Corruption and Bribery Compliance – Significant Measurable Metric

November 21, 2011

 

Bribery in your organization? Can you picture any one of your employees saying “all my competitors are doing it, so I am forced to grease the wheels just to compete”, or “there is a small chance that my (corrupt) activities will be uncovered, and even if they are uncovered I may or may not be disciplined; but, if I miss my budget for three quarters I will definitely lose my job.”

Canada is not known for its enforcement of corruption laws. In fact, it is a haven for fraudsters specifically because our weak history of enforcement. However, this is changing and your only protection is a documented effort to reduce corruption. There is considerable international political pressure on Canada to make Anti-Corruption and Anti-Bribery a top enforcement priority. The OECD (here) Phase 3 “Report on the Application of the Convention on Combating Bribery of Foreign Public Officials” mentions “enforcement more generally of the Corruption of Foreign Public Officials Act (CFPOA) may be uncertain, due to significant concerns that remain about Canada’s framework for implementing the Convention.” The OECD has been critical of Canada and our legislation because it is limited to “real and substantial” link to Canada, our interpretation of OECD Convention has been too limited, our enforcement has been “too low to be effective, proportionate and dissuasive”, and we have not committed enough resources to the prosecution of cases. According to the report we are on a tight leash and obligated to provide multiple reports on our progress through 2013. Perhaps the best evidence of our future focus is the Niko Resources case (see previous blog post, here,) which came out shortly following this report.

The enforcers of anti-corruption in other countries have a lot of power, and they are willing to exert it. Recently, the US Department of Justice (DOJ) and the UK Serious Fraud Office (SFO) joined forces in the Aluminium Bahrain B.S.C. (Alba) and Alcoa case. (This case has a Canadian spin, but not on the enforcement side, it just happens that one of the individuals recently arrested in London England on corruption charges was a Canadian citizen.) The case originated as a civil suit in 2008 in the US where Alba accused Alcoa, here, of misappropriating “$2 billion in Alba’s payments under supply contracts passed from Bahrain to tiny companies in Singapore, Switzerland, and the Isle of Guernsey, and that some of the money was then used to bribe Bahraini officials involved in granting the contracts.” The DOJ had a stay of prosecution executed in the civil suit to give them time to purse FCPA options.

I am going to hazard a guess that the top stated priority and top action item for most Compliance Officers in Canada is not controlling corruption. If controlling corruption is not a top priority in your organization, then I doubt you are comfortable that you can quickly document a host of “Significant Measureable Metrics” for Anti-Bribery and Anti-Corruption activities. There is not a lot of guidance to Canadian Officers on the subject of CFPOA loss control, but that is where we can learn from our US, UK and Australian counterparts.

The DOJ provides extraordinary information on its anti-corruptions initiatives. This is a key priority for US companies, and there are many examples of loss control initiatives coming out of US companies and their third party service providers. Thomas Fox and Howard Sklar team up in a production called This Week in FCPA, and in one of their recent sessions concentrated on Tone at the Top. They suggest that this is a key issue in FCPA defense and settlement negotiations. Here are seven ideas for Corporate Compliance Officers:

  1. Have CEO author a letter and attach it to the Code of Conduct and send to every employee in every country and region stating that breaching this Code of Conduct will not be tolerated;
  2. Have CEO record a video message to be played at every compliance training session, stating that breaching the Code of Conduct will not be tolerated;
  3. Have CEO send a quarterly email to every direct report reminding them of the Code of Conduct and that she/he will hold them to that Code and she/he expects them to disseminate this same message to each of their direct reports,
  4. Put compliance metrics in employee score cards, including the sales team,
  5. Train CEO to use the six most powerful words in compliance, “What does compliance think about that?” whenever she/he hears of a new market, new idea, new product, new effort, new program – every time, (and document this action),
  6. Everyone in the organization needs training but the workforce has to be grouped by risk category and the highest priority groups should get “in-person” training specific to their function and to the company’s Codes, Policies and Procedures that are in-force in that organization; and the underlying law (and document this action),
  7. Every person in the organization needs to know their internal alternative reporting options for conduct that breaches the codes and policies and procedures,
  8. Incorporate Audit Rights, (see here for more info on Audit Rights) into every contract; the DOJ demands that audit rights exist in every high-risk (anyone who is spending your money) third party contracts, (but there must be evidence of these rights being exercised).

