There has been an interesting evolution of the structure and format of a best practices Code of Conduct over the past 10 years or so. Initially, my experience with Codes of Conduct was that they were written by lawyers, largely for lawyers. This included ‘thou shalts’ and ‘thou shalt nots’ liberally sprinkled throughout a lengthy written document. This was what is now referred to as Code 1.0. The compliance community then evolved Code 2.0, where the writing was less turgid, we moved to more employee friendly language and then somewhere along the line we started putting in hyperlinks and pictures.

There are two factors which a company should consider on the structure of Code of Conduct. The first is to consider how your organization generally communicates, overlaid with the most effective way to communicate with the various stakeholders who will read and use the Code of Conduct. These stakeholders can include such diverse groups as employees, shareholders and third parties on both the sales and supply side of your business. This may require multiple approaches.

The second point involves considering the thinly veiled land of the future of compliance by considering how will your Code of Conduct be viewed and used going forward. A simple example is the switch to mobile devices as a mainstay of corporate communications. Think about how laptops were viewed as the primary vehicle through which most employees and stakeholders interacted with training and resources for many organizations. Now many companies are going to mobile devices. Will you’re the format of your Code of Conduct work on those various platforms and perhaps some you have not yet considered?

With a current Adobe .pdf platform for instance, you can have a .pdf document because it is the easiest thing to provide to people who are looking at it on a phone on a PC on a tablet or want to print it out and hold the pieces of paper as it is the most compatible format out there. Also, you can embed some interactivity into a .pdf document. Such technology allows you to add functionality as it becomes available to you.

If your organization is one where communication is more free flowing and there is more free-wheeling internal communications, that should be reflected in your Code of Conduct form. This means if your organization is a startup in Silicon Valley or in a well-known fun-loving organization such as Southwest Airlines; there may well be more playful attitude and a more playful way to communicate Code of Conduct topics. Conversely if you work for a hierarchical energy services company, which communicates in a top down strategy, such playfulness is not appropriate. What you should strive for is a consistent communications strategy. If your employees and other stakeholders are accustomed to receiving communications in a certain style it would appropriate to maintain that style in your Code of Conduct. The key is to consider not just how the internal communication at your company occurs. Consider how does HR ops and marketing and other other corporate disciplines communicate. You should strive for a consistent communication strategy in your Code of Conduct.

Think about the evolution of the Code of Conduct from the type of document that was akin to an annual report to one that now addresses corporate culture. A Code of Conduct must speak to the typical important concepts such as values that define the ethical culture or should define the ethical culture of the company. Some Code of Conducts have been as long as 12,000 to 14,000 words but others can be quite short, only four to five thousand words. It all means there is no set length and the style of writing can vary. But it must ring true with your employees, stakeholder and shareholders.

Be sure to make your Code of Conduct readable. This is beyond simply eliminating legalese. It is writing English at a grade level that is sufficient for your employee population. It may be that an eighth-grade language level is appropriate for your work force. However, if you have a population consisting primarily of professionals, translating it into the appropriate languages it might be appropriate to aim for a higher level of language. Finally, you do not have to say the same thing, in multiple different ways.

Three Key Takeaways

  1. Companies have moved past having a Code of Conduct in by lawyers for lawyers to a fully interactive Code for all employees.
  2. Consider how information is distributed at your organization as a basis for communication in your Code of Conduct.
  3. Your Code of Conduct must be readable, in both in English and native language for non-English speaking employees.

This month’s sponsor is the Doing Compliance Master Class. In 2018 I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

What is the value of having a Code of Conduct? I have heard many business folks ask that question over the years. In its early days, a Code of Conduct tended to be lawyer-written and lawyer-driven to wave in regulator’s face during an enforcement action by using it to claim we are an ethical company. Is such a legalistic code effective? Is a Code of Conduct more than simply, your company’s law? What is it that makes a Code of Conduct effective? What should be the goal in the creation of your company’s Code of Conduct?

