Five Compliance Best Practices for … Conducting a Risk Assessment

As an accompaniment to our biweekly series on “What Every Multinational Should Know About” various international trade, enforcement, and compliance topics, we are introducing a second series of quick-hit pieces on compliance best practices. Give us two minutes, and we will give you five suggested compliance best practices that will benefit your international regulatory compliance program.

Conducting an international risk assessment is crucial for identifying and mitigating potential risks associated with conducting business operations in foreign countries and complying with the expansive application of U.S. law. Because compliance is essentially an exercise in identifying, mitigating, and managing risk, the starting point for any international compliance program is to conduct a risk assessment. If your company has not done one within the last two years, then your organization probably should be putting one in motion.

Here are five compliance checks that are important to consider when conducting a risk assessment:

  1. Understand Business Operations: A good starting point is to gain a thorough understanding of the organization’s business operations, including products, services, markets, supply chains, distribution channels, and key stakeholders. You should pay special attention to new risk areas, including newly acquired companies and divisions, expansions into new countries, and new distribution patterns. Identifying the business profile of the organization, and how it raises systemic risks, is the starting point of developing the risk profile of the company.
  2. Conduct Country- and Industry-Specific Risk Factors: Analyze the political, economic, legal, and regulatory landscape of each country where the organization operates or plans to operate. Consider factors such as political stability, corruption levels, regulatory environment, and cultural differences. You should also understand which countries also raise indirect risks, such as for the transshipment of goods to sanctioned countries. You also should evaluate industry-specific risks and trends that may impact your company’s risk profile, such as the history of recent enforcement actions.
  3. Gather Risk-Related Data and Information: You should gather relevant data and information from internal and external sources to inform the risk-assessment process. Relevant examples include internal documentation, industry publications, reports of recent enforcement actions, and areas where government regulators are stressing compliance, such as the recent focus on supply chain factors. Use risk-assessment tools and methodologies to systematically evaluate and prioritize risks, such as risk matrices, risk heat maps, scenario analysis, and probability-impact assessments. (The Foley anticorruption, economic sanctions, and forced labor heat maps are found here.)
  4. Engage Stakeholders: Engage key stakeholders throughout the risk-assessment process to gather insights, perspectives, and feedback. Consult with local employees and business partners to gain feedback on compliance issues that are likely to arise while also seeking their aid in disseminating the eventual compliance dictates, internal controls, and other compliance measures that your organization ends up implementing or updating.
  5. Document Findings and Develop Risk-Mitigation Strategies: Document the findings of the risk assessment, including identified risks, their potential impact and likelihood, and recommended mitigation strategies. Ensure that documentation is clear, concise, and actionable. Use the documented findings to develop risk-mitigation strategies and action plans to address identified risks effectively while prioritizing mitigation efforts based on risk severity, urgency, and feasibility of implementation.

Most importantly, you should recognize that assessing and addressing risk is an ongoing process. You should ensure your organization has established processes for the ongoing monitoring and review of risks to track changes in the risk landscape and evaluate the effectiveness of mitigation measures. Further, at least once every two years, most multinational organizations should be updating their risk assessment periodically to reflect evolving risks and business conditions as well as changing regulations and regulator enforcement priorities.

The Imperatives of AI Governance

If your enterprise doesn’t yet have a policy, it needs one. We explain here why having a governance policy is a best practice and the key issues that policy should address.

Why adopt an AI governance policy?

AI has problems.

AI is good at some things, and bad at other things. What other technology is linked to having “hallucinations”? Or, as Sam Altman, CEO of OpenAI, recently commented, it’s possible to imagine “where we just have these systems out in society and through no particular ill intention, things just go horribly wrong.”

If that isn’t a red flag…

AI can collect and summarize myriad information sources at breathtaking speed. Its ability to reason from or evaluate that information, however, consistent with societal and governmental values and norms, is almost non-existent. It is a tool – not a substitute for human judgment and empathy.

Some critical concerns are:

  • Are AI’s outputs accurate? How precise are they?
  • Does it use PII, biometric, confidential, or proprietary data appropriately?
  • Does it comply with applicable data privacy laws and best practices?
  • Does it mitigate the risks of bias, whether societal or developer-driven?

AI is a frontier technology.

