Access to Unique Device Identification

By on May 5, 2015

There is a new website in town relevant to all medical devices called AccessGUDID.   You decide if it is a catchy, memorable name or not.  Just think, you would like to Access the Global Unique Device Identification Database, but that’s not enough as its own identifier isn’t so easy.  http://accessgudid.nlm.nih.gov/   Wouldn’t it have been nice to have ended in a simple “.gov”?

The U.S. Food and Drug Administration (FDA) announced today that, in partnership with the National Institutes of Health National Library of Medicine, their AccessGUDID will provide public access to all medical devices with unique device identifiers (UDI).  However, it will take several years for all information to become available as various UDI compliance elements are phased in.

The FDA’s Final Rule to establish a UDI system was issued in 2013.   This system is designed to adequately identify medical devices throughout distribution and use.  To date, only data on the highest risk medical devices (specifically implantable, life-supporting and life-sustaining devices) is being submitted to the database.  However, there is a compliance timeline that spans out to September 24, 2020.  In general, here is the timeline:

  • 9/24/2014 – The labels and packages of class III medical devices and devices licensed under the Public Health Service Act (PHS Act) must bear a UDI.
  • 9/24/2015 – The labels and packages of implantable, life-supporting, and life-sustaining devices must bear a UDI. Data for implantable, life-supporting, and life-sustaining devices that are required to be labeled with a UDI must be submitted to the GUDID database.
  • 9/25/2016 – Class III devices required to be labeled with a UDI must bear a UDI as a permanent marking on the device itself if the device is a device intended to be used more than once and intended to be reprocessed before each use. Data for class II devices that are required to be labeled with a UDI must be submitted to the GUDID database.
  • 9/24/2018 – A class II device that is required to be labeled with a UDI must bear a UDI as a permanent marking on the device itself if the device is a device intended to be used more than once and intended to be reprocessed before each use. Data for class I devices and devices that have not been classified into class I, class II, or class III that are required to be labeled with a UDI must be submitted to the GUDID database. Class I stand-alone software must provide its UDI.
  • 9/24/2020 – Class I devices, and devices that have not been classified into class I, class II, or class III that are required to be labeled with a UDI, must a bear UDI as a permanent marking on the device itself if the device is a device intended to be used more than once and intended to be reprocessed before each use.   (See the compliance timeline for additional requirements and information.)

In the future, the label of most devices will include a UDI in human- and machine-readable form. In addition to identification, device labelers must also submit certain information about each device to FDA’s Global Unique Device Identification Database (GUDID).

The UDI system, which will be phased in over several years, offers a number of benefits that will be more fully realized with the adoption and integration of UDIs into the health care delivery system. According to the FDA, UDI implementation is intended to improve patient safety, modernize device postmarket surveillance, and facilitate medical device innovation.

A small entity is defined as a medical device manufacturer with 500 or fewer employees, or a medical device relabeler or repackager with 100 or fewer employees.  Here is the FDA’s Unique Device Identification System- Small Entity Compliance Guide 2014.

Time will tell whether the public will use the information in this database, or if it will be beneficial primarily to the FDA, US Customs and Border Patrol, doctors, manufacturers and lawyers.  Certainly, the system is being designed to help everyone access the information they need.  It should allow for easier recall of devices when a problem arises.  The hope it that it will also fight against counterfeiting and improve patient safety.

We can expect that it will enhance the ability of US medical device manufacturers to remain competitive globally as a similar system has been in development in the EU.  The European Commission leads an Ad Hoc Working Group at the Global Harmonisation Task Force.  As they say, the “idea is to promote a global approach in order to avoid discrepancies between the different UDIs produced by” different members of the Task Force.

Posted in , , | Tagged , , , , , , , , , , , ,

Baby Wipes, the FDA, and Your Baby’s Bottom

By on December 10, 2014

Baby girl on her stomach

With many friends who have delivered babies recently or who have been blessed with new grandchildren, it seems a good idea to share this news release from the U.S. Food and Drug Administration (FDA) today. Ironically, a great number of baby wipes are being recalled because of contamination before they’ve been used on your baby’s tuchus.

Here’s the dirt on the baby wipes products that are being voluntarily recalled:

All lots of Disposable baby wipes manufactured by Nutek Disposables, Inc., have been recalled due to complaints of discoloration and/or odor and irritation, later determined to be the result of bacterial contamination confirmed as B. cepacia. Let me tell you, if you are a parent, you probably don’t want to read about B. cepacia because you need your sleep, but if you find a need to further alarm yourself, click here.  What is perhaps most concerning is that this recall has been going on with news releases from the FDA, at least since early October 2014 with limited national attention. This, of course, raises the question of whether the FDA does enough, or is empowered enough, to ensure that US baby bottoms are safe enough.

Indeed, the FDA posts its “press releases” of “voluntary recalls” with the following disclaimer:  “FDA posts press releases and other notices of recalls and market withdrawals from the firms involved as a service to consumers, the media, and other interested parties. FDA does not endorse either the product or the company.