In the 2012 FCPA Guidance, the DOJ and Securities and Exchange Commission stated, “A company’s code of conduct is often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.” Indeed, it would be difficult to effectively implement a compliance program if it was not available in the local language so that employees in foreign subsidiaries can access and understand it. When assessing a compliance program, DOJ and SEC will review whether the company has taken steps to make certain that the code of conduct remains current and effective and whether a company has periodically reviewed and updated its code.”

In the Society for Corporate Compliance and Ethics (SCCE) 2017 Complete Compliance and Ethics Manual, article, entitled “Essential Elements of an Effective Ethics and Compliance Program”, authors Debbie Troklus, Greg Warner and Emma Wollschlager Schwartz, state that your company’s Code of Conduct “First and foremost, the standards of conduct demonstrate the organization’s overarching ethical attitude and its “system-wide” emphasis on compliance and ethics with all applicable laws and regulations.” They go on to state, “The code is meant for all employees and all representatives of the organization, not just those most actively involved in known compliance and ethics issues. This includes management, vendors, suppliers, and independent contractors, which are frequently overlooked groups.” From the board of directors to volunteers, the authors believe that “everyone must receive, read, understand, and agree to abide by the standards of the Code of Conduct.”

There are several purposes which should be communicated in your Code of Conduct. The overriding goal is for all employees to follow what is required of them under the Code of Conduct. You can do this by communicating those requirements, to providing a process for proper decision-making and then requiring that all persons subject to the Code of Conduct put these standards into everyday business practice. Such actions are some of your best evidence that your company “upholds and supports proper compliance conduct.”

The substance of your Code of Conduct should be tailored your company’s culture, and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. It should certainly be invoked if there is a violation. Your company’s disciplinary procedures be stated in the Code of Conduct. These would include all forms of disciplines, up to and including dismissal, for serious violations of the Code of Conduct. Further, your company’s Code of Conduct should emphasize it will comply with all applicable laws and regulations, wherever it does business. The Code needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.

As I often say, the three most important things about your compliance program are ‘Document, Document and Document’. The same is true of communicating your company’s Code of Conduct. You need to do more than simply put it on your website and tell folks it is there, available and that they should read it. You need to document that all employees, or anyone else that your Code of Conduct is applicable to, has received, read, and understands it. The DOJ expects each company to begin its compliance program with a very public and very robust Code of Conduct. If your company does not have one, you need to implement one forthwith. If your company has not reviewed or assessed your Code of Conduct for five years, I would suggest that you do in short order as much has changed in the compliance world.

How important is the Code of Conduct? Consider the 2016 SEC enforcement action involving United Airlines, which turned on violation of the company’s Code of Conduct. The breach of the Code of Conduct was determined to be a FCPA internal controls violation. It involved a clear quid pro quo benefit paid out by United Airlines to David Samson, the former Chairman of the Board of Directors of the Port Authority of New York and New Jersey, the public government entity which has authority over, among other things, United Airlines operations at the company’s huge east coast hub at Newark, NJ.

The actions of United’s former Chief Executive Officer, Jeff Smisek, in personally approving the benefit granted to favor Samson violated the company’s internal controls around gifts to government officials by failing to not only follow the United Code of Conduct but also violating it. The $2.4 million civil penalty levied on United was in addition to the Non-Prosecution Agreement settlement with the Department of Justice, which resulted in a penalty of $2.25 million. The scandal also cost the resignation of Smisek and two high-level executives from United.

Three Key Takeaways

  1. Every formulation of a best practices compliance program starts with a written Code of Conduct.
  2. The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity
  3. Document Document Documents your training and communication efforts.