AI is a transformative, foundational technology evolving faster than its creators, government agencies, courts, investors and consumers can anticipate.

AI is a transformative, foundational technology evolving faster than its creators, government agencies, courts, investors and consumers can anticipate.

In other words, there are relatively few rules governing AI—and those that have been adopted are probably out of date. You need to go above and beyond regulatory compliance and create your own rules and guidelines.

And the capabilities of AI tools are not always foreseeable.

Hundreds of companies are releasing AI tools without fully understanding the functionality, potential and reach of these tools. In fact, this is somewhat intentional: at some level, AI’s promise – and danger – is its ability to learn or “evolve” to varying degrees, without human intervention or supervision.

AI tools are readily available.

Your employees have access to AI tools, regardless of whether you’ve adopted those tools at an enterprise level. Ignoring AI’s omnipresence, and employees’ inherent curiosity and desire to be more efficient, creates an enterprise level risk.

Your customers and stakeholders demand transparency.

The policy is a critical part of building trust with your stakeholders.

Your customers likely have two categories of questions:

How are you mitigating the risks of using AI? And, in particular, what are you doing with my data?

And

Will AI benefit me – by lowering the price you charge me? By enhancing your service or product? Does it truly serve my needs?

Your board, investors and leadership team want similar clarity and direction.

True transparency includes explainability: At a minimum, commit to disclose what AI technology you are using, what data is being used, and how the deliverables or outputs are being generated.

What are the key elements of AI governance?

Any AI governance policy should be tailored to your institutional values and business goals. Crafting the policy requires asking some fundamental questions and then delineating clear standards and guidelines to your workforce and stakeholders.

1. The policy is a “living” document, not a one and done task.

Adopt a policy, and then re-evaluate it at least semi-annually, or even more often. AI governance will not be a static challenge: It requires continuing consideration as the technology evolves, as your business uses of AI evolve, and as legal compliance directives evolve.

2. Commit to transparency and explainability.

What is AI? Start there.

Then,

What AI are you using? Are you developing your own AI tools, or using tools created by others?

Why are you using it?

What data does it use? Are you using your own datasets, or the datasets of others?

What outputs and outcomes is your AI intended to deliver?

3. Check the legal compliance box.

At a minimum, use the policy to communicate to stakeholders what you are doing to comply with applicable laws and regulations.

Update the existing policies you have in place addressing data privacy and cyber risk issues to address AI risks.

The EU recently adopted its Artificial Intelligence Act, the world’s first comprehensive AI legislation. The White House has issued AI directives to dozens of federal agencies. Depending on the industry, you may already be subject to SEC, FTC, USPTO, or other regulatory oversight.

And keeping current will require frequent diligence: The technology is rapidly changing even while the regulatory landscape is evolving weekly.

4. Establish accountability. 

Who within your company is “in charge of” AI? Who will be accountable for the creation, use and end products of AI tools?

Who will manage AI vendor relationships? Is their clarity as to what risks will be borne by you, and what risks your AI vendors will own?

What is your process for approving, testing and auditing AI?

Who is authorized to use AI? What AI tools are different categories of employees authorized to use?

What systems are in place to monitor AI development and use? To track compliance with your AI policies?

What controls will ensure that the use of AI is effective, while avoiding cyber risks and vulnerabilities, or societal biases and discrimination?

5. Embrace human oversight as essential.

Again, building trust is key.

The adoption of a frontier, possibly hallucinatory technology is not a build it, get it running, and then step back process.

Accountability, verifiability, and compliance require hands on ownership and management.

If nothing else, ensure that your AI governance policy conveys this essential.

Best Practices for Clearances and Opinions

Last week, Mintz Member Lisa Adams moderated a panel discussion between in-house attorneys that covered best practices for conducting patent clearances and obtaining non-infringement and invalidity opinions. The panel discussion, which was hosted by the Boston Patent Law Association, focused on key practical considerations that ensure product clearances and opinions are used as effective tools in a comprehensive intellectual property protection strategy. Here are some key takeaways from the panel’s conversation:

Start the clearance analysis for a product well in advance of the product launch, and update it throughout the lifecycle of the product   

It can be too advantageous to start the process of clearing a product for market as far in advance of the product’s marketplace launch as possible. Taking a proactive approach to product clearance can help avoid the possibility of having to perform a costly product redesign just prior to the product’s launch. An efficient approach to clearing a product may be to perform an initial landscape search to understand the scope of the art in a product’s technical area when the development of the product is in its earliest stages, to monitor the progress of product development and update the search accordingly as additional product details are learned/finalized, and to focus the clearance effort with freedom-to-operate analyses as the product moves closer to launch. The analysis does not end with product launch, but instead updated searching should be performed throughout the lifecycle of the product.

