Close

(704) 728-7232 info@techassure.com

Archive for month: September, 2013

by

Technology Industry, Global Regulations and Effective Board Governance

The global economic crisis has imposed higher risks and challenges for board governance.

Boards of technology companies have significant challenges.  Often times they have incomplete management teams, inexperienced founders, lack of resources and more.  In the TechAssure Association annual risk report, we cite that global regulations also impact the effectiveness of board governance.

During the second set of meetings during the Global Strategic Leadership Forum in Atlanta, the World Affairs Council stated that contemporary global companies face more intense governance issues than ever before. Their determinations have led to discussion on how globalization has called on companies to re-examine their risk management strategy in order to successfully adapt to the complicated matrix of the regulatory environment.

The World Affairs Council stresses the fact that the board should re-evaluate governance strategies to include not only profitability and growth, but escalating risks due to the overly complicated regulatory processes they face in the U.S. and other sovereign nations. Unfortunately, government intervention in company dealings can come suddenly and unexpectedly. Rules and regulations across the globe can be conflicting which makes the governance of an international board even more complex; diluting the potency of solid governance strategy.

Regulatory laws such as the Foreign Corrupt Practices Act, the UK’s United Kingdom Bribery Law, and the Dodd-Frank Legislation have had a major impact on internationalized business board governance. Conflicting global legislation can have major consequences for international technology companies. Even if an infraction occurs in a small jurisdiction and is committed by one employee, the board must be informed so that they may take action to avoid catastrophic damage to a firm’s finances and reputation. 

These regulations have increased risks to firms to the technology industry.  A strong board which implements a versatile board governance strategy is the only way in which a company in today’s market can survive and flourish globally. Consistent risk audits must be performed regularly and CEOs and board members must remain vigilant; reassessing strategies and making adjustments which correspond with audit results.  

Board members and officers are faced with increasing personal risk in an ever changing global regulatory environment. Working with a TechAssure Association member can help your board stay protected and help your firm develop a broad global risk management strategy in a rapidly changing world.  Please contact us for more information.

by

5 Basic Steps to Get Started in Enterprise Risk Management

If you are an innovative firm, then managing risk is an essential part of doing business. There are no standard enterprise risk management (ERM) plans that fit every technology firm. Each innovative firm is different and an Enterprise Risk Management program has to be designed to fit the specific needs on an individual business.

But there are five basic steps that a technology firm can take when starting their Enterprise Risk Management program. The ERM program should reflect the company’s culture and particular structure.

1. Personnel – The first step to developing an effective ERM plan is to involve key company personal. A team has to be assembled that will be responsible for overseeing the creation of the ERM plan as well as its implementation. Who are the key people in your organization that will be involved in establishing your enterprise risk management program?

2. Preparation – ERM preparation requires a realistic approach. By now you should have taken the basic steps to identify the critical risks that your organization faces. The next step will be to better determine your level of acceptable risk retention. Implementing an ERM program can help you broaden your scope of methods for managing those risks.

3. Documentation – The research involved with creating a company’s ERM plan needs to be thoroughly documented. This may involve interviewing key managers as well as conducting risk surveys and more. Sharing such documents among key personal can provide valuable ideas and provide resolutions for better managing those risks. The ERM plan should now be put together and reviewed. But keep in mind, an ERM program is always a working document. As your organization grows and changes, your ERM program will need to adjust.

4. Implementation – Once the ERM plan is created and passes the approval process, it is time to put it into place. All people involved with the ERM plan must be know their responsibilities. The plan needs to have event identification, risk impact response as well as defined actions that will be taken. An ERM plan without any implementation is not helpful in moving your organization to a higher level.

5. Monitor – Once an ERM plan has been created and put in place, it’s important it also be supervised. This can involve periodic audits, reviews, assessments and more. Effective supervision might also involve third parties to make certain the ERM plan is current and meeting all designated goals. Regular ERM monitoring will need to be done for the long term.

It’s important for companies in the technology and life sciences industries to manage all of their organizational risks. To do this properly may require getting assistance from industry experts. The members of TechAssure Association have the knowledge and experience necessary to provide expert advice for effective risk management. Contact us today to learn more.

by

Life Science: Managing Risk throughout the Regulatory Process

Medical device product development is both a complex and highly difficult process. The developer must have a vision of the desired outcome before they conduct research, development and marketing of the product and begin regulatory compliance.