As you can see, the FDA is not requiring the recall and is a primary conduit for the manufacturer to reach the public for “withdrawal” or “recall” of products.  One doesn’t get the sense that the FDA is investigating the matter either, as, for instance, the Consumer Product Safety Commission (CPSC) would.  Nor does it seem to be commenting on the veracity of the following statement in the October 25, 2014 release:

“B. cepacia poses little medical risk to healthy people. However, people who have certain health problems like weakened immune systems or chronic lung diseases, particularly cystic fibrosis, may be more susceptible to infections with B. cepacia. If you believe you have a weakened immune system or chronic lung disease and you have used one of the affected wipe products, you should call your doctor promptly for medical advice.

As of October 3, 2014, the date of the original withdrawal, the company had received only one report of irritation. Numerous reports of complaints have since been received by the company that include rash, irritation, infections, fever, gastro-intestinal issues, and respiratory issues, though these reports have not been confirmed to be related to the use of these products.”

Blog readers are welcome to compare and contrast this statement about B. cepacia with the hyperlinked Wikipedia article.

The Nutek brand is sold to a lot of retailers and the product is sometimes included as a premium with the purchase of another product, such as a diaper, in trial packs. Read more below for details taken from the FDA website release.

“All lots of non-medicated, scented, unscented, and sensitive varieties of baby wipes, packaged in 14 count to 1000 count sizes of plastic flow wrap soft packs, refill, trial, and plastic tubs, labeled as: Kidgets Baby Wipes, Distributed by Family Dollar, Charlotte, NC 28201; Walgreen’s Well Beginnings Baby Wipes, Distributed by Walgreens, Deerfield, IL.; Member’s Mark Baby Wipes, Distributed by Walmart de Mexico, Ciudad De Mexico, Mexico; Simply Right Baby Care Wipes, Distributed by Sam’s Club, Bentonville, AR; Cuties Premium Baby Wipes Distributed by First Quality, Great Neck, NY, Manufactured by First Quality Products, Inc., McElhattan, PA; Tender Touch Baby Wipes, Manufactured by First Quality Products, Inc., McElhattan, PA ; Well Beginnings Wipes, Distributed by Walgreens, Deerfield, IL; Femtex Premium Feminine Wipes, Distributed by Family Dollar, Charlotte, NC 28201; Fred’s Kids Baby Wipes, Distributed by Fred’s Inc. Memphis, TN; and Sunny Smiles Baby Wipes, Distributed by Walgreens, Deerfield, IL. Also sold as trial packs inside DIAPERS.COM DIAPER SZ 5 CLUB 1/156; DIAPERS.COM DIAPER SZ 3 CLUB 1/200;DIAPERS.COM DIAPER SZ 4 CLUB 1/176; WELL BEGINNINGS DIAPER SZ 3 JR CLUB 1/96;WELL BEGINNINGS DIAPER SZ 4 JR CLUB 1/82;WELL BEGINNINGS DIAPER SZ 5 JR CLUB 1/70; SIMPLY RIGHT DIAPER SZ 5 CLUB 1/196; SIMPLY RIGHT DIAPER SZ 3 CLUB 1/252; SMPLY RIGHT DIAPER SZ 4 CLUB 1/225; KIDGET DIAPER SZ5 JR CLUB 1/62; KIDGET DIAPER SZ 3 JR CLUB 1/86; KIDGET DIAPER SZ4 JR CLUB 1/74; KIDGET DIAPER SZ 6 JR CLUB 1/54; FRED DIAPER SZ 3 JR CLUB 1/86; and DIAPER SZ 5 JR CLUB 1/62.”

Posted in , , | Tagged , , , , , , , , ,

The SEC Set Smith & Wesson in its Sight – FCPA Violations

By on July 29, 2014

Rifle Site for BlogWhen the business market is saturated with your products, what’s next? Look to the global market. That’s just what Smith & Wesson Holding Corporation (SWHC) did. After all, the gun, rifle and firearm market in the United States is about as saturated as it can be. In the U.S. there are reportedly 97 guns per 100 residents. Compare this ratio, for instance, with Israel, where there are 9.3 guns per 100 residents.

So, where could Smith & Wesson Holding Corporation (SWHC) sell more Model 29s? the 44 Magnum used in the Dirty Harry films? For those not in the know,  the 44 Magnum used in the “Dirty Harry” films has been eclipsed by the .50-caliber 500 Magnum, which Smith & Wesson states is “considered to be today’s most powerful protection handgun.” Evidently, the places for Smith & Wesson to see its wares are Pakistan, Indonesia, Turkey, Nepal and Bangladesh, to provide weapons primarily to the police in each country. There is a certain irony to all this considering that in the U.S. it would seem these weapons are marketed to individuals for the protection of their constitutional rights, at least according to a fair amount of gun lobbying in the US.

In any event,  according to the settlement, it appears Smith & Wesson decided to expand globally from 2007 through early 2010, according to the U.S. Securities and Exchange Commission (SEC). The SEC alleges that Smith & Wesson “engaged in a pervasive practice of making, authorizing and offering improper payment to foreign government officials as a means of obtaining or retaining international business.”