This is very simple, but almost every good loss control technique is simple (see previous blog post “Risk Management is in the Details”). But I recognize this is much easier to say than do. CEO’s might not be the easiest people to train, but they will be the one in the spotlight of the RCMP / SFO / DOJ, and there are many examples (including the Canadian one) of the ultimate punishment being directly related to the value of policies, procedures and related actions of the company and its executives at the time the corruption and/or investigation became known to the executive team.

The above comments will add to the “measureable metric” list and improve the overall compliance evaluation and ultimately reduce the fine or penalty and other loss from an FCPA / CFPOA / UK Bribery Enforcement Action. However, a message is not enough, there must be Evidence of Action. Compliance has to be an integrated business force, not an outside nuisance.

Greg Shields is a Directors’ and Officers’ Liability, Professional Liability, Employment Practices Liability, Fiduciary Liability and Crime insurance specialist and a Partner at the University and Dundas (Toronto) branch of Mitchell Sandham Insurance Services. He can be reached at gshields@mitchellsandham.com,  416-862-5626, or Skype at risk.first.

CAUTION: This article does not constitute a legal opinion or insurance advice and must not be construed as such. It is important to always consult a registered and truly independent insurance broker and a lawyer who is a member of the Bar or Law Society of the relevant jurisdiction with regard to this material before making any insurance or legal decisions. All material is copyrighted by Mitchell Sandham Inc. and may not be reproduced in any form for commercial purposes without the express written consent of Mitchell Sandham Inc. Anyone seeking to link this document from any external website must receive the consent of Mitchell Sandham Inc. by sending an e-mail to gshields@mitchellsandham.com.

 

Advertisements

Mitchell Sandham at RGD DesignThinkers Conference

November 7, 2011

Mitchell Sandham attended the DesignThinkers conference last week to discuss the insurance program in place for RGD members.  We had a lot of visitors during the conference and the program is being well received.  It is one of the premier events for graphic designers in Canada.  Contact Ryan Mitchell at Mitchell Sandham Insurance Brokers for more information regarding Professional Liability/Errors & Omissions Liability, Commercial General Liability and Property Insurance at rmitchell@mitchellsandham.com or (416)862-5620.


Long Tail Liability for Canadian Directors and Officers

August 4, 2011

This new case, based on old alleged wrongful acts, hits home because it is a Canadian Company in the insurance industry that is active in the US but not listed on a regulated US exchange. The case involves a July 2011 class action securities suit against Fairfax
Financial Holdings Limited (USA) and its Pink Sheet OTCBB trading, here. The allegations are common “violations of the Securities Act of 1933 and the Securities Exchange Act of 1934” and issuing “materially false and misleading statements regarding the Company’s business practices and financial results.” These allegations surround certain reinsurance contracts and the alleged
concealment of its lack of liquidity. Even the significant alleged financial damage (“a decline in market capitalization of approximately $300 million”), and the lead plaintiff being a pension fund, is not a surprise in the securities class action world. The interesting thing is the class period of May 21, 2003 to March 22, 2006. This is a great example of the very long period that can exist between the alleged “wrongful act” and the ultimate litigation and resulting claim that is noticed to the insurer.

This case is also a great example of systemic risk in the D&O insurance business. The Fairfax case is not unique because “in November 2004 the SEC and Attorney General for the State of New York began inquiries into the use of so-called “finite reinsurance” contracts” and launched a number of investigations against many well-known industry players.

Systemic risk in the long-tail, high-severity products should be a key concern for industry-based insurance programs (reciprocals, risk retention groups, group captives.) These programs may have value as a risk-management, defence management, deductible/retention management, political lobby or loss control tool, but should be used very carefully as a pure risk transfer vehicle.

The risk management spin: the plaintiff lawyer’s website, Robbins Geller Rudman & Dowd LLP, here, provides the complaint, here, which details the alleged “gimmicks” used to “artificially inflate the value of its assets” as well as the “lack of internal controls.” Complaints and legal decisions can present useful information for corporate governance risk identification and loss control activities, and with every public case there comes an increased expectation that other boards and senior management will learn for such cases. Here are a few of the governance issues I took from this case:

