Health Care Compliance Toolkit

Health Care Compliance Program Explainer

Download Now

Explore the Content Library

Explore various legal topics via resources from University of Pittsburgh School of Law faculty and staff. These resources give you a taste of what you’ll learn as a student in the Online Master of Studies in Law and Certificate programs from Pitt Law.


Health Care Compliance Toolkit

Health Care Compliance Program Explainer

The delivery of health care in the U.S. is complex and expensive. A compliance program is a system designed to ensure that organizations, their employees, and their agents are following applicable laws and regulations designed to reduce healthcare costs and improve health care quality by reducing fraud, abuse, and waste. Download this guide to learn more about the essential elements of a compliance and ethics program.

Download Now

On-Demand Videos

0:00 / 0:00
Video Companion

Video Transcript

Marily Nixon:
Okay. So let's get started. I think some more people will be joining us as we go along, and that'll be great.

Welcome everyone to this information session on the University of Pittsburgh's Online Master of Studies in Law program. I'm Marily Nixon. I direct the program. I am a professor of practice at University of Pittsburgh, where I teach primarily in the property law area and also environmental law in the online MSL program. I also created torts and property, and I actively teach the property course. So I direct the program, but I'm very deeply involved in it on a day-to-day basis. And I have two wonderful people associated with our program who are here to speak to you today along with me. The first is Jackie Belczyk, professor of practice, who teaches the American Legal Systems course, which is the first course and a very, very popular course in our series. And the other is Greg Griffith, who is one of our most successful students, who can tell you what the experience is like and give you some tips on how to do well in a program like this. Jackie, if you wouldn't mind introducing yourself and then Greg, that would be great.

Jackie Belczyk:
Of course. Hello. My name is Jackie Belczyk. As Marily said, I am a professor of practice at the University of Pittsburgh School of Law, and I have been teaching in the MSL program for about eight years at this point. I teach the introductory course in this program. It's the American Legal Systems course, and I'll be talking a little bit more about what that entails as we go through. And then that's part of my job at Pitt Law. My other job is the executive editor of JURIST, which is a legal news and research website at that covers all kinds of legal current events.

Marily Nixon:
Thank you, Jackie. Greg, would you tell us about yourself, please?

Greg Griffith:
Sure. Thanks, Marily. My name is Greg Griffith. I am a suicide prevention program implementation specialist here at the University of Pittsburgh. I work in the School of Pharmacy. What I do is applied suicide prevention research for veterans of the Armed Forces of the US. I'm also a Navy veteran myself. I've got a kid, a small kiddo. Her name is Lolly. She's 12 going on 22. She pretty much runs my life. And I have been working in this role for three and a half years. And during that period, I went through the MSL program and graduated. So I'm excited to be here to answer questions and talk a little bit about the program.

Marily Nixon:
Great. Thank you, Greg. And I'm glad you mentioned your daughter because lots of our students have jobs, families, kids, homes, all kinds of things they're juggling. So I think you'll be a really great source of information about how to best handle that kind of a challenge. So just a couple of administrative things. First, we will be just conversing for maybe 30 minutes or so, about a half an hour. And then we would love to answer questions from the audience. And the way we'll do that is if you can put your questions in the chat, if you look down at the bottom of your screen, right in the middle of it, there's a chat button. You can drop a question in there. You could do it any time during our conversation, and we will pick them up at the end of the conversation and answer them then. But sometimes it's easier to just do it now, get it in there, and then just listen.

Marily Nixon:
So let's see. I want to say I think we're... I think that's it administratively. So here's what we're gonna cover in the program. First, I'm gonna tell you what our online Master of Study in Law program is, then we'll talk specifically about things like curriculum, what it's like to be in an online classroom, what you do with your MSL, what it's like to apply to Pitt Law, and some advice for that, and then we'll do our Q&A. First, I wanted to start by just letting you know the Online Master of Studies in Law program is a 30-credit, two-year series of courses that will give you a master's degree when you complete it. And the way it's broken down is one year of core courses, and I think Professor Belczyk will probably help us to understand a little bit more about what these core courses are. And then you choose a specialization for the other year of courses.

Marily Nixon:
So it's a two-year degree, it's online, asynchronously primarily, so that you can complete the work in your own time week by week. We ask you to keep up week by week, but we have some aspects of the program too, that give you a real connection with your classmates, your cohort going through and also with your professors. So we'll talk about that as we go on. So let's start talking about, first, just we'd like to hear from you, Professor Belczyk, what inspired you to get involved in studying master's degree students and ultimately to get involved in the online MSL program?

Jackie Belczyk:
Yeah, of course. So when I started teaching in Pitt Law's MSL program, it was a fully in-person program, and I took over the introductory course from another Pitt Law professor. She had actually been my legal writing instructor when I was a law student at Pitt Law. And then I began working at Pitt Law for JURIST and she approached me when she was getting closer to retirement to see if I would be interested in taking over teaching the introductory MSL course, and I was really excited to do that, something different and it's a lot of fun. I like working with MSL students. That's something I don't get to do every day in my job, mainly working with JD students, and I like working with MSL students because they bring such a range of backgrounds and experience to the program. So I was teaching this course in-person for a number of years, and I was really excited when we launched the online program, because that gives so many more people an opportunity to take part in this just very exciting program that I think applies across so many fields.

Marily Nixon:
Yeah, thank you for that. And we'll talk in a little bit about how the study can help you in different fields, 'cause I think that's a big question people have considering going into it. But I think we'll just take a minute and I'm gonna ask you the flip side of that question, Greg, what inspired you to take on the MSL program and what has it done for you in your career and in your studies?

Greg Griffith:
Sure. Yeah. So as a full-time worker, I needed to think through what my strategy for school would be. I thought maybe about applying for law school but then I work in a field where I'm doing a lot of work in policy and so I wanted a real good understanding of the law to generally just advance my career, my skills, to give me a better understanding of legal and policy in general, that legal arena and policy around it, and how it related to my everyday work. So I sort of started looking to find programs that might help me get in that direction and found the MSL program, and just thought it would be an awesome opportunity to do exactly what I wanted to do, continue to work and go to school at the same time. So I really thought it would be the perfect fit for me to have a hybrid or online opportunity to go back to school and get that master's degree and keep doing the work I do. So that sort of was the pivot for me, the push for me was because it was the MSL and because it was online, I really thought it would be the best approach. I work a lot. I spent a lot of time on the road. And so I don't have real opportunities to sit down in class and get work done that way. So yeah, the flexibility of hybrid specifically of remote in this case was important for me.

Marily Nixon:
Yeah, yeah, that's great. And how has the degree affected your career, if at all, your further studies?

Greg Griffith:
Yeah. It really has been impactful. I think a lot of us, we think we have these particular skills when we start doing things. I came into this program thinking I was a great writer, and I think I am a great writer, but what I gained from this program was a better understanding of how to write in a way that to write legally, how to understand the ways that lawyers communicate, that lawmakers communicate and how to write in very concise ways that sort of frame the message appropriately, get the point across in as few words as possible.

So that was huge, and I think that really paid off for me. Immediately after I graduated, I got a pretty quick promotion, a significant dollar amount promotion, but also a promotion in my position and frankly, I think, having graduated from this program paid a big part in that because what I did was I got the opportunity to really show off my writing skills from this program, my ability to frame conversations for policymakers and things of that nature. So yeah, that was a big deal for me, a big help. And then of course I applied for a doctoral program and I'm now in that doctoral program. I got into the program pretty quickly and have already started working my way through it, so yeah.

Marily Nixon:
Yeah, that's really great to hear. Really, really happy that it's worked so well for you. And something that you said makes me want to turn back to Professor Belczyk, to Jackie. You talked about legal writing, right? And I think it's no secret that writing is a really core skill of lawyers writing and analyzing. And Jackie teaches the course that really kicks off the whole series and really starts students to understanding how we write, how we think as lawyers. So Jackie, would you mind just talking about that a little bit and maybe a little bit more about the rest of the curriculum that online MSL students still follow?

Jackie Belczyk:
Yeah, of course. So the American Legal Systems course that I teach really lays the foundation for the rest of the courses that you would be doing in the program. And we start out with the basics like covering the US legal system and what are the different levels of courts and what do we mean by state courts versus federal courts and all that stuff that maybe you learned in middle school civics and then haven't really given much thought to since then but will be important as you start to study the law. So we go over all of that and then focus on how to read cases. That's really how law school is set up. You don't just sort of read doctrinal information as you might do in other programs. Primarily you learn the law through reading court's decisions, through reading cases.

So we go over how to best approach those, how to read a case, how to pull out the main idea and the rule of law from a case. We go over how to take ideas from multiple sources like cases and statutes and synthesize that into something you can use to apply to a new set of facts. And we do a writing assignment in the course that really gives you an opportunity to use all of those skills where you are reading cases and synthesizing information, and then using that to sort of predict the outcome and a new set of facts. And through all that, I think you're really getting set up in a good position to be able to get through the rest of the program. From there, you take several other courses. There is a private law course that comes after my course, which covers topics like property, tort law and just how the law governs relationships between individuals or individuals and entities. You take a public law course after that which covers things like criminal law, constitutional law, basically how the law governs interactions between individuals and the government. And from there, it's a business law course after that and then of course, whatever specialization you're going to goes on from there.

Marily Nixon:
Great. Yeah, thank you. And so we've gone through the courses. So Greg, I'm gonna ask you a tough question. Other than Professor Belczyk's course, other than Jackie's course, what course do you remember most from your studies? Or did you get the most out of, do you think?

Greg Griffith:
I mean, I got a ton out of Jackie's courses, by the way. But the whole program for me felt impactful, but I really am especially interested in public law, but specifically statues and regulations as they sort of relate to and interplay with common law. I spend a lot of time in that arena, and so I really needed to get a good understanding of that. Like I said, the entire program helped me build out the framework for better understanding that. But if I'm really thinking through what I use most from and often go back to in the coursework, it's gonna be that.

Marily Nixon:

Greg Griffith:

Marily Nixon:
So it's interesting that you mentioned that as you start this series with Professor Belczyk's course on American Legal System, which is a lot of case law interpretation, not only, but a lot of it, and then you end it with legislation and regulation, which is I think what you're primarily talking about, Greg, and that's how do you read and interpret a statute and which is a written law, right? Not a judge made law, but a statute written by the legislature. So I'm glad to hear you say that. It's a challenging course. It's a very substantive course and I think it's valuable, so I'm glad to hear. We hoped it would be valuable when we created it. It's good to hear that you're finding that value. That's great. So I guess I wanted to move on and just talk about the online experience. Greg, maybe we'd start with you. What was it like for you? What worked best for you? What were challenges for you in the online experience?

Greg Griffith:
I mean, it was great as a working professional. Like I said before, I spend a lot of time on the road. During lockdown though, I didn't go out as much, but I'll tell you that during lockdown, being able to get all of my coursework done online was fantastic. I think it helped keep me sane frankly during lockdown to know that I had these benchmarks I had to meet, these courses I had to complete, and this work that I could just jump on my computer and get done. So that was definitely beneficial. But when I started to go back out on the road, I might be in a hotel somewhere, wherever I was.

It depends on where I was at that time, but I could log on and get my coursework done. I could read and write and just be busy. And I never felt like I was gonna lose out because I didn't get to a class. It was all there for me online. So I really liked working in a Canvas. I think the interactive sort of ability in Canvas was very beneficial to be able to talk back and forth with my professors or message them or have communication with students. And then really the thing that benefited me the most, the thing that I really, really appreciated was having office hours, being able to sit down and talk back and forth with the professor and students during the office hours. That was awesome. That was great. It really worked out for me.

Marily Nixon:
And I'm here to tell everybody that Greg Griffith was in my property class, and he came to office hours, and he had great questions. And we really had interesting conversations that went deeper and broader than maybe I expected. So I have to say it really is great for the professor when students are as engaged and then they're thinking as broadly about the subject matter. So I think that's probably part of why you were so successful, Greg, 'cause you were that engaged, and we'd love to see that. Jackie, do you want to talk a little bit about the... So we're online, we're asynchronous, we're not... But the professors aren't sort of absent, right? The professors are very much involved, and Greg has talked about a couple of things that professors do and students do to connect with each other. Could you maybe fill in some of the other things?

Jackie Belczyk:
Yeah, absolutely. I actually did an online master's degree myself that I finished in 2020 in Pitts Graduate School of Public and International Affairs. And in some of those online courses, I felt very much like I was just kind of putting my work into a vacuum every week and nothing came back to me. And so I really want to make my course not like that at all. And so I'm a real person who is directing the course. I designed the course, I created the videos, so you're watching me give short lecture videos. I chose all of the readings and assignments that you're doing, and I give regular feedback. We have a discussion board that actually feels like robust conversation between students, not just sort of that static, okay, I was required to post something on the discussion board every week, so I did, but I start to see students really connecting with each other, people with similar sort of work backgrounds who are connecting and people who come from very different spheres connecting with each other.

So every week, I look forward to reading what's on the discussion board and seeing how students are engaging with each other. We do one sort of small group project in my course to give you a chance to actually connect with your fellow students. And I've gotten a lot of positive feedback on that. Students really appreciated the opportunity to get to chat with each other and come up with something together. So yeah, we really want to make this a dynamic and interesting course experience for you. It's set up with weekly modules and you get to do it on your own time. So if you're somebody who's gonna get everything done at the beginning of each week, that's great. If you've got some time at the end of the week, you're able to do it then, but you're always gonna feel like you're part of a course and that you're getting something back out from what you've put in.

Marily Nixon:
Thank you for that. I'm curious about, you mentioned the opportunity for students to build community with one another. Greg or either one of you, what other kinds of things either did you do, Greg, or experiences you have forming a community with our students? Or Jackie, are you aware of that students do in order to support one another?

Greg Griffith:
I think just the format of Canvas itself is really great for that. I mean, it does afford the opportunity to talk back to each other based on comments that we make. Whenever we post a comment, someone can respond. We had some situations where those responses sort of generated good conversation. I have a couple of people that I went through the program with that I still communicate with because I think we sort of just developed this real interest in the areas that we were studying together. So that, and then of course, like I said before, the office hours. I mean, the office hours were students and the professor, so we got to talk to each other regularly each week. And then occasionally, depending on the professor, there was an opportunity to do more than one office hour. I think I recall that happening more than once. So it's not... We're not... We don't... It didn't feel like I was disconnected from my classmates, and I didn't feel disconnected at all from my professors because yeah, if I wanted to talk to a classmate, I could email them through Canvas or if I wanted to talk to the professor, the same thing could occur there, so good connection that way.

Marily Nixon:
Yeah. And I typically host one-on-one Zoom meetings with all of my students at least once during the semester primarily to give them some feedback on a writing assignment, but it also just gives us an opportunity to connect. And we start off my course with every student recording a short introductory video. So kind of like the experience if you were in a classroom together and everybody would go around the room and introduce themselves, we do the short introductory videos which gives people a great opportunity to just start to get to know each other a little bit and say, "Oh hey, you work in a similar field." Or "Oh, I also have three dogs and a cat." And just to find different levels of common ground.

That's great. I know that students often will find one another, as it sounds like Greg did, either they have similar interests or they're working on a particular part of the questions, whatever. And so they do... I know they get together by email. Sometimes they all come to office hours every single time. Some students don't come to office hours at all. They don't need it; they don't want to do it. But I do get a sense that students are finding ways to connect and that we try to support that. So it was great to hear that that's happening. So a sort of philosophical question I guess about sort of beyond the MSL. So how does this program... How does it... How has it been adapted? And Jackie, you've been involved with it, the initial class and the in-person MSL and we still have the in-person MSL at Pitt law, but how has this program evolved over time to meet the needs of the legal profession?

Jackie Belczyk:
I think in my course we focus even more on some of the technology, how to conduct legal research in an online environment? When I started teaching the course and it was just an in-person, and actually had the students all go upstairs to the library and take a tour of the library and learn about how they could find stuff in books. And it's still great information. And if you're ever in Pittsburgh and you want to stop in the Pitt Law library, there's all kinds of great resources there. But obviously we're not doing that in an online program. So we're talking about other ways that you can conduct online research and tools that you can use more easily in that type of environment.

Marily Nixon:
Okay, great. So I'd like to move on to applying to Pitt Law and I know that Greg has had a direct experience applying and Jackie and I get to review applications which is great. So I guess I would just throw it open to what advice do you have for someone who's considering applying to the program? Greg, you want to start?

Greg Griffith:
Sure. Yeah. I think that essay made a big difference for me. I really... Like I said, I thought a lot about what I wanted to do in the program, so I was able to really think through what I would say in my essay and just be ready for that. I think know what you're trying to do with this program, why are you taking the opportunity to do the MSL and prepare for the coursework. But yeah, just do well on the essay, write a good essay. Think about who you are, what you're trying to do. I think that's where I was with this process, really thought through that.

Marily Nixon:
Yeah, I agree. That can be a really powerful part of an application because it does tell us at Pitt Law who you are, why you want to do this thing. How about you, Jackie? Do you have any thoughts to add to that?

Jackie Belczyk:
Yeah, I would kind of say the same thing. As a member of the admissions committee reviewing applications, I always scroll down to that personal statement first because I want to see well, why do you want to be involved in this program and how do you envision it sort of helping you along whatever your career trajectory is. So that's always important to me to take a look at. And of course, I'm also gonna look at your resume and transcript and everything else, but really, I think put the most stock into that personal statement.

