Let's talk about compliance management, in this lesson, we're going to spend a good bit of time talking about the distinction between risk management and compliance management, and you may have heard these two terms, and if you have it, you will hear these two terms as your business continues to grow. We want to make sure that you have a good understanding of what risk management is and what overall compliance management is, and I will give some best practices on, on both. First, as a business owner, you should understand that you have a myriad of legal and regulatory risk that threaten your company. These risk include torts and torture, is a very broad umbrella under the law and includes negligence. It includes strict liability, defective products, any type of personal injury or injury to another's property or person or reputation. All of these fall within this broad umbrella of tort law. And you also have crimes, which are statutory, prohibitions on certain conduct that could result in jail time, as well as, as well as fines and for both torts and crimes as an employer, you may be held liable for the torts and crimes of your employees under certain circumstances. So that poses a huge legal and regulatory risk for your company. Now, in addition to this type of legal exposure, you have legal and regulatory risk around complying with certain laws that are on the books, complying with certain regulations, complying with certain contracts and your obligations under certain contracts. If you breach a contract that may result in huge damages for your company or equitable remedies that a court may impose. So, if you add all of this up, you have a big environment of risk and issues that your company must comply with, in order to mitigate or reduce these risks. And that process of trying to bring some order and some sanity to this large set of risk, is what we're going to delve into in this lesson 1st. Let's talk about how, how to think about risk. As a business owner, your job is not to be a lawyer. You don't have to know all the laws and all the regulations. You should have a general understanding of the law, in a general understanding of what regulations apply to your business. But for you, you should really have a good framework in your, in your mind, how to approach risk. When I think about risk, I like to look at kind of two rubrics. One is, the exposure or the consequences that may result from your risk. So, for example, if you're looking at a tort, the exposure, maybe the amount of money that could potentially, you could potentially be held liable for, for in a litigation around the tort or, if it's a strict liability or defective product case, what type of damages may you be facing as a company? That's one end of the spectrum, the other is the likelihood of occurrence. How how likely is it that this thing will happen? If it's a situation where you have employees that are always out there driving on the highway, probably a good chance that the employee may get in the accident and someone may get hurt, right. But if you're, if you are in the business of painting, and your employees or painting houses, there's less of a chance that someone could get hurt on a highway while your employees or painting houses. So the likelihood of occurrence, plus the potential consequences associated with the legal risk, is a good framework to think about how to put risk into perspective. And once you've done that, then you want to think about, okay, how do I, how do I manage these risks? The three general approaches to risk and they largely depend on where, on that scale you put the risk in terms of the consequences in the likelihood of occurrence. One way you can manage to rescue by ignoring them, right? Ignore the risk, accept the risk. This should only be done for risk that have fairly minor consequences right? Like not huge money damages, not huge, likelihood of occurrence, not a situation, where a court may stop your business as a result of this potential, legal exposure. For these types of minor things, you can, you can simply accept the risk or ignore the risk. You can also transfer the risk. You can put the risk into the hands of someone else. This is largely done by insurance. So if you have a huge potential exposure, you can say, you know what, I'm not going to bear that risk, I'm going to take that risk and give it to an insurance company, in exchange for the payment of a premium. And then now that risk is no longer born by you, it is born by the insurance company. And of course, there are all kinds of nuances around insurance agreements and what's covered and what's not covered. But the idea of transferring the rest to a 3rd party, is one way of managing risk, and the other is to mitigate the risk. How do you reduce the incidences of this risk coming back to haunt you? And that's where your compliance management scheme comes into play. So let's talk about compliance management. This is a process by which, you reduce your overall exposure to risk. So risk management, which is the idea of understanding what the risk are and trying to manage those risks, falls within compliance management, because compliance management is not only helping you think about how to, except or, or transfer or mitigate risk that may face the company. But it also puts in processes and procedures to help you mitigate those risks and comply with regulations and laws that exist, so that you don't create more risk for your company. And so, compliance management is a broader construct around preventing risk, and mitigating risk that, that are unknown to your company today. Yeah, so your compliance management program will ensure that you're complying with laws and regulations that exist, that are pertinent, pertinent to the space that your business operates in. That includes having some system for managing complaints from your customers or complaints from your vendors and suppliers. It also involves having regular audits, when you check your internal processes and procedures to ensure that you're up to speed on the latest regulations, up to speed on the latest laws, you are responding effectively to customer and vendor and supplier complaints. If you get this right, if you have a very robust compliance management program, this actually can be a competitive advantage for your company, because all companies have have to go through the same thing. They have to find a way to manage risk, and also manage their ability to comply with the large body of laws and regulations that exist in various spaces. So, if you can get this right, you can actually create a competitive advantage for your company. You can mitigate the amount of legal exposure your company has, and you can get your employees and your directors and your officers focus on growing your company. So in terms of something and best practices, the first thing you want to do at your company is established, a company wide code of ethics. This is so that everyone from top to bottom from the Ceo and the border directors all the way down to the last employee you hire, they know what the company stands for, how employees and those associated with the company are to carry themselves, when they're engaging in activity on behalf of the company. This code of ethics is very important in terms of setting the tone for what's allowed, what isn't allowed and what occurs when someone steps outside of the framework that the company has decided, employees should live with them. Secondly, competition is good. And as a new business owner, your job will be to compete very hard, in order to establish your business and to grow your business. But as you compete hard, you want to compete fairly. Don't get into bad practices, where you're cutting corners or where you're trying to disparage your competitors or you're trying to otherwise do things that are less than upright, compete fairly, whenever you get off of that path and you're not competing fairly. You run the risk of running afoul certain regulations around fair trade practices and around competition at any trust. And so, if you keep that kind of general framework in mind that you're going to, you're going to compete hard but compete fairly. You'll save yourself a lot of headache later on. Also as part of your compliance management program, you want to educate your top management and your employees on the relevant laws and regulations. Once you get establishing your business, you may even farm this out to an outside consultant that comes in and regularly updates your management and your employees on the regulations and laws that are pertinent to your business. You also want to in some way, and, and working with a lawyer can, can make this possible, but you want to clearly define the scope of employment for your employees. You want to have it in your employee handbook, your employee manual, wherever it is most useful for your business. But you want to have a very clear definition of what the scope of employment is. And that's because, if your employees are engaging in conduct that's outside of the scope of employment, you don't want that conduct to be attributable to your business. That's one way to help mitigate potential legal exposure, is to ensure that, you know what is the scope of employment. Your employees know what the scope of employment is. And you have some document that you can point to, if you end up in a lawsuit or a litigation where it's being alleged that an employee committed a tort or committed a crime that's being attributed to you. And that employee at the time was acting outside of the scope of this very clearly defined scope of employment. And then finally, as part of your compliance management program, you want to prepare for problems they'll come up. There's always going to be some legal issue that your company is going to have to face, and the best way to be successful in those types of, when those legal issues come up is to prepare for them early. So get legal counsel, get legal counsel to help you walk through a compliance management program to best, situate your company for potential issues, that may arise in the future. If you do this, then you will at least have a head start on, not just managing risk but having a very comprehensive, and overall compliance management program.