  1. Procedures to assess whether finite reinsurance contracts meet the prerequisites for risk transfer,
  2. Product inventory and coverage / risk explanations and evaluations of traditional and non-traditional products,
  3. Use of “reinsurance accounting” or “deposit accounting” and the risk transfer test, and understanding of the local accounting practices,
  4. Evaluation of management assumptions for reporting of profit or loss in foreign private investments,
  5. Evaluation of consolidated financial reporting,
  6. Controls for reporting of intercompany purchases and sales, write-offs, advances and foreign currency accounting, receivables,
  7. Adequate internal controls and (discoverable) communication regarding those controls, including bid/quote tracking, expense guidelines,
  8. Public statement oversight for accuracy of details and forward-looking statements,

The insurance spin: don’t let your insurance broker convince you that the only way to get coverage for a securities claim is to purchase “securities coverage” or the “side C” insuring agreement as part of your directors’ and officers’ liability insurance program. This coverage is very valuable, but that value may favour of the corporate entity. Depending on the structure and fine details of your D&O insurance program, the addition of “securities coverage” could be damaging to individual directors and officers of the organization.

The Towers Watson, 2010 Directors and Officers Liability Survey, here, suggested that 54% of respondents did not conduct any independent review of their D&O liability policy. The survey did not comment on the breadth or value of that independent review done for the other 46%. My question would be if that review included all areas in the policy that presented a risk of limit erosion or limit exhaustion to the detriment of individual directors and officers (not just “insuring clauses” or “definition of insured”, but “severability”, “allocation”, “predetermined defence costs”, “exceptions to exclusions”, “final adjudication in the conduct exclusions”.) My assumed answer “no in 98% of the 46%”, because most insurance brokers will provide a “free audit” of an insurance program, and in most of those cases, you get what you pay for.

The survey also suggests that 60% of participants purchased Side A/B/C coverage, and 14% were not sure how their program was structured. 24% said their coverage was blended with other non-D&O coverage like employment practices and fiduciary liability (but this could also include professional liability, crime, and others, even workers comp.) This blending of “first party” and “third party” claim, “entity” and “individual” coverage, and “claims-made (and reported)” and “occurrence/sustained” triggers can create very significant complications for eventual claim handling.

On the issue of exclusive policy limits for independent/outside directors only 4% said there was some such coverage in place. 80% of public company respondents said they purchased an “Excess Side A” or and “Excess Side A with Difference In Conditions (DIC)” features. Note, Side A is the “non-indemnified” loss insuring agreement for individual insured persons, it is not specific to independent or outside directors.

The Fairfax case could become a very good example for insurance company risk management, as the case may be part D&O, party Entity Coverage for Securities Claims, part Insurance Company Errors and Omissions (professional liability), and part Outside Directorship Liability insurance. The insurance risk is that the defence costs, judgments and/or settlement loss may be only partially or not at all covered by any of these policies. But the reality is that though the class action securities litigation risk may be very public, the resulting insurance risk will not likely see the light of day. The lack of publicity of insurance risk means the learning opportunity and loss control lessons are much more difficult to find.

If you would like to learn more about insurance risk, securities class action risk, D&O/E&O/Fidelity insurance or loss control for publicly traded companies or insurance companies; or if you would like to have an in-depth review of your insurance program,
please contact me directly.

Greg Shields is a D&O, Professional Liability and Crime insurance specialist and a Partner at the University and Dundas (Toronto) branch of Mitchell Sandham Insurance Services. He can be reached at gshields@mitchellsandham.com,  416 862-5626, or Skype at risk.first. And more details of risk and loss control can be found on the Mitchell Sandham blog at https://mitchellsandham.wordpress.com/

CAUTION: This article does not constitute a legal opinion or insurance advice and must not be construed as such. It is important to always consult a registered and truly independent insurance broker and a lawyer who is a member of the Bar or Law Society of the relevant jurisdiction with regard to this material before making any insurance or legal decisions. All material is copyrighted by Mitchell Sandham Inc. and may not be reproduced in any form for commercial purposes without the express written consent of Mitchell Sandham Inc. Anyone seeking to link this document from any external website must receive the consent of Mitchell Sandham Inc. by sending an e-mail to gshields@mitchellsandham.com.


Mitchell Sandham Featured in Canadian Insurance Top Broker Magazine!

July 8, 2011

 

Mitchell Sandham is excited to have an article featured in Canadian Insurance Top Broker Magazine, called “D&O and E&O: How much is enough?” by Greg Shields.  Please click here to access the article.   

 


What is the Direction of Canadian Corporate Fraud?