Marily Nixon:
Yeah, I think sometimes it can feel like when you apply to programs, you're writing. In our case, it's a fairly short personal statement requirement. You can write longer if you want but it's really just to give us a sense of who you are and why do you think this program is a fit for you so that we can be sure that we think it's a fit for you as well. But we really do focus on that, and it really helps us to understand people, so I just really want to underline that. Good. So I don't have further questions. Anything else that, Jackie or Greg, that you think we want to address before we throw this open to questions and answers?

Greg Griffith:
I would say... I'll add one last thing. I think as a Pitt Law School alumni, I really appreciate the benefits that I'm getting now as someone who went through the program. I do get invitations to some of the functions on campus, I get to go to see some amazing speakers in the moots court there on campus. I just think it's a good benefit to be able to say that you went through this program and now you are an alumni of Pitt Law and you have... You hear from some really famous people sometimes sending you stuff in your emails talking about things that you can do on campus and with Pitt Law. So it's good for me. I like it.

Marily Nixon:
Yeah. Our graduates walk in the law school graduation ceremony, which is pretty inspiring, I think. And we had a student, one of our online students come last weekend for graduation from out of town because it meant so much to her to be there. So she and her sister came and spent the weekend in Pittsburgh, 'cause of course a lot of our students are from other places, and I thought that was really exciting. So yeah, absolutely. The campus is yours; the law school is yours. If you are a part of our program, you are a Pitt Law student, and so all those resources are available to you. And so I think it's great when people take advantage of it.

Okay. So I think for now, I'll just close this part of the info session and we'll start doing some questions and answers. And I see we have a few in the queue. So the first is, "Is the application process the same for returning students?" This is for someone who completed the healthcare compliance graduate certificate program. So yes and no is the answer to that. It's a fairly painless application process and there are certain things we can carry over. I think we can carry over your transcripts. Maybe Jackie remembers better than I do, but is it just the transcripts? We may be able to carry over the personal statement. Do you remember more specifics than that, Jackie?

Jackie Belczyk:
No, I'm not sure what is the same or different about the process, but certainly when I see that someone has already successfully gotten through the certificate program, that's always a good sign for me that they're going to be successful in the rest of the online MSL program.

Marily Nixon:
Great. I would second that. Okay. Another question. "As a current human resources practitioner who is employee relations, do you have a high number of graduates who have completed the MSL with a specialization in human resources law? What do they share that they've leveraged from the program itself to advance their careers? Also, does the program provide network opportunities for those who work in the human resources field?" so yes, we've have had numerous graduates who've done the online MSL and human resources. The online MSL program is three years old now, or we're finishing our third year. Finishing our third year? Finishing our third year. No, we're starting our third year. We're starting our third year. It's our fourth cohort of students 'cause we start in January, and we start in August. But so we're a very new program so we don't have a ton of graduates.

We have a good number, but it's not as many as you would have if you looked at the in-person MSL over the years. But yes, we've had grads who combine those two, and what we hear from them is that it's very helpful to understand first of all how to read the law and second of all, again, it's the cases. So I think they take a lot of that, a lot of knowledge tuned to their jobs and also contracts is really valuable in particular for that group of people. So that's what we hear about most from them. Do we provide networking opportunities? We do. And in fact we have started to have programs online where we do sort of continuing legal education/getting to know people programs. So yes, we do some of those and we'll continue to be doing some of those.

Question, let's see. "Having already completed the certificate program... " Oh wait, the same person, "Would I only have to complete the core courses for the MSL?" Yes, yes, that was all you would have to do, the one-year series of MSL courses, the core courses. What else? "I was accepted and need to defer." Okay, okay, okay. So someone has a question, a specific question about financial aid and what I would like to do is connect you with someone from our staff and we will be contacting everybody after this presentation so that you'll have an opportunity to talk directly to a staff person who could help you with that specific question. "How many times a year does a new MSL class begin?" We start in January and August every year, so two cohorts a year.

Someone is, "For someone who has been a paralegal for 20 years and has an MBA, would you recommend the MSL or the certificate in corporate compliance for someone who wishes to move into a chief compliance officer position?" Well, first of all, I definitely recommend the corporate compliance certificate for your specific situation. Whether you complete the entire degree or not is really a judgment call on your part. The MSL includes the core courses, are these really foundational courses that really challenge you to think about the building block areas of law in a little bit of a deeper way. Then you might... If you're taking just a certificate, we just have more time to do it, and that is our focus. And also of course you get the degree, so if you just take a certificate, you don't get the degree. Those are the two things to think about, how much does that degree matter and how much does it mean to me to get a sort of deeper dive into these foundational concepts? And I guess I'd like to ask Greg, if you have thoughts on this. Since you complete the degree, what do you think about certificate versus degree?

Greg Griffith:
So I had not had a master's degree before, so it mattered to me that I went ahead and got the master's because my goal was in addition to having the master's to move on to a doctoral program, so that mattered. But in this case, the individual here has an MBA. I sort of concur with the idea that the certificate is really a solid graduate certificate if you're not looking to get that second masters. But the coursework is only what? A year more. Just from my perspective, I think go ahead and do the cert and the masters and have two master's degrees. I don't know. That's just the way I would think of it from my perspective.

Marily Nixon:
Yeah, yeah. But you're someone who goes on and gets a PhD, Greg. I mean, you're like our pinnacle of inspiration. No, that's great, that's great. Thanks. Okay. Another question about, it's something that comes up for me about, "I've been a paralegal for 20 years." So that's great. You have a great grounding in law. "Another thing that comes up though that's similar is people will say, "Well, I'm thinking about, I really want to get a JD, so should I take this program first?" And the answer to that is, no, you should not take this program first. And we love to have as many qualified, enthusiastic students as we can, but it's not best for you. In most cases, if you really want a JD, we encourage you to get that JD. And if you have a specific... If anyone on this line is thinking about that as specific questions about their own situation, we would love to talk to you about it.

We can maybe help you figure out what makes sense. But in general, you should want the master's degree and you should want the additional knowledge that we'll give you to succeed in a sort of law adjacent kind of job. Not to ultimately then go spend three more years in law school. Okay. "Do you have any numbers on how many people found job placements or advancements for those who completed their certificate program and those who went on to do the full MSL program?"

I don't think we have numbers for that. We have anecdotal information that indicates that several of our grads every year have some kind of success in that way and Greg gave you his story. I know there are other stories that are similar to his, but to be honest, we haven't yet put in the administrative infrastructure that will allow us to canvas our graduates and keep track of them over the time, but that's something that we hope to do. Again, if that's a very specific concern for you, please talk to... When we contact you, talk to the staff person who contacts you and we'll try to maybe connect you with some people who have had success and perhaps that can help you kind of discern whether you think you would be likely to have the same kind of success. Our...

Greg Griffith:

Marily Nixon:
Yeah, I was gonna say our existing certificate student said, "I found employment midway through my certificate program". So that's great. Fantastic. Sorry, Greg, please.

Greg Griffith:
Sorry for interrupting. Yeah, I was just gonna say that I am... Also at this point, I think again, just sort of the added benefits of the programs. I'm in round two of interviewing for a senior level management position now. And I think, again, just the language I learned in this program and the ways in which I interact now have changed so drastically. This program really changed the way I write and the way I think quite frankly. So a lot of benefits still ongoing for me, so yeah.

Marily Nixon:
That's so great. I'm so happy. This is why we do it. Right, Jackie? This is why we do it. We love supporting students and seeing them reach higher and higher success in their lives.

Jackie Belczyk:
Yeah, absolutely.

Marily Nixon:
Okay. Someone asked, "Would this be beneficial for someone who is trying to obtain an HR position for the first time? I'm few weeks away from finishing up the certificate and I'm on the fence, whether the full MSL program will be worth the investment." So this is a great question. I think it would be best for you to speak to the director of the HR certificate who is Jay Hornack. And when you are contacted, the staff person can help you make that contact or you can just contact him directly. His email will be on the Pitt Law website. I think he'll be the best person to answer that question for you.

In general, we don't want to hold ourselves out as a program that will let someone with no experience get an entry level job. Will your resume be stronger after you get a certificate or get a master's degree? Yes, it will. Will it be strong enough to compete for jobs that are really designed for someone who's got some practical real-world experience? Maybe not. So again, we just want to be really realistic that we don't hold these programs out as really get right. We'll get you in the door to a mid-level job. But again, I really do recommend talking to Professor Hornack. Alright. Any other questions? These are really good questions. Alright. I'm gonna see. We might have one more that I have. Okay, okay. Good. That person is gonna not know who's the person to talk to. Okay. Unless there's anything else, anybody who's feeling shy, just drop your question in there.

Okay. "When is the deadline for January 2024 admission?" So not yet established, but it'll be probably November-ish of 2023. We know how people's schedules are, we know that these decisions are difficult and so we try to give you as much time as we can up to the beginning of the program. But then of course, we have to be prepared for all the students to give you good programs. So I think it'll be November-ish. We'll be announcing it for sure by October, possibly even September. Someone says, "I'm looking at healthcare compliance. I'd like to sit for this CHC credential exam. I'm on the fence about completing the certificate or the full program." Yeah. So again, this is just a question of what does the degree mean to you and how valuable is it to you to get sort of more grounding in the basic legal concepts and those foundation blocks, those building blocks of the law. And that's really a personal decision for you. If you would like to get a specific answer from a Healthcare Compliance Certificate Director, Mary Nell Cummings, I recommend that you talk to her. Cumming is C-U-M-M-I-N-G. Her email will be on the website as well. This is our oldest certificate. So she's got lots of experience with different kinds of students and what worked better different ones.

Please feel free to contact her. Again, you'll be contacted by a staff person at Pitt, and you can talk to them about getting in touch with her if you prefer to do it that way. And you can also contact any of us. I know Professor Belczyk and I are always happy to talk to people about anything, and if we're not the best contact for you, we will find the best contact for you. Okay. You're welcome. All right. Anything else? Okay. All right. I think then we will close this information session. We very much appreciate all of you participating, and we hope that we've whetted your appetite a little bit, given you a sense of what our program is about, and helped you to get an idea of whether it could be a good fit for you. We would of course love to see everyone applying to the program, and I love to see many of you in it. Again, feel free to contact myself, Marily Nixon, or Jackie Belczyk at any time. And you will be hearing from the staff person, and we hope to have a conversation with each of you and see how we might be able to help you out. All right. Thank you very much, everyone. Thank you, Jackie. Thank you, Greg.

Greg Griffith:
Thanks for having me. Thanks everybody. Good luck.

Jackie Belczyk:
Thank you.

The Value of an Online MSL

Learn more about what Pitt Law’s Online Master of Studies in Law (MSL) program can do for you and your career. Get an insider perspective on the program from Pitt Law faculty and alumni.

0:00 / 0:00
Video Companion

Video Transcript

Jay Hornack:
Hello everybody. You have tuned into Law of Disability Discrimination and Employment. This is a webinar that is being brought to you by the University of Pittsburgh School of Law. Next slide, please. I'll do some introductions. First of all, my name is Jay Hornack and I am the Director of Human Resources Law Online, the certificate program at the University of Pittsburgh School of Law. The program has been in existence now for four years. We're coming up on the completion of the fourth year of our 10-month program. You can see my email address there. I'll be talking a little bit more about my background, in another slide or two. Just another way of, introducing myself in addition to directing the Human Resources Law Online program, which means that I'm involved with applications, faculty advising, troubleshooting. I also am a faculty member. I teach the first course, the Introduction to Law in the Legal System, and concepts, legal concepts associated with hiring and firing. I also teach the fifth and final course, which is a capstone project, a paper and presentation requirement that all students have at the end of the program to complete their course of study. So that's who I am. Next slide, please.

Jean Novak:
And I'm Jean Novak. I'm an attorney at Strassburger McKenna Gutnick & Gefsky in Pittsburgh. I'm the co-chair of the Employer-Employee Relations Practice. I teach wages, hours, and benefits in the certificate program, because Jay persuaded me that somebody needed to do it, and it is a big part of my practice day-to-day. I am an adjunct instructor at the university, so I do have a Pitt email, which is Can also reach me at my law firm,

Jay Hornack:
Thanks, Jean. Next slide please. So, Jean and I both introduced ourselves. She talked about how she teaches wages and hour. I talked about how I teach hiring and firing and this capstone project. There is a course, in the program, an called Anti-Discrimination Law, including Disability Discrimination and Employment. I assure you that, both of us have experience in this area as well. And we'll talk about that in the upcoming slide. So, yes, you've tuned into the correct program. We will be discussing some substantive issues associated with the law of disability and employment.

I'll then at the conclusion of, the educational program, part of our program, talk a little bit about the University of Pittsburgh School of Law's Masters in the study of Law Program and the Certificate Program, specifically the Human Resources Law Online Program. And then at that point, if you have any substantive questions or any questions about the educational programs offered by Pitt in the human resources field, that's the time to ask them. There is a Q&A bar at the bottom that you can click onto. I think everybody's sort of familiar these days and the last three years with the way these online, educational programs work. That's the place for you to ask your question. I'll read them and then, one or both of us will do our best to answer them. So, without any further introduction, let's dive into the next slide, please.

So, this is a question that, is I guess, posed to both of us, and Jean started to answer it already. I'll, let me talk a little bit about what inspired me to join the faculty at Pitt and to teach, The Law of Disability Discrimination. That was, actually a course that I taught to JD students as well as MSL students from about 2005 to 2020 as an adjunct professor. Prior to that time, in addition to being a private attorney like Jean and having my own law firm, on the employee side of things, which included many substantive areas, not just disability discrimination, I found that that part of my practice was growing greater and greater. I had so a professional as well as a personal interest in the subject matter. I had family members who had disabilities and had a keen interest for that reason in this area of the law.

I became a board member in Pennsylvania of the Disability Law Project, which later became the Disability Rights Network of Pennsylvania. I was recently just on their legal committee, but then I became a full board member and go to Harrisburg to attend those meetings. Learned a lot of other issues associated with persons with disabilities, specifically in education and public accommodations, not just employment. And when, the staff attorney, the chief Counsel for Disability Right Network, who was a Pitt Law graduate and who taught the course at the University of Pittsburgh School of Law, stepped aside to move to Philadelphia. He asked me if I would take over the course, and that's what I started teaching for 15 years.

That overlapped by a year. The start of the Human Resources Online program, which was something I became aware of through other faculty members who were looking for somebody to run the program, Employment law, the law that I've been practicing all these years, is basically human resources law.

And so it was something that seemed like a nice fit. I was fortunate enough to be hired by Pitt to get the program started and to choose faculty such as Dean to teach the other courses. And here we are.

Jean, what inspired you to join the faculty? And don't say just me.


Jean Novak:
So you are very persuasive Jay, and you and I have known each other for a very long time, longer than probably either one of us wants to admit, but I taught at Ducane in the business school. I taught applied business ethics as an adjunct professor for a number of years, and I had to step back from that when my husband was terminally ill.

You were nice enough to reach out to me a year or two later and say, "I'm getting this started. How would you like to teach?" I believe you pitched wages, hours and benefits to me 'cause other people wanted the sexier topics. And I told you, a good teacher can teach anything.

I would take wages, hours and benefits. But my interest in disability law actually goes back to when the ADA was first passed. I was a law clerk at a small law firm.

Those guys had no interest in learning the law, but all of their clients were subject to it. My job was to learn the ADA from the minute it became the law. And so I've grown up with this.

This has been part of my practice literally since it was enacted, and it presents a lot of challenges. It's a really important part of the law. So I'm glad you and I are talking about it, even though this is not what I'm teaching in the program.

Jay Hornack:
I have some thoughts and response, but I think that I'm going to save them for a couple of slides in the future because, yes, we're veteran attorneys and so we remember back when there was just the Rehabilitation Act. We also remember when the ADA had this definition of disability that veered in a very different way, according to the Supreme Court, from what Congress ultimately said they meant by that. So anyway we're sort of now 15 years after those amendments and 35 years after the passage of the ADA almost. And so we have the experience of having lived through all that, and now we're dealing with different issues than what were being dealt with 20, 30 years ago.

Next slide, please? So, primary research interests that we have in this field and how they relate to the topics covered in disability discrimination. Jean, why don't you take this first? Maybe identify one or two particular aspects of disability discrimination law that are of interest to you?

Jean Novak:
So, as I joked with you earlier, I'm at a point in my career now where I can ask the young associates to do the heavy research lifting.
I just need to pick the topics. But the two things that I am particularly interested in when it comes to disability law are medical marijuana, because in Pennsylvania, medical marijuana recommendations are given only for people who have disabling conditions. I'm a charter member and former chair of the Medical Marijuana and Hemp Committee of the Allegheny County Bar Association.
We see one of our roles as educating people about medical marijuana as a way to treat disabling conditions, and at times, it is difficult to overcome some misconceptions about what medical marijuana is and is not. My other area of interest that I've been focusing on this year is artificial intelligence, particularly as it relates to the recruiting, hiring, and interviewing process. The EEOC recently recognized some difficulties in using AI as it relates to people with disabilities, in the interview process or in the recruiting process, quite frankly.

