Category: Compliance Programs

McNulty Keynote on a Tale of Two Sectors

compliance-week-green

My notes, live, from former U.S. Deputy Attorney General Paul McNulty Keynote on A Tale of Two Sectors: The Challenges of Corporate Compliance – When Enforcement Increases and the Economy Declines. Mr. McNulty is now a partner at Baker & McKenzie. He is the author of the McNulty Memo on the government’s perspective on prosecuting organizations.

This issue of compliance has changed the corporate landscape. There is a sobering reality with a contrast between the government’s aggressive enforcement of white collar crime while the corporate sector is in a defensive position trying to cut costs and survive the economic downturn.

How can a company survive in this enforcement and economic environment? How can they move into emerging markets with corruption issues?

Enforcement is rising sharply. There is more effort being put into catching and punishing economic crime. FCPA is a hot issue because of a combination of increased disclosure, increased communication, and increased international cooperation. These factors are not unique to FCPA. That is why we are seeing an increase in other financial crime enforcement.

There is a lot of effort of punishing individuals, not just organizations.

How do we respond to this environment? There are several “must haves.”

  • Leadership with a strong tone and strong structure.
  • A risk based strategy, looking at where you are doing business and how you are doing business.
  • Standards and controls to provide evidence that there is commitment and it is translated to specific things
  • Training is essential. You need to get the word out.
  • Monitoring so that you can see what is working and what is not working.

The cost of non-compliance is great. If you think compliance is expensive, try non-compliance.

If you are the target of a government action there are some things you should do. You want to have a thorough and cost effective investigation. You want the government to feel that they do not need to conduct their own investigation. You need to be credible and sufficiently independent. It also needs to be timely. Cost control is an issue. There is some tension between thoroughness and cost. You want to focus on the scope. You don’t want it to be too narrow, but if it is too broad the costs will be excessive. Create an investigation plan at the outset. Keep a close eye on your auditors and attorneys.

You want to get your “compliance credit.” In his memo (and the others) one of the factors is the existence of a strong compliance program. Make sure that if you think you had a strong compliance program that the government sees that there is a strong program.

You want to get your “cooperation credit.” The key is to be able to cooperate without waiving the attorney-client privilege. You want to avoid derivative lawsuits from other non-government parties.

You want to avoid a monitor. The government is looking for a hedge to avoid the risk that there is something more going on inside the organization. That means you need to convince the government that the organization wants to know the whole truth and will immediately take the steps to cure the problem.

Will prosecutors look at a decreased compliance budget as a bad mark? Maybe. You can be more effective with a smaller budget, but it means being more effective and revisiting the structure of your program. The risk increases when there are fewer resources dedicated to the program.

(These notes are taken live, so I apologize if I left out anything or misquoted someone. Please forgive any typos or grammatical errors.)

The S&P Assessments

compliance-week-blue

My notes, live, from the Compliance Week Conference session by Steven Dreyer who is overseeing Standard & Poor’s program to assess corporate ERM efforts as part of credit ratings. Standard & Poor’s To Apply Enterprise Risk Analysis To Corporate Ratings (.pdf)

S&P’s ERM review for non-financial companies will be based primarily on information provided by issuers in public disclosures and through discussions with S&P analysts. S&P does not require written responses to these questions, but will certainly consider them if provided to supplement or make more efficient our in-person discussions.

  • What are the company’s top risks, how big are they, and how often are they likely to occur? How often is the list of top risks updated?
  • What is management doing about top risks?
  • What size quarterly operating or cash loss has management and the board agreed is tolerable?
  • Describe the staff responsible for risk management programs and their place in the organization chart. How do you measure success of risk management activities?
  • How would a loss from a key risk impact incentive compensation of top management and on planning/budgeting?
  • Tell us about discussions about risk management that have taken place at the board level or among top management when making strategic decisions.
  • Give an example of how your company responded to a recent “surprise” in your industry and describe whether the surprise affected your company and others differently.