June 23, 2011

 

Interesting article on Corporate Fraud and Executive Compensation available, here, at Marketwatch.

I will let you read it, but the Greg’s notes on it, 1) “97% of companies on the S&P 500 Index pay incentive compensation to executives even when the company is underperforming its peers”, and 2) “FBI Director Robert Mueller recently told Congress that the FBI had 667 ongoing probes into corporate fraud and 1,700 open cases of securities fraud.”

In case the authors are correct in their observation that crime is not down we are just numb to it, why don’t we do a quick “lest we forget” and recount: Bernard Madoff, Jeffrey Skilling, Kenneth Lay, Dennis Kozlowski, John Rigas, Joe Nacchio, James McDermott Jr., Sam Waksal, Sam Israel, Bernie Ebbers (see the Time article, here, called Top 10 Crooked CEOs).

Now, just in case you are like many Canadians who have allowed themself to be lulled into a false sense of security, based on a lack of fraud enforcement in Canada and extraordinarly little media coverage attention to corporate fraud and a Canadian moral superiority complex, here is the Canadian content.

Please keep in mind that thanks to the absence of criminal enforcement in Canada, some of these cases should be classified as securities concerns and not allegations of fraud against any individuals. Based on the low level of media coverage, you may never have heard about these incidents – Barry Landen (here, Penna estate fraud, not huge, but very sad), Peter Sbaraglia and Robert Mander (here, accused by OSC of $40 million fraud), Milowe Brost and Gary Sorenson (here, Brost was jailed this year for forgery, but accused with Sorenson of a Ponzi scheme which could reach $400 million), Wolfgang Stolzenberg (here, accused of a $1 billion fraud in the Castors Holdings case), Ronald Weinberg, Hasanain Panju, and Lino Pasquale Matteo and John Xanthoudakis (here, facing 36 charges including fraud and publishing a false prospectus in the Cinar case, with Xanthoudakis also being part of Norshield (here, $215 million alleged fraud) and Matteo also part of Mount Real (here), Earl Jones (here, surrendered and pleaded guilty (so I don’t know how quick I would be to count that as a win for our justice system) to two fraud charges related to a $50 million Ponzi scheme that ran from 1982 to 2009),  Ian Thow (here, originally accused of a $32 million Ponzi fraud but pleaded guilty on amounts totaling $8 million and sentenced to 9 years). There are many more, but I have run out of time, and hopefully opened a few eyes.

I have decided to avoid pure Canadian class actions securities claims due to the risk of suggesting fraud in any of these cases, and/or the risk of reprisal for any such inference. But I can assure you that we have had more than our share of securities related games played in Canada resulting in massive losses suffered by Canadian investors.

Now the risk management spin. There are many ways for investors, fund managers, investment advisors, directors and officers to protect yourself.

  1. If things are going absolutely great and you have no complaints or concerns about your current position: pull your head out of the sand and start your own investigation immediately. Take two, three, four hours, pull out a recent prospectus, annual report or one of those intentionally complicated sell sheets, and read the fine print, notes and management assumptions. If it does not make any sense, read it again. If it still doesn’t make any sense, start asking questions and preface each question with “pretend you are answering this question like I am your mother or your five year old” (keep in mind that some of the people above did actually defraud their mother);
  2. If a few things are bugging you but you can’t put your finger on it, see point 1 above.
  3. If you have not invested or accepted the board position, see the points above;
  4. Request evidence of Fidelity/Crime insurance. You can’t rely on this in place of the points above, but at least you will get some comfort that the company and the individuals have been vetted by a large financial institution who shares a financial exposure to the company. Then take the evidence of insurance, Google the name of the insurer, call the company from the info online, not the one on the evidence of insurance, and confirm the company and policy actually exist. This four minutes will be more due diligence than most stakeholders perform, and it will improve your comfort level with your risk;
  5. Repeat point 4 for Directors’ and Officers’ liability insurance (D&O) and Professional Liability insurance (E&O). Many, but not all, fraudsters avoid any additional audit, review or questions, (unfortunately they don’t seem to be subject to much of that from regulators, auditors, lawyers, suppliers or investors), so they reject any suggestion of insurance coverage as a waste of money;
  6. Find the references to a contract, sales agreement, independent third party review, or other “feel good statement” attributed to any third party in any company document, pick two (or if you are really diligent, three) and take four minutes to Google the name, call the company or person from the online information, and confirm the details of the pronouncement;
  7. Read the Ian Thow link above and the victim statements detailed in the sentencing decision, and be thankful they allowed their tragic and embarrassing stories to be publicized so that we can learn without having to suffer more loss that we already have (yes, every mutual fund holder, pensioner, bank client and insurance buyer pays a significant amount for fraud losses every year.) It could be the most valuable 20 minutes of your life.