This month’s sponsor is the Doing Compliance Master Class. In 2018 I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

The cornerstone of a best practices compliance program is its written standards. These include a Code of Conduct, policies and procedures. These requirements have long been memorialized in the US Federal Sentencing Guidelines (FSG), which contain seven basic compliance elements that can be tailored to fit the needs and financial realities of any given organization. From these seven compliance elements, the DOJ has crafted its minimum best practices compliance program, which is now attached to every Deferred Prosecution Agreement and Non-Prosecution Agreement. These requirements were incorporated into the 2012 FCPA Guidance. The FSG assumes that every effective compliance and ethics program begins with a written standard of conduct; i.e. a Code of Conduct. What should be in this “written standard of conduct? The starting point, as per the FSG, reads as follows:

Element 1

Standards of Conduct, Policies and Procedures (a Code of Conduct)

An organization should have an established set of compliance standards and procedures. These standards should not be a “paper only” document, but a living document that promotes organizational culture that encourages “ethical conduct” and a commitment to compliance with applicable regulations and laws. 

In the 2012 FCPA Guidance, the DOJ and Securities and Exchange Commission stated, “A company’s code of conduct is often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted in its charging documents, the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.” Indeed, it would be difficult to effectively implement a compliance program if it was not available in the local language so that employees in foreign subsidiaries can access and understand it. When assessing a compliance program, DOJ and SEC will review whether the company has taken steps to make certain that the code of conduct remains current and effective and whether a company has periodically reviewed and updated its code.”

In each DPA and NPA since that time, the DOJ has said the following as item No. 1 for a minimum best practices compliance program.

  1. Code of Conduct. A Company should develop and promulgate a clearly articulated and visible corporate policy against violations of the FCPA, including its anti-bribery, books and records, and internal controls provisions, and other applicable foreign law counterparts (collectively, the “anti-corruption laws”), which policy shall be memorialized in a written compliance code.

Your Code of Conduct, policies and procedures should be grouped under the general classification of written standards, comprising three levels of written standards. First, every company should have a Code of Conduct, which should, most generally express its ethical principles. But simply having a Code of Conduct is not enough. A second step mandates that every company should have policies in place that build upon the foundation of the Code of Conduct and articulate Code-based policies, which should cover such issues as bribery, corruption and accounting practices. From the base of a Code of Conduct and policies, every company should then ensure that enabling procedures are implemented to confirm those policies are implemented, followed and enforced.

Best practices now require companies to have additional written standards, including, for example, detailed due diligence protocols for screening third-party business partners for criminal backgrounds, financial stability and improper associations with government agencies. Ultimately, the purpose of establishing effective written standards is to demonstrate that your compliance program is more than just words on a piece of paper.

Policies and Procedures

The written policies and procedures required for a best practices compliance program are well known and long established. As stated in the 2012 FCPA Guidance, “Among the risks that a company may need to address include the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments.” Policies help form the basis of expectation and conduct in your company and procedures are the documents that implement these standards of conduct.

The role of compliance policies is to provide guidance and to protect companies, despite an occasional hick-up. Policies provide a basic set of guidelines for employees to follow. They can include general dos and don’ts, work process flows, specific issue guidelines. By establishing what is and is not acceptable compliance behavior, a company cans mitigate the compliance risks posed by employees who might make foolish decisions or otherwise engage in unethical behavior.

While policies are not a guarantee that things will not go sideways, they are a line of defense if they do. The effective implementation and enforcement of compliance policies demonstrate to the government that a company is operating ethically and proactively for the benefit of its stakeholders, its employees and the community it serves. If it is a company subject to the FCPA, it is an international company so that can be quite a wide community.

The 2012 FCPA Guidance ended its section on policies with the following, “Regardless of the specific policies and procedures implemented, these standards should apply to personnel at all levels of the company.” It is important that policies are applied fairly and consistently across your company for if compliance policies are applied inconsistently, there is a greater chance for employee dissatisfaction. This point cannot be over-emphasized. If an employee is going to be terminated for fudging their expense accounts in Brazil, you had best make sure that same conduct lands your top producer in the US with the same quality of discipline.

There are numerous reasons to put some serious work into your Code of Conduct, policies and procedure. They are certainly a first line of defense when the government comes knocking. This means the regulators will take a strong view against a company that does not have well thought out and articulated policies, procedures or Code of Conduct; all of which are systematically reviewed and updated. Written policies, signed by employees provide a vital layer of communication. Together with a signed acknowledgement, these documents can serve as evidentiary support if a future issue arises. In other words, the ‘Document, Document and Document’ mantra applies just as strongly to this area of anti-corruption compliance.