The SEC’s case against Smith & Wesson was settled for $2,034,892 to the U.S. Treasury, comprised of $107,852 in disgorgement (the forced giving up of profits obtained by illegal or unethical acts), $21,040 in prejudgment interest, and a civil monetary penalty of $1,906,000.   We note that the disgorgement is relatively puny here – less than $110,000 for profits over a period of nearly four years of trying to sell their products in countries such as Pakistan (11.6), Indonesia (.5) , Turkey (12.5), Nepal (.8), and Bangladesh (.5).   The numbers in parentheses are the numbers of guns per 100 people in each of those countries for those who might find this of interest, at least in terms of how each country was selected by Smith & Wesson.

The SEC claimed that even though Smith & Wesson had these new and high risk markets overseas firmly in its target for growth, the company failed to design and implement a system of internal controls. It lacked a Foreign Corrupt Practices Act (FCPA) compliance program that might have been logically anticipated before setting off to do business worldwide in some locations known to have endemic corruption. The SEC specified that Smith & Wesson didn’t perform any anti-corruption risk assessment, and that there was literally no due diligence into the background of the third-party agents with whom Smith & Wesson would do business. Policies and procedures for commission payment, use of samples, gifts, and commission advances were missing. All authority for doing business in these countries was delegated to its Vice President of International Sales and the Regional Director of International Sales who could pay and/or authorize improper payment in these various countries. (We have not heard whether the SEC will take separate action against these two people.)

Further, the SEC alleged that Smith & Wesson had “failed to properly account for the improper payments to its agent in Pakistan, the inflated lab testing payment to its agent in Indonesia, and the improper expense payments to its agents in Turkey in its books and records.” Smith & Wesson characterized all these payments as legitimate commission and/or business expenses. Nonetheless, the SEC took into consideration Smith & Wesson’s cooperation with the investigation and its remedial actions in assessing the civil penalties.
In addition to the monetary payments, Smith & Wesson will now need to implement the programs it should have had in the first place before expanding internationally and to report to the SEC on a routine basis for the next couple of years. In essence, they will be on a short leash.

Many valuable lessons to be learned from Smith & Wesson’s alleged mistakes. As Kara Brockmeyer, chief of the SEC Enforcement Division’s FCPA Unit said, “This is a wake-up call for small and medium-size businesses that want to enter into high-risk markets and expand their international sales. When a company makes the strategic decision to sell its products overseas, it must ensure that the right internal controls are in place and operating.”

Posted in , | Tagged , , , , , ,

Hummus – Struggling for a New Standard of Identity?

By on May 21, 2014

HummusAccording to a HuffPost Taste post last year, there are at least 21 ways to make a better hummus, and a chickpea has not been waived past many of them. However, relying on our federal government for only the most vital and fundamental services, Sabra Dipping Co. (Sabra) has filed a Citizen Petition with the Food and Drug Administration (FDA) to establish a new standard of identity for hummus. Sabra clearly believes and asserts that the public needs protection from eating hummus that doesn’t have enough chickpeas, or tahini, for that matter. According to Sabra, it doesn’t matter whether you like the taste, or if it is perfectly healthy for you without any contamination, or you can read all the information on the food label that the FDA already requires, the federal government needs to step in and ensure that you get sufficient chickpeas in your dip with new federal regulations.

Sabra is a joint venture wholly owned in equal shares by two independent, global food companies – no less than the United States-based PepsiCo and the Strauss Group, headquartered in Israel.  Sabra proposes the FDA establish a new “standard of identify” for hummus in Title 21 of the Code of Federal Regulations. Sabra kindly drafted the regulation and provided it in the Citizen’s Petition. Suffice it to say that the essential ingredients must be cooked, dehydrated, or dried chickpeas with tahini in proportions that meet Sabra’s recipes.

It’s OK, according to the Sabra Citizen Petition, for the product to include many other components, such as nutritive carbohydrate sweeteners, natural flavorings, processing aids (such as sodium bicarbonate anti-foam agents), texturizers, buffering agents, chickpea flour, components or isolates. Yum.  None of these components would likely be found in the original hummus of Middle-Eastern cuisine.

Sabra asserts that there are several benefits for putting into place the proposed food standard for hummus. It would promote honesty and fair dealing in the marketplace, they say. To support this, the petition refers to the market for “industrial hummus” having expanded from $100 million in the early 2000’s to over $315 million in 2009, and the market for hummus sales having increased 92% through 2013. During that time, competitors have sprouted who have been substituting black beans, lentils, white beans or edamame for the chickpeas, and some of them don’t even include tahini as an ingredient – they may list yogurt or vegetables instead.

Sabra believes the proposed food standard would “preserve the basic nature and essential characteristics of food.” They compare marketing hummus made from legumes other than chickpeas as “akin to the marketing of guacamole made with fruit other than avocados.”  Would guacamole sell if it were made with potatoes?  Would the FDA need to step in if a product was accurately marked “Potato Guacamole”?  Sabra’s assertions raise a question that may well be asked too late.  Has the word “hummus” already taken on a different meaning in English to mean a paste dip made of ground chickpeas, legumes, beets and anything else that is ground up to achieve the “semi-solid food texture” specified in the Sabra proposed regulation? As we know, the definitions for words evolve over time. Is it too late in the US to turn back to the standard definition of the Middle East?

Sabra concedes in its proposed standard that other foods and components can be added to the hummus. The new standard would allow “characterizing flavor ingredients” provided that they comprise less than 20 percent by weight of the finished product and “do not function as ingredients necessary to achieve the semisolid food texture of hummus.” One can reasonably infer that these characterizing flavor ingredients are the ones that Sabra uses, namely, such things as Basil, roasted red pepper, olive tapenade, roasted pine nuts, chipotles, garlic, etc. However, the original recipe made in homes throughout Israeli and Arab countries would not include most of these additives. So, is Sabra misleading the public by selling them? Of course not. The wide variety of Sabra hummus offerings are themselves a reflection of Sabra meeting the taste demands of the local market.

Standard setting in the United States and around the world is, bar none, the most effective way of eliminating the competition. By its nature, it is anticompetitive. If you set a standard that a competitor cannot meet, it is no longer a competitor. So, for instance, you sell white bean hummus? After the standard is implemented, you don’t sell hummus. You sell white bean dip and that is not likely to be placed in the hummus aisle.

Standard setting is also the most effective way to help ensure the safety of products, as well as create level playing fields for business. So, for instance, virtually all of the electrical products in your home have been tested by a certification company to UL Standards for safety that have been helping to define product safety in the US for more than 120 years.

The benefit of having safe products and level playing fields, while acknowledging that standards are anti-competitive, has been balanced over the years through the Noerr-Pennington doctrine which provides immunity from liability to the actions of individual companies under the antitrust laws for attempting to influence the passage or enforcement of laws with regulators and legislators, even when the law or regulation, if passed, would have an anticompetitive effect.

It will be up to the FDA, if not the public human outcry for more white bean hummus, to determine whether the Sabra petition is an attempt to control the burgeoning hummus market or if Sabra is really interested in ensuring that we eat only authentic chickpea and tahini-based hummus for our own good. If it is for our own good, we can hope that Sabra is working on a tahini standard next. And, by the way, the chickpeas are garbanzos to me.

Posted in , , | Tagged , , , , , , , , , , ,

Department of Justice Product Safety Settlements Include Compliance Program Requirements

By on May 20, 2014

If you are on the board of manufacturing company or a retailer, you might not have noticed that this week the Department of Justice announced that Electrolux Home Products Inc. (Electrolux) of Charlotte, North Carolina, agreed to pay a civil penalty of $750,000 in a settlement on May 14, 2014. This resolves allegations against Electrolux that it knowingly failed to report immediately to the U.S. Consumer Product Safety Commission (CPSC) a safety hazard associated with certain wall ovens sold to consumers. Additionally, Electrolux also agreed to establish and maintain a compliance program with internal recordkeeping and monitoring systems to keep track of information about product safety hazards.

It is not unusual for the CPSC to pursue civil penalties against a manufacturer for failing to report a safety hazard in a timely manner that can be as short as 24 hours. Indeed, based on history, it is far more likely that a manufacturer or retailer will be pursued for civil penalties associated with failure to report a hazard than for manufacturing a product with an hazard that actually and severely harmed consumers. A quick review of CPSC news releases in the past year reveals the following settlements with civil penalties:

  • Forman Mills Agrees to Pay $600,000 Civil Penalty for Failure to Report Drawstrings in Children’s Upper Outerwear
  • Ross Stores Agrees to $3.9 Million Civil Penalty, Internal Compliance Improvements for Failure to Report Drawstrings in Children’s Upper Outerwear
  • Williams-Sonoma Agrees to $987,500 Civil Penalty, Significant Internal Compliance Improvements for Failure to Report Defective Pottery Barn Wooden Hammock Stands
  • Kolcraft Agrees to $400,000 Civil Penalty, Significant Internal Compliance Improvements for Failure to Report Defective Play Yards The company failed to report a defect involving its play yards sold nationwide from January 2000 through January 2009
  • Whalen Furniture to Pay $725,000 Civil Penalty for Failing to Report Defective Children’s Beds

Indeed, the CPSC has been known to pursue civil penalties for failure to report even when not a single injury was reported by a consumer.  This was the case of Battat Inc. in which the CPSC alleged that the company did not self-report as required by law and went about fixing a defective product without the involvement of the commission. Battat ultimately agreed to pay a modest civil penalty of $125,000 in October 2004 to settle allegations that it did not give the government a timely report of a safety hazard involving a toy. The civil penalty was sought specifically because Battat had modified its toy model six times to eliminate a small parts problem.  Small parts are a major concern as they can cause choking.  In other words, it is reasonable to infer that Battat was endeavoring to fix a model with a small parts problem but was selling it throughout the time that the various fixes were being designed and implemented. There were no reported injuries.  The CPSC media releases made it clear that the civil penalty was assessed for failure to report, not for selling a product that with a substantial safety hazard that violated the Consumer Product Safety Act which might seem, to some, to be the worst of the two activities.

Manufacturers, importers, and retailers can learn some old and new lessons from the Electrolux settlement.  Everyone in manufacturing, importing and retailing of consumer products should know that the Consumer Product Safety Act sets forth some very specific requirements for reporting substantial safety hazards to the CPSC. Know the requirements and ensure you can meet them.  As the CPSC says, “when in doubt, report.”