With prosecutions being rare and convictions (without a guilty plea) being almost non-existent, one can only surmise the actual number for frauds that are currently being perpetrated in Canada.

So what is the direction of Canadian corporate (aka, white collar, or financial) fraud? It doesn’t matter, there is plenty of it right now to warrant concern and the 4 hours and 44 minutes of time suggested above.

Greg Shields is a D&O, Professional Liability and Crime insurance specialist and a Partner at the University and Dundas (Toronto) branch of Mitchell Sandham Insurance Services. He can be reached at gshields@mitchellsandham.com,  416 862-5626, or Skype at risk.first. And more details of risk and loss control can be found on the Mitchell Sandham blog at https://mitchellsandham.wordpress.com/

CAUTION: This article does not constitute a legal opinion or insurance advice and must not be construed as such. It is important to always consult a registered and truly independent insurance broker and a lawyer who is a member of the Bar or Law Society of the relevant jurisdiction with regard to this material before making any insurance or legal decisions. All material is copyrighted by Mitchell Sandham Inc. and may not be reproduced in any form for commercial purposes without the express written consent of Mitchell Sandham Inc. Anyone seeking to link this document from any external website must receive the consent of Mitchell Sandham Inc. by sending an e-mail to gshields@mitchellsandham.com.


Skip Arbitration, Go Straight to Class Action

April 12, 2011

The Supreme Court of Canada has released a new decision in Seidel v. TELUS Communications, here, that will be followed closely by Canadian class action plaintiff lawyers. If you don’t want to read the whole case, Osler has released a paper, here, by Jennifer Dolman and Matthew Thompson, discussing the decision, some of the SCC precedent cases like Dell v Union des consommateurs, here, and Rogers v Muroff, here, the conflicting precedent, the narrow 5-4 decision and dissenting opinion with the court,  and the impact. The most interesting quote from this article “be prepared for an increased number of claims proceeding to the court system.” Interestingly, this paper makes a specific reference to franchisors and generous interpretation of the Arthur Wishart (Franchise Disclosure) Act, 2000 favouring franchisees.

This Supreme Court decision will put smiles on the faces of plaintiff and defence lawyers, but it will also help identify existing and new risks that must be managed by corporations, their management, directors, shareholders, and their insurers. 

If you still don’t want to read the case or paper, here is my short summary:

Plaintiff (P) entered into a consumer contract for cellular service and later alleged false representation in how the defendant (D) calculated air time for billing. The contract included “private and confidential” mediation and arbitration and waiver of right to commence or participate in a class action. P sought certification of a class action; D was denied its application for a stay on proceedings by the trial judge but Court of Appeal stayed P’s action and sent the case to arbitration. P appealed and The Supreme Court of Canada (SCC) lifted the stay of the class action but only in relation to claims regarding Section 172 of the Business Practices and Consumer Protection Act, S.B.C. 2004, c. 2 (the BPCPA), saying this legislation “should be interpreted generously in favour of consumers”, supporting a “public interest plaintiff” and encouraging “private enforcement in the public interest” through a “well-publicized court action to promote adherence to consumer standards.”

The conflict seems obvious. The SCC suggested they did not negate their decisions in Dell, Rogers and others, which supported arbitration as a means to avoid lawsuits. In par 41 of the decision they explain by suggesting “the outcome turned on the terms of the Quebec legislation” and “contained no provision similar to s. 172 of the BPCPA.”

This court was specifically looking for “public denunciation” and notoriety that could not have been achieved through private and confidential arbitration.

The risk management spin:

If you have used or expect to use arbitration clauses to quash any rebellion by clients, you better hope you are not subject to any legislation where indirect statutory interpretation could suggest that such legislation was “enacted to encourage private enforcement in the public interest” and intended to “shine a spotlight on allegations of shabby corporate conduct.”

Good luck avoiding such legislation, because this case dealt  directly with section 172 of the BPCPA, but cited cases reference the Copyright Act, the Labour Code, the Insurance Act, and others.