Consider keeping clearance/freedom-to-operate work product and analysis with outside counsel

A paper trail of conversations and assessments on product clearances, landscapes, and freedom-to-operate analyses between employees could become discoverable in litigation, which could be detrimental to your position in the litigation. The likelihood of the content of the analysis becoming inadvertently discoverable can be minimized by outsourcing the clearance work to outside counsel and having outside counsel maintain and manage the analysis.

Consider varying the approach to clearances based on the circumstances and the value/risk to the business

The decision of whether to commission a detailed and highly documented freedom-to-operate analysis should be based on the consideration of a variety of factors, such as the level of importance of the product, where the product is in the life cycle and the risks in play for the business. While one may consider involving outside counsel if the analysis of whether a product is cleared for launch is complex, it may not be necessary for simpler analyses with fewer issues.  In-house counsel can prepare opinions, but it is recommended to have a second in-house attorney review the opinion.

Pay attention to the timing of the opinion you obtain          

The timing for delivery of an opinion can be crucial to its effectiveness. For example, if the business is on the eve of product launch or is anticipating litigation, it ideally should be in a position in which outside counsel has studied the relevant patents in detail and provided an opinion well in advance before the launch of a product. It is important that an opinion be delivered such that there is an opportunity to convey that analysis to the decision-makers in the business so that the business has a meaningful opportunity to pull a product from the market based on the opinion if that is the decision that needs to be made. In circumstances where a written opinion cannot be completed in a timely manner, an oral opinion can be rendered in advance of the product launch and subsequently documented in a written opinion after the product launch. Obtaining an opinion on a product or patent as far in advance as practical increases the effectiveness of the opinion (by improving one’s ability to rely on it in any ensuing litigation) and shows objective intent to avoid willful infringement (and treble damages).

Make sure the business is trained to communicate with discovery in mind so they don’t inadvertently undermine clearance/opinion efforts

Communication hygiene is critical. The business should be trained to understand that they should not discuss whether a product potentially infringes a patent or whether it is invalid. To the extent those conversations occur within the business, it is best to avoid having them in writing. In short, if there is a question about a competing product or a patent, it can be helpful to pick up the phone and consult with in-house counsel rather than putting a question in email form to in-house counsel.

Consider splitting up non-infringement and invalidity opinions

To maximize options in litigation, it can be beneficial to split non-infringement and invalidity opinions into separate documents/efforts. Doing so can provide litigation counsel with the ability to rely on one opinion but not necessarily waive privilege for communications associated with the other opinion.

Consider addressing reasonable alternative claim constructions

An opinion of counsel must be competent. When deciding which arguments to include in an opinion, it can be beneficial to address alternative claim constructions. While conclusions reached by counsel do not need to be correct in order to insulate an accused infringer from a finding of willful infringement, it may be more challenging to demonstrate that an opinion is reasonable if it is based on a claim construction that ultimately fails during litigation. While alternative claim constructions are acceptable, unreasonable arguments should not be included in an opinion as they can weaken the opinion by undermining the objective assessment of the reasonableness of the business’s reliance on the opinion.

Carefully consider to whom the opinion should be addressed and how the opinion should be delivered to the business

Ideally, an opinion should be addressed to the in-house patent counsel who requested the opinion and delivered to a key decision maker in the business by the in-house patent counsel. It can be beneficial to document all steps in the delivery and to obtain a form of written record documenting that the decision maker has read and understood the opinion. Such documentation can potentially serve as supporting evidence in any ensuing litigation to support the position that the business did not willfully infringe a patent-in-suit.

©1994-2020 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.


ARTICLE BY Lisa Adams and  Alexander G. Roan of
For more articles on patents, visit the NLR Intellectual Property section.