The newer lessons are, perhaps, more subtle yet your company should sit up and take notice. It is interesting to find that the Department of Justice announced this settlement on May 14, while the CPSC announced it on May 19, 2014.  Who is in charge? Perhaps just the sequencing of the media staff at two different agencies? Or, has the Department of Justice started to take a more active role in enforcement? Starting in 2013, new language emerges in the settlement documents. The defendant manufacturer does not just pay civil penalties, it agrees to establish and maintain a compliance program with internal recordkeeping and monitoring systems to keep track of information about product safety hazards. Look familiar? Here we see that the defendant company is agreeing to a settlement in a format similar to when the Department of Justice achieves a settlement on behalf of the Securities and Exchange Commission. It is entirely possible that as the Department of Justice enforces product safety matters it will stumble into your company’s compliance program as a whole.

With relatively rare exception, the civil penalties assessed manufacturing and retailer companies is not as expensive as some might expect or hope. However, there is reputational harm associated these Department of Justice and CPSC announcements. Product safety compliance must be an integral part of your corporation’s overall compliance program, reportable up and through the Audit Committee and the Board.  If these reports are not already a part of your board reviews, they should be.

*****
As indicated in the Department of Justice news release: “During the relevant time period, Electrolux’s principal place of business was in Augusta, Georgia.  A recall of the ovens was announced in 2008.  In agreeing to settle this matter, Electrolux has not admitted that it knowingly violated the CPSA.

Posted in , , , | Tagged , , , , , , , , ,

The State of Washington’s Children’s Safe Products Act – Is Your Company Compliant?

By on November 8, 2013

Toy BearThe State of Washington recently adopted an amendment to their Children’s Safe Products ActReporting Rulerequiring manufacturers of children’s products, under certain conditions and scenarios, to report Chemicals of High Concern to Children (CHCC) to the State.  Whether you are a manufacturer that must report is determined by the size of your gross revenues and the “product tier(s)” you manufacture.  The amendment is really quite simple, it merely revises the CHCC list by removing n-butanol from, and adding tris (1,3-dichloro-2-propyl) phosphate (TDCPP) to, the list of chemicals to be reported.

The bigger question is how many manufacturers even know they have a reporting requirement with the State of Washington.  Do you? On November 22, 2013 the Revised Reporting Rule goes into effect and February 28, 2015 is the projected due date for first reports that must include tris (1,3-dichloro-2-propyl)phosphate (TDCPP).

Digressing for a moment, this reminds me of a meeting sponsored by the US Trade Representative’s office many years ago.  As an officer of a global testing and certification company, my presence was requested to assist the USTR with regard to my understanding of US and other international product safety and systems standards.  We would be meeting with a large delegation of representatives from the European Union.  The subject was, in essence, how we could work together to globalize certain standards so that everyone would know and be able to meet the requirements.

Product standards should be intended to protect the public safety.  However, many are perceived as speed bumps on the way to trading in other countries – they can be very effective walls to exclude products from a market.  A European representative was not shy about this issue and asked about the complexities involved in federal and state requirements.   In response, he was told that the federal requirements were a minimum, and that each of the 50 states had the right to set different requirements, of which three states at the time were known to take a very active role in setting their own.  They were Washington State, Oregon and California (actually, the City of Los Angeles).  Today there are many more, especially with regard to children’s products.

The European representative looked at the US delegation and exclaimed “you do this solely to keep out European products, to confuse us!”  I replied, “No, that’s not the case.  Indeed, it would be easier to fix the problems if that were so.  The problem is that even US manufacturers are just as adversely impacted as the Europeans when there are state deviations in standards and requirements.  They are just as confused and stymied as you!”

Reading about the Amendment to Washington State’s CHCC list, I was reminded, plus ça change, plus c’est la même chose (the more things change, the more they stay the same).

So, if you are manufacturing children’s products destined for sale in Washington State, here is what you need to know, in brief:

  • Ensure that your compliance staff is familiar with the Children’s Safe Product Act, or retain someone to assist you with continuing compliance.
  • Annual reporting is required to report the presence of any of 65 identified CHCC.
  • Report regardless of whether the chemical serves a functional purpose or is a contaminant (impurity, byproduct, residual intermediate or ultimate degradation of the product).
  • Determine the Tier of Children’s Products you manufacture:
  1. Tier 1 – products intended to be put into a child’s mouth or applied to the children’s body, or any mouthable product intended for children age 3 or under.
  2. Tier 2 – products intended to be in prolonged (more than 1 hour) direct contact with a child’s skin (such as, clothes, jewelry, bedding).
  3. Tier 3 – children intended for short periods of direct contact (such as, many toys).
  4. Tier 4 – product components not expected to come into direct contact with the child’s skin or mouth.  In general, no reporting is required for this category but this is subject to change, based on a case-by-case evaluation.
  • Determine which category you, as a manufacturer, fit by aggregate gross sales both within and outside of Washington (and do so each year):
  1. Largest –  >         $1 billion
  2. Larger  –    >  $250 million
  3. Medium – > $100 million
  4. Small –     >       $5 million
  5. Smaller –  > $100 thousand
  6. Tiny –        <  $100 thousand
  • The presence of a CHCC does not necessarily mean that the product is harmful to human health or there is a violation of existing safety standards.  However, best to know which it is which before reporting.
  • Reporting requirements are being phased in over a period of years, as indicated by the graph below, taken directly from the legislation:   The Rule was became effective August 21, 2011, so, by way of example, the Largest manufacturers were required to start reporting on August 31, 2012 only for Tier 1 children’s products; and, by August 31, 2013 were required to report on both Tier 2 and Tier 3 products.  The rollout of the reporting requirements extends through 2018.