Because of their nature of use, regulation and approval of the product must be met before the product’s release. The FDA’s regulation process can include a number of production “kinks” at first. The public’s safety is the FDA’s number one concern and the efficacy of the device is the second. An approval process can include an evaluation of potential risk, manufacturing processes, potential harm the device may cause, pre-market evaluation and approval, and post market evaluation. The FDA will then classify the product as a Tier I, II, or III. The device then must be put through the IDE and IRB processes. The Investigation Device Exemption allows the device developer to test the unreleased product by using it as it has been intended. The data from this test will then reveal important information which will be evaluated by a review board before entering clinical trials.

After the review board sets up a comparable clinical testing environment, the trials can then begin. The clinical trial process is divided into two sets, pivotal and pilot. The pilot phase is less stringent, testing the basic safety of use of the product. The pilot phase sets the stage for the pivotal trials which use a larger group of testers with a more extensive type of safety testing and use testing.  After the product passes these regulatory phases mass development can begin.

Product launches are a key milestone and require a great deal of risk management strategy for success.  It is important to work with an insurance and risk management firm that is knowledgeable about the life sciences industry and understands how to make risk control an important component of your overall program.  Working with a TechAssure Association member can help your firm stay protected through the rigorous regulatory process of medical device development and a new device launch.  

Please contact us to learn more about developing a comprehensive insurance and risk management program for your product development and launches.

by

Securities Class Action Lawsuits Against Life Science Firms on the Rise

.

Executive liability is a large threat for all sizes of technology and life science firms.  In addition to litigation damages and expenses, companies face distractions, and loss of corporate opportunities.  Although a comprehensive executive liability insurance policy will go a long way towards reducing the exposures, they face greater exposures if they have no risk control practices in place.

Reviewing the Claims Data

Upon the release of this year’s Dechert Survey of Securities Fraud Class Action Lawsuits, many Life Science firms have been forced to take a closer look at their risk avoidance strategies. The Survey showed that securities class action lawsuits against life science firms have continued to rise steadily since 2011. 

The survey showed that in 2012, 27 pharmaceutical, bio-technical, and medical companies faced security suits. This number represents over 18% of all securities suits filed during the year of 2012. During the year of 2011 only 17 companies experienced securities suits, reflecting a total of 9% of total securities claims. This information shows that from 2011-2012, securities claims nearly doubled.  Unfortunately, small cap Life Science firms continue to be targets for suits. Those with market caps under $250 million made up 50% of all claims against Life Science firms. In comparison, the survey showed in 2011 these firms accounted for 58% of total claims. 

Over 43% of the total claims dealt with misrepresentations of products and product safety.  In addition, insider trading still appears to be a common part of most of the complaints that are filed.  It is important to develop a comprehensive Directors and Officers Liability program that includes a solid risk control program. Smaller companies must be especially vigilant as the studies show they are at the highest risk.

Directors and Officers Liability and Risk Control

D&O insurance is designed to protect against claims made against them while serving on a board of directors or as an officer.  These policies are written on a claims-made basis, usually contain no duty to defend policy language and the scope of the coverage, pricing and underwriting criteria can vary. 

When a Life Science firm includes risk control into their comprehensive D&O program they can do a lot to reduce the threat of D&O claims.  D&O loss control programs specifically tailored to their company Includes risk control in areas of securities trading, antitrust compliance, financial integrity, managing conflicts of interests, bribes and kickbacks, board appointments and behavior, misappropriation of corporate assets and confidentiality. The goal of any D&O loss prevention program is to sensitize the company’s executives to exposures and place policies and procedures to minimize the exposures.

Working with a TechAssure Association member can help you develop a comprehensive D&O program.  A TechAssure member will help you customize an insurance plan, which will work seamlessly with your risk control strategy.  Please contact us for more information on how a TechAssure member can help your firm.