The Power of Professional Presence

KLA Marketing Logo

Transitioning from school – – college, law school, grad school, etc. can be a shocking and confusing time for a young professional.

Until now, you may have gotten up, thrown on a pair of jeans and a t-shirt and been good to go.  Transitioning into the professional world and the manner in which you present yourself every day can either strengthen your reputation or detract from it. And, in some extreme cases, ruin it.

Understanding that it may seem frivolous to be so picky on how you dress and how you present yourself, let me assure you, it is not. It matters, every day. The manner in which you “show up” speaks volumes not only about how you feel about yourself, but the respect with which you regard those around you and your position.

If you have not heard this before, and I hope you have, below is a list of “best practices” to use as a reminder for those items to be attentive to any day you may interact in a professional setting:

For Women:

DO

  • Make up. Apply at least a little foundation as it provides a smooth finish on your skin. Just a smidge of blush, a whisper of lip gloss (not the super shiny kind that blinds us), a bit of mascara and brow pencil to frame your face, and you’re good.  I understand some women have no interest, patience, or time for make-up but it matters in the overall professional presence. Not to go overboard on too much color in the office, but rather to enhance your natural beauty.

Be mindful of:

  • Skirt and dress length. To the knee is appropriate in a workplace so as not to create any awkward situations should you bend or stoop down.
  • Blouse and top necklines. Though you may be proud of your well-endowed chest, the office is not the place to show it off. Believe me, the fellas won’t mind but “the” fella who is in charge of your professional progression, will notice that you appear a little “loose”…not in a good way.
  • Shoes– yep, women love shoes, but the stilettos and ankle breakers are not for the office. Leave them for the Saturday night clubs. Invest in a couple of pair of boring pumps (black, navy and neutral) and you’ll be good.
  • Hair – it is not an accessory. Fix it and let it be. It is distracting to see women lawyers constantly with their hands in their hair, tossing it, curling it, flipping it around. If you are nervous, then doodle. Messing with your hair in the office around others does not speak well of you. Don’t do it.

Putting one’s best foot forward (literally and figuratively) will get you noticed and heard quicker and more positively than showing up on shaky group in connection with your professional image.

I’ve addressed some helpful hints for guys below to take note of for a stronger professional presence.

For Guys

DO

  • Shave before coming to work. Maybe that rugged look is in for young guys, but the workplace is not Abercrombie & Fitch, and you need to be well shaven.
  • Be well groomed – no long fingernails, no super gel hair, etc. It matters and others in roles of authority are noticing how you present yourself in the office.
  • Tuck shirt neatly into pants. The “shirt-tail out” look may be appropriate for many occasions, but definitely not in a professional environment.

Be mindful of:

  • Socks. Match socks to your pants (not to your belt or tie) to provide a continuous monochromatic presentation from your pants to your shoes.
  • Shoes. Keep shoes in good shape. No mis-matched laces on the tie ups, or wearingany type of shoe which may resemble a sneaker, golf shoe, running shoe, etc. Invest in a sturdy pair of lace ups and a pair of “cordovan” (burgundy) loafers, and you’ll be well covered with most suits.
  •  Suits. Be measured for your suits, even if you have only one. Wearing an ill-fitted suit negates the professional image you are trying to portray.
  • White Undershirts.  There is a reason they are called “under” shirts mainly to keep guys warm in the winter months…with one exception. If you wear a white dress shirt, depending upon the fabric weight, it may be advisable to wear a white undershirt under the white dress shirt. Provides a more professional image than being able to see chest hair under the dress shirt or, worse, poking out of the shirt…eeew.

Along the professional journey, there will be plenty of times that “best practices” may elude you of feeling secure in your professional image. Easy to understand as there are rarely any “classes” in how to most effectively present your professional self. One way to allay some of the uncertainties is to look around and observe others more senior to you whom you respect and regard highly. How do they show up? Do they appear polished and refined?

Another option to “find” your professional style/image is by engaging the services of a professional stylist/consultant. Many of the higher end department stores (like Neiman Marcus and Lord & Taylor) offer these services. We also maintain a resources list of highly specialized experts who can also put you on the right path.

Regardless, remember, we have one shot at making the best first impression which may materially impact your professional success. Harness the power of professional image now to get and keep you on the right track.

Of: