By Christine Wilkinson
What hidden liabilities are lurking in your business?? While accountants provide assistance in terms of ensuring that our books, funds, accounts, and financial records are compliantly (and hopefully strategically) maintained, lawyers assess business risk through a different lens.? As a business law firm, The AR Group works with clients to assess operational risk as evidenced in sales, vendor, and other third-party agreements. Because so much of a client?s risk lies in its management of employees, we separately evaluate employment-related policies and processes.? While any assessment, to be relevant, needs to be put into the context of a client?s self determined ?risk profile,? the truth is that most businesses have more exposure than they typically realize. That is, at least until an issue presents itself in a way that forces them to realize the issue, typically after the fact.? In an effort to encourage our clients to more proactively assess their operational risks, below are some areas that we encourage you to examine:
- Indemnification. Most contractual agreements have some form of indemnification buried toward the end of the document along with language like ?hold harmless.? Many businesses may not fully appreciate the extent of liability presented by agreeing to such provisions.? When reviewing an agreement, it is critical to first ask yourself if you truly appreciate what it means when you agree to indemnify another party. At a fundamental level, ?indemnification? means that one party will defend the other in any dispute or lawsuit arising out of the agreement. That defense likely includes hiring a lawyer to represent the other party, and paying any amounts awarded by a judge or jury.? To illustrate the enormous risk this provision presents, consider this: the cost to hire a lawyer to defend against a lawsuit through trial frequently comes to six figures, just in attorneys? fees.? A business that has agreed to indemnify another would therefore be liable for paying those fees, as well as its own attorneys? fees, and any amounts paid in settlement or as awarded by a judge or jury. As a result, indemnification provisions can constitute enormous exposure to indemnifying entities.[br]
Of course, your relationships with contractors, vendors, and customers can also expose you to risk if those contractors, vendors, and customers harm third parties in a way that implicates your business. For example: a contractor that delivers your goods might get into a car accident during the delivery; a vendor might provide you a product that infringes upon a third party?s intellectual property; or a customer might use your product in way that is not intended that harms the ultimate end user. Appropriate indemnification language can work to your advantage in those situations by helping to mitigate those risks.? We encourage clients to to assess their own contracts in order to determine whether their sales, vendor, and/or third-party agreements contain indemnification language that is adequately designed to protect their interests. ?Bottom line:? Indemnification language, when properly drafted, takes into consideration your business, your risk, and is appropriately tailored to meet a particular company?s objectives.? Put simply, indemnification language should be tailored to meet your needs ? it is not a one-size-fits-all proposition.?
- Insurance.? Insurance is critical to protecting business assets.? If a company does not have adequate insurance coverage ? whether through commercial general liability, errors and omissions, worker?s compensation, key person, employment practices liability, or unemployment insurance coverage ? that company risks its financial well-being.? It is critical that businesses audit and assess their insurance needs and coverage on a regular basis. Related to this is the need to assess whether one has sufficient buy-sell provisions in place, such as through operating agreements, shareholder agreements, or other buy-sell agreements to deal with contingencies such as another owner?s death.
- Cyber risk.? Imagine the following: a virus attacks a company?s computer network, which contains electronic data about its customers and employees, including credit card and related personally identifiable information.? This virus damages the system, causing a shutdown, which results in lost productivity and lost profits, to say nothing of costs related to removal of the virus and system restoration.? But what if the risk does not stop there?? What if, during the attack, an individual?s private information was disseminated to unknown third parties? Circumstances like this are occurring with increasing frequency.? Recent updates to various federal and state privacy laws have resulted in increased clarification of a company?s obligations to protect against such cyber attacks.? As a result, companies increasingly bear the burden of assuring compliance with respect to assuring that a secure network is in place. Moreover, companies may face additional exposure if they fail to properly notify individuals whose information may have been breached. At present, 46 states mandate how and when notifications of this kind must be given to affected individuals, with stiff penalties for non-compliance.? Companies large and small are at risk and so would be wise to routinely review security measures and contract terms with their security vendors (including software programs) to ensure that guarantees and warranties provide the fullest extent of protection possible, should your business succumb to such an attack.
- Maintenance.? It sounds simple, and it is. It?s also very cost effective.? Is the carpet loose? Are the smoke detectors functioning? Are boxes stacked properly? Are spills cleaned up quickly?? If a company knew or should have known that a hazard existed on its property, it could be liable for any personal injuries caused by the hazard. Businesses are sued for millions of dollars each year as a result of people being injured on commercial property, including retail and office space. Maintaining a hazard-free commercial space is key to minimizing that exposure. ?Many employers don?t realize that in addition to maintaining a safe and secure facility, they can further enhance their defense against claims resulting from onsite ?accidents? if they can demonstrate that processes and policies were in place and such policies were effectively communicated.? Put simply, employers benefit when they can illustrate that a claim arising out of injuries sustained as a result of ?maintenance? issues, actually resulted from an employee?s failure to adhere to company policy.? Take action now to ensure that your facilities are maintained; also take the time to ensure that your policies reflect that a compliance culture is required.?
- The corporate veil. When a corporate veil is ?pierced,? a court deems it appropriate to disregard the corporate form, which otherwise might provide member-owners and shareholders protection from liability.? In practical terms, this means that a business owner?s personal assets can be accessed or used for example, ?to satisfy a court judgment, because the court views the company as only an extension of the individuals who owned it.? In determining whether the veil should be pierced, the court will assess the extent to which the member-owners or shareholders appropriately recognized and managed the corporate entity and whether the laws governing the entity were followed, including: (1) whether the owner commingled company funds with personal funds; (2) whether the company is adequately capitalized or intentionally kept in such a state that it lacked assets necessary to pay creditors; (3) whether the owners failed to observe corporate formalities, such as adhering to the by-laws or operating agreements, conducting shareholder and director meetings, and preparing minutes of those meetings; and (4) whether the business adequately documents the transactions between the business and its shareholders or members.[br]When owners fail to treat a company as a true, separate entity, a court will not recognize it as a legally separate entity. It is also important for business owners to fully disclose to other parties that they are dealing with a business entity and not an individual, and to recognize that doing business through an entity will not shield an individual business owner from his or own negligence that harms someone else. In today?s online world, it is increasingly easy to create a legal entity.? While that is a wonderful development, the ease in which formation can occur may sometimes lull those who create such entities into believing that whatever formalities there are, aren?t necessarily all that ?formal.?? Business owners are encouraged to maintain up-to-date corporate records that reflect the reality of their business practices and structure.? To the extent that annual meetings are needed, those meetings need to occur and records should be kept.? Further, to the extent that additional shareholders, members, or owners are entertained, those dealings must be properly recorded and reflected.?
- Trademark.? ?Businesses often invest a fair amount of resources and capital in ?building a brand.? Too often, however, many fail to realize ? until it?s too late ? that while they were producing and selling a wonderful product, someone else ?secured? or owned the product?s name. Failing to register brand names, and even company names (to the extent that they are actually used as a trademark), with the United States Patent and Trademark Office can prove devastating to a business; if someone else secured the trademark through use and registration, the company likely has no right to use it.? This means that the company is effectively left to start over, rename the product, and lose all of the brand name recognition, goodwill, and reputation it had otherwise created or cultivated.? If your company relies on its name, as a brand, or if its products or services are well-known and popular, you are strongly encouraged to secure a federally registered trademark. ??
- Website terms and conditions. If your company operates a website, it should have in place a well-written terms and conditions of use that are tailored to your business and its risk profile.? Website ?Terms and Conditions? govern the relationship between a company and website users and, if effectively drafted, should help to limit a company?s liability.? For example, if a user provides personal information over the Internet when carrying out a transaction, the terms and conditions should state that no information sent over the Internet is totally secure and that the user provides information at his or her own risk. Similarly, the terms and conditions should dictate what law applies, how disputes will be handled, and further state that users of the website do so at their own risk, particularly if the site has information upon which users may rely.? Without well-written and tailored terms and conditions, a company exposes itself to lawsuits for any kind of injury that a user could allege was caused even in part by the actions performed on or through the website. It is also important that a user acknowledge those terms and conditions before they use the website and certainly before the user shares private information.
- Human resources policies and procedures.? Employment related liability is the most significant and probable risk presented to the vast majority of companies employing people in the United States today.? Yet, employee handbooks, agreements, trainings, offer letters, job descriptions and the like probably receive the least amount of attention.? As most business owners know, employment laws change routinely, sometimes rapidly, but very few employers make it a habit to have their employment-related documents reviewed by legal counsel, as is recommended, on at least an annual basis.? At the very least, human capital management policies and processes require review to assess compliance with statutory amendments and regulatory changes to ensure that they accurately reflect current compliance standards.? ?Functionally, business owners should routinely investigate or simply just question whether their policies are enforced consistently and fairly.? A company?s failure to have up-to-date and compliant policies and processes and/or failure to consistently apply or enforce their policies or processes will most assuredly present risk, eventually.? ?All companies should review their policies on a regular basis to address these issues and ensure compliance, not just in the writing of a policy, but in how it?s carried out in the workplace.
SMART TIP: Identifying your business? risk with a degree of certainty enables companies to assess which areas it should or simply must address.? Carefully consider your practices in a thoughtful and well-organized way and your business will be better positioned to respond to its risk in a strategic manner.