All S&P cares about is the ability of the company to repay its debt. Corporate social responsibility is nice, but does not affect credit. S&P does not lower a credit rating on an airline because of a plane crash. They care about cash flow. They do care if a risk is a risk to cash flow. S&P is not a missionary for ERM.

So why are they adding ERM to credit ratings to non-financial institutions?

  • Enhance Analytical Process & Focus
  • Create More Forward-Looking Ratings
  • Better Insights and Communication on Management
  • Differentiate Better

Non-financial institutions tend to die very slow deaths. Financial institutions have the potential to fall off a cliff and disappear quickly. For non-financial institutions, ERM is a means to see inside the enterprise to see how they may be able to bounce back from issues and crises.

Every company has an appetite risk and a tolerance for risk. By focusing on risk management, there is some insight about how they treat risk, the appetite and the tolerance.

What Is S&P Not Looking For… (These mindsets can actually hinder effectiveness):

  • Eliminating all risks
  • Cramming together disparate policies
  • Solely compliance/disclosure requirements
  • Replacement for internal controls
  • A shiny new software program
  • Naming a CRO and calling it a day

“The reviews will focus predominantly on risk-management culture and strategic risk management, two universally applicable aspects of ERM.” – Standard & Poor’s To Apply Enterprise Risk Analysis To Corporate Ratings, May 7, 2008

Culture = Communications, Frameworks, Roles, Policies, Metrics, Influence

Strategic = Identification and Updating Process, Impact on Key Decisions

Here are some ERM discussion topics he offered:

  • How are key risks identified, updated, and dealt with?
  • How is risk tolerance defined and communicated?
  • Who “owns” risk in the organization and how is success measured?
  • What is the board’s involvement in risk management?
  • How did your company respond to _______________ ?

Ultimately, they are looking for evidence of effectiveness. They are planning to release the criteria during the fourth quarter of 2009. They are currently in the process of benchmarking and comparing information. They are thinking about using a rating scale, but there is a concern that people will focus on the number and not the nuances that went into the number.

A counter-intuitive result was that the companies that responded quicker to questions were more accurate than those that took longer. The quick result was because they had better access to their information. The longer response was because the information was hard to find and less reliable.

(These notes are taken live, so I apologize if I left out anything or misquoted someone. Please forgive any typos or grammatical errors.)

Assessing the Effectiveness of Compliance and Ethics Programs

compliance-wek-purple

My notes, live, from Jack Holleran of Ernst & Young  and Patricia Prince-Taggart of CA on ways to measure program effectiveness, with an analysis of qualitative and quantitative measures.

Jack put forth three primary objectives to compliance programs:

  • To prevent non-compliance
  • To detect non-compliance
  • To enhance business processes and decision-making

He offered the following as the benefits of measurement:

  • Enables you to “know where you are”
  • Enables you to demonstrate effectiveness to Executive management
  • Enables you to demonstrate effectiveness to Audit committee
  • Enables you to demonstrate effectiveness to Regulators
  • Enables you to identify and prioritize opportunities for improvement in ethics and compliance program (design and execution)
  • Enables you to demonstrate business case, or value, that ethics and compliance program provides to the business

He offered this as his illegible diagram of a compliance program:

ernst-framework

Qualitative measures

  • Provide some indication of awareness of ethics and compliance program
  • Tend to be subjective in nature
  • Useful in identifying trends

Quantitative measures

  • Provide objective insights into program effectiveness
  • Tend to be hard data
  • Useful for benchmarking your company to other organizations or within industry

Measuring effectiveness – the role of auditing and monitoring:

Evaluate each control for adequacy:

  • As designed, will it prevent / detect? Alone, or with other controls?
  • If design is adequate, test to verify control is operating as designed

Testing examples:

  • Field work: policy application within business units
  • Continuous testing: review of helpline calls, customer complaints
  • Transaction reviews for red flags
  • Risk-based reviews (e.g., FCPA, environmental)
  • Surveys/focus groups to measure awareness, attitudes, knowledge

Establish procedures for conducting investigations:

  • Confidentiality
  • Case resolution procedures
  • Post-resolution surveys of callers
  • Checking for possible retaliation

You want to determine the “Effectiveness Gap”: the difference between the inherent risk and management’s effectiveness.