Continue to use the arbitration and mediation provisions (as well as “hold-harmless” and “limitation of liability” clauses) in your customer agreements, but also invest in a corporate communication system (CRM) that will help identify and classify customer claims on a real time basis. Also create policies and procedures to deal with individual consumers before they become sufficiently upset to take their complaints to the social networks. Today, versus even two years ago, consumers have exponentially greater ability to reach similarly-minded individuals, and class-action remedy is far more popular. Data-mining in twitter, facebook, myspace, and the broader blog-world is a reality, so use it to your advantage, because it is impossible to determine which complaints will go viral, and no containment strategy can move as fast as a viral complaint.

As for insurance, don’t rely on anything you currently have, unless you have recently “stress-tested” your program for this exact risk exposure.

If the consumer lawsuit names individual directors and officers, the D&O policy might respond to the defence costs of the individuals, excess of the corporate retention (if the corporation is financially and legally able to indemnify the individuals.) But it won’t likely respond to the costs of the corporate entity because a consumer complaint would not be classified as a “securities claim”, which is where most “entity coverage” under a D&O policy can be found. Some private company management liability policies provide entity coverage that is not limited to a securities claim, but the exclusions (which are also hidden in the definition of Loss) typically exclude “fines or penalties”, costs of remedial relief, or any circumstance or situation existing prior to the inception of the policy, and many others.

If a lawsuit of this nature actually gets through the definitions and exclusions in the policy, most D&O and Management Liability policies require that an individual director or officer be continuously named in the case in order for the policy to respond. And the double edge sword to this case is that if the lawsuit is covered by the policy, there is only one policy limit of liability, and exhaustion of that limit based on loss of the corporation entity, could ultimately be to the detriment of individual directors and officers for their downstream personal liability.

The Commercial General Liability policy would not typically respond to claims brought with regards to consumer protection from a consumer contract or agreement because there is no underlying “bodily injury” or “property damage” to trigger the policy.

A Professional Liability policy (aka Errors and Omissions (E&O)) might respond, but there is no standard or regulated wording in this product, so the policy will have to be examined closely. Also, E&O is more commonly purchased in the commercial products industry (where arbitration provisions are more likely to survive), and less often purchased in the retail consumer products industry.

There comments are not meant as fear-mongering. The reality is that the SCC did not allow all of the P’s allegations to go through to private litigation, and the decision is not a certification of a class proceeding. However, whenever a SCC decision goes in favour of an individual P seeking class action status and remedy that includes disgorging of profits, it presents financial and reputational risk exposures that cannot be ignored by any company of any size.

Greg Shields, Partner, Mitchell Sandham Insurance Brokers, 416 862-5626, gshields@mitchellsandham.com  

CAUTION: The information contained in the Mitchell Sandham website or blog does not constitute a legal opinion or insurance advice and must not be construed as such. It is important to always consult a registered insurance broker and a lawyer who is a member of the Bar or Law Society of the relevant jurisdiction with regard to this material before making and insurance or legal decision. All material is copyrighted by Mitchell Sandham Inc. and may not be reproduced in any form for commercial purposes without the express written consent of Mitchell Sandham Inc. Anyone seeking to link this site from any external website must seek the consent of Mitchell Sandham Inc. by sending an e-mail to gshields@mitchellsandham.com.


Value of Communities and other Social Media, and Media / Advertising Risk

October 3, 2010

 

The value of Canadian electronic communities and other social media may be going up soon. The proposed legislation in Bill C-28 – the Fighting Internet and Wireless Spam Act (FISA) – will make some significant changes to the law. It will require consent for any email or text messages. Senders of electronic messages will be required to identify themselves, provide contact information and include an unsubscribe feature. Consent will be required for any software or program installation and the consent feature must first disclose any undesirable functions, including the collection of personal information. The FISA will prohibit alteration of data or the diverting of messages to an unintended destination.