Three Key Takeaways

  1. A Code of Conduct, together with policies and procedures have long been recognized as cornerstones of a best practices compliance policy.
  2. Each level of written standards builds upon one and other so you need to consider this integration step.
  3. The Fair Process Doctrine applies to your written standards.

Written standards are your first line of defense in the event of a FCPA violation.

This month’s sponsor is the Doing Compliance Master Class. In 2018 I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

Today focus in the Code of Conduct series is on the aspect of training on your finalized Code of Conduct. Eric Morehead, Principal of Morehead Compliance Consulting, joins me in this series. While there have been criticisms of Code of Conduct training, if you consider training as one source of your communication, the rollout of a new or updated Code of Conduct can be an opportunity. Morehead has noted that a Code of Conduct can be the “centerpiece of a broad communications and engagement plan.” The delivery of a Code of Conduct is a key element of its effectiveness. By allowing your employees and other stakeholders to engage and interact with the Code of Conduct, through live or interactive training, the effectiveness can be better monitored and measured. This can also be used as an

In a white paper, entitled “Top 5 Tips for Effective Code of Conduct Revisions, Morehead noted that often companies have a formal launch of the Code of Conduct where senior management and the corporate compliance function “conduct on-site activities across the organization to promote the launch of the new Code, or launch interactive activities such as video competitions that ask stakeholders to such submit short videos on Code topics.” However, this is not the sole manner to have such a rollout as other companies “keep the message more informal but use frequent touchpoints, for example, through email or cascading messages through line managers, to keep up the drumbeat on compliance topics and reinforce the role of compliance.” The key is to “capitalize on the opportunity a new Code gives you.”

One of area in the recently release Department of Justice’s (DOJ’s) Evaluation of Corporate Compliance Programs (Evaluation) that had a new emphasis was in the effectiveness of training. I think everyone would understand you do need to train but now the government’s talking to us about effective training. I asked Morehead what he has observed on what makes Code of Conduct training effective. Fortunately, from his professional background with Corpedia and the NYSC Governance Services, he is quite familiar with various types of training.

You can start with live training that can be held at the corporate headquarters with senior management and even executive involvement. Many companies will videotape a message from the Chief Executive Officer (CEO) to help celebrate the rollout. Then there is the opportunity for localized training that gives employees an opportunity to see, meet, and speak directly with a compliance officer, not an insignificant dynamic in the corporate environment. Such personal training also sends a strong message of commitment to the Code of Conduct. It gives employees the opportunity to interact with the compliance officer by asking questions which are relevant to markets and locations outside the United States, which can often provide employees with the opportunity to have confidential in-person discussions.

An important part of in-person training is the opportunity to interact with the audience through Q&A. There are a couple different approaches to Q&A. The first is to solicit questions from the audience. However, many employees are reluctant, for a variety of different reasons, to raise their hands and ask questions in front of others. This can be overcome by soliciting written questions on cards or note pads. A second technique is to lead the audience through hypothetical examples in which the audience is broken down into small discussion groups (up to five people) to discuss a situation and propose a response. However, with a worldwide, multi-thousand person workforce with multiple languages, an entire Code of Conduct roll-out based on live training may not be feasible.

Not surprisingly, and one of the key themes in compliance, is to understand your company and tailor your compliance program, including your Code of Conduct training, for your audience. Companies have to consider their audience when considering drafting the Code of Conduct, the kind of tone it is going to have, how long it is going to be and topics you are going to cover in the Code of Conduct; the same analysis is true for your training.

Morehead believes most organizations put together custom training for their Code of Conduct rollout. It is typically online “and if it makes sense for them for their code of conduct training, and I think the same rules apply here, you want your training to really resonate with the audience that you’re trying to reach and I think the trends we see here, generally speaking, are that the code training is a lot shorter than it used to be in the past.”