And I'm working with employers to get those employers to understand you can't simply abdicate your role in recruiting and interviewing to a machine, thinking that the machine is better and less likely to be biased than you are. The machine is only as good as the information we give it, and if we give it bad information, we're going to get bad results. So I'm very interested in how employers will be applying AI and how we can teach them to apply it appropriately, because I think the possibilities for people with disabilities in the workforce in using AI can be endless, but we have to be careful about how we use it.
How about you, Jay? What kind of things are you interested in right now?

Jay Hornack:
Well. I also have an interest in the area of medical marijuana. And when I teach the first course, I start out by talking about the American legal system and the structure and federalism and federal, state relations and laws that are passed at one level and are they binding at the other level. Can federal law preempt state law in certain areas? Can state law act in, for example, going to a higher minimum wage than the feds can? This is, I know that's your course not mine, [laughter] So in medical marijuana, there's just this interesting dichotomy between the actions of the states and it's almost, it's getting near 100% medical marijuana statewide despite Gonzales V Raich, the Supreme Court decision. And also the whole issue of the ADA and what it says about the Controlled Substances Act and whether Congress is ever gonna move marijuana from schedule 1 drug or not.

It's just a very interesting area of the law from seeing what the executive legislative judicial branches at the federal level and the states have done. I also find it interesting. The other area that I have an interest in and have spoken at a couple of continuing legal education programs in Pennsylvania about is service animals. And for those of you listening in, you may be thinking, well, sure, service animals comes up in housing comes up in travel, it comes up in the educational area, and of course it comes up in public accommodations, stadiums, auditoriums, buildings that have access to the public, does this really come up in the area of employment? And there actually are some cases which the subject of service animals as a reasonable accommodation has been proposed and there's been a dispute about it. And either by saying that it's from the employer's perspective, not a reasonable accommodation, or it's an undue hardship, or it poses a direct threat to others. And so. And then of course, what is an animal that's covered? There's been some congressional action in that area recently and what services or work the animals have to perform in order to come under the coverage of the ADA. It's a continuing area of interest of mine.

Next slide please.

An overview of legal requirements and protections related to disability discrimination law. I'll just mention a couple. I've already mentioned how the definition of disability has been tweaked if you will, by Congress and subsequently by the federal agency responsible for the regulations in this field, The Equal Employment Opportunity Commission, person must meet that definition, either having an actual disability, a record of that disability, or regarded as having that disability. There are certain key phrases that come up a lot when you're talking about the definition, physical mental impairment, major life activities of substantial limitation. These are all issues that in the course that we teach on disability discrimination will go to in some depth. And then also in terms of the definition of which individuals are covered, there's a question of whether they're qualified or not. Not just any person who has a disability necessarily gets coverage under the ADA, they have to be able to perform the essential functions of the job being questioned either when they're applying for or one that they are performing now with or without reasonable accommodations. There's a couple of legal requirements that come up at the very beginning of these situations at the workplace. Any others Jean?

Jean Novak:
One thing that I find I have to remind employers about on a regular basis is the interactive process. Actually having that conversation with the person who may need an accommodation. I like to remind my clients, you're not a doctor. You don't know. The fact that your aunt had migraines and could work 12 hours a day, has no bearing on what your employees can do. You need to have that conversation about what the employee is looking for and what is reasonable in the circumstance.

Jay Hornack:
And that language about interactive process is actually contained in the EEOC regulations. It's not something that was created separate from the ADA structure and that's something that I'll talk about when we get to issues and challenges that employees have in this field as well. Let's go to the next slide, please. And this may lead right into what you were talking about, Jean why don't you take this one since you do more work on behalf of employers than I do. Common challenges in addition to interactive process or maybe a little more about that when it comes to accommodations with disability?

Jean Novak:
Before you even get to the interactive process, one of the things that is often challenging, and Jay, I don't know if you've run into this as well, I'm assuming you have, job descriptions that don't make clear what the essential functions of a job are.
And we explain to employers on a regular basis, if you can remove the function without changing the nature of the job, it's not essential. But what we see are employers who have job descriptions that are two or three pages long with what I always call a savings clause, and any other thing I may ask you to do. Not really helpful, when you sit down for the interactive process and talk about what reasonable accommodations should be made and if something has to be eliminated, if you haven't identified essential functions of the job, it is very difficult to have those conversations. I like to use the example of my job. I'm an Attorney. I appear in court. Let's put aside for the time being, that I might be able to appear remotely now. Let's assume I actually have to go to the courthouse.

I've talked with HR people who believe that a lawyer has to be able to walk, stand, move about. That's not true. I know litigators who are in wheelchairs, they don't have to stand. They just have to be able to be present in court and communicate to the court effectively. So part of the process or part of the difficulty in accommodating disabilities in the workplace starts with the employer's understanding of what a job is, and how that job should actually be described, so that they can have truly fruitful interactive processes with the employee. Because if things don't work out, if the employer can't make those accommodations, then the EEOC wants to see that the employer identified essential functions and had a good faith discussion about how to change that job or offer accommodations to allow that person to perform the job. And I could go on and on about what my employers find difficult, but I think the next slide is going to be yours.

Jay Hornack:
It is because I am now going to it, next slide please. And I'll follow up on the issue of essential functions and job descriptions, talking about challenge that employees face and therefore these are issues that HR folks may face when employees come to them, either requesting accommodation or maybe they're not even coming to you with accommodations, but you suspect that there may be some health issue, either of a physical or a mental nature that is interfering with somebody's ability to work... And how does one handle that? What do you have to have actual notice, filling out the forms? Or is there a form of what lawyers like to call constructive notice? Being aware based on observations or things that are reported to you secondhand that may trigger the interactive process and from an employee standpoint.

I think one of the, for two areas that I can see coming up or have come up in cases that I've handled is yes, Jean is absolutely right, you know you were mentioning about the essential functions about a particular aspect of a job, but then there's some functions that might be considered essential regardless of whether it's white collar or blue collar, regardless of educational level. One is the ability to get along with others, and the other is showing up. How does one handle. At what point is an accommodation for somebody unreasonable if they continue to get in conflict with coworkers, arguments, not just with bosses, but other people doing their job, even if it is related to, for example, a mental impairment of some sort. Employees want the maximum amount of accommodation, but at some point there are hardships to the employer.

There's possibility of direct threat to other people that comes into play. And so that's one challenge that I think employees have when it comes to essential functions. But the other about not reporting to work and not being able to maintain steady employment that can, I think obviate the need for continuing employment. But I think the issue of not just accommodating somebody on the job, but maybe giving them time off, I find that this is one interesting area, leave of absence. There's another law that very often employees are able to invoke the family and medical leave act. If it's a large enough employer, somebody's been working at the place of employment long enough, they might be entitled to up the 12 weeks, every 12 months of unpaid leave. But some employers don't come under FMLA. Some employers may have obligations beyond those 12 weeks to provide a leave of absence. In some circumstances, the persons who aren't able to do the job.

And so that's an area of law that I see as a really a hot button issue these days for employers and employees, for attorneys on both sides. And I think that just exactly how long is long enough is a challenge employees want it to be the maximum amount possible, but I think the law is sort of trending towards at some point, unless there's a real expectation of a quick return to employment, an employer doesn't have to do anymore. Let's go to the next slide. Potential consequences of noncompliance. So why don't you start with that one Jean, since I guess you'd become aware of this as [laughter] as outside counsel. Probably once somebody has filed a charge with the EEOC but maybe even earlier, maybe you find that the case.

Jean Novak:
So one potential, obviously, one potential consequence is an EEOC charge, which may turn into a lawsuit. And one thing that employers understand is money. It is very expensive. Even if you have employment practices, liability insurance, which is just what it sounds like. Insurance company hires an employment defense attorney to present your case. Your premiums are going to go up if you lose, or your premiums are going to go up because you're still gonna have to pay for the defense. Your insurance company pays for it, but the potential consequences are damages, such as, if you terminated someone rather than engaging in the interactive process and finding a way to keep that person employed, you could owe back wages. You could also owe front wages depending on where they are in their career. If you are a repeat offender, the EEOC is more likely to be difficult with you. Often investigators are pretty good and mediators are pretty good, but if they see you frequently, that's going to be problematic for you. One thing I repeatedly tell clients is I can give you a list of the damages that a court might award, but the potential problems of failing to employ or continuing to employ people who are motivated and want to work are far more devastating in the long run than the damages.

There are a lot of people who just need the opportunity, and I know I sound more like a plaintiff's lawyer rather than a defense attorney, but it's very true that we still sometimes see people with disabilities as being less than, instead of simply being differently able and getting employers to understand that and getting employers to appreciate that employing people with disabilities can actually be good, not just for your business, but for that person. It can also be, I hate to sound crass, but it's a pretty good PR vehicle. It's been established that companies that do good in their communities conduct themselves ethically, for example, hiring people with disabilities tend to do better overall in profitability. So although it's not part of the law as a consequence, failing to recognize the benefits of employing people can be detrimental for employers where it hurts in profits. And then if it's a lawsuit, it can be detrimental in damages. How about you, Jay? When you take on a case for a plaintiff, what kind of damages are you looking for from the employer?

Jay Hornack:
Well, in disability discrimination law, as in other areas of employment discrimination, there's a few different types of legal claims that could be considered either by the EEOC or by the courts. One would be a disparate, what's called a disparate treatment case where somebody is treated differently than somebody else, either in hiring, firing, or working conditions. The other is... Another one is harassment on the job. And that can be on the basis of disability. And so the damages, the potential financial consequences can vary. If it's a failure to file a case, then it would be whatever lost wages there were or salary minus whatever work there's been in the meantime by that applicant if it's a wrongful termination, it would be those lost wages plus or minus any wages that have been earned in the meantime, it's mainly you're talking about salary and benefits associated with a job opportunity that was lost, or a job that was secured, but ultimately terminated. If it's a harassment case, then you could be talking about what would be considered to be compensatory damages, compensation for pain, suffering, aggravation, mental and physical aggravation associated with mistreatment on the job that wasn't properly handled by human resource spokes.
So those are potential damages that are available both legal and equitable to use some...

Jean Novak:
And if you win, Jay, who's gonna pay your attorney's fees?

Jay Hornack:
In... Yes, the statute does have a provision which says that if the employee is the prevailing party, then the employer would have to pay for those attorney's fees. Now, the reality of my practice in recent years, and I'm sure the reality of practice, of your practice as well, Jean, is that fewer and fewer of these cases get to a stage where you've got a judge or jury hearing a trial like on Perry Mason or name law and order. So many of these cases go into settlement mode and mediation. And there... Some of the claims that are potentially possible like attorney's fees tend to sort of say, well that's not really part of what you can get here. You sort of put it all in one big package.

And that's actually something that... A consequence that employees don't often realize. They think that I've been wronged, I want my day in court and I want it now. And I'm spending in my private practice a lot of time saying, well, no, there's... First you have to do the interactive process. But you don't have a case really if you don't do that. And then you go to the EEOC and then, and only then might you, if the things don't work out at that level, you go to court. But all along the way, everybody is trying to mediate the dispute and trying to say, well, there's some merit to your case, there's some merit to the other side. Can't we try to work this out? And from the employer standpoint, there's still costs associated with the... But there's less cost than going to trial.
From the employee standpoint sometimes, they're convinced that getting something is better than nothing at all, even if it's not a direct admission of guilt, payment of money is sometimes something they consider to be satisfactory enough. But I also think about the consequences back on the job. Well, if it's somebody who employees had a good working relationship and felt that they were treated wrong, I think one potential consequence for employers is maybe a hit to employee morale. About well, they treated...

Jean Novak:

Jay Hornack:
They treated Mary Smith like this, what if I had a problem later on? I don't really feel like they really treated that situation with the kind of sensitivity and care that they should have. Alright, let's go to the next slide. How can organizations develop effective policies and procedures to prevent discrimination and promote disability inclusion? Well, I think that hiring your firm Jean would be one way to do that because you would set them straight...

Jean Novak:
Thanks Jay.

Jay Hornack:
But what kind of things might you... Well, what kind of things would be an effective policy and procedure.

Jean Novak:
Well, what we typically tell employers is you need to review your policies and procedures regularly. Make sure they're not only keeping up with the law, but with the way you are running your business with the people you see as employees or potential employees and have people trained. Train your managers, train the supervisors. Jay, you mentioned, people that might be perceived to have a disability. Sometimes employers have the wrong idea of what the term disabled means, and sometimes they do see people that are struggling and believe those people may not be able to do the job. Training is key and training should be done at all levels of the organization. Also, I found it very helpful when I was in graduate school and when I was in law school... At graduate school, there was a student at CMU who had MS.

He came and addressed student senate to talk to us about the challenges that he faced because he felt people just didn't understand. They didn't understand his disease process and they didn't understand what he needed or why at times he seemed better than at other times, what triggered his symptoms. And when I was in law school, there was a student who was in a wheelchair, same thing. Just having that conversation about the day-to-day challenges that student faced was helpful. And so promoting disability inclusion could mean making sure that people understand disabled employees aren't getting a break, they're not getting something they don't deserve. They simply are getting the opportunity to do what all of us want to do. Have a job, be productive, be happy. So in addition to reviewing your policies and procedures, and I think you're gonna talk about some ways that people can get training that can help them develop their own policies and procedures. Although I'll recommend that if you are in HR, you have your attorneys review those policies and procedures.

Jay Hornack:
Training to help educate and prevent discrimination and inclusion. When you have somebody, make sure you check in with that person, figure out what that person might need. And if you are a fellow employee, include that person. It's nothing like having somebody to eat lunch with, as my mother always says. How about you, Jay? Other than referring everybody to me.
Yeah, well, I would second what you said on the developing effective policies and procedures, and one way to do that, and to keep up with things in addition to having lawyers sort of looking at it is there are some resources out there that are available to non-attorneys as well. And let's go to that next slide, because I think that that's sort of gonna lead us in. Yes, other resources available to HR professionals to stay up to date on legal requirements related to disability, discrimination in employment. For people who are interested in the HR field or in the HR field at the present time, but are thinking about the additional schooling, I'm sure you're very aware of SHRM, they advertise nationally. You may have heard of them even if you're not in the field of Society for Human Resource Management, they've been around for a very long time.

I think they're celebrating some sort of anniversary, and it's 75 years, I think this year. I get at least two newsletters from them a day in my inbox. I find that they keep up with this area of the law, regulations, litigation. They hold their own webinars as well. They're on top of things. They do some lobbying as well on issues of the day, some related to disability discrimination. And so that's a great private resource available. And there are local chapters statewide, region-wide, and there's a Pittsburgh Human Resource Association that's also connected to SHRM. We've already, Jean and I have already mentioned the Equal Employment Opportunity Commission, which not only litigates and investigates, but they also issue guidances on various topics. And the one that... One of the two that you mentioned, Jean, are of interest here, of you, yours, artificial intelligence was something like their most recent pronouncement, right? It was just in the last week or so. That was a big headline in the area of law that we both practice in. So those are resources that are available. But you mentioned another one. The JAM, right?

Jean Novak:
JAN. I believe it's Job Accessibility Network, JAN, near and dear to my heart, because it's located in Morgantown and I'm, my undergrad is from WVU. But it is such an amazing resource. You can go in, type in a question or look through their library. They have suggestions on reasonable accommodations. They have suggested forms. Everything is very accessible. It's not laden with legalese. It is something that employees can access, so that they're more educated when they talk with their employers. It's something that HR professionals can have as a resource, so that you're not constantly reaching out to your attorneys. Not that I'm allergic to making money, but I want my clients to remain profitable. And I would say the same thing about SHRM, although some of its information is available only to members. One thing that I tell my clients about SHRM is for HR professionals, it's worth joining because they have a wealth of information and they present it in a way that makes it very usable by HR professionals, as opposed to some of the information that comes out of, for example, the EEOC, where it can be a little statute or regulation heavy, SHRM breaks it down into something that you as an HR professional can use immediately.

You're not busy looking up statutes and regulations. I think they're all great resources. And you can get on the mailing list for the EEOC, so that you too can get the newsletters that Jay and I get about these things on a regular basis.

Jay Hornack:
And the last resource that I would mention, plugging the University of Pittsburgh is that, we have a human resources law program here. And we, both Jean and I mentioned SHRM. I'm pleased to report that this month, SHRM granted an academic alignment certificate to the University of Pittsburgh School of Law, HR program. And so it's something that rather than it being a competitor in some way, it's actually a complimentary program. And one that they have looked at our curriculum and the instruction that our graduates have received, and it meets with their seal of approval. I don't even know if you knew that or not, Jean.


Jean Novak:
I did not. That's great news.

Jay Hornack:
Yes, it is. So that leads me into the next slide, which is just to talk a little bit away from the substantive area of disability and discrimination which again, if you have questions, you can post them and we'll get to those in five minutes or so. If you're interested in human resources law and would like to obtain a more thorough education in the field, rather than attending a seminar here or there regardless of who's holding it, Pitt Law offers two different routes to take. One is that, you can take, have a concentration in human resources law as part of our Master of Studies in Law program, which is a two-year program. You would earn the degree in, like I said, master's would be completed in two years. The Human Resources Law portion would be one year within that program, or separately. And a shorter way to obtain some sort of a certification would be to take the Human Resources Law Certificate Program. We have currently four programs at the University of Pittsburgh. The second one listed there is Human Resources Law.

