governance and Financial Regulation posting about a recent new corporate governance note by Norges Bank Investment Management which manages the large Norway Government Pension Fund Global. Click Here for the Harvard link.
And for the actual source link to the full discussion note on the NBIM website Click Here for the introduction page, and Click Here for the entire 44 page discussion.
More to follow after I give the listed criteria additional thought. Generally speaking, the guidelines are broadly worded – it seems that in practice more definitive guidelines, goals or criteria will apply.
Dave Tate, Esq.
Link – Interesting Read – Re The Will of George Washington
The following is a link to an interesting article about the Will of George Washington (with attachments of the actual will), Click Here.
Dave Tate, Esq. (San Francisco)
Failed Bank Litigation Against Officers and Directors- D&O Diary Link
The following is a link to the D&O Diary for February 18, 2013, re failed bank litigation update including actions against officers and directors, Click Here.
Dave Tate, Esq. (San Francisco)
Daily Updates: Privacy, Product Liability & Accident; Employment; Governance, Risk & Liability; & Nonprofit; Board & Director Responsibilities Video
For your information, please click below for daily updates on various legal topics, and also the Board and Director Responsibilities video:
– Privacy & Information Update, Click Here.
– Product Liability & Accident Update, Click Here.
– Employment Law & News Update, Click Here.
– Governance, Risk & Liability Update, Click Here.
– Nonprofit Update, Click Here.
– Board and Director Responsibilities video:
LINKS TO GOVERNANCE, RISK AND LIABILITY UPDATE; ST. VINCENT DE PAUL SOCIETY SAN FRANCISCO
1. More depositions in Salt Lake City today.
2. The following is a link to my daily updated governance, risk & liability paper, Click Here.
3. And the following is a link to the St. Vincent de Paul Society in San Francisco, of which I am a board member, Click Here. This is a great nonprofit organization, helping people in need.
Off to work. Regards, Dave Tate.
BULLYING ARTICLE; CEO/CFO – CAE/CRO ARTICLE; SALT LAKE CITY DEPOSITIONS
A medley of stuff:
1. I’m in Salt Lake City this week for five days of depositions in the wrongful death/product liability case, which I can’t and wouldn’t say much about. Over 70 non-expert depositions taken, and 80,000-100,000 pages of documents produced. Legally speaking, a very interesting case. Good attorneys on all sides, and a fierce battle.
If I get a few spare minutes, which is currently unlikely, I want to see the Mormon Temple and the family ancestry library, both of which are just down the street from where I am staying at the Little America. Nice hotel along with the Grand America. The hotel cafe sure serves large food portions, which is a complement, but the portions are larger than I need.
2. The following is a link to a blog post by Norman Marks, about CEO/CFO and CAE/CRO conflict – it is a good post and worthwhile for thought purposes – please read Norman’s post – I just don’t have the time currently to comment about the topic, http://normanmarks.wordpress.com/2013/02/12/what-should-the-board-do-when-there-is-conflict-between-the-ceocfo-and-caecro/
3. While reading The Salt Lake Tribune this morning I saw an article about bullying, and the work of a local group to address and raise awareness about the issue, and to provide thoughtful advice for actions and remedies. Obviously this is a worthwhile topic for discussion, and it will be discussed for the next 100+ years. I would say that bullying is not restricted by age as victims can be young, middle age, and old alike. Presumably the significant majority of people do not endorse bullying. And clear examples of bullying usually are obvious. From a legal viewpoint, the difficulty arises in the gray areas of conduct – when does conduct become unlawful bullying as opposed to fairly typical human conduct that although not encouraged or even liked isn’t conduct that warrants laws or legal intervention? And how does bullying differ from already existing assault and battery or other laws? Here is a link to the group’s website page for students which contains the group’s definition of bullying, http://www.flipthescriptnow.org/students. And here is a link to the group’s main website page, http://www.flipthescriptnow.org/slc. a good topic for discussion.
4. If you are so inclined, please see also my below blog post with a video discussion about board and director responsibilities. The video is a good improvement over prior video efforts; however, I will be working on improving presentation in upcoming videos.
Thank you. Off to work now,
Dave Tate
VIDEO – BOARD AND DIRECTOR RESPONSIBILITIES
Internal Audit of Risk Management and Governance – from the Federal Reserve Supplemental Policy Statement
From the Board of Governors of the Federal Reserve System, a Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing (January 23, 2013), Click Here.
There are several provisions relating to internal audit’s role in auditing risk management and governance which I found interesting and helpful.
I would disagree with the discussion which appears to assign board oversight of risk management to the audit committee. Risk or uncertainty management should be an activity of the overall board function – of course I don’t disagree with delegating initial or concentrated oversight to a board committee like the audit committee (assuming that the audit committee has the time) or a risk committee, with the committee reporting to the full board for input, questions, evaluation and oversight.
The following are select provisions from the Supplemental Policy Statement relating to risk management and governance – and they got me to wondering: how are we doing on the status of achievement?
———————————————-
PURPOSE
This policy statement is being issued by the Federal Reserve to supplement the guidance in the 2003 Interagency Policy Statement on the Internal Audit Function and its Outsourcing. . . . As a result of the supervisory experience during and following the recent financial crisis, Federal Reserve staff identified areas for improving regulated institutions’ internal audit functions. This supplemental policy statement addresses the characteristics, governance, and operational effectiveness of an institution’s internal audit function.
* * * *
OVERVIEW
The degree to which an institution implements the internal audit practices outlined in this policy statement will be considered in the Federal Reserve’s supervisory assessment of the effectiveness of an institution’s internal audit function as well as its safety and soundness and compliance with consumer laws and regulations. Moreover, the overall effectiveness of an institution’s internal audit function will influence the ability of the Federal Reserve to rely upon the work of an institution’s internal audit function.
* * * *
1. Enhanced Internal Audit Practices
An institution’s internal audit function should incorporate the following enhanced practices into their overall processes:
A. Risk Analysis
Internal audit should analyze the effectiveness of all critical risk management functions both with respect to individual risk dimensions (for example, credit risk), and an institution’s overall risk management function. The analysis should focus on the nature and extent of monitoring compliance with established policies and processes and applicable laws and regulations within the institution as well as whether monitoring processes are appropriate for the institution’s business activities and the associated risks.
* * * *
C. Challenging Management and Policy
Internal audit should challenge management to adopt appropriate policies and procedures and effective controls. If policies, procedures, and internal controls are ineffective or insufficient in a particular line of business or activity, internal audit should report specific deficiencies to senior management and the audit committee with recommended remediation. Such recommendations may include restricting business activity in affected lines of business until effective policies, procedures, and controls are designed and implemented. Internal audit should monitor management’s corrective action and conduct a follow-up review to confirm that the recommendations of both internal audit and the audit committee have been addressed.
E. Risk Tolerance
Internal audit should understand risks faced by the institution and confirm that the board of directors and senior management are actively involved in setting and monitoring compliance with the institution’s risk tolerance limits. Internal audit should evaluate the reasonableness of established limits and perform sufficient testing to ensure that management is operating within these limits and other restrictions.
F. Governance and Strategic Objectives
Internal audit should evaluate governance at all management levels within the institution, including at the senior management level, and within all significant business lines. Internal audit should also evaluate the adequacy and effectiveness of controls to respond to risks within the organization’s governance, operations, and information systems in achieving the organization’s strategic objectives. Any concerns should be communicated by internal audit to the board of directors and senior management.
2. Internal Audit Function (Part I of the 2003 Policy Statement)
The primary objectives of the internal audit function are to examine, evaluate, and perform an independent assessment of the institution’s internal control system, and report findings back to senior management and the institution’s audit committee. An effective internal audit function within a financial institution is a vital means for an institution’s board of directors to maintain the quality of the internal control environment and risk management systems.
The guidance set forth in this section supplements the existing guidance in the 2003 Policy Statement by strongly encouraging internal auditors to adhere to professional standards, such as the IIA guidance. Furthermore, this section clarifies certain aspects of the IIA guidance and provides practices intended to increase the safety and soundness of institutions.
B. Corporate Governance Considerations
Board of Directors and Senior Management Responsibilities
The board of directors and senior management are responsible for ensuring that the institution has an effective system of internal controls. As indicated in the 2003 Policy Statement, this responsibility cannot be delegated to others within the institution or to external parties. Further, the board of directors and senior management are responsible for ensuring that internal controls are operating effectively.
Audit Committee Responsibilities
An institution’s audit committee is responsible for establishing an appropriate internal audit function and ensuring that it operates adequately and effectively. The audit committee should be confident that the internal audit function addresses the risks and meets the demands posed by the institution’s current and planned activities. Moreover, the audit committee is expected to retain oversight responsibility for any aspects of the internal audit function that are outsourced to a third party.