Ethics and compliance, like any business function, faces the internal challenge of demonstrating return on investment (ROI). Measuring effectiveness can enhance your ability to demonstrate ROI. Trending over time can produce insights.

Starting is the most important part of effectiveness. Doing nothing is not effective. You can’t be afraid to find out information.

Here are some other resources they recommended:

Metrics Qualification Tool
www.oceg.org/view/mqt

The Elephant in the Room: Program Evaluation & Performance Measurement
www.oceg.org/view/elephant

Measurement & Metrics Guide: Performance Measurement Approach and Metrics for a Compliance & Ethics Program www.oceg.org/view/MMG

Metrics Full Listing
www.oceg.org/view/mmglisting

Metrics & Measurement Guide Presentation: Beyond Effectiveness
www.oceg.org/view/MMGPreso

(These notes are taken live, so I apologize if I left out anything or misquoted someone. Please forgive any typos or grammatical errors.)

Harvey Pitt on Ethical Cultures in a Down Economy – Compliance Week Keynote

compliance-week-conference

My notes, live, from the Compliance Week keynote speech by Harvey Pitt on Ethical Cultures in a Down Economy:

After a very brief introduction (especially compared to yesterday’s keynote) by Scott Cohen, Mr. Pitt dove into an entertaining and informative speech.

Learning from history is in fact virtually impossible. The only thing we only learn from history is that we never learn from history. It is the science of what never happens twice.

Cutting corners may have some short term benefits, but endanger your long term success. This century has barely begun and we already have plethora of financial scandals. So many high-flying companies have come crashing down, destroying the companies and the investors. We have to avoid failures at all corporate levels that every person within the company is responsible for being a watchdog for transgressions.

It seems that we never learned from the Enron era scandals. Business scandals are inevitable, as is the follow-up government action. But those too often only focus on the last crisis and do not look ahead to potential new issues. SOX did not prevent the current economic crisis and its failures of corporate governance. It is inevitable that new laws will come out to address the crisis that just happened. Mr. Pitt seems skeptical that they will prevent the next set of crisis and failures.

Mr. Pitt thinks directors will be held accountable for the failures of their organization and the failure of their risk management. he thinks the answer is simple. The long term success of a company is the ability to survive under “Corporate Darwinism.” Only those with the best governance and the most ethical culture will survive. The regulatory and prosecutorial environment is going to be hostile for the foreseeable future. Being law-abiding only gets you so far. It is not same as acting honestly and ethically.

Something always go wrong.

Good corporate ethics is not just talking the talk, but also walking the walk. You need to recognize that an ounce of prevention is worth a pound of cure. You need to minimize risk and continually assess the risk. You need to deal with the risk before the next crisis.

Be a Boy Scout and “Be Prepared.” It is better to be ahead of the curve and ready for what may be coming.

Knowledge is power. You need full and complete information in order to assess risk and govern the organization. The most dangerous risk is the risk you are nor aware of. You need to make sure that information flows up the chain and throughout the organization.

Don’t shoot the messenger. Risk management should not be thought as a cost center.

Make sure that everyone is “invested” in the organization. It is part of everyone’s job description to be alert for potential problems, addressing problems and resolving problems. You need to engage all employees in developing and running the program.

There is no such thing as a “small” ethical problem. They always grow into a big problem if left unaddressed. Not every breach is a hanging offense, but they all need to be treated seriously.

It’s the quality not the quantity that counts. You can have binders full of policies. But they are useless if employees are not aware of them and ignore them.

Pay for integrity. If boards want to show the importance of ethics, they need to tie compensation to it. They need to place a cost for failures as well.

Trust, but verify. Ask the tough questions and examine the underlying premise of their information. You need to make sure your conclusions are sound.

The third little pig had it right. You can’t build your house out of flimsy materials.