It would take 10 credits. The graduate certificate programs are completed in 10 months. And as it says down below, certificate students may choose to earn their MSL if they wanted to add it on after taking the Human Resources Law program or they could start at the beginning of their certificate courses, and then add the MSL core courses after certificate of courses. There's a person who if you're interested in the MSL program, I can direct you to in the final slide. But here's another slide that tells you a little bit about the MSL degree. You learn law relevant to your professional interest. Again, if you're interested in human resources law, that's an area of concentration. Enhance your ability to communicate with colleagues and peers regarding legal issues affecting the workplace. Get a master's degree for those who wanna learn the law, but don't wanna become lawyers. It's not the same as getting a JD, a Juris Doctor, and getting a license and having to take the bar exam. You'd build a proper network of professionals who are also investing in their future. And again, it doesn't prepare you to practice law, but does create familiarity with evolving laws and regulations that govern businesses today. That's the two-year MSL degree.

The next slide, benefits of a legal certificate. You gain a deeper understanding of the law, but you get a certificate in 10 months. But again, it doesn't prepare you to practice law, but creates that familiarity with involving laws and regulations, and it makes those connections with professionals like with an MSL. Next slide. If you specialize in human resources law in the MSL program, you get the legal and ethical tools to take on workplace challenges in a world of rapid technological, social and legal change.

Among the courses that are taught are genes, wages, hours and benefits course, and anti-discrimination course. Also, a course on working conditions, which not only talks about occupational safety and health, but also issues involved with labor management relations, also called labor law. Graduates will be eligible from the certificate program to sit for some of the industry-based human resources certification exams offered by SHRM, as well as by HRCI. Next slide, please. If you wanna apply for either the MSL or the HR law program, it requires a bachelor's degree. You have to complete an application with a statement of interest and a current resume. There's an application fee. We'll need your undergraduate and graduate transcripts from all colleges or university attended. If you're foreign student, there's a test of English proficiency, but there's no standardized tests like an LSAT or a GRE required in order to apply for these programs.

Next slide. Okay, so that's a little bit about our program, and I'll have a slide at the end for somebody associated with the application process that you can direct those questions to, if you have any questions about the application to the University of Pittsburgh School of Law. But on the issue of disability discrimination, did anybody have a question or comment or a thought on anything either that, just an interest of yours generally, or something that you have a personal or professional interest in disability discrimination? There's a Q&A box down below that you can add your question to.

Okay. Well, at the beginning of the program, you saw my email address, my Pitt email address, and Jean read off her Pitt email address, if you have questions you wanna ask. And then lastly, if there's questions on admissions, Alan Gilewski is the senior admissions advisor at Pitt, and there is his email address.

Well, I hope you found this educational or whetted your appetite for learning more in this field or perhaps expanding your education into this ever-evolving field for persons with disabilities. I thank you for attending and or for listening in. Hold on, we've got a question here. Let me see. Oh, you're welcome, Linda. And so with that, I think we're going to end the recording. Have a nice rest of your day.

Jean Novak:
Thank you.

The Law of Disability Discrimination in Employment

Learn more about HR law related to disability discrimination in the workplace. Pitt Law’s Jay Hornack, adjunct professor of law and director of the Human Resources Law Online Certificate program, goes in depth on employment law and disability discrimination.

0:00 / 0:00
Video Companion

Video Transcript

​​Max Laun:
Good afternoon and good evening. I hope people can hear me. I don’t think we have anybody because of time zone for whom it’s morning, but if you are, welcome to our webinar. We give just a minute to see if we get any additional participants, and then we will start.


Okay, 6:01 by my watch, so let’s go ahead and get started. Welcome to today’s webinar. We’ve called it Hot Topics in Corporate Compliance. I’m going to spend the next half hour or so talking about the corporate compliance, what it is, some things that are going on in the space, and we’re going to talk a bit about the FTX scandal, which is the cryptocurrency scandal that has been in the headlines recently. I’m Max Laun, I’m the director of the Corporate Compliance Online Certificate program here at the University of Pittsburgh. I am... I don’t consider myself to be a corporate compliance professional. I am really a corporate lawyer who has spent much of my career around corporate compliance, however. I did a lot of transactions across many different continents. I got involved particularly in places like Russia and the Middle East, which have been compliance challenges for the world for as long as I’ve been practicing law. But I have worked in and around compliance. I was the chief ethics and compliance officer for about a year and a half for one of Alcoa’s spin-off companies. So I’ve had a fair amount of experience working through that.

Let me talk a little bit about our agenda for the day for the next half hour or so. We’re going to talk about some recent corporate compliance trends. We’re first going to sort of level set and make sure we all know what we’re talking about when we talk about corporate compliance. We’re going to do a little bit of a deep dive into the FTX cryptocurrency collapse from a compliance perspective. I’ve said to anybody who will listen that I could teach an entire semester-long or year-long course on FTX because there are so many pieces up to touch in the compliance base in many different compliance spaces. I will shorten that tonight and we’ll only spend 10 or 15 minutes on it. Finally, we’ll have a few slides to share at the end about Pitt Law’s Corporate Compliance Online Certificate program and our other certificate programs.

So let’s jump right in. Before we talk about corporate compliance trends, let’s make sure we all talk on the same page when we talk about what corporate compliance is. At its heart, corporate compliance is a system that ensures that a legal entity, a company, a non-profit, an institution, operates in compliance with all applicable laws, rules, and regulations. One of the things to be clear about is that you have to really dive into what is applicable to you, what is applicable to you as a business. And applicable laws, rules and regulations are those that are meant to regulate the conduct in question. There are a slew of laws out there that wouldn’t apply to me if I was operating a little mom and pop corner shop. I would not have to worry about compliance probably with any trust laws and other things like that. But laws, rules, and regulations can encompass both governmental regulations, but they can also be industry or trade standards or voluntary measures that a company has put in place. And so compliance really means that you’re complying with everything that is applicable.

How do entities comply? There are really three things that they do in order to make sure that they’re in compliance. The first is discovery. They have to understand what conduct is prohibited or allowed. They have to understand which of those laws, rules, and regulations apply to them. The second thing is system design. They design a compliance system to ensure that departures from acceptable conduct are identified and addressed. And by identified, we mean if you have something that has gone wrong, there is a mechanism to discover it, or there’s a mechanism for it to be reported. And then you, of course, have to address them. I mean, having excursions from acceptable behavior, if it’s an environmental exceedance, or if it is a bribe paid to somebody. That’s not acceptable behavior. The key is finding out how it happened and putting in place measures to make sure that it doesn’t happen again. One of the keys to this when you think about system design is you have to remember that it is all about people.

People operate the system. People communicate in the system. And so the answer really is you have to communicate, communicate, communicate. A little bit like when you do a webinar, I’m going to tell you what I’m going to tell you, I’m going to tell it to you, then I’m going to tell you what I told you. A lot of what you do in the corporate compliance world involves training, training your people, training your suppliers, training your customers, training the third parties who do work for you. And the key is really making sure that you’re communicating with them what the expectations are and what the consequences are if they fail. You have to have in place the third piece of an effective compliance system is to have feedback mechanisms. You have to make sure that the system is in fact working, that it’s capturing the conduct that is outside what is acceptable, and then you have to figure out how you can make the system better. And that’s an entire process that companies spend quite a bit of time on.

Let’s talk a little bit about why we do corporate compliance. Effectively, first and foremost, it is a license to operate, and that includes having a social license to operate, which is a common topic that you hear about in the corporate world. The idea is that in order to be an acceptable corporate citizen, you have to operate in compliance with the laws. There are incentives for doing the right thing, carrots. There are sticks, disincentives and punishments for doing the wrong thing. As lawyers, we tend to focus on the disincentives, but the incentives for doing the right thing are equally important. One of the things that you may have read about in some times are some of the huge payouts that whistleblowers have gotten from the Securities and Exchange Commission, the SEC, and from other entities for identifying bad conduct on the part of a company.

Oftentimes they will do it internally, then they will ... if they aren’t successful, they will take it to the SEC. But there have been payouts of hundreds of millions of dollars to whistleblowers. That’s incentive for the whistleblower, not necessarily an incentive for the company. Let’s talk a little bit about the other reason you do corporate compliance and that is because of your reporting obligations, because of publicity, because of your reputation. In some areas, particularly if you’re a publicly traded company, you have mandatory government reporting. You have to file reports with the Securities and Exchange Commission, the SEC. You have to file reports with stock exchanges. Non-profits have IRS and other state requirements. There are a number of things where you have mandatory government reporting requirements.

And you wanna make sure that what you put in and give to the government is complete and accurate. Publicity. This is a big one. Our former CEO at Alcoa, Paul O’Neill, who went on to be the Secretary of the Treasury for the US, always talked about the front page of the New York Times/Wall St. Journal/Washington Post/Financial Times test. And that test really was, “How would you feel reading about the conduct that you’d engaged in on the front page of one of these prominent papers?” And so that is something that every company has to keep in mind.

And that ties in really to the next point, which is reputation and branding. Obviously, branding is something that is important, not just for consumer products companies, it is of course, important for them, but it’s important for everybody. You want to have a reputation of being a company that does business above board ethically and in compliance with the law. The other thing that I’ll just mention is social media, which has become both a mirror and in some cases a bit of a weapon in the past several years. Conduct that in the past might have gone reported only in SEC filings and the likes is getting a lot of press and a lot of publicity on social media platforms. So you have to be aware of that. You have to monitor your social media presence, but also what people are saying about you.

Let’s talk about four basics of corporate compliance. Number one, don’t bribe. Bribery is outlawed in virtually every jurisdiction. The U.S. takes it very seriously. We’ll talk a little bit more about that. But first and foremost, don’t bribe. Secondly, don’t ignore sanctions. I mean, with the ongoing war between Russia and Ukraine, there are new and every week, additional sanctions that are being imposed on Russian entities, Russian individuals. So you need to be aware of the sanctions, you need to not ignore them because ignoring them can put your business in jeopardy. Third point is don’t lie, and this is really don’t lie on document. Don’t lie anyway. But in particular, don’t lie in any of the filings that you make.

And this is really good because there could be severe repercussions, both in the financial markets from the securities regulators and certainly from the IRS. And speaking of the IRS, don’t hide the money. The longstanding tail on this is that Al Capone didn’t go to jail because he had allegedly whacked over 100 people. He went to jail because he didn’t pay his taxes on various sources of illicit income. And so the IRS went after him and he went to jail. So those are really the four main catchy rules of corporate compliance. Let’s talk a little bit about what some of the trends in corporate compliance today are.

First of all, corruption or anti-corruption is really... It remains at the forefront of what companies are spending their time and energy thinking about. The biggest risk that companies have is the use of third parties to facilitate business. There is the global compliance risk benchmarking study done by White & Case Law Firm and KPMG, is one of the big four accounting firms, found that 59%, almost 60% of respondents were using third parties. And using a third party means that instead of selling something directly to a customer, you have somebody who acts as an intermediary: The sales agent, the sales representative, a distributor, somebody else, a middleman who helps you. The fact of the matter is that those third-party transactions are your biggest risk. If you look at the top 10 list of Foreign Corrupt Practices Act, which is the U.S. statute that governs the governs bribery, if you look at the 10 list of Foreign Corrupt Practices Act, cases that have been brought by the government then, and these things are almost invariably settled, all 10 of the top 10 involved bribery through third parties.

In some cases the principal knew or had reason to know that the bribery was happening, in some cases, it appears that they had a third party who went off the reservation and was doing it on their own, but nonetheless, third-party usage is something that the companies continue to focus on. They put in place systems to review the transactions, to train their third party intermediaries and to work closely with them to make sure that they’re not running afoul of U.S. law.

Cyber security is another area that respondents identified as a major focus coming up. And I think some of it has to do with all of the revelations about Russian, Chinese, Ukrainian, you name it, interference in elections. And I think that’s come to the forefront. Most big companies have at some point had either a data breach or have been hacked. If they’re fortunate, they have not had a breach that led them to having to pay ransom to a hacker. But companies are spending serious money on cyber security. Privacy and data protection are further down the list and sanctions and ESG, which I’ll talk about a little bit more in a minute. ESG is environmental, social and governance. That sort of became a watch-word, a catchphrase in corporate governance and companies have been devoting a lot of effort on ESG.

Couple of observations really on anti-corruption and on ESG. First, in the anti-corruption space, written policies and procedures about how you use third parties, when you can use them, what parameters you’re using are very common, but, but, but less than half of the major companies that responded to this survey actually train their third parties on what they can and can’t do, and only 25% of those who responded do regular performance audits over their conduct. They rely on self-certification from intermediaries. All of that is to say, those things, training your third parties, going out or having…. Doing spot testing about what they are doing, those are time-consuming and resource-intensive. But those are things that companies really do need to focus on.

Let me talk a little bit about ESG, environmental, social, and governance. This really was the hot-button issue a couple of years ago. It gets a lot of press, it continues to get a lot of press. Cybersecurity in the 2023 survey got higher prominence. But I think ESG is something that is out there and will continue to be out there. My observations are, first and foremost, 40% of companies haven’t even defined what ESG is, particularly smaller companies. And so saying, “We’re thinking about ESG,” but if you don’t tell yourselves and tell everybody what you mean by it, it doesn’t do a lot. The other thing is that the responsibility for ESG is spread. Occasionally, companies have a dedicated officer to whom it’s assigned, but more often it’s part of the general counsel’s role, part of the chief ethics and compliance officer’s role, or it’s assigned to a committee. I would sit here and tell you that if you don’t have somebody who is focused on it and really measured on it, then you have vulnerability around how you can successfully comply with ESG reporting requirements and the expectations of you.

If you have any questions while we go through this, please feel free to put them in the chat or you can save them and I’m happy to answer them at the end of the presentation. Let’s turn to FTX, which is .... and I’ll walk you through a little bit of who FTX is, what the timeline of the scandal was. So FTX was founded by a guy named Sam Bankman-Fried and he goes by his initials, SBF. He actually established a company called Alameda Research earlier, and then co-founded FTX which stands for Futures Exchange in 2019. Alameda was initially just a big cryptocurrency trader. They focused on derivatives. They were later run by Caroline Ellison, who was SBF’s sometime-girlfriend. They worked together, they were involved in a relationship for a while, and then were out of a relationship. This will become important a little bit later. The idea behind FTX was to have an accessible exchange to make crypto trading available to everyday investors. Prior to 2019, crypto was one of those things that really only the big, big companies and big, big traders had any real idea about and had any real access to.

FTX was incorporated in the Bahamas, even though the principal players at that point in time when it was started remained largely in the US. The reason they were incorporated in Bahamas was because the Bahamas are a very tax and regulatory-friendly environment, meaning they’re viewed as a bit of a tax haven, and they don’t have much in the way of a regulatory framework, particularly in this area. FTX originally got big backing from SoftBank and Sequoia Capital, who are two of the big players in the crypto area, as well as from the founder of Binance, which is another big crypto company. In July of 2021 before everything went south on revenues that we’ll see were a bit questionable, the company was valued at $18 billion, which is an incredible valuation for a company that had started up two years or so before.

I won’t play it for you, but there’s a link here on YouTube, to a Super Bowl commercial that FTX did using Larry David, who’s a comedian and essentially, Larry David in it sort of takes out, “I don’t know why I would wanna do that. I don’t know why I would wanna do that,” in response to a whole bunch of things that were seen as groundbreaking. But he was intrigued by the idea of FTX though. You can play that on your own time.

Let’s talk a little bit about what happened and I’ll give you a bit of a timeline here. Between May and July 2022, there were a series of smaller cryptocurrency companies that collapsed. They either became insolvent or fundamentally there was a run on the cryptocurrency bank. FTX doubled down on their position and acquired some of their assets out of bankruptcy. So that’s in May, June, July, of 2022. On November 2nd, 2022, Sam Alameda, which is the related company originally founded by SBF and run by SBF’s friend had financials leaked and those financials showed that there was a much closer-than-understood relationship with FTX, with Alameda having big holdings in FTX captive token, which is called FTT. The view before that was that Alameda was just another trader. The leak of those financials showed that that wasn’t the case, that FTX was propping up Alameda and Alameda was propping up FTX.

So Binance, one of the big players, then announced plans that they were going to exit FTT because of the lack of credibility of it. And the price of a token went from 22 bucks to six bucks and that put the entire FTX and Alameda system under great strain. Four days later, Alameda shut down, FTX’s assets were frozen. On November 11th, the day after that, FTX, its subsidiaries and Alameda filed for bankruptcy. FTX was allegedly hacked and $300 million in invested funds disappeared. Some of them were later found, we’ll talk about that in a minute, but in the course of fundamentally nine days, FTX went from being still a bit of a darling in this cryptocurrency space to being a bankrupt pariah. New CEO was appointed on November 11th. I’ll have an amusing quote from him in a minute. His name is John J. Ray III. He actually oversaw the Enron liquidation. He was the liquidation trustee for Enron. And so he knows what happens in the financial fraud space.

Let’s talk about some of the revelations that came out in the bankruptcy filing for FTX. The CEO, this is the Enron guy, said, “Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information that’s occurred here. From compromised systems integrity and faulty regulatory oversight abroad, to the concentration of control in the hands of a very small group of inexperienced, unsophisticated and potentially compromised individuals, this situation is unprecedented.” I’ll pause there for a minute just to observe that this is by the guy who unwound Enron. He had seen everything that Jeff Skilling and all of the other people who were involved in the Enron scandal 20 years ago were involved in. And he characterized this as being the biggest failure that he’d ever seen. And that is ... I mean, from a corporate compliance standpoint, this is basic blocking and tackling. You have to have corporate controls. You have to have financial information that you can trust. You have to understand, if there is a regulatory environment, you have to have systems in place to ensure that you can comply. And so the fact that this is in the cryptocurrency space is interesting, but from a basic corporate compliance standpoint, it’s just appalling.