The audit committee should provide oversight to the internal audit function. Audit committee meetings should be on a frequency that facilitates this oversight and generally should be held four times a year at a minimum, with additional meetings held by audit committees of larger financial institutions. Annually, the audit committee should review and approve internal audit’s charter, budget and staffing levels, and the audit plan and overall risk-assessment methodology. The committee approves the CAE’s hiring, annual performance evaluation, and compensation.
The audit committee and its chairperson should have ongoing interaction with the CAE separate from formally scheduled meetings to remain current on any internal audit department, organizational, or industry concerns. In addition, the audit committee should have executive sessions with the CAE without members of senior management present as needed.
The audit committee should receive appropriate levels of management information to fulfill its oversight responsibilities. At a minimum, the audit committee should receive the following data with respect to internal audit:
• Audit results with a focus on areas rated less than satisfactory;
• Audit plan completion status and compliance with report issuance timeframes;
• Audit plan changes, including the rationale for significant changes;
• Audit issue information, including aging, past-due status, root-cause analysis, and thematic trends;
• Information on higher-risk issues indicating the potential impact, root cause, and remediation status;
• Results of internal and external quality assurance reviews;
• Information on significant industry and institution trends in risks and controls;
• Reporting of significant changes in audit staffing levels;
• Significant changes in internal audit processes, including a periodic review of key internal audit policies and procedures;
• Budgeted audit hours versus actual audit hours;
• Information on major projects; and
• Opinion on the adequacy of risk management processes, including effectiveness of management’s self-assessment and remediation of identified issues (at least annually).
Role of the Chief Audit Executive
In addition to communicating and reporting to the audit committee on audit-related matters, the CAE is responsible for developing and maintaining a quality assurance and improvement program that covers all aspects of internal audit activity, and for continuously monitoring the effectiveness of the audit function. The CAE and/or senior staff should effectively manage and monitor all aspects of audit work on an ongoing basis, including any audit work that is outsourced.
* * * * *
California Court Holds That A Business Judgment Jury Instruction Should Have Been Given In Pregnancy Discrimination Case
California court holds that a business judgment jury instruction should have been given in a pregnancy discrimination case, reversing the jury’s verdict in favor of the plaintiff
A new California case involving Plaintiff’s claims against her employer for pregnancy discrimination, Julie Gilman Veronese v. Lucasfilm, Ltd., Court of Appeal State of California, First Appellate District, Case No. A129535 and A131660, December 10, 2012. The jury found for the Plaintiff awarding $93,830 in economic damages and $20,000 in noneconomic damages, and $1,157,411 in attorneys’ fees . The employer appealed on several grounds. In pertinent part the Court of Appeal reversed the trial court determining that the court failed to give proper jury instructions including that the court should have given a business judgment jury instruction similar in wording to the following:
“You may not find that _______ (Defendant) discriminated or retaliated against _________ (Plaintiff) based on a belief that _______(Defendant) made a wrong or unfair decision. Likewise, you cannot find liability for discrimination or retaliation if you find that ________ (Defendant) made an error in business judgment. Instead, _________ (Defendant) can only be liable to ________ (Plaintiff) if the decisions made were motivated by discrimination or retaliation related to her being pregnant.”
The upshot, you can bet that a request by the defendant for the above jury instruction or a close version will now become standard in employment discrimination cases. The instruction is intended to clarify for the jury that an employer’s wrong, unwise, mistaken or even stupid decision in and by itself is not grounds for a finding of discrimination liability against the employer.
A Good Read – California Attorney General Sues Delta Over Alleged Non-Disclosure of Personally Identifiable Information (PII) Collected by Delta’s “Fly Delta” App
This is an interesting discussion. On December 6, 2012, the California Attorney General filed a lawsuit against Delta Air Lines over Delta’s alleged failure to sufficiently post disclosure of its collection and use of personally identifiable information (PII) that Delta collects when someone uses its Fly Delta application. The Attorney General did not file suit over use of the alleged PII, but only over Delta’s alleged failure to disclose or to sufficiently disclose to app users the alleged collection and use or possible use of the PII. To find a copy of the Attorney General’s news release with a link to a copy of the Complaint Click Here.