You may well be wondering why the Consumer Product Safety Improvement Act (CPSIA) of 2008 didn’t render Washington State’s CPSA obsolete.  Washington State admits that its own law, concerning limits for lead, cadmium and phthalates allowed in the State of Washington after July 1, 2009, was substantially preempted with the enactment of the CPSIA.  Like many states, however, they take the position that they will take enforcement action against manufacturers of any product that is not compliant with State standards (the implication that they will be the same as the federal standards).  Further, if the State standard is higher than the federal standard, they will request action by the Consumer Product Safety Commission, with an implication that they will enforce it in the meanwhile.   Further, when it comes to the CHCC list, the State of Washington takes the position that this is not affected whatsoever by the federal law, ostensibly because it is not in conflict with it.

Our federal and state product safety systems.  Not easy for manufacturers – local, regional, national or global.

Posted in , , | Tagged , , , , , , , , , , , , , , , ,

The Benefits of “Show & Tell” in FCPA Compliance

By on May 6, 2013

bribeDoes your company do business in Nigeria or any other country perceived as a high risk for corruption?  Does your company work with “consultancy agreements” to acquire or maintain business in these countries?  Compliance professionals know the challenges of helping to ensure that a corporation and all its officers, salespersons, staff and consultants stay on the right side of the law and, specifically, the Foreign Corrupt Practices Act.

The Department of Justice (DoJ) strengthened our toolbox when they announced another chapter in enforcement  actions that stemmed from business conducted by Willbros International Inc. (Willbros International) and its parent company, Houston-based Willbros Group Inc. (Willbros), that has been ongoing for the last several years.  Last week, Paul G. Novak, a former consultant for Willbros International was sentenced for his role in a conspiracy to pay more than $6 million in bribes to government officials of the Federal Republic of Nigeria and officials from a Nigerian political party.  Novak was sentenced to serve 15 months in prison and ordered to pay a $1 million fine and to serve two years of supervised release post-prison.  In sentencing Novak, the court took into consideration the assistance Novak provided the government in ongoing investigations – one can imagine how it would be without that cooperation.

I’m a firm believer in “show and tell.”  Share this news with your top management team.  Share it with the people who acquire, maintain and conduct the business in countries known for corruption concerns (for a list, refer to the Transparency International report). Let them see that they have skin in the game.

According to the DoJ press release, Novak admitted that from approximately late-2003 to March 2005, he conspired with others to make a series of corrupt payments totaling more than $6 million to various Nigerian government officials and officials from a Nigerian political party to assist Willbros and its joint venture partner, a construction company based in Mannheim, Germany, in obtaining and retaining the Eastern Gas Gathering System (EGGS) Project, which was valued at approximately $387 million. The EGGS project was a natural gas pipeline system in the Niger Delta designed to relieve existing pipeline capacity constraints.

According to court records, Novak and his alleged co-conspirators Kenneth Tillery, Jason Steph, Jim Bob Brown, three employees from Willbros’s joint venture partner and others agreed to make the corrupt payments to, among others, government officials from the Nigerian National Petroleum Corporation, the National Petroleum Investment Management Services, a senior official in the executive branch of the federal government of Nigeria, and members of a Nigerian political party.  Court documents state the bribes were paid to assist in obtaining and retaining the EGGS contract and additional optional scopes of work.

According to information contained in plea documents, to secure the funds for those corrupt payments, Novak and his alleged conspirators caused Willbros West Africa Inc., a subsidiary of Willbros International, to enter into so-called “consultancy agreements” with two consulting companies Novak represented in exchange for purportedly legitimate consultancy services. In reality, those consulting companies were used to facilitate the payment of bribes.

On May 14, 2008, Willbros Group Inc. and Willbros International entered into a deferred prosecution agreement with the government and agreed to pay a $22 million penalty, in connection with the company’s payment of bribes to government officials in Nigeria and Ecuador.  Kenneth Tillery was charged, along with Novak, for his alleged role in the bribery scheme in an indictment unsealed on Dec. 19, 2008. According to the indictment, Tillery was a Willbros International employee and executive from the 1980s through January 2005. From 2002 until January 2005, Tillery served as executive vice president and, later, as president of Willbros International. Tillery remains a fugitive. The charges against Tillery are merely accusations, and he is presumed innocent unless and until proven guilty.

Underlying all is the fundamental question — when is a “consultancy agreement” legitimate?  Real, not perfunctory, risk-based due diligence is required.  Follow the money.  Common sense tell us that these agreements can be legitimate when there is actual work to be done and the value of the work to be done is reflected in the pricing for it as well.  Yet, common sense is not enough protection from the FCPA.