So the next month, in December, SBF was arrested in the Bahamas. He was extradited to the US within a week. On December 21st, Caroline Ellison, the former girlfriend, the woman who was running Alameda and another FTX co-founder plead guilty in New York to wire fraud, securities fraud and commodities fraud. This is only six weeks after all of that. So in six weeks ... the evidence against them must have been just so overwhelming that they chose to plead guilty rather than to face the music.


Let’s talk a little bit about some of the corporate compliance lessons. And again, recognizing that it’s still very much a work-in-progress. As I said, garden variety financial fraud still exists and it appears that a lot of what was going on here was just the kind of financial fraud that they saw in the Enron situation, and in many other situations. I have the quote from Michael Douglas’s Gordon Gekko in Wall Street, which is, “Greed is good.” Not necessarily. I don’t necessarily agree with that. I am a lawyer and a capitalist, but I’m not necessarily sure I agree with that. I would make another observation, which is, if something like crypto can’t be explained to you in a minute, in an elevator speech, you should really be critical about it. I don’t purport to understand all of it. I’ve spent a fair amount of time thinking about it and looking at how cryptocurrency is mined, what underlies it, but I don’t think it’s ever been explained to me in a minute and I’m still waiting.

I would also say, beware offshore ownership and regulatory regimes for your investments, particularly where U.S. authorities are still trying to figure out how to regulate. In the after ... there have been Congressional hearings that have started on crypto and on FTX and they’re going to be more. Part of the issue is that crypto has really emerged over the last three to four to five years, and Congress hasn’t figured it out. I think Congress also struggles a little bit with the, “I don’t quite understand it, and if I don’t quite understand it, I’m not quite sure how to regulate it.” But there’s going to be ... I’m certain that there’s going to be regulation that comes down the line on crypto. The question is, is it going to be regulation that is well-informed, or is it going to be a knee-jerk reaction to the excesses that have appeared thus far in FTX? A lot, as I said, of FTX is just garden variety, lack of controls, financial fraud. These things could happen in a manufacturing company. They could happen in a different financial services company. And here, they just happened to happen in a cryptocurrency.

And finally, my last word of warning in the corporate compliance world and in the business world in general, if it seems too good to be true, it probably is. You really need to look critically at anything that you’re investing in or considering investing in or involved in, so that you really understand what its risks are. Because risk mitigation is really what corporate compliance is all about, and you have to be able to understand the risk to be able to mitigate. Like to talk here for a minute or two. Alan, do you wanna take over? Would you like me to cover this?

Alan Gilewski:
It’s completely up to you. I could take over if you’d like.

Max Laun:
Okay. Why don’t you go ahead and I can jump in as needed?

Alan Gilewski:
Perfect. Yeah, thank you so much, Professor Laun. That was really insightful, really gave me some insight into everything that happened. You hear it in the headlines, but you’re not too sure what’s actually going on. So I really do appreciate you taking the time to explain it all to us. My name is Alan Gilewski, I am the outreach admissions advisor for the Online Master of Studies in Law and graduate certificates at Pitt Law. I’m going to talk to you a little bit more about the programs that we do offer. The Online MSL and certificate programs were designed with the working professional in mind. All courses are asynchronous, which means there is no specific day or time you must be online. Rather, your program affords you the ability to participate week by week on the day and at the times that work best for you, provided that you meet weekly deadlines. Depending on the graduate certificate you choose, upon completion, you may be eligible for industry-specific examinations and certifications. You’ll see some of the exams here as well as a few career paths you might take with our program. If you wanna add anything Professor Laun, go ahead. Perfect. Next slide then.


Let’s take a look at the left side of the diagram for details about the MSL program. The program of study begins with the MSL core courses. The MSL core is made up of eight courses. These range in length from three to eight weeks and total of credits. Once you have completed the MSL core courses, which takes 12 months to complete, you will then choose a specialization. As you can see on the right side of the graphic, the options include healthcare compliance, human resources law, international business law and corporate compliance. All of these specializations follow the same format. There are five courses, each is eight weeks long, and each earns three credit hours, making a total of 15 credit hours for each specialization. The specializations take 10 months to complete. And the MSL core courses plus the specialization make up the 30 credit hours required for the MSL degree. So the MSL core courses and specialization can be completed in just less than two years.

Yeah, no worries. However, if you are unsure whether it’s the right time for you to pursue a master’s degree, you may want to instead apply for a graduate specialization as a standalone certificate. This is a great way to specialize in a subject matter expertise in a particular field, in a very short time. Then if you later decide you’d like to pursue the full MSL, you can apply the certificate credits towards the MSL degree. You would just need to complete the MSL core courses, then you would end up with both a master’s degree and a certificate in your specialized field. As you can see, the program is very adaptable. It allows you to select the order of programs to suit your needs as they evolve over time. So in other words, you can complete the MSL degree in two different ways, either take the core courses first, and then the certificate, or take the certificate first, then the MSL core courses.

Max Laun:
Now I will allow my finger to twitch. Sorry, Alan.


Alan Gilewski:
No, no worries, no worries. Now that we have reviewed the programs themselves, I’d like to talk to you a little bit more about the application process. As you can see here, we do require a bachelor’s degree, a completed application form. As part of that application form, we require a statement of interest or a personal statement, a current resume and a $38 application fee. We do require all transcripts from all colleges and all universities attended. You may submit unofficial transcripts for review, however, once admitted, official transcripts are required before you enroll. It’s all yours, Professor Laun.

Max Laun:
Thank you very much. Yeah, there are no other tests. There are no tests of English. There is a test of English proficiency if you’re an international student. There aren’t any other standardized tests that are required. If you have questions about corporate compliance or the Corporate Compliance program, please feel free to reach out to me. If you have questions about the admissions and the MSL or any of the certificate programs, you can feel free to reach out to Alan. With that, we close the formal presentation. If there are any questions or comments, I haven’t seen any in the chat yet. If there are any questions or comments, please put them in there. We’ll give it a little bit. And if there aren’t any, then we will thank you for attending our webinar and we hope we wetted your interest in corporate compliance. We hope we explained a little bit about what’s going on in the wild world of cryptocurrency and FTX. And we hope you get some more interest in the MSL program, the Corporate Compliance program, or any of the other certificate programs. Thank you very much.

Hot Topics in Corporate Compliance

Get insights into the latest corporate compliance trends. Max Laun, director of the Corporate Compliance Online Certificate program, draws on his experience as a corporate lawyer to shed light on what compliance professionals can learn from the latest trends and scandals, such as the notorious FTX collapse.

0:00 / 0:00
Video Companion

Video Transcript

Max Laun:
So good afternoon, good evening. We're just gonna give participants a few minutes to join.


We'll give it another minute for a few more participants to join and then we'll get started. Thanks all.


Well, let's go ahead and get started. Just so everybody's aware this is being recorded so that we will be able to look at it later or go back and revisit my greatest tips. I'm Max Laun, I'm the Director of the International Business Law Online Certificate Program here at the University of Pittsburgh. And today we're gonna talk a bit about international business law with a particular focus on cyber security and hacking. Just a little bit about me before we get started. I have worked for more than 30 years as a corporate lawyer, 25 years in the international space doing mergers acquisitions and joint ventures. I was Vice President General Counsel of Alcoa, did transactions in that role, and prior to that role on six continents sorry Antarctica, including both Greenfield Investments and places like Saudi Arabia and Iceland, privatizations across Europe, Hungary, Italy, Spain, Russia, as well as China and Venezuela and other transactions in more than 15 countries. I'm on several boards, but you're not here to listen to my resume you're here to listen to me talk a little bit about international business and a bit more about hacking and cyber security.

We're going to cover sort of a at a very high level, what we mean by international business law. Then we're gonna turn and talk about intellectual property hacking and cyber security and talk a little bit about the responses. What do you do if you get hacked? What do you do? How do you manage something like that? And finally, at the end of the session, we're gonna talk a little bit about our Corporate compliance Online Certificate Program, and the other Certificate Programs that the law school offers. I'll be joined by Alan Gilewski, who is going to give that overview. What do we mean by international business law? By international business law, at it's a very fundamental level, we mean business transactions that cross borders. These can be transactions that are one-time sale. So I'm selling something from the US to you in Canada. It can range as far as doing investments into a new country, either into a wholly owned subsidiary that I own or a joint venture. All of those are considered international business transactions, and are subject to international business law. As you can understand, the complexity of the program depends on what kind of a transaction it is, if it's a one-time sale, really all you're doing is you're selling goods or you're sending goods or services across the border and getting paid.

Yes, there's a little more complexity to it than that but that one's pretty simple. Another way that people often do business across borders is through the use of intermediaries, you have a sales agent or a sales rep, somebody who's a third party, you have a distributor, you use somebody who is an independent sales company that works for you. In all of those circumstances, you just have to be aware of red flags. The issue is that oftentimes, these intermediaries are used in order to deliver graft, to deliver bribes in a way that you could not do it if you were engaging in the transaction directly. So rule of thumb, if you're using an intermediary, you can't do anything through them that you couldn't do yourself, so you need to be aware of the rules. You can also have a cross-border transaction where you establish a new operation, and that's certainly either, that's sort of a topic into itself. Let's talk a little bit about where the law for international business transactions comes from. Domestic laws could be ours or theirs. If you and I are doing a transaction, I'm in the US, you're in Canada, we may decide, hey, US law is good enough and predictable enough, then we know what the risks are, and so we'll use US law. We could also decide to use Canadian law because it's similarly predictable and clear.

There are also special cross-border regimes that are out there, like the UN Convention on the International Sale of Goods, CISG. It is in fact the law in 95 different countries that cover about two-thirds of world commerce, so CISG is already in place in, for example, the US and Canada, a transaction between the US and Canada, if we opt for either US law or Canadian law, unless we opt out, we've already opted in to the UN Convention on the Sale of International Goods. Let's talk a little bit about what really the key in any cross-border transaction, frankly, in any commercial transaction is, and that is managing the risks that you have and allocating them between the parties. First and foremost, you have to understand what those risks are, and if it's a fairly straightforward sales transaction, the answer is, how do I ship or provide the goods or services. How do I get paid when I deliver them, and how do I protect my intellectual property and we'll talk a little bit more about that.

One of the things that is really important is that you have to allocate the risks between the parties, most of the disputes that we wind up getting in in commercial transactions are because nobody stopped to think about a particular risk. So the unexpected happened or maybe the expected happened, but the unexpected happened, and you either weren't able to ship, you weren't able to pay, and so you wind up in a dispute because of a risk that you didn't allocate. So in the shipping world, you have to deal with who's responsible for delivering the product, who's responsible for insuring it, where the risk of loss passes from the seller of the product to the buyer of the product. Incoterms or something that you may have heard about, they are out there published by the International Chamber of Commerce, they're widely used in cross-border transactions, and they have default provisions. So if I'm shipping something and you're taking responsibility for it as it leaves my factory, then you have the risk of loss, the responsibility for arranging delivery and for insurance on it. At the other end of the spectrum, I could be delivering something to your factory, in which case I have the risk of loss, I have to arrange for delivery and I have to get insurance. Incoterms will help, it will help clarify who's responsible for what. In terms of getting paid, you can get paid upfront, you can use letters of credit.

One of the things that I would like to recommend everybody think about is currency fluctuations. So who bears the risk of exchange rate changes? So oftentimes, you'll specify the currency of the transaction, and it's very important that you do so, but in certain circumstances, you may find yourself or your buyer may find himself in a situation where there has been a fair amount of inflation between when the contract was concluded and the time for delivery at the time for performance and time for payment. And so they may find themselves in a situation where they have to pay a lot more of their local currency to get the dollars or euros that they need to pay you in, so those are risks that you have to think about upfront and allocate between the parties. Intellectual property protection, really need to look at things in two different ways. First of all, is your intellectual property disclosed in a product or is it something that is sort of hidden. If it's disclosed in the product, the risk that you run is that your customer or your customer/competitor is going to buy it in order to look at it, understand it, reverse engineer it, you have certain protections, certain protective measures you can take, if that's case, or is it something that is a inherent process, so it's part of my manufacturing process, and you can't really tell how this thing was made by looking at the end product.

The other thing that I would simply say is that you have to think of the human element in this, which is one of the things one of our managers was fond of saying is, "Listen, my intellectual property walks out the door every day with my employees." These are the people who know your product, services, customers, everything about your business the best, and so you wanna make sure that you have the right legal protections in place. But really it's a behavioral thing more even in legal, you wanna make sure you're treating your people right, you gotta make sure you're paying them appropriately for the market that they're in so that they don't have an impetus to go out and steal your intellectual property and take it to a higher bidder.

Let's talk a little bit about how disputes arise and what you can do in terms of managing or planning for your disputes. Key here is you really have to plan for the speed up front. You hope you never have to use the provisions, but I spent a lot more time in my legal career planning for disputes that never happened, and then not having to use what we agreed upon with the other side, and I'm very happy about that. Really three things that you need to think about as you plan for dispute. First of all, choice of law, talk a little bit about whether you use our domestic law or somebody else's domestic law. You can use national law, you can use an international law, something like CISG or another treaty. You can use something that is neutral, and I've seen a lot of transactions in the past where you specify Swiss law, whatever Swiss law is. It's important if you're gonna specify Swiss law or Hong Kong law or something like that, that you know how it would resolve a dispute between you so don't just choose neutrality for the sake of neutrality. Even more important than choice of law equally important with choice of law is choice of forum. How are you going to resolve this dispute? You're going to litigate it or you're gonna go to court, if so, where? Are you forcing your counter party to come to where you are located to sue? Do you have to go to their home place to sue?

Again, you may wanna think about neutral forums. We've done a lot of transactions, again, Swiss law, Switzerland, English law, sue in the UK, where we have different legal traditions on each side of the transaction. The other thing that you may just decide on is what's called the alternative dispute resolution or ADR. ADR is simply simply shorthand for going through a dispute where you set up the rules, usually you'll choose the rules of a particular organization, the International Chamber of Commerce, ICC, has certain rules that you can use. There are other rules in Hong Kong in China, in London Court of International Arbitration as is another common one. Very important, if you choose to arbitrate or you choose to mediate, that you choose where it is you're gonna do it, and what language the arbitration is gonna be in, or the speed resolution proceeding is going to be in and what language the award is gonna be. Finally, enforcement of awards, this is something that is often that is sometimes not thought about, which is if you win or lose, how is it that you get paid or pay?

Fortunately, across much of the world, there are treaties in place that provide for the enforcement of arbitral awards. That much said, you can run into a situation where either for reasons of domestic law or otherwise you get an award, but you can't get the award enforced because of you have to take it back to their home country, where it may be against public policy to enforce or that you may not be able to enforce it against the assets that they have outside of the country. There is a very, very long running arbitration that is in the headlines every several weeks, at least, the headlines that I read about international business law involving CITGO, which is a Venezuelan, the US subsidiary of the Venezuelan oil monopoly owned by the Venezuelan government and there are international arbitration awards out there against CITGO, and CITGO is fighting, the Venezuelans are fighting against the enforcement of it. So it's a very real thing today. Let's turn now and talk a little bit about the subject that I suspect most of you are here to listen to, and that's hacking and cyber security.

What is hacking? The black letter definition of hacking is unauthorized access to a computer system in order to take advantage of the information that's in it. We think largely about black hat types of hackers, these are cyber criminals, these are people who go in and maliciously search for vulnerabilities in your computer system and look for ways to exploit them. There is also out there, what are called white hat hackers, they're usually either internal people or contracted people, they go out and look for vulnerabilities in your system in order for you to go back and come up with defenses to it. There's also something called grey hat hackers, they may be out there and they may not exploit for financial gain, but they may not be entirely altruistic about why it is they're trying to hack into your system. Ethical hacking is another term that you may run into, it's similar to white hat. The idea is, again, you test a system, you're authorized to test the system to see if there are vulnerabilities, to see if there are things that you can do. And then you may hear, the other term you may hear out there is activist, these are hacking activists, they're motivated by typically social justice, but they're looking for opportunity, they're looking for ways to force companies to do things in the manner and to do business in the manner that they want to do business.

Let's talk about the top eight or 10 terms that you may hear when we talk about hacking and cyber security attacks. First of all, you have something that's called phishing, and many of you probably work for entities that do phishing tests, essentially, it's phishing with a P-H, but what they're trying to do is to reel you in. They send out an email that looks to be innocuous, but what it has is a link in there where if you click on it, it will either replicate itself in the system, which is really a virus malware crouching, the next type of thing, or it will download certain information that you make available to it. I got something that looked innocuous from the US Postal Service the other day, because it said, Oh, we need to update your address. I clicked on it and it first looked... It first asked me for my correct mailing address, which was fine, where I got suspicious was the next screen asked me, We're gonna need your credit card information. To me, that was a red flag. I knew at that point that it was a phish or some sort of an attack on my personal information and I shut it down.