First, let me say that I have read the Complaint, which is filed in the Superior Court of the State of California for the City and County of San Francisco, and I compliment the wording of the 8 page Complaint which is reasonably detailed and easy to understand. The Attorney General argues that whereas Delta does have a disclosure policy on its website, the app (1) also should have a disclosure policy, that is (2) more detailed and explanatory about the collection and use of personally identifiable information. The Complaint is a definite worthwhile read for legal counsel, risk managers, and designers of applications, websites and online services.
Without getting into the specifics of the claims that have been alleged or evaluation of possible liability and defenses, I note that the Attorney General alleges that recoverable damages are up to $2,500 per each violation which the Attorney General describes in its October 26, 2012, letter to Delta (attached as Exhibit A to the Complaint) as “for each copy of the unlawful app downloaded by California consumers.” The 30-day warning letter to Delta further states “Please respond to the undersigned within 30 days of the date of this letter with the following information: a) Delta’s specific plans and timeline to comply with CalOPPA; or b) why you believe this app is not covered by CalOPPA.” The Complaint at page 6 acknowledges that on October 30, 2012, several media sources reported that Delta had released a statement that Delta had received the letter and intended to provide the requested information. The Attorney General’s 30-day notice letter is dated October 26, 2012. The Complaint was filed 41 days later, on December 6, 2012.
Clearly the Attorney General intends that its Complaint against Delta get broad attention, and it will, not only for the allegations and possible damages, but also for the decision by the Attorney General to not cut Delta much slack on its response time. In other words, if you get one of these letters from the Attorney General, take it seriously and act promptly within the 30-day notice window.
Risk Management – $109 million for powerline electrocution case
Noticed this story on Yahoo News, from ABC News, that a Pennsylvania jury awarded a family $109 million in a wrongful death case against a utility company after a mother was electrocuted from a fallen power line. Click Here for the article.
The article suggests that the evidence indicated that the powerline might not have been cleaned properly by utility workers in prior years, had rusted, had fallen into the yard five and six years earlier, and then overheated in the current situation causing the trees in the yard to catch fire, and ultimately snapped and fell on the woman as she called the utility company to report the current problem, with her mother-in-law and young daughters watching.
Per the article, one juror told Associated Press that the jury wanted to send a message that not applying safe practices across the board is not acceptable, which sounds to me like a punitive damages argument. The article doesn’t indicate how the damage award amount was determined or if punitive damages were awarded. Putting a value on a life is difficult, and in fact no value can be put on a life; however, juries are required to do so each day, and $109 million award definitely is large. The article also doesn’t indicate what actions were taken by the utility company after the powerline problems in 2003 and 2004 – apparently the powerline was repaired after those powerline falls and no apparent problems then occurred for several years.
From a risk management perspective unfortunately the article doesn’t provide us with sufficient information that I would want to know and that would be important to an evaluation; however, it should serve as a reminder to employees, management and boards about the importance of developing, using and monitoring risk management practices.
Risk management – should BP be banned from contracts with the federal government?
Recently, on November 28, 2012, the EPA announced (Click Here) that it has temporarily suspended BP from new contracts with the federal government “due to BP’s lack of business integrity as demonstrated by the company’s conduct with regard to the Deepwater Horizon blowout, explosion, oil spill and response, as reflected by the filing of a criminal information.” The suspension does not affect existing agreements BP may have with the government.
Perhaps a contrarian question: but should BP be suspended from new contracts? Obviously the spill was a human and environmental disaster. And I have previously expressed surprise that in addition to BP, the oil companies in that geographic region apparently did not have available collective equipment that any of them could have used in the case of a spill or other emergency.
But what if BP now has fixed its risk management practices, and what if those practices are state of the art? What if BP’s risk management practices are now better than other operators in that region? And what risk management practices did the federal government as the entity that leases the oil rights require in that region before the spill, and how have those required practices and the government’s oversight now been improved, if at all? These are some of the questions that I would like to see answered with a view toward current and future risk management.
Risk Management? Why Older Adults Become Fraud Victims More Often – New Study by UCLA
Why older adults become fraud victims more often – new study by UCLA, here’s the link, Click Here.
Is this is a possible risk management issue for estate planning attorneys, courts, banks and other financial institutions, and probably others that don’t come to mind at this time?
See also the post to my California estate, trust and elder litigation blog, Click Here.
Dave Tate
TATE'S TALK - CAUSE & EFFECT 