Treat everyone who cries wolf as if they are credible. It is the warning you ignore that is more likely to hurt your organization. It’s not how complaints are raised. The only issue is whether there is any truth to the claims. You need to find the truth. The only way to find out is to respond to the call and investigate.

If you manage for the short term, you will not be around in the long term.

At the end of his speech, Mr. Pitt sat down with Mr. Cohen.

Mr. Pitt pointed out that government failed to have effective risk management during the current financial crisis.

He thinks SOX was hastily drafted. It was necessary because of the upheaval and government needed to show that it would put up with that kind of behavior. He thinks SOX has been ineffective. It is approached as a liability issue and treated with a check the box mentality. We would not have had the most recent crisis if SOX was effective.

What me need now is not more regulation or less regulation, it is smarter regulation. Businesses sit back and wait for government to tell them what they are doing wrong and then don’t like what the government tells them to do. Businesses need to discover problems before they become a problem.

(These notes are taken live, so I apologize if I left out anything or misquoted someone. Please forgive any typos or grammatical errors.)

Richard Ketchum Keynote from the Compliance Week Conference

compliance-week-green

My notes, live, from the Richard Ketchum keynote at the Compliance Week Conference. Mr. Ketchum is the newly named chairman and CEO of FINRA.

It is a terribly important time as financial markets are in the process of transformation. It was two years ago when the first signs of the credit crisis appeared. The silver lining is that the crisis offers an opportunity to reform the financial markets.

Mr. Ketchum moved onto the idea of a systemic risk regulator. He thinks some regulator will be in place. As to whether it is a single entity or a council of regulators, Mr. Ketchum stated that some of the risk and problems came from loosely regulated entities and in transactions that were not transparent. He thinks value of a systemic regulator is good but thinks we need to focus on the function of this new regulator. He wants to avoid duplication and also to avoid things falling through the cracks.

He looked to the Federal Reserve as regulator that had a broad mandate to see big problems. They were less able to focus on the detail of regular reporting and maintenance. He thinks the new systemic regulator should not replace existing regulators. He also did not seem to like the idea of breaking up the SEC. They are very involved in many aspects of the markets and have a breadth of experience and controls in place.

He moved on to the issue of short selling in the marketplace.  There are several proposals being reviewed as a result of the fierce short-selling that happened in September and October. He thinks the selling that happened during that time was most long sellers, not short sellers. Short selling may have caused the disappearance of any buyers. He seems to be leaning toward a circuit-breaker when a company’s stock is under pressure. He did not seem to give a straight answer.

He moved onto the subject of derivatives. The market provides a great deal of leverage, has a great deal of inefficiency and is very transparent. The derivatives markets also react quicker than the equity markets. He thinks the key is transparency so we can see the movement and the risk. The opacity of the derivatives markets contributed to the plunge in the investment markets.

He moved onto the lessons we could learn from volatile markets. He thinks we need to revisit diligence and reduce our reliance on ratings to get a better understanding of the security (in particular asset-backed securities). You need to keep the creators of the securities away from the ratings of the securities.

He thinks compliance needs to be infused into more functions. He thinks compliance officers can look at the risks and not rely on assumptions. You need to make sure that decisions that benefit the company do not come at the expense of the company’s clients or customers.

Nobody feels good about the implosion of the financial markets. FINRA is re-evaluating their internal processes to see what they could do better. He pointed out the new FINRA Whistleblower hotline. FINRA is looking at ways to make sure things do not fall through the cracks.

He thinks the biggest gap is the different regimes between broker-dealers and investment advisers. He thinks investment advisers need to be more regulated and more closely examined. he does recognize that there are different risks and different concerns. You can’t throw the same rulebook at them, but he thinks you need to keep a closer eye on them.

The keystone moving forward is winning back the trust of investors. Without trust, the markets are paralyzed. Fraud impoverishes the few; distrust impoverishes many.

In the chat session, Matt put the Madoff scenario in front of Mr. Ketchum. He thinks that is the great example of having different regimes for broker-dealers and investment advisers. FINRA could not look over the wall at the advisory side of the business.