Talked a little bit about virus malware cookies, they send programs, they put programs onto your computer that feed either your key strokes, your data, your financial information, they feed stuff at. Cookie theft, if somebody gets into your computer system via phishing by a virus through or network, what they'll do is they'll look at the cookies that are downloaded every time somebody visits a website, and they'll capture that information so they can pretend to be you. Password cracking, that's something you read about more, tends to be a group force or an AI kind of thing, they will try and come up with your passwords so they can get at your personal information, your financial information. User interface redress or bait-and-switch, this is a variation of what I got from people who were hacking pretending to be the US Postal Service looks like, you think you can trust the website to which you're being directed because the email or the text came in from a trusted counterpart, yet what happens as it comes up. So I'm on the board of directors of a nonprofit and got an email from one of the people in the financial organization there saying, "Hey, I'm assuming that you didn't ask me to pay this bill and sure enough, what somebody had done was, was had spoofed by name and said, "Please pay this bill." But it came from an email address that didn't look anything like mine.

Finally, I'll mention denial-of-service or distributed denial-of-service attacks. These are really meant to disrupt, typically a larger companies, but it could be a smaller company's companies business operations. What they do is they shut down the system by flooding it with all kinds of extraneous data and all kinds of extraneous pushes and calls into the system. These are the tools that hackers typically... The hackers use in order to look for vulnerabilities and to exploit them. What are hackers after? At the beginning and end of the day, hackers are looking to make money. They're looking for what's called personally identifiable information. PII. Typically, they would love to have social security information, they'd love to have other identifying numbers, if you have a passport or national security card or something like that, they're looking for financial information. Bank and credit card accounts. They're looking for education information, this is so that they can engage in identity theft and open a credit card in your name that you know nothing about.

It goes to a completely different address. You only know it if something comes back to you. I had that happened to me a few years ago. Somebody opened a credit card, I got a question about the account, and it's sort of like, this isn't one of my accounts. I don't have so many accounts that I would miss one. Education information, same thing. Health care information, again, they're looking to come up with a fake you in order to pretend that they're you and take advantage. Credentials, user names usernames and passwords, same thing we just talked about. They try to steal from individuals, they try to steal from small businesses, they try to steal from large businesses. I say this is a little harder because large businesses tend to have invested in infrastructure, they tend to have invested in training their people. Much of the way that that hackers are successful in doing this is they go after, they go after the uninitiated. They'll hit you with something that looks like it's a legitimate email and but sure enough, they manage to get enough people to respond, that they collect information.

The other thing that I'll mention is ransom and ransomware. Again, often the DoS denial-of-service or distributed denial-of-service, DDoS, attacks are designed to shut down the business and say, "Unless you pay me $1,000,000 tomorrow in Bitcoin or in dollars, I'm not gonna let your business operate and for a big business, that can be something where they say, "Hey, we're just gonna just gonna pay the guys because that's cheaper than my business going down." What are the business costs of hacking and cyber security? First and foremost, I'll say this. Cyber is really at the top of everybody's list in terms of the risks that businesses face today. Anti-corruption is still number one. We talked about that a little bit earlier. Those are the red flags about potential bribery and that kind of thing. But cyber security has really climbed the list over the last three to five years.

Ransomware attacks... For the last year that we have data for, which is 2022. Ransomware attacks were up 13% that year which is more than they were... More than they increased over the previous five years combined. So, ransomware is big business and we're seeing more and more of it. Over 83% of organizations had one or more cyber breaches and there are over 100 publicly disclosed cyber incidents each month. And that's only the publicly disclosed publicly-disclosed ones.

If you're not a publicly traded company or a large, visible company, you may get attacked, but you may not talk to anybody but your lawyers, your information technology people, your internet service provider maybe your management and your board about it. You may not go public with it. But there are more than 100 a month, and so this is really happening. And doing some research for this talk, I discovered that there's something called Cybercrime Magazine. It's not a how to, it's really meant for people like us who are looking at how you combat cyber crime. They identify this as a six trillion dollar industry, which would be the third largest economy in the world after the US and China, and it's growing at about 15% a year. So this is something that isn't going away. In fact, it's growing and it's growing as things get more computerized, more automated. Artificial intelligence is going to play into this as well. As I said, this is really growing. There are a number of top 10 lists out there about the biggest cybercrimes that have been committed. Today to get on to the list, you would have to lose more than $56 million to make it to number 10.

That was a hack of Home Depot about eight years ago. It cost them about $56 million both in losses and to fix the problem. The Veterans Administration, cyber attack on them about nine years ago cost them 500 million, and I'm not sure that that includes the cost that they've had to incur in order to strengthen their systems. The largest one ever was Epsilon, who was a provider of back-end backend services to a number of customers including Best by JP Morgan Chase, Target... That hack is estimated to have cost over $4 billion. And so this is real. It's big. This is a growth area. If I had relatives who were looking for something to go... For a career to go into, I would tell them look into cyber security. What can we do? What are some best practices around protecting your information? First of all, and we've talked about this, recognize the people are the weakest link in the cyber security system. That's just because that's how most hackers and most things get accessed access. They don't do it just by going into the system with a raw blunt force attack on your cyber defenses.

They try and while their way in, by getting somebody to click on a virus, click on a phish. Make sure you use... Try to use... Make sure your organization implements two-factor or multi-factor authentication. I know it's a pain not to... When you log into your account, when it says, "Can I send... I need to send you a text or you need to enter a second password in order to get into the system." It is a minor pain to put up with in order to keep out hackers. They really love it when people either don't have an implemented two-factor, multi-factor authentication, or they ignore it or figure out a way to bypass this because that's yet another vulnerability. Strong passwords, password keepers don't keep us... As I joke with them, my wife does a post-it-note on the side of her computer with a number of her passwords written down. Use strong passwords. There are programs you can use as password keepers. I actually keep my passwords and then encrypted note on my iPhone and actually, I don't keep my passwords on an encrypted note. I actually have a code for my password. So I have a number of passwords and I have them coded, so I know what it means, but somebody would really have to know how my brain works to understand how to decipher my passwords.

Take precautions when web surfing. HTTPS. The S stands for secure. Any time you're putting your financial information out there, if you're buying something with a credit card, buying something with a debit card... First of all, buy with a credit card, don't buy with the debit card if you're online, and the reason is that they are a greater legal protections in place if you dispute a credit card charge than if you have to dispute something that is a debit card charge. Take precautions when you buy anything on the web. Yeah. Education and training. Big companies have programs in place where they will train their people on cyber matters, they will do fake phishes, say, "Oh Max, you clicked on the link. You should have recognized that this was an exercise." And then they make me do... And I've done it before. I've had to go back and redo sit at this training because I missed the phish training that they were sending to me. So, think about it. When you get an email, look at it, see if it makes sense. If it's an email from somebody you don't know, look at it suspiciously. What else can we do? What are the legal responses that companies and others can take to cyber attacks?

First of all, big companies tend to have multiple lines of defense. They train people like me, they train their employees. Disclosures and publicity, are a big thing. They both force the company... The fear of having to disclose that you've been hacked, forces a company to invest in their infrastructure and to do that. The US has passed something called the Computer Fraud and Abuse Act. It's enforced by the US Department of Justice, the Federal Bureau of Investigation. That's something that there have been prosecutions under it. It does have some teeth. One thing that's out there is the US has indicted a number of foreign hackers and organizations. This both has symbolic effect, but can also be deterred. A number of companies in Pittsburgh were... And this goes back 10, 12 years, and it's been publicized, so we can talk about it. But a number of companies were hacked by the Chinese state. Essentially by hackers working for China. And they exfiltrated a fair amount of data on some industrial processes. Some things that were trade secrets, etcetera.

One of the things that the Pittsburgh based Pittsburgh-based in the US-based companies did is they cooperated with the US Attorney's Office here in Western District of Pennsylvania, and they issued warrants. They issued indictments and warrants for the arrest of the hackers who they could in fact, forensically identify who had done this. Will it stop? Stop them, no, but it may deter them and it may also restrict their freedom of movement, if they want to go... They want to leave wherever it is they're hacking. Russia, China, you name it. Wherever it is they're hacking, if there's a warrant out for them, it may deter them from further bad acts. In the international sphere, where in the early days the cooperation is increasing because 'cause everybody is having this problem. This isn't the US problem, this isn't the European community problem. This is a worldwide problem, and so there is much more cooperation going on among the authorities who are involved with it.

Finally a shout out. University of Pittsburgh has set up something called Pitt Cyber. It's a special institute, it is cross-functional and multi-disciplinary. It includes people who are at the background of law, people with a background in computers and intellectual property and information technology, and what they're doing is they're really working at this as a system problem, because at the end of the day it is. I mean, hackers are ingenious. They will find a weak link and figure out how to exploit it. Once you close that weak link, they'll continue looking and find another. And so it demands a response that is multi-disciplinary and cross-disciplinary. That's the name of the game. That's going to be the future of cyber... Pitt Cyber group has a nice little website. They talk about some of the things that they've done on election security and otherwise, and I commend that to you.

I will at this point stop talking. If there are questions, you can put them in the chat or the Q&A. And I'll turn it over in a moment to Alan Gilewski, who's gonna talk a little bit about our certificate programs as well as about our Masters of Studies in Law, MSL program. It has put these together and is grouping them together, because we think there's a nice synergy across both the kinds of certificates that are scripted programs that I'm involved in, the international business law and corporate compliance ones, as well as human resources law in healthcare compliance. And we think they're a great opportunity for people who are not lawyers to learn how the law works and how these very important to air, how you can work in these very important areas. With that, I'll turn it over to you Alan.

Alan Gilewski:
Yeah. Thank you, Professor Laun. And this was very insightful. Just when you think you know a decent amount about cyber security and what's going on in the world, we have people like you to educate us and let us know what's really happening and how to protect ourselves. So we really do appreciate and thank you for your time. Was really insightful and I definitely took it all in. But to kind of change gears now, I do wanna talk to you a little bit more about the programs offered at the University of Pittsburg. Do you go back one more? Sorry about that. With that being said, the online MSL as well as the certificate programs were designed with the working professional in mind. All the courses are asynchronous, which means there is no specific day or time you must be online, rather your program afford you the ability to practice and participate week by week on the day and at the times that are best for you, provided that you meet weekly deadlines. Depending on the graduate certificate you choose, upon completion, you may be eligible for some industry-specific examinations and certifications. You'll see these exams here as well as a few career paths that you might take with our program.

Next slide. That's perfect. Let's take a look at the left side of the diagram here for details about the Master of Studies in the Law program. The program of study begins with the MSL core courses. The MSL core is made up of a courses at ranging in length from three to eight weeks and totally 15 credits. Once you have completed the MSL core courses, which takes 12 months, you will then choose a specialization. As you can see on the right side of the graphic, the options include health care compliance, human resource law, international business law and corporate compliance. All of these specializations though, follow the same format. There are five courses, each is eight weeks long and each earns three credit hours, making a total of $15 credit hours for each specialization. The specialization takes 10 months to complete. The MSL core courses plus the specialization make up the 30 credit hours required for the MSL degree. So the MSL core courses and the specialization can be completed in less than just two years. However, if you are unsure whether it's the right time for you to pursue a Master's degree, you may want to instead to apply for a graduate specialization as a stand-alone graduate certificate. This is a great way to gain specialized subject matter expertise in a particular field in a very short time. Then if you later decide you would like to pursue the full MSL, you can apply these certificate credits towards the MSL degree.

You would just need to complete the MSL core courses, and then you would end up with both a Master's degree and a certificate in your specialized field. As you can see here, the program is adaptable. It allows you to select the order of the programs to suit your needs as they evolve over time. So in other words, you can complete the MSL degree in two different ways, either take the core courses first and then the certificate or take the certificate first, then the MSL core courses. With that being said, I'd like to now talk a little bit more about the application process. The requirements for the application program include a bachelor's degree as well as a completed application form. As part of the application, we require that you do a statement of interest. This will be one page, less than 500 words on why you're looking to attend the program? We also request that you upload a current resume and a 38-hour application fee. With that being said, we do need all college and all graduate transcripts from all colleges and all universities that you have attended. Any the transfer courses, Community College, we will need all of those.

You may submit unofficial however, but once submitted, we would ask that you send the official transcripts directly to the graduate admissions office before you enroll. That is my part of the presentation here. If you do have any questions about the program or the application process, definitely don't hesitate to reach out to me. My contact information is there, but I'd like to thank everyone for being here this evening. I know how you have a lot going on, so I do appreciate your time. And I would like to open up to Q&A session for anyone, for myself or a professor Laun.

Thanks Alan. Is there are any questions? I'm not seeing any or hearing any. But you can reach either of us, Alan's... Alan's contact information is there. If you have questions about the application or program are there. I can be reached, it's at the beginning of the presentation and you can find me on the website. It's So, you can reach out to either of us if you have any questions, and I'd like to thank everybody for attending this evening and have a great day.

Thank you again, Professor Laun. You guys have a good one. Thanks so much.

International Business Law: Cybersecurity and Hacking

During this special webinar, Max Laun, adjunct professor of law and director of the International Business Law Online Certificate program, goes in depth on the importance of cybersecurity in international business. Watch the replay to learn more about cybersecurity and hacking, risk management and allocation when handling cross-border transactions and disputes, and what legal professionals can do in response to breaches.

0:00 / 0:00
Video Companion

Video Transcript

Chris Favo:
This presentation is not designed to cover all aspects of the compliance program but to emphasize ways in which compliance programs and FCPA investigations interact. My name is Chris Favo. I’m an adjunct professor at University of Pittsburgh Law School. I’m also a retired Special Agent of the FBI.

As we move to the first slide, you’ll see our agenda. We will cover several bullet points. Per the first bullet point, we will provide a definition of bribery as it exists under the FCPA, that’s the Foreign Corrupt Practices Act, the United States’ anti-bribery law. And the next bullet point is explaining how an effective and robust compliance program can prevent bribery schemes from being perpetrated within an organization.

And the next bullet point shows that we have four cases that will illustrate particular types of bribery schemes and associate them with the compliance systems that can prevent them.

The first one is the case involving Saipem, which was an energy construction company, and we’ll show how the due diligence system will affect the use of an intermediary. We’ll also talk about Microsoft and a margin manipulation scheme. We’ll talk about Nu Skin and an activity that occurred with their subsidiary in China, where contributions to a charity were used to conceal an actual bribery scheme. And finally, we’ll talk about the Odebrecht and Braskem case very briefly. It is the most sophisticated bribery scheme that has been uncovered by the Department of Justice, and I’ll talk a little bit about how it was discovered and the hotline system for compliance.

Now, the FCPA, or Foreign Corrupt Practices Act, was enacted in the United States in 1977. And has, as I explain here, the legal language that describes what is prohibited. But I want you to actually focus on the idea of corruptly influencing a foreign official. The FCPA is really designed to focus on companies and organizations that deal with officials in foreign countries outside of the U.S. in a way to corruptly influence them in the commission of their duties. So in other words, something that is offered that is consistent with the proper duty before an official, would not be considered a bribe, but something that is asking them to do something improper, for the improper benefit of the company, can be a bribe under the FCPA.

Now, there’s two aspects of the FCPA that we have to focus on. One is the corrupt influence component, the other is that the FCPA was revolutionary in its time, because it added a concept called extra-territorial jurisdiction. Prior to the FCPA, for a bribe to be prosecuted, the bribe payer, the bribe recipient, and sometimes the transmission of the bribe itself, all had to occur within the jurisdiction of the United States, but when the FCPA was enacted, it was written differently, and it said an organization that has any contact or Nexus with the United States, is under the jurisdiction of the United States.

So that change is that a bribe that is paid in another country - arbitrarily picking New Zealand for this example - by somebody in New Zealand, and the recipient is in New Zealand, could be prosecuted in the United States if the organization had an office in the US, had stock on the US Stock Exchange, used the US banking system or the communication system, or any other, even small Nexus to the United States. And again, that concept is called extra-territorial jurisdiction, and it is why the FCPA has been so effective.

Moving to the next slide, I’d like to emphasize that most countries have Anti-bribery laws and these laws have been in existence for a long time, but since 2010, new types of laws have been enacted. And many of these are based on or are reflective of what the changes were in the FCPA. But you have to remember, the FCPA focuses on bribery of foreign officials.

The FCPA also has a books and records component, which the next bullet points out, and that component means that all companies that are required to maintain accurate books and records. And that books and records component means that if you have paid a bribe and concealed it as something else in your books, you have violated the books and records aspect of the FCPA and can be prosecuted for that.

Some of these newer laws written by these countries also prohibit commercial bribery, which means you don’t have to have a foreign official involvement in the bribery scheme. If an employee or a salesperson of one company bribes the contract person of another company, and there’s no governmental aspect to it, that bribe can be prosecuted under the Anti-bribery laws most recently enacted in several other countries.

Moving to the next slide, I’d like to emphasize how a compliance program can protect an organization. For instance, the first item would be the compliance program operating a system for third-party due diligence. So this would be a system in which the compliance organization within the company will evaluate prospective third parties and evaluate whether they are legitimate companies, that they have been operating for periods of time, that they have people that are qualified to run them, and essentially determine that they weren’t created simply as a way to pay a bribe.

The next bullet point is education and training for employees. Now, the better educated a company or organization’s employees are, as to the FCPA, as to the importance of a compliance program, or as to other laws that affect the company, the more likely a company is able to stop and prevent a bribe or other problem that could seriously affect a company. That education and training is an important aspect of compliance programs.