Consultancy agreements should be presumed guilty until proven innocent and appropriate.  Common red flags taken included in the DoJ’s A Resource Guide to the U.S. Foreign Corrupt Practices Act include:

  • excessive commissions to third-party agents or consultants;
  • unreasonably large discounts to third-party distributors;
  • third-party “consulting agreements” that include only vaguely described services;
  • the third-party consultant is in a different line of business than that for which it has been engaged;
  • the third party is related to or closely associated with the foreign official;
  • the third party became part of the transaction at the express request or insistence of the foreign official;
  • the third party is merely a shell company incorporated in an offshore jurisdiction; and
  • the third party requests payment to offshore bank accounts.

The compliance professionals can’t do it all, nor should they and/or the legal department and/or the CFO’s office need to be the enforcers against proposed consultancy agreements.  It starts with absolute direction from the top of the company — the board, the CEO and the executive management team must clearly convey that business must be done the right way, the legal way, and that violations of FCPA will not be tolerated.  It is best implemented by knowledgeable and trained teams that are pulling the deals together to ensure that the consultancy agreement is bona fide before it is submitted for due diligence. It’s not just the company that is at risk — they are.

Show and tell helps.

Posted in , | Tagged , , , , , , ,

COIN CELL BATTERY INJURIES: PROTECTING YOUR FAMILY, FRIENDS & COMMUNITY

By on March 13, 2013

Colorful Children

There is a useful product in your home that can be very, very dangerous to children, and some adults, if it is ingested or inserted into an eye, nose or ear.  Indeed, you may have dozens of this product in your home — in use, in storage or sitting in the grocery bag you just placed on the floor in your kitchen, waiting to be emptied.  It is a coin cell battery.  Even though this safety hazard has appeared from time to time on TV or YouTube or in a parent’s magazine, it has been hard to get the word out.  I’m asking you to help ensure that everyone learns about the hazard and protects their families.

If you have small children, or adults in your home that need supervision, such as people with autism or dementia, or if they just visit, you need to take steps now to protect them from injuries related to coin cell batteries.  Got grandchildren?  This post is for you, too.  Here’s an example of the product on the store shelf (although they are sold in various sizes and power) and what they look like after they have been ingested:

battery and xray

Some smaller, and seemingly innocuous, the coin cell batteries supply power and are usually tucked away in countless electronic products, such as mini remote controls, hearing aids, calculators, watches, car key fobs, bathroom scales, flameless candles and singing greeting cards.

In the U.S., it is like an epidemic.  40,000 cases of children ingesting small batteries were documented between 1997 and 2010. 14 of these resulted in death.  The number of cases resulting in serious injury or death has more than quadrupled in the past five years and will continue to increase at an alarming rate as more electronics integrate coin cell batteries into their design.

When these coin cell batteries (sometimes referred to as button cell batteries) are swallowed, the resulting injuries can be severe enough to cause lifelong injuries or death.  These are not just little metal coins that may be pooped out like a shiny new dime.  They can and do get stuck. They are electrical and remain so even when they are ready to be replaced in your remote control. A life threatening process starts the moment the battery cell interacts with saliva or other mucous membranes.  An electrical current forms around the outside of the battery, generating an alkaline hydroxide that eats through mucous membranes — FAST.

On average, through 2010, one battery-related emergency room visit occurred every 2.66 hours in the U.S. Unfortunately, symptoms of a coin-sized button battery ingestion are not unique and may be similar to other childhood illnesses, such as coughing, drooling and discomfort.  This only complicates the matter, leading to greater injuries.  A single 3V lithium battery can cause severe esophageal burns within 2 hours and eat a hole completely through the throat within 4 hours. So, real and permanent damage may result before the parent or caregiver has even decided to go to the emergency room.

Energizer and Safe Kids USA established a safety partnership to address this growing child safety hazard – though we need to note that injuries also are sustained by adults.  They launched an effort called The Battery Controlled, committed to raising awareness of this issue and sharing information with parents to help prevent injuries.  They place the burden on you to prevent this product from injuring your family. This includes:

Take Charge

KEEP OUT OF REACH – PREVENTION

According to studies[i], the major sources of ingested batteries for children under 6 years of age are:

  • Directly from the product                   61.8%
  • Loose or sitting out                              29.8%
  • Battery packaging                                   8.2%
  • Hearing aid containing battery            0.2%

Yes, children under six, even under 2 years of age, are clearly able to open your electronic products and remove the battery.

Based on my discussions with subject matter experts at the recent Annual Meeting and Training Symposium of ICPHSO (International Consumer Product Health and Safety Organization), ingestion is only one of the ways that these coin cell batteries do harm.  They are also inserted in ears, nose and eye cavities.  Additionally, a significant number of adults, especially the elderly, are treated for ingestion or insertion injuries.   Adults may be cognitively disabled, yet other possibilities also include scenarios in which the elderly are changing the batteries in their hearing aids – placing the new one in their mouth while removing the old (or vice versa) and then unintentionally swallowing the battery cell for any one of several reasons, such as sneezing, forgetting about the battery, etc.