There is no definition of a systemic risk. Mr. Ketchum thinks it is one that can impact the financial marketplace as a whole and not just an individual institution.

(These notes are taken live, so I apologize if I left out anything or misquoted someone. Please forgive any typos or grammatical errors.)

Self-Assessments: Criteria and Procedures for Evaluating GRC Programs

compliance-week-dark-blue

My notes, live, from Self-Assessments: Criteria and Procedures for Evaluating GRC Programs, with Gracie Fisher Renbarger, Chief Ethics and Compliance Officer of Dell; Nan Stout, Vice President Business Ethics of Staples; and Carole Stern Switzer, President of OCEG.

Carole started off with two observations:

  • Designing, implementing, and improving a governance, risk management and compliance (GRC) system is a time and resource-intensive proposition.
  • Periodically evaluating the design and operation of the system is essential to demonstrate that the organization’s GRC initiatives are delivering outcomes that really matter.

Carole pointed out that GRC is more than Governance, Risk and Compliance, but it is really awkward to have a 13 letter acronym.

She turned to design effectiveness. “Given our objectives and all of the risks and requirements related to these objectives, do we have controls, incentives and other structures in place that will provide reasonable assurance that we will meet these objectives?” You can also have less ambitious goals for our evaluation:

  • I’d like a “gut check” on how my hotline is designed
  • I’d like a high-level assessment of whether our risk identification has captured all of the right risks and requirements compared with my peers

Or more ambitious goals:

  • Is this compliance program deemed “effective” by an enforcement agency or external monitor?

How do you evaluate to address effectiveness? Start by determining what to evaluate and the scope of the risk assessment. One of the issues is that your effectiveness is based on the negative. It is hard to prove that something did not happen because of the program.

You want to ask:

  • Do we have SOMETHING in place?
  • Do we have the ENOUGH in place?
  • Do we have TOO MUCH in place?

The next step is to design for performance. You want to be effective, but you also want to be efficient and responsive. “There’s no point in measuring something you can’t fix.”

Carole used a standard for performance called SMART:

  • Specific/simple
  • Measurable
  • Actionable
  • Relevant
  • Timely

Not having data available is a challenge in some organizations. You need to measure perception and compare it to facts. You can say that you have a non-retaliation policy. But that does not do any good if people perceive that they will be fired for reporting a problem.

Next up was Nan to talk about their beta test of OCEG’s Burgundy Book. She thought is was important to give employees multiple ways to report problems, but wanted to store all of that information in one place.

Gracie shared her experiences with the OCEG certification at Dell. The objective of Dell’s FCPA Compliance Program is to be “Effective” and “Aligned.” “Effective” means program meets the US Federal Sentencing Guidelines’ definition of an effective compliance program. “Aligned” means program activities address actual risks and are aligned to Dell’s business objectives.

The following Elements are assessed:

Culture:

  • Processes established to monitor and address cultural indicators to ensure program is operating in a culture of integrity (i.e., employee surveys, compliance training tracking, etc.)
  • Defined program goals and objectives that align to organization objectives and strategic business initiatives (i.e., supports Dell’s profit and business goals related to “emerging market” expansion, etc.)

Organize & Oversee:

  • Defined roles and responsibilities for program oversight, assurance and day-to-day management (i.e., AC, GECC, Ethics & Compliance Office, etc.)

Assess & Align:

  • Process for identifying and assessing FCPA risk (i.e., identify whether operating in countries with high level of perceived corruption, etc.)
  • Plan to deploy program initiatives in response to risk assessment results (i.e., education rollout in China, etc.)

Prevent & Promote:

  • Existence of Code of Conduct and FCPA Compliance Policy
  • Process for policy development (i.e., executive management approval, etc.)
  • Process for deployment of policy (i.e., website repository and blog communication, etc.)
  • Education plan (i.e., maximum, heightened, general awareness, etc.)