So, as I mentioned before, the FCPA has a books and records component. So the coordination with auditors and controllers to ensure that the books and records are always accurate and reviewed - and that bribes are not being concealed by false entries - is something that the Compliance Department can do. The compliance program can also have an independent review and approval of some contracts, and in particular, charitable contributions, gifts, entertainment and travel.

There have been many FCPA cases and other bribery cases where the government has found that the bribe has been concealed as a charitable contribution or in the form of a gift, or improper entertainment or travel to a foreign official or his family members or other people who are important to them. So the independent review and approval of charity, gifts, entertainment or travel, is important for detecting bribery and preventing bribery.

And also a uniform system of discipline so that employees in the company know that improper activity is discovered, is reported, is investigated, and employees are disciplined, and usually disciplined in a way that is fair across the board. One of the worst problems that can happen is if a company seems to discipline people at a lower level much more severely than people at a higher level. The uniform system of discipline, and the publication of the discipline, and not by naming employees obviously, but by activity, is important to establish the credibility of the compliance organization.

And the last bullet point is to conduct competent investigations. It is important for employees to believe that if they make a report, it will be investigated thoroughly by the people who are qualified to do the investigation, and are independent enough that if they find some activity that may be affects or reflects on a higher-level person in the organization, that investigation will be completed and the findings will be reported just the same as they would be for somebody lower in the level of the organization.

Now, this is just a summary of aspects of the compliance program. Cutting Edge compliance programs have far more aspects than this, but these are some of the basic requirements.

One other point about compliance programs that is important to keep in mind, is that no US law requires an organization to have a compliance program. The way that the law works is that if the organization is investigated or prosecuted, the fact that they have a robust and effective compliance program will significantly reduce the punishment imposed on the company - and that reduction can be as much as 50% of a fine. And that is even if they are found to have violated the law. So again, the compliance program in the United States is important when a company is being investigated. Some other countries have passed laws that require compliance programs.

Moving to the next slide, I’d like to focus on a specific case to give you an example of the sorts of bribery activity that can occur, and also talk about how a compliance program would have prevented this. So the case that I have on this slide involves Saipem, which is an Italian construction company. It’s a company that was focused principally on energy services. They were a subsidiary of ENI, which is an Italian oil company. So, as the slide points out, from 2007-2010 Saipem was bidding on a contract with the Algerian state-owned oil company, and dealing with some contract personnel within the Algerian company.

I would imagine that in the negotiations, that contracting officer must have communicated to Saipem that if they wanted to win this contract - they had to pay a bribe to this contracting person or executive within the company. Saipem executives must have agreed to pay this and in that process, discussed how they were going to be able to pay the bribe. At that point, the idea of creating a third-party intermediary between Saipem and the Algerian oil company through which the contracts and the bribe payments would be processed would enable the intermediary to receive the money that would be used to bribe the official.

The Algerian official directed Saipem to use his private secretary, and of course, in the case itself, they focus on the fact that he identified this individual as being like a son to him. And the importance of that, is it shows a kind of an improper connection between the official and the intermediary. When the intermediary was examined by law enforcement, it was clear that he had no expertise or experience in the oil business. The intermediary had an office in Switzerland, but the office was staffed by one administrative person, had no employees with prior experience or who could perform any services on behalf of Saipem, and ultimately, this intermediary added nothing the construction process. So, it was clear that the third party was there to facilitate the bribery, and that was the reason that Saipem was prosecuted.

This case was prosecuted in Italy under the laws that were in effect at that time. The Italian authorities forced Saipem to forfeit over $240 million. Now, that was the amount that they had paid in bribes so that they essentially are forfeiting the bribery amount. Now because their books and records were false, because they were paying an intermediary that was providing no services, the SEC also fined ENI and Saipem $25 million.

Now, I’d like to emphasize that in this case, a due diligence review of this intermediary would have examined how long the intermediary had been in business, what their expertise was, examined where their offices were, and evaluated what their staff. An initial glance at this intermediary reveals that this intermediary had been in existence for just a short period of time and was run by the private secretary of an Algerian state official, so the compliance program would have been able to step in and say, "We do not approve this intermediary. There is a problem in this transaction." In a company that’s operating legitimately, and wanting to follow the law, that would have prevented that transaction. That did not happen in this particular case, but in most cases, it would, and it would have prevented the problems for Saipem.

Moving to the next slide, this will focus on a different type of bribery scheme. This is a case involving Microsoft. Microsoft was selling software leasing agreements and they were using third-party intermediaries to contact customers and make sales in certain areas of the world. The third parties in this case - and they may have been legitimate - were coming to Microsoft and saying, "We need to reduce our bidding price or provide a special discount so that we can compete with our competition to win the sales to the end customers. Many of the end customers were government agencies. And so, the third party intermediaries were requesting a price reduction for the end user. Now, that can happen, but a company should have to have an appropriate approval system within the company to approve special discounts. But instead of passing the discount to the end user, what Microsoft’s third party intermediaries did is use these discounts to create extra margin which they used to bribe purchasing agents for the government agencies.

I will explain the margin bribery scheme using arbitrary amounts and percentages. So let’s imagine that Microsoft sells the licensing agreement to the intermediary for $100. Then the intermediary sells it to the customer for $110, which gives the intermediary a $10 profit.

In the margin manipulation scheme, the intermediary tells Microsoft "We need this extra discount," so Microsoft would say, "Okay, we’ll take a 20% discount, to you. We will sell it to you for $80, and you would then sell it to the third party for $90, so that 20% discount is the discount that goes to the benefit of the ultimate customer." The intermediary makes the same $10 as in a normal sale.

But here the intermediary still sold the product to the end user for $110. The extra discount gave them a $30 profit but they gave $20 of that $30 to the government purchasing agents as bribes so they would buy the Microsoft licenses.

Microsoft won over $13 million in business by this scheme, and then when they were investigated by the United States’ Department of Justice (DOJ) and Securities and Exchange Commission (SEC) they were assessed $25 million in fines. Microsoft cooperated with this investigation which probably reduced the fine level.

Margin manipulation schemes can often be very complicated - certainly more complicated than what I’ve explained. But they can be prevented by requiring high level approvals for discounts and confirming with the end customers that they’re the ones that ultimately receive the discount and ensuring that the discount isn’t something that’s kept by that third party, either for themselves or to pay a bribe to the official.

There are many types of discounts in business, volume discounts are very common, and when they are available to anybody that is purchasing a product at a certain volume, those are completely legitimate. So in this example, we’re actually talking about a special or exceptional discount that was asked for and then used by the third party intermediaries to find the bribes. So that’s a margin manipulation scheme.

The next slide describes a different type of scheme in which the bribe is concealed as a gift or a charitable contribution, so it’s a rather interesting case. Nu Skin, which is a company that is based in the United States but was operating in China, was under investigation by a Chinese internal government investigation agency. If the agency had a finding against Nu Skin’s group, it would prevent them from winning contracts in the future in specific areas of China. Nu Skin was concerned to the point where they decided that they had to prevent the finding from being registered against the company. To prevent this, they went to a Chinese government official and asked the government official if he could intervene to prevent the finding. The government official agreed to do this - so obviously Nu Skin was corruptly influencing an official who is already corrupt - and he closed the investigation. But the problem became, how does Nu Skin pay him the bribe for intervening? In this case, that problem was resolved by having the government official create a charity, and for Nu Skin to pay $150,000 as a contribution to that charity. So Nu Skin’s books and records indicated a charitable contribution of $150,000, but it’s actually a bribe being paid to prevent the finding against Nu Skin so that they could continue their business. By paying the bribe Nu Skin violated the anti-bribery part of the law and by booking it as a charitable contribution they violated the books and records provisions.

So the way this is prevented in a very effective and robust compliance program, is to have a component that reviews all charitable contributions to make sure the recipient charities are legitimate charities that are active, effective, lawful and the reason for the charitable contribution isn’t so that the company can receive an improper benefit.

The charitable review component is an important part of a compliance program. So is compliance review of gifts, hospitality and travel, because there are many cases in which bribes are concealed as travel awards or gifts given to contracting officials and others. Most companies will have a dollar limitation on the amount that can be given as a gift and can have other regulations relating to the value of hospitality dinners or other events that are provided, and also what travel opportunities are provided. So having those limitations in place and then having the compliance program have the ability and authority to review potential gifts and travel and approve them ahead of time can prevent the paying of bribes or using those systems as ways to pay bribes.

The next slide examines two Brazilian companies: Odebrecht and Braskem. And like ENI and Saipem, this is another situation in which we have an oil company and a construction company. And these companies were affiliated and they were involved in much of the Brazilian oil business, and also were interested in winning government-awarded contracts and bid rigging. Between 2001 and 2016, they paid over $3 billion in bribes to politicians to win government contracts as well as gaining favorable tax treatment and other discounts. And what makes this case significant is that the bribe payments became such an important part of these companies that they actually created an internal division within Odebrecht called the Division of Structured Operations, and this division was responsible for nothing other than paying bribes to government officials. They were funded by Odebrecht paying on fake contracts or insurance policies or other items that would enable money to go into the Division of Structured Operation.

The Division of Structured Operations was located at an Odebrecht facility, but they had an independent email system and independent leadership that reported only to the highest leaders at Odebrecht. Employees of the Division of Structured Operations didn’t go to the same cafeterias with other employees, didn’t associate with them in any way, and in many ways didn’t appear to be Odebrecht employees. They spent all of their time processing and tracking bribe payments, so they were processing how much the payment was, who received it, and moved the payments through shell companies all over the Caribbean and Brazil and other countries. They could not associate with other employees because that would raise questions.

It got so complicated that the Division of Structured Operations had to purchase their own offshore bank to conceal the flow of money to process the bribes and then convert it to cash and then the cash payments would ultimately be left in locations or sent to individual people, so it could not be tracked. This operated for 15 years. It was the most extensive system of bribery of any company that has been prosecuted. And it is interesting in that it was ultimately discovered because of an investigation in Brazil called the car wash investigation, which identified bribe recipients and then the recipients explained how they received the bribes.

Ultimately, Odebrecht and Braskem acknowledged that their penalty should be about $4.5 billion, but ultimately, they forfeited about $3.5 billion because if they paid all $4.5 billion in penalties the company would go bankrupt. So the law enforcement agencies in the prosecuting countries reduced the fine to protect the company and keep it in operation.

Now, this was a very difficult and complicated bribe scheme, so how would it be detected? It could have been discovered by training employees and hopefully the compliance program being able to say, "We train everybody and we’re not training anybody in the Division of Structured Operations, we want to train them as well and be able to explain to them what the bribery laws are," and the employees in that group might realize what they were doing was wrong and report it.

A company hotline in which employees can call anonymously and report things may also have been an effective way to discover this. If somebody was calling in and saying, "I think I’m doing wrong, or I think somebody else is doing wrong and they work in the Division of Structured Operations", that also could have detected it. In addition, if the company had a good investigative component to their compliance program, they could have discovered it. But in this case it was uncovered by the arrest of the bribe recipients.
So moving to the next slide, as a review, the systems and compliance that are important and can prevent fraud, are: the due diligence of third parties, which we covered initially, that can detect bribery by identifying the fake third parties and analyzing whether they’re in business legitimately or they provide anything to the company.

The strict adherence to the sales policies to make sure all the books and records are correct would also prevent bribery by inappropriate discounts.

Also, one of the most important components is independent approval by the compliance program for charities gifts, hospitality, and travel, and that of course can prevent bribes that are paid by the awarding of benefits it gives hospitality and travel or charitable contributions, that independent approval is vital.

And finally, training and the use and emphasis of the hotline because it will enable employees to recognize inappropriate activity and to report it to compliance so they can do their investigation.

So that’s all I have for you today. Thank you for listening and I appreciate your time, I hope this has been informative.

Faculty Presentation:
How Compliance Programs and Investigation Interact

In this special presentation, Chris Favo, adjunct professor and retired FBI supervisory special agent, discusses how compliance programs can prevent bribery schemes and protect organizations. Watch the replay to learn more pertinent cases and the compliance systems. Cases discussed include Saipem, Microsoft, NuSkin, and Odebrecht/Braskem.

0:00 / 0:00
Video Companion

Video Transcript

Mary Nell Cummings:
Hello, and welcome to our session. My name is Mary Nell Cummings, and I’m the director of Pitt Law’s Graduate Certificate Program in Health Care Compliance. It is my pleasure to introduce you today to Professor Deborah Stern. Professor Stern is a health law attorney, who represents healthcare clients in a wide range of administrative proceedings, regulatory matters, and litigation. She particularly enjoys counseling clients on risk mitigation and health care compliance. Recently, Professor Stern was elected to the Board of Directors of the North Carolina Society of Health Care Attorneys. Professor Stern teaches a popular seminar in our program, which is Compliance for Hospitals and Providers. I’m sure you will find her talk informative and important. And now, I will turn the presentation over to Professor Stern.

Deborah Stern:
Thank you, Professor Cummings, for that introduction. Today, we’re going to look at HIPAA breaches and enforcement trends. And this has been an area that has been very active over the last couple of years, but particularly the last few months. In today’s talk, we’re going to very briefly look at the HIPAA privacy rule and security rule, we’ll look at breach trends in recent years, and then we will take a look at the recent enforcement activity by the Department of Health and Human Services as it relates to HIPAA breaches, and what the takeaways are of that enforcement activity.

The HIPAA privacy rule has many nuances to it, and that will not be the focus of today’s talk. For purposes of this presentation, we’re going to focus specifically on breaches. And we will define breaches, generally speaking, as the acquisition, access, use, or disclosure of PHI by a covered entity or business associate in a manner not permitted by the privacy rule, and that breach has to compromise the security or privacy of the PHI. There are many nuances and exceptions to this rule, which we are not going to focus on here. In addition to the privacy rule, HIPAA also includes a security rule. The security rule protects a subset of information covered by the privacy rule. Specifically, it protects individually identifiable health information that a covered entity creates, receives, maintains, or transmits in electronic form.

In looking at breach data, there are very clear trends. Not surprisingly, the vast majority of large-scale breaches, meaning those involving more than 500 individuals, involve online activities, such as hacking, malware, ransomware threats, phishing, and publication of protected health information to websites. The larger sub-category of these online breaches over the last couple of years have been network server breaches. Physical breaches of PHI involving more than 500 individuals are comparatively speaking, very rare, although of course, they do still happen.

The Department of Health and Human Services has recognized the threat that hacking poses to individuals’ protected health information. Hacking, of course, is a concern for all types of enterprises these days, but it is a particularly serious issue for those entities that maintain PHI. Hacking breaches can cause huge exposure, and they are very much on the radar of the Office of Civil Rights, which is the enforcement agency of the Department of Health and Human Services. And they have stated that hacking is now the greatest threat to the privacy and security of protected health information. Clearly, this is something that is going to be a very big priority for enforcement actions.

The Office of Civil Rights has made it clear that those entities that maintain PHI are expected to keep up with the risks of security breaches. Otherwise, they can expect to be subject to enforcement actions. And the Office of Civil Rights expects entities to invest more time and more money into this area than they did just a few years ago.

The Office of Civil Rights has pursued numerous enforcement actions against health care entities for breaches. And we are going to look at just a small sample of those to see what the trends are and what covered entities and business associates need to know in terms of the expectations that OCR has of them. And just one recent example of healthcare providers paying large settlements to the government for breaches of PHI, in February of 2023, an Arizona hospital system paid $1.25 million and agreed to additional terms of a corrective action plan and two years of monitoring by the Office of Civil Rights. This is one of the bigger money settlements for PHI breaches in recent months. It involved a ransomware attack affecting the PHI of 2.8 million people, and the OCR in its investigation found that the hospital system did not have adequate protections in place. It was therefore vulnerable to a ransomware attack and not prepared as it should have been. OCR findings include not performing an adequate risk analysis, insufficient monitoring to protect against the cyber attack, failure to implement appropriate systems to safeguard ePHI, and failure to protect PHI when transmitting it electronically. Again, this is just one of many examples of our recent enforcement action, and it shows that even when an entity is subject to a malicious attack, a malware attack, OCR expects those entities to be prepared and to have mitigated the potential damage.

And while big hospital systems or other bigger entities are certainly on OCR’s radar, OCR is not just seeking enforcement actions against these bigger entities, they also monitor business associates, which generally, are entities that contract with health care providers to perform services for them. OCR expects these business associates, just like covered entities, to have adequate protections in place to safeguard PHI. When they do not, OCR does pursue enforcement actions against them in cases of breaches. For example, in October of 2023, OCR announced a settlement with a business associate that had been subject to a ransomware attack affecting over 200,000 individuals. The findings that OCR made and announced in its press release for the settlement agreement are similar to those of many other settlements announced in the last 12 months. They include failure to perform a risk analysis, which would have allowed the business associate to know their vulnerabilities and to act on that information in a preventive manner, insufficient monitoring and lack of policies and procedures to implement security rule requirements.

There are many more examples. Recently, Oklahoma State was the subject of a malware attack. It ended up agreeing to a settlement of paying $875,000, a corrective action plan, and OCR monitoring. Again, we see several of the same findings here. Notably, in this particular instance, the settlement amount was on the high side because in part, OCR findings included that Oklahoma State failed to timely notify individuals of the breach as required by the rule. And they did not implement audit controls, they did not perform an adequate risk assessment. All of these factors combined led to a relatively high settlement amount.