The risks to electronic advertisers and media companies will also increase, because the Office of the Privacy Commissioner (OPC), the CRTC and the Competition Bureau will have new powers to share information and evidence with foreign counterparts to pursue violators outside of Canada, and therefore purse Canadians violating our laws in other countries. Penalties of violation of the FISA can be up to $1 million for individuals and up to $10 million for businesses. The Competition Act will be extended to false or misleading marketing in electronic messages. Certain exceptions within the Personal Information Protection and Electronic Documents Act (PIPEDA) will be restricted. And a private right of action will be extended to consumers and businesses to allow lawsuits for violation of FISA. The suggested damage awards are fierce, including $200 per violation to a maximum of $1 million per day, and actual loss, damages and expenses. And, if the Consumer Protection Act can be brought into play, the  recent Appeals Court decision in Riendeau v. Brault & Martineau (a great description of the risk was presented in an article No Crime, Lots of Punishment, here, available in Mondaq, by Donald Bisson and Shaun Emery Finn, of McCarthy Tetrault, here,) could mean substantial punitive damages, even without compensatory damages, and Class Action exposures. (The insurance aside to this is that many Professional Liability and D&O policies can only be triggered based on ‘compensatory’ damages, and if this portion of potential loss is not triggered then there might be no defence costs available from the policy.) There is a great article by Arnold Ceballos, here, in Lawyers Weekly, here, provides much better description of bill C-28.

The intent of most evolving legislation on electronic communication is to deter spyware, malware, phishing and the other vehicles used for theft of private information, identity or direct money. FISA might not accomplish that on its own, but it looks like it is going to make waves. The promotion on this bill suggests it is focused on ‘criminal spammers’ and that taking the ‘pro-spam’ side could be political suicide. However, I am sure the law of unintended consequences (are they really unintended by everyone?) will apply and the bill could significantly alter the way legitimate businesses operate, and it could very likely increase the current cost and risks of doing business.

When we think of Social Networks, we think of Facebook and Twitter, but there is a universe of ‘electronic communities’. Message boards, interactive blog sites, membership based information providers, are all communities based on ‘opt-in’ or ‘consent’ based interaction, even if some privacy aspects were not fully understood or communicated. If FISA is farther reaching than criminal spamming and has the affect of stopping other legitimate unsolicited contact, opt-in communities might be the only way to legally reach a large audience. However, the use of a community for distribution has risks. If you want to avoid the direct advertising costs to reach the members of a community, you will have to go through the slow and painstaking task of building your own membership within each community by producing content that is attractive to users. Some companies might urge employees to help with this new method of distribution by building their individual social networks to help promote the company. The result is a lack of control and oversight or what is legitimately considered media and advertising activity.

It was not that many years ago that it was impossible for the average person or small company to reach a very large audience with any message. Now, one blog comment, tweet or video can ‘go viral’ and be viewed by millions of people within minutes. A few weeks ago I was sitting in my office, looking South down University, and could see a mass of black smoke billowing from a high-rise. I could not tell which building or the location, so I searched a number of different main-stream media sites, and could not find any information. It took them at least ten minutes to report on the story, but I had already gone to twitter and viewed multiple pictures from different angles, and knew the exact building and location of the fire, all within 60 seconds of seeing the smoke. One tweet about beg-bugs in a movie theatre is seen by millions of people and immediately broadcasted on mainstream media.

Many companies seeking to get that ‘viral’ hit for free corporate publicity will have almost no media experience and have few or no controls regarding copyright (music, art, video, image or print), libel, slander or defamation, and no planned response to a publication crisis. Many will say “there is no bad publicity” or “I will worry about that after I am able to reach 6 million people.” The problem is that electronic media cannot be controlled, it can’t be erased or deleted, and even an effort to mitigate a loss by ‘printing a retraction’ will not have the same affect because there is no chance the retraction will reach the same audience.

We have incredible opportunity to share information and promote ourselves and our businesses, but it does not come without risk. Legislative changes, like the proposed Bill C-28, PIPEDA and many others, might reduce annoying, invasive or even harmful electronic communication; might reduce the current level of disruption of online commerce; might increase consumer confidence and the electronic marketplace; but it won’t do any of this with risk.

Greg Shields, Partner, Mitchell Sandham Insurance Brokers, 416 862-5626, gshields@mitchellsandham.com

CAUTION: The information contained in the Mitchell Sandham website or blog does not constitute a legal opinion or insurance advice and must not be construed as such. It is important to always consult a registered insurance broker and a lawyer who is a member of the Bar or Law Society of the relevant jurisdiction with regard to this material before making any insurance or legal decision. All material is copyrighted by Mitchell Sandham Inc. and may not be reproduced in any form for commercial purposes without the express written consent of Mitchell Sandham Inc. Anyone seeking to link this site from any external website must seek the consent of Mitchell Sandham Inc. by sending an e-mail to gshields@mitchellsandham.com.