Detect & Discern:

  • Intake and investigations (i.e., employee reporting, investigation process, etc.)

Respond & Resolve:

  • Infrastructure for intake, investigation and resolution of incidents (i.e., staffing, case management system, etc.)
  • Remediation (i.e., discipline, recommended preventative controls, etc.)

Monitor & Measure:

  • Monitor feedback and strive for continuous improvement of the program (i.e., feedback to Ethics Managers and formal employee inquiry/response process, etc.)

Inform & Integrate:

  • Process for communicating program (i.e., blog, cascaded communications, etc.)

A question from the audience: Can you measure the change in culture? It is hard. You need to always look for indicators. Some are lead indicators and some are trailing indicators. One goal of GRC is to pull as much information as possible into one place so those indicators are in one place.

The emphasis of the session was not to advocate a specific framework, but the importance of having a process.

A key to modifying behavior is to make non-compliance more painful than compliance. But you want more than a fear of being caught. You want your employees to strive for better behavior.

(These notes are taken live, so I apologize if I left out anything or misquoted someone. Please forgive any typos or grammatical errors.)

Luis Aguilar Keynote at Compliance Week Conference

compliance-week-purple

My notes, live, from the keynote by SEC Commissioner Luis A. Aguilar:

James Doty of Baker Botts introduced the Commissioner. (A disclaimer from the Commissioner: the speech is his opinion alone and not necessarily the view of the SEC.)

The Commissioner titled his presentation “Reversing Course: Putting Investors First.” The focus should be on protecting investors and restoration of stability to the capital markets. We need to restore trust in the markets. That means regulatory reform.

First, we need a search and inquiry into the cause of the crisis. Blaming the regulatory market is not responsive. Perhaps it was an unwillingness to exercise their management and look deeper into the markets. He is enthusiastic about a bi-partisan panel to look into the crisis. Too much regulatory reform focused on how it would help the financial firms and not how they would help investors. We need to look at the intrinsic risks and conflicts in the system. He saw pattern of de-regulation that help financial firms with little examination of how they would affect investors. Modernization of the markets has been used as a disguise for de-regulation.

He moved onto the need for a systemic risk regulatory body. He thinks we need some clarity on what we mean by systemic risk. He does not like the focus on “Too big to fail” and its focus on particular entities. He thinks the focus needs to be key functions in the market not the entity. He would want to isolate these functions in the entity.

Instead of a new regulatory body, he prefers a council of different regulators with different expertise would work better. It is better to have several sentries instead of just one monolithic guard. It would also avoid the conflicts inherent in the mandates of a particular regulator. There is a question of the particular powers of the council and the procedures for the council.

He moved onto the idea of a financial product safety commission. There is an idea that financial products get rated as safe or unsafe. The Commissioner does not like this idea. He draws a line between investment financial products and non-investment financial products. For non-investment products like credit cards and mortgages, the terms are set at the outset. However, with an investment financial product has values that will fluctuate and the risks will change over the course of time.

Investor protection is different than consumer protection. Removing products from a regulatory scheme could result in regulatory arbitrage.

What about a U.S. FSA, a single regulator for all of the financial markets? Commissioner Aguilar has concerns about this model. Could a regulator responsible for keeping financial institutions viable also be aggressive in pursing consumer claims of misdeed against the institution? The Commissioner does not think so. It can also increase systemic risk. If the single regulator gets it wrong, there is no fall back protection or other bodies to step into the gap.

He does like the idea of a single regulator for all of the capital markets. He does not like the split between the CFTC and SEC with the regulation of derivatives separate from the regulation of the underlying securities.

He advocates self-funding the SEC. He alludes to reductions in the budget of the SEC has affected the effectiveness of the SEC.

The Commissioner think the staff of the SEC has been unduly tarnished.

After his speech, the Commissioner sat down for a fireside chat with Matt Kelley, the Editor-in-Chief of Compliance Week, taking questions from the audience.

He expects enforcement to be quicker than in the past.