In one of the more egregious examples of failure to take adequate steps to protect PHI, this particular settlement agreement concerns a business associate that left a server containing ePHI completely unsecure and accessible online. The information left openly accessible to anyone that cared to look was names, social security numbers, addresses, as well as insurance information and phone numbers. In this case, OCR agreed to a settlement of $360,000 corrective action plan, and monitoring. The entity also had to conduct risk assessments for PHI vulnerabilities, develop a risk management plan to address those security risks, improve policies and procedure and improve its training.

All the examples we have talked about so far were for online breaches, ransomware, malware. But physical breaches do still happen, even though they are comparatively rare these days. In June 2023, a hospital entered into a settlement agreement with OCR over a physical breach involving the PHI of 400 individuals. In this case, security guards accessed patient records without a job-related purpose. There were at least 23 security guards who improperly accessed this kind of information. And OCR and the hospital agreed to a settlement agreement involving a payment of $240,000 corrective action plan, and monitoring.

In terms of the takeaways from these breach trends and recent enforcement activity, it is clear that now more than ever, any entity that deals with PHI has to invest the resources to protect the sensitive information. The risks of not doing so are far too high and leave these entities vulnerable to breaches, and subsequently, to enforcement actions, which themselves can be very costly and time-intensive. These investments that entities have to make these days are not one-time investments. They have to have staff in place that can continuously assess risk and update IT systems to address the latest threats. And at this point, regular risk analysis of security threats should just be standard for any entity that deals with ePHI. And it is imperative that these entities also have policies and training in place to protect ePHI. We can assume that as we look into the coming years, enforcement in this area will only continue. And as these threats, especially of malware and ransomware, get more sophisticated, the expectations are going to be that entities that have PHI on their system will take appropriate steps to improve their systems to address these threats. That concludes our presentation today. Thank you so much for your time.

Faculty Presentation:
HIPAA Breach Risks and Enforcement Trends

In this special faculty presentation, Deborah Stern, adjunct professor and health law attorney presents on HIPAA breaches and enforcement trends. Check out the replay to hear Professor Stern discuss the HIPAA privacy rule and security rules, specific breach trends in recent years, and recent enforcement activity by the Department of Health and Human Services as it relates to HIPAA breaches. She wraps up the presentation with takeaways on that enforcement activity.

0:00 / 0:00
Video Companion

Video Transcripts

Alan Pittler: Hello and thank you for joining us. My name is Alan Pittler and I’m here with my colleague Bobbi Britton Tucker. We are labor and employment attorneys who represent management in connection with all issues that arise in the workplace, and we also serve as adjunct professors for the University of Pittsburgh School of Law’s HR certificate program. We are very happy to talk to you today about two topics that are important to human resources professionals, promoting Diversity and Inclusion within your organization, and questioning witnesses in connection with workplace investigations. We’ll jump right into the first topic, promoting Diversity and Inclusion within organizations. Bobbi what does Diversity and Inclusion generally mean?

Bobbi Britton Tucker: I like to think of it like this. Diversity is the differences in backgrounds, experiences, perspectives, and work styles that each of us brings to the workplace every single day. So diverse is who we are. Inclusion is the way in which we all deal with these differences. Inclusive is how we work with each other.

Alan Pittler: Bobbi what are some best practices for promoting Diversity and Inclusion in the workplace?

Bobbi Britton Tucker: One best practice is ensuring that you have commitment and involvement from the highest levels of leadership, including a communications plan that will establish and reinforce that Diversity and Inclusion is a fundamental value of the organization. Another best practice is to make sure that your organization is conducting regular and varied Diversity and Inclusion training for leadership and all other employees within the organization. And that training could include, but not be limited to, programming on issues like anti-discrimination that would address all protected classes. The training could include hiring practices, and we should also consider using some outside vendors and speakers to conduct some of the training to get other perspectives than those within your organization only. The training should also let employees and managers know what they should do to address issues of concerns or complaints, and the training should notify all of the individuals within the organization of the resources that are available to support various diverse groups such as working parents, employees of faith, employees with disabilities, et cetera.

Bobbi Britton Tucker: The training could also include implicit bias or unconscious bias training, but before doing that, you’d want to make sure that you are familiar with your state’s laws to make sure that such training is appropriate and permitted. Another best practice is making sure that your organization is recruiting from diverse organizations and sources. Another best practice is ensuring that there is diverse representation on hiring committees, interview panels, and for promotion reviews. Another best practice is making sure that periodically you are conducting audits of human resources, practices and policies such as those practices and policies that concern pay equity to make sure that you’re identifying any barriers to equal employment and the equal opportunity.

Bobbi Britton Tucker: It’s also good practice to think about offering or having employee affinity groups, or employee resource groups, some organizations refer to them as. One important thing to remember though is that employee affinity groups must be open to all individuals, so anyone that has an interest in that particular affinity group should be able to participate. There’s another best practice you want to make sure that you are promptly and objectively investigating any claims of discrimination. You also want to make sure that there are protections from retaliation for any individuals who are raising concerns and that your organization takes prompt and effective remediation if there are violations of policies. Another best practice is engaging in the community, looking at community outreach programs such as partnerships with local high schools.

Alan Pittler: Terrific. Bobbi, are there any items that should not be part of Diversity and Inclusion programs?

Bobbi Britton Tucker: One is quotas. Quotas should never be part of Diversity and Inclusion programs. And what I mean, there are quotas that require a certain number of positions or certain roles to be filled by employees or applicants of a preferred race, sex, national origin, religion, et cetera. So you should never have quotas as part of your Diversity and Inclusion program. Similarly, you should never have preferences. So, any preference that certain roles or positions are filled by specific individuals of a particular race, sex, national origin, religion—those are prohibited and should never be part of a Diversity and Inclusion program. Also, Diversity and Inclusion programs should not reduce standards. Employers should be making sure that they are hiring and promoting the best qualified candidates and that they’re not taking any factors such as race, sex, et cetera into those decisions. Remember, Diversity and Inclusion is about providing equal employment opportunities, not changing standards. So, Alan, let me ask you a question. Do laws require Diversity and Inclusion in workplaces?

Alan Pittler: Actually, no federal law expressly says that workplaces must be diverse and inclusive. However, there are many laws which require equal opportunity in the workplace and prohibit discrimination based on protected classifications such as race, sex, national origin, religion, age, and disability. Federal laws include Title VII of the Civil Rights Act of 1964, the Age Discrimination and Employment Act, and the Equal Pay Act. These laws do not protect just underrepresented groups. They require equal opportunity and prohibit discrimination against all races, all national origins, all sexes, all religions, et cetera. Every employee has multiple protected classifications. A properly designed Diversity and Inclusion program can be a very effective tool for an employer to ensure that it is meeting its legal obligations to prevent discrimination and promote equal opportunity in the workplace.

Alan Pittler: An improperly designed program can undermine the goals of promoting Diversity and Inclusion, or even worse, violate anti-discrimination laws by using a protected classification as a factor in making employment decisions such as the decision to hire or promote.

Bobbi Britton Tucker: Alan in 2023, in Students for Fair Admissions v Harvard and its companion case, Students for Fair Admissions v University of North Carolina, the Supreme Court held that using race as a factor in college admissions violated the Equal Protection Clause of the 14th Amendment and Title VI of the Civil Rights Act, which prohibits racial discrimination against students. What, if any impact does this decision have on employer Diversity and Inclusion programs?

Alan Pittler: Well, as a practical matter, there’s no question that since this decision came down in 2023, employer Diversity and Inclusion programs have been facing greater scrutiny and legal challenges. The Supreme Court’s 2023 decision prohibits the use of race as a factor in college admissions. In the employment world, the parallel concept that race should not be a factor in an employer’s hiring decisions is nothing new, and has always been the law. With that said, there are widespread misconceptions about the impact of the Supreme Court’s decision on Diversity and Inclusion initiatives. This decision does not generally prohibit all Diversity and Inclusion programming and initiatives. To the contrary, the Supreme Court championed equal opportunity and reaffirmed that all forms of discrimination on the basis of race are prohibited by law and must be eliminated. As I mentioned before, Diversity and Inclusion programs must be carefully designed to ensure that an employer is meeting its legal obligations to prevent discrimination and promote equal opportunity in the workplace.

Alan Pittler: In this regard, Diversity and Inclusion programs should not discriminate against a majority group in favor of a minority group, such as by having quotas or using race as a factor in making employment decisions such as who to hire or who to promote. Most employer Diversity and Inclusion programs never had such elements in the first place. Rather, Diversity and Inclusion programs should promote and not undermine equal employment opportunity consistent with the best practices mentioned by Bobbi. A properly designed Diversity and Inclusion program will help an employer to satisfy its legal obligations to promote equal opportunity and prevent discrimination in the workplace. Let’s move to our next topic. Questioning witnesses in workplace investigations.

Alan Pittler: Bobbi, many human resources professionals have to conduct workplace investigations concerning a potential violation of workplace policies such as an anti-discrimination or anti-harassment policy. Let’s discuss some of the best practices in that regard. First, what should a human resources professional do in advance of questioning employees in connection with a possible violation of workplace policies?

Bobbi Britton Tucker: Before questioning employees, human resources professionals should review relevant documents such as policies, prior discipline, maybe discipline of the person who’s being accused of the policy violation, looking at whether or not there are any complaints that are relevant or related to the issue, whether there are manager notes that may not be in the personnel file that need to be reviewed that are related to the issue. And in some situations there may be security cameras, it might be an issue where you want to review security tapes. So all of those types of things should be done in advance of questioning employees. Also, before questioning employees, human resources professionals should prepare an outline of the questions that they will be asking. Again, this is just an outline. It’s not a script, and human resources professionals should not feel like they are stuck or tied to that outline, but the outline will make sure that there’s a roadmap for the questioning, it’s well organized and that you make sure that you have hit every topic or every question that you felt that you needed to ask.

Bobbi Britton Tucker: In advance of questioning employees, human resources professionals should also consider whether or not there is a possibility of retaliation, and if so, whether there are potential interim measures that need to be taken to avoid that there’s no retaliation. Human resources professionals also prior to questioning employees want to consider the order of the witnesses. Typically, you start with the individual who made the complaint so that you can ensure that you have all of the details regarding the complaint, but after that it can vary depending on the situation. So you need to give some thought to how the interviews should be ordered. And there are some situations where you may have to interview individuals more than once. You may interview a witness, then have another witness interview and another issue comes up and you’ll have to go back to the person that you have already interviewed. You also want to consider whether or not you should have a second manager sitting in on the interview. They can act as a note taker and also as a witness, and I would suggest that if the resources allow for that, there is always a benefit to have another manager in the interview.

Bobbi Britton Tucker: And last, in some situations, human resources professionals may want to consult with their legal counsel prior to conducting the questions and the interviews.

Alan Pittler: Bobbi, generally speaking, how should the HR professional structure and investigatory interview?

Bobbi Britton Tucker: Well, all interviews should start with introductory remarks, explaining what your role is as an objective investigator and that you have a desire to find the truth if the person that you’re interviewing is the person who complained, you also want to thank the person for coming forward with a complaint. Also, you want to use a chronology. I mean, that’s always helpful rather than jumping back and forth to different dates. And very important, you want to make sure that as the interviewer, you are not doing most of the talking. In fact, you are listening, you’re following up on questions. You want to make sure that the witness is doing most of the talking, and you want to control the witness. Again, you are asking the questions. Sometimes witnesses want to ask the interviewer questions, but you want to make sure that you are in control of the interview and you’re the one asking questions.

Bobbi Britton Tucker: You want to start with general questions first and then get more specific questions as the interview goes on. And related if there are sensitive issues or touchy questions, you likely want to consider saving those for the end of the interview. You want to make sure that you’re listening to the answers and following up on information that the witness is providing. Again, this goes back to what we talked about having an outline. You don’t want to feel like you can’t stray from that outline because there could be issues that you had not anticipated that you need to follow up and you just learned of by the interview of the individual. You want to end the interviews by reiterating the organization’s prohibition against retaliation and letting the witness know what they need to do and who they need to contact in the event that they feel that they have been subjected to retaliation.

Bobbi Britton Tucker: Alan, I’m going to ask you a question. Do you have any general tips for questioning witnesses?

Alan Pittler: Well, you just illustrated one yourself there by asking a simple question. Investigators should ask simple, straightforward questions. And in this regard, don’t ask what lawyers call compound questions, which means asking more than one question at a time. In other words, if you were to ask somebody, “What did you have for breakfast and lunch?” That would be a compound question. Break it down into, “What did you have for breakfast?” And then, “What did you have for lunch?” It’s very important to not assume any facts. Ask the questions to get the facts. Don’t assume anything, get the information from your witnesses or from the documents. Don’t be shy at all about asking for clarification.

Alan Pittler: As Bobbi mentioned, you might have a witness outline of questions, but oftentimes you’ll need to dig a little bit deeper and ask for clarification and ask for some more details in response to your initial question on a topic. Focus primarily as you’re trying to figure out the facts on who, what, when and where. Sometimes you might want to ask a witness the why question, but just keep in mind that when you’re asking somebody why there’s a danger, that they’ll speculate as to why something might have occurred as opposed to actually talking about something that they witnessed firsthand.

Alan Pittler: Which leads me to the next point. Find out the source of the witness’s information. Does the individual have firsthand knowledge of the information of each fact that they are giving you? Or did they hear about it from somewhere else? Or is it something that they believe happened but didn’t actually hear it or see it or experience it themselves? So, ask the person, “How do you know this?” “Did you see it?” “Did you hear it for yourself?” “Did you receive this email?” A witness who does not have firsthand knowledge of a fact has not provided you evidence that that fact might be true or false. However, that person might be able to lead you to somebody who does have firsthand knowledge. So, if you determine that your witness doesn’t have firsthand knowledge, ask them where they heard the information or why they believe something to be true, and that might give you the name of another witness to interview. So, some other tips, ask for the names of other witnesses who might be able to corroborate a fact stated by a witness or refute something that the witness is refuting.

Alan Pittler: Ask them to identify other witnesses and documents such as email, texts, et cetera, and ask them if they have documents or emails or texts that corroborate what they’re saying for copies of them. Finally, some final tips for questioning. Don’t be afraid to ask the same question twice. You may be very surprised that you’ll get different answers, and it might be because the second time around you find that the person is being evasive and changing their story. Or you might find that when you ask the question the second time around, the person is just providing some more detail that they neglected to provide you the first time around. So on important questions, don’t be afraid to ask them twice. Also, use the technique of silence to your advantage. You are the one asking the questions. And if a witness is not being very forthcoming or talkative in response to your questions, sometimes an effective technique is just to use silence and look at the witness and nod, because a lot of times a witness will feel uncomfortable with the empty silence and will start talking, and that’s ultimately what you want the witness to do.

Alan Pittler: So, use silence and kind of nodding and see if the witness will fill in the gap with some more information. And then, finally, one of the most important questions you can ask is the last question, and that is, “Is there anything else that you think I should know?” Many human resources professionals have found when they have asked this question that the witness all of a sudden volunteers information that they had not even contemplated! And so, always ask, “Is there anything else that you think I should know?” at the end.

Bobbi Britton Tucker: Alan, how should human resources professionals document the interviews of witnesses?

Alan Pittler: Well, it’s very important during the interview to take notes as best as you can, or if you have another manager witness in with you to have that person take notes so there’s no question as to what was said during the interview. We suggest when you are taking notes to start a new page. If you’re handwriting notes or use a new document for each interview, make sure that before each interview you include the names of everybody who’s present, where you’re meeting the time, date, and all attendees who are at the meeting. When you’re taking notes during an interview, make sure to only include what is being said and don’t include your own personal subjective thoughts or interpretations, just include the facts. At a later point in time, you might write an investigatory report in which you might analyze the facts, but your notes of the interview should be clean and reflect what was actually said during the interview. So those notes should be as close to verbatim as possible, including both the questions asked and the answers.

Alan Pittler: And then finally, it’s a good idea to review the notes afterwards, not to change the substance, but to make sure that the notes are legible, to correct any spelling errors, to make sure that they’re accurate and just make sure that they’re in good shape. So, using these techniques for questioning witnesses will help HR professionals conduct more effective and defensible investigations. We want to thank you very much for joining us and we hope that you find this information to be helpful. Please note that this information is provided for educational purposes only and not as legal advice, and we really appreciate you spending the time with us.

Faculty Presentation:
HR Law Essentials

This special faculty presentation, “HR Law Essentials: Promoting Diversity and Inclusion Within Organizations & Best Practices for Questioning Witnesses in Workplace Investigations,” features Pitt Law faculty members Alan M. Pittler and Bobbi Britton Tucker. They discuss elements that should and should not be included in diversity and inclusion programs and how these programs should line up with current laws around equal employment opportunity. They also go indepth on how HR professionals should conduct workplace investigations.

Blog Posts

April 18, 2024
Understanding ownership and chain of title in property law is foundational to grasping the broader implications of real estate and personal property within legal frameworks. Explore the concepts of ownership and chain of title.
April 04, 2024
In the complex world of legal frameworks, the interplay between contract law and property law is both fascinating and crucial for professionals navigating the fields of real estate, intellectual property, and beyond. Explore how contract law and property law work together and the different ways they interact.
April 03, 2024
Property laws shape how we interact with our possessions and those of others. Explore the types of property and the legal principles that govern property ownership in the United States.

Fall 2024 Admissions Deadlines

Priority Deadline
August 2
Fall 2024
Final Deadline
August 12
Fall 2024
Start Date
August 19
Fall 2024