 Source: http://www.dechert.com/Dechert_Survey_of_Securities_Fraud_Class_Actions_Brought_Against_US_Life_Sciences_Companies_03-20-2013/

by

Filing for a Public Offering? 5 Tips to Prepare for Public Company Status

A successful Initial Public Offering offers a sense of pride for a firm. Watching your publicly traded company’s symbol flash across the ticker is an elevating experience. But what additional risks does your company face after an IPO?

Changing from a private to public company status will have additional risks that your organization may need to be aware of and it is important to develop a solid risk management strategy that can help your company adapt successfully after an IPO.

Accountability and scrutiny must be taken into account after a company goes public. The amount of exposure involved with an IPO is enormous and senior management must adjust to their new risk profile.

A successful IPO extends your reach from initial investor interest to public stakeholders. Investors and stakeholders must feel confident in your strategic plan and your ability to manage a wide range of risks. In addition, those firms experienced in turning risk into opportunity will be rewarded. Remember your company is now comprised of public as well as private funding and with great power comes great responsibility. Sound strategies for nurturing investor and stakeholder confidence are essential for an IPO’s success.

Here are 5 tips on transitioning your risk management program, as you move from private to public company status.

  1. Start from the top: Your board needs to be in position for successful development of a risk management strategy. Encourage your CFO and your CRO to work in conjunction. Compliance between these positions will successfully build the necessary framework for risk avoidance. This in turn, will set the pace for senior management strategy planning.
  2. Set the stage for effective and robust board governance: Your board governance will need to adapt to your new planning techniques. Since investors are watching more closely, it is time for your board to shine. Make sure you have key players in place that have versatile talents which will enhance rich governance techniques.
  3. No alarms and no surprises: The public market hates surprises. Surprising your investors can cause alarm which will affect confidence. New ideas and strategies should be carefully vetted. This will ensure that new product launches goes smoothly. Make a practice of including risk management in all of your core business unit discussions.
  4. Stay ahead of regulation: Regulations are constantly impacting the market. After an IPO — stay ahead of the curve as much as possible. Keep you investors informed about these changes and share your plans for compliance. This lets investors know your board is effectively keeping your firm on track.
  5. Stop watching everyone else: During the immediate period after an IPO, focus on understanding your unique risk profile and building mitigation strategies to manage the risks. This will provide a solid platform for discussing “risk” with public shareholders.

Adjusting your insurance and risk management program as your firm goes from private to public is important. Contact a TechAssure Association member to learn more about the support they can provide as your build your risk management program.

by

Corporate Risks and Cyber Criminals Lurking in the Cloud

Most of us are already aware of the benefits of cloud computing. But what many don’t realize is that cyber criminals are also harnessing the power of the cloud to gain unauthorized access to sensitive data.

Phishing scheme artists, for one, have learned to utilize the redundancy, scalability, and automation powers of the cloud to gain illegal access to bank accounts. This is easily accomplished by procuring cloud services through a website with an approved, though likely stolen credit card. This sets the stage for criminals to work their craft anonymously and make them even harder to catch.

What are the risks of cloud computing to a corporation?

There are many risks that a company faces from the use of cloud computing. Some of the major risks include disputes over ownership of data, records and assets. Risks can also include lost data, unavailability of information and malicious attacks. In addition, risks from shared access, authentication and authorization are broad.

Will a Commercial General Liability respond to data breaches or cloud computing risks?

No, your Commercial General Liability will not respond to claims that arise from data breaches or activities in the cloud. In order to protect against those types of risks, a company should consider the benefits of purchasing a cyberliability policy that is designed around your unique risks.

What can a company do to prevent these types of security breaches to your network?

The good news is that cloud providers are more diligent than ever in detecting unusual patterns of activity as they monitor how customers utilize the service. One very effective measure is the deployment of a dedicated antifraud team trained to recognize illicit activity from the start, such as the detection of a stolen credit card to procure cloud services. However, this does not mean you should relax your own security measures. Whether your data sits on another server, or is in the cloud, it is your corporate asset and you should take appropriate steps to protect that risk. Companies should be on the lookout for any security loopholes that allow easy access from unauthorized parties.

Working with a member of TechAssure Association can provide your organization with a range of insurance and risk management tools to help you manage your risks in the cloud. Contact a TechAssure Association member for more information on risk management services that can protect your corporate assets.