He went back to the self-funding part of this speech. He compares the big staff of the FDIC to the SEC. The FDIC has more people and keeps tabs on fewer institutions. The SEC needs more resources.

It sounds like the IFRS may be a lesser priority under the new administration.

It was a nice speech and chat by the Commissioner.

(These notes are taken live, so I apologize if I left out anything or misquoted someone. Please forgive any typos or grammatical errors.)

EthicsPoint Regional User Forum

ethicspoint-logo

Today I am attending the EthicsPoint Regional User Forum in Natick, Massachusetts. Here is the agenda:

  • EthicsPoint Executive Overview – Bill Piwonka, EthicsPoint Senior Director of Marketing will share insight on all things EthicsPoint – including product roadmap into 2010
  • Management, Oversight, and Analytics – A panel of experts will share best practices and ideas on using EthicsPoint’s reporting and analytics to drive transparency and insight into the risks facing your organization
  • Client & Industry Benchmarking Data –  See how your organization’s reporting statistics compare to others in your industry and the entire EthicsPoint customer base
  • Social Media in Compliance – Doug Cornelius (hey that’s me!) will lead a discussion on how you can incorporate tools such as LinkedIn, Twitter, Facebook, YouTube, Delicious and others to help foster a culture of integrity and compliance. Check out Doug’s website at https://www.compliancebuilding.com
  • Incident Awareness and Intake Roundtable – Roundtable opportunity to learn how other EthicsPoint customers have encountered and solved challenges around incident awareness and intake

I assume most of the sessions will be dark, but I may have some notes. I will be sharing my presentation and resources on Social Media in Compliance in a later post.

EthicsPoint provides an anonymous complaint and tip hotline for my company.

Workplace Challenges of Pandemics

h1n1-virus

The reality of an influenza pandemic has now reached the American workplace. The Swine Flu H1N1 Influenza seems to have been overblown and is now ebbing. There were only two confirmed deaths. It appears that H1N1 is neither particularly contagious or deadly. In comparison, the H5N1 virus (the Avian Flu) is very deadly with an almost 50% mortality rate. Fortunately, the H5N1 virus is not contagious and is very difficult to spread.

Even though H1N1 did not turn into a pandemic, it is a good time to address your workplace plans for pandemics.

Employers need to to implement responses that protect their healthy employees, guard the privacy of sick employees, and comply with applicable national, state, and local law requirements. It is essential that employers do not permit overexcited media coverage to push them into taking actions that may be illegal or frightening to their employees.

The first step is to encourage healthy behavior by your employees:

  • Cover your nose and mouth with a tissue when you cough or sneeze. Throw the tissue in the trash after you use it.
  • Wash your hands often with soap and water, especially after you cough or sneeze.
  • Avoid touching your eyes, nose or mouth. Germs spread that way.
  • Stay home if you get sick. Limit contact with others to keep from infecting them.

In planning for a pandemic, you need to be careful if you decide to survey your employees about factors that may cause them to miss work in the event of a pandemic. You can trip over health privacy issues and ADA limitations. The EEOC made an ADA-Compliant Pre-Pandemic Employee Survey:

Directions: Answer “yes” to the whole question without specifying the reason or reasons that apply to you. Simply check “yes” or “no” at the bottom.In the event of a pandemic, would you be unable to come to work because of any of the following reasons:

  • If schools or day-care centers were closed, you would need to care for a child;
  • If other services were unavailable, you would need to care for other dependents;
  • If public transport were sporadic or unavailable, you would be unable to travel to work, and/or;
  • If you or a member of your household fall into one of the categories identified by CDC as being at high risk for serious complications from the pandemic influenza virus, you would be advised by public health authorities not to come to work (e.g., pregnant women; persons with compromised immune systems due to cancer, HIV, history of organ transplant or other medical conditions; persons less than 65 years of age with underlying chronic conditions; or persons over 65).

Answer: YES __________ NO __________

It’s time to give some thought about what your workplace would to in the event there is a pandemic.

References:

The image is the H1N1 influenza virus, taken in the CDC Influenza Laboratory.