He also suggested that your Code of Conduct training could be more modular in presentation. “For instance, if your company identified 12 key risk areas in the Code of Conduct, you could   train on six risk areas each year, instead of the full dozen. You could keep important topics like reporting and non-retaliation and similar aspects that always have to be talked about on an annual basis but maybe you split up the topics and try to shorten the length that way.”

Another mechanism Morehead has observed over the past few years is more interactive training. When audience members are required to answer questions on an ongoing basis it can foster more engagement. It can also help to meet the DOJ requirement to demonstrate the effectiveness of training. He also noted that “gamification which kind of goes hand in hand with interactivity has been talked about a lot over the last few years.” His understanding is that gamification and interactivity make “it a little bit more effective for millennial members of the workforce.”

At the end of the day, the reality is that just as with different types of codes making sense for different types of organizations the same is true for interactive training. As Morehead noted, “It may make sense for your population. It may not.” But it does mean you should consider your population, “take a look at the offerings that are out there to consider how does it fit into your organization.”

Morehead ended by noting that your “training really ought to bear some resemblance to the way you communicate in the Code and the topics that you communicate in the Code of Conduct.” It really does your organization no good, “If it’s completely divorced from that then you’re missing an opportunity to drive people from training to the Code and from the Code to you know better understanding the training. So you kind of missed, to use an overused term you’ve missed some synergy there if they are divorced from each other and they don’t really speak to the same topics or speak in the same way about those topics. So I would try to keep them similar and I guess that’s another call for considering a custom implementation rather than an off the shelf implementation”.

Whatever approach is used, one of the critical factors is the length of time of the training session. Although lawyers and ethics and compliance professionals can (sometimes) sit through a multi-hour Code of Conduct, it is almost impossible to keep the attention of business and operations employees for such a length of time. The presentation and number of PowerPoint slides must be kept to a manageable length before the attendee’s eyes start to glaze over.

Tomorrow I will conclude this week’s series by looking at a Code of Conduct update as a way to operationalize your compliance regime.

For more information on Eric Morehead, Morehead Compliance Consulting or to contact Eric Morehead, go to Morehead Compliance Consulting.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

Today I continue my Code of Conduct exploration with Eric Morehead, Principal of Morehead Compliance Consulting. After having reviewed the legal requirement and business purpose in Part I, the structure and form of your Code of Conduct in Part II; today we turn to design. An analogy from my grandmother’s days as a seamstress, to “measure twice and cut once” will serve you well on a Code of Conduct project.

You must begin with a determination of what you are trying to accomplish. It does not serve you to try and list every compliance risk your lawyer mind thinks your company might face. You should determine the values you want to communicate, what the expectations are for employees and how to call the hotline. Under such an approach, a Code of Conduct can be the jumping off point for training on the issues stated in it. The Code of Conduct can also form the hub of the wheel for other policies and procedures and written standards you want to communicate to relevant stakeholders.

Morehead advises you should give “some thought about how you’re going to get that Code out there to your employees and stakeholders” whether it is an Adobe .pdf document, which is accessible by pretty much any stakeholder anywhere across your organization, or via another method. Morehead said, “you need to know who’s out there, who you’re trying to reach and what’s the best way to reach them. That’s going to inform you know right, you know right off the bat whether you’re even going to consider doing a web implementation if you don’t have, if you have a significant amount of your population that’s not online or is in a location where they can’t get access to the web then that’s a nonstarter.”

Values

One conundrum is whether and how to incorporate your ethical values into your Code of Conduct. Morehead emphasized they must be integrated into and integral to your Code of Conduct for if they are not and you “simply slap the value slap on the front of the document, it looks more like a Xerox error than that it’s purposeful in any way.” You can integrate values by incorporating them into your discussion of the risk topics in your Code of Conduct.