Adults may be able to get treatment very fast, if they are aware of the hazard associated with batteries and seek medical treatment immediately. Yet, they  need to be informed of the hazard too, as it may be counter-intuitive to know that such a small, round, old (seemingly discharged) metal hearing aid battery can do material physical harm.

Obviously, children and cognitively disabled adults are at far greater risk.  Even if they are old enough to communicate, they may not inform a parent or caregiver of the ingestion, nor tie together the symptoms they later experience with the ingestion.

prevention

Be safer. Place all your electronic products that utilize these batteries in a place that is not accessible to your children.  Note that these coin cell batteries are also in many car keys.  When you buy the batteries for storage, do not leave them out on a table until you can put them away.  Store them safely immediately.  Do not use your car keys as a plaything and keep them away from children.

GET HELP FAST

tREATMENT

Time is of the essence in getting treatment.  Really.

In an in-vitro study conducted by Intertek Group plc,[ii] utilizing laboratory samples of porcine (pig) esophagi (which are similar in nature to the human esophagus), serious burns were evident within two hours of placement of a button cell battery on the laboratory tissue, and an actual perforation through the tissue is burned within 4 hours

There is little time to act.  If you think your child swallowed a battery, don’t stop to think “maybe she’ll be O.K., it’s small, and she’ll poop it out.”  You don’t have the time to consider that.  Get the child to the emergency room and let them confirm whether or not the button cell battery is there and how to treat her.  Do not let the child eat or drink until an x-ray can determine is a battery is present.  Do not induce vomiting.

The Battery Controlled posted Emmett’s Story.  Frankly, it’s hard to watch, even if Emmett and his family are bravely and positively moving on and dealing with his lifelong medical problems arising from his ingestion of a battery. Energizer and Emmett’s family want you to learn from Emmett’s experience to avoid this from happening in your home.

TELL THE STORY

By 2013, based on statistics through 2010, there have likely been approximately 100,000 children injured by ingesting or inserting coin cell batteries.  The irony is that these batteries have not been recalled when other products are taken off the market for injuring only a few children.  Clearly, the utility, pervasiveness and market strength of a product may shelter it from recalls by the Consumer Product Safety Commission.  Meanwhile, the battery manufacturers and others are looking for solutions that will become the new standard(s) for the battery safety of the future.

So, right now, no one else is protecting your children but you.   YOU are the “safety device” associated with coin cell batteries.  The more knowledgeable people are about the risks associated with coin cell batteries, the fewer children and adults will be injured, more lives will be saved.

Please share this information with your friend and family.  Share the information at The Battery Controlled. Share it in e-mail, Facebook and Twitter.  Share it in Spanish.

http://thebatterycontrolled.com/wp-content/uploads/2011/09/safe-kids-usa-y-energizer.pdf (En Español)

http://thebatterycontrolled.com/wp-content/uploads/2011/09/litiofactsheet.pdf (En Español)

If you think this is posting is too dramatic, or couldn’t happen in your home, please remember: 40,000 emergency room visits through 2010 and the number of electronic products utilizing the coin cell battery is increasing exponentially.

Finally, if you are a manufacturer, distributor, importer, or retailer of electronic products, this report may help you to avoid serious liability. Please contact debra.rade@radelaw.com for more information.

My thanks to The Battery Controlled, and all their partners in safety, for the images taken from their website and added to this blog.

______

[i] Based on a study of 3989 batteries with known source ingested by children between 7/1/90 and 9/30/08 and reported to National Battery Ingestion Hotline.T. Litovitz, N. Whitaker, and L. Clark, “Preventing Battery Ingestions: An Analysis of 8648 Cases, Pediatrics 125(6), pp. 1178-1183, 2010 and T. Litovitz, The Button Battery Ingestion Hazard, presentation to CPSC http://www.cpsc.gov/PageFiles/81209/litovitz03172011.pdf

[ii] Intertek Group plc advises that no animals were killed to conduct this testing.  The porcine esophagi were obtained from meat-packers.

Posted in , , | Tagged , , , , , , , , , , , , , , , ,

Gone Phishing for an ADP Payroll Invoice?

By on March 12, 2013

Cyber-Fraud

Another word of warning, especially to smaller businesses.  The phishers are trolling for you, placing new lures for their malware (malicious software) aimed toward your computer.  Larger and global companies tend to have more sophisticated spam detection but the “spaminator” doesn’t always work at your local Outlook mailbox.   Here is the most recent attempt to gain access to my computer (click on the image to gain clarity).

ADP Phishing Scheme

 

This scammer wasn’t effective because this firm does not use ADP, but if it did, what might have happened?

This particular scam is not much different from the format of the one that targeted the Better Business Bureau — the subject of a previous report in the Rade Law Blog. They both use what appears to be a credible return email address.  The object of both emails is to have you open the attachment –that’s when the malware is released in your computer.

If you think something looks phishy, it likely is, and if you’re not sure, then look it up on Google.  How does it look phishy?  Sometimes the typos are the tip.  With this email, the recipient probably never gets an email from ADP (if they use ADP) that looks exactly like