Morehead provided an example of integrity. He believes you can discuss integrity in several places in your Code of Conduct and pointed to internal reporting as an obvious location. Integrity can be discussed in the context of a no-retaliation policy. He also cited to the example of a corporate value of fun, noting, “Fun is hard but we managed to weave it in when we were talking about how and one place in particular that we talked about it was the workplace environment and what the expectations were. You know, we want to have a fun environment but we have to respect each other.” With values, you should consider them particularly if they have not been successfully communicated and there’s consideration internally that maybe they need to revised, to do that in conjunction with perhaps rolling out a new Code of Conduct, which allows the rollout to be part of that unveiling of the values language being communicated in several different areas.”

Benchmarking

Another tool Morehead advises is to benchmark Codes of Conduct with others in your industry, even if you are “rewriting your Code of Conduct or starting from scratch.” Morehead suggests you should at “least have looked at pure organizations in your industry, organizations that maybe operate in the same geographic jurisdictions that you do, organizations that have a similar employee size. So not just peers only in your industry but peers, peer organizations otherwise. Take a look at what they’re doing, what, see what you like, see what you don’t like or again it doesn’t necessarily have to be a formal benchmarking but I think it’s important to spend some time at the beginning seeing what’s out there.”

If you have not updated your Code of Conduct for some time, there will probably be new areas that you need to incorporate into the updated version. Two obvious new areas of risk involve social media and cybersecurity. Morehead believes that such an exercise will help with your goal setting at the beginning of the project and allow you to move directly to what he calls the “heavy lifting piece, which is the text itself.”

Drafting and Redrafting

If you are starting from scratch an outline is a good way to go. If you are working from a current version, Morehead suggests you do at least two or three run-throughs with redlining the text to eliminate confusing language and unnecessary legalize that does not mean anything to anybody other than lawyers. An example here is the move from a US-centric focus on the Foreign Corrupt Practices Act (FCPA) due to the proliferation of other countries enacting anti-corruption legislation such as the UK Bribery Act and the Brazil Clean Companies Act and maybe even talk about other international standards as well.

Morehead related that this part of the project will seem like a “tennis ball has to be hit back and forth a few times” until you are able to achieve organizational sign-off. However, you can use this time to work on the design elements, while the text is being edited and re-edited.  Morehead cautioned this will be a time-consuming process and “if you’re really going fast maybe 12 weeks but usually more like 15 weeks to do that part of the process because that’s the hard part because you’re going to inevitably have, for most organizations of size, half a dozen that have to sign off internally.”

Operationalizing

Although the Code of Conduct was not specifically mentioned in the Department of Justice’s (DOJ) recently released Evaluation of Corporate Compliance Programs (Evaluation), the over-riding concept of operationalization applies equally to your Code of Conduct drafting or updating exercise. This means you need to consider how are you going to involve the operational areas of your organization in that process, there is a clear DOJ expectation for this around your Code of Conduct.

Morehead suggests you engage a “small and manageable group that are going to do the actual redlines of the text. It’s just important to involve people in the process and different parts of the process so that you get that buy-in because it’s actually a smart move for launching the code a few months down the road too.” A key is to involve folks from different parts of your company.

Morehead suggests using the business folks to help develop Q&As or scenarios, which could answer common questions from the field. He notes, “there’s nothing better than having somebody in operations suggest to you what would be a good example or Q&A for safety because if that’s something they deal with on a day in day out basis they know where the pain points are. So there’s lots of different parts of this process where you can bring people in and bringing operational people, operational managers in is really important”. Indeed, the government will probably ask you who, outside the compliance/legal function, were involved and what their contributions were. (Insert-Document Document Document here!) Morehead concluded that by “getting those different perspectives I think is really important and bringing those people in early so that they can help participate in different parts of the process and again not necessarily reviewing the code and suggesting edits and drafts but actually helping you in the planning phase is really important.”

At this point, you have a completed version and all the relevant stakeholders have signed off. You are ready to begin your training, which we will take up tomorrow.

For more information on Eric Morehead, Morehead Compliance Consulting or to contact Eric Morehead, go to Morehead Compliance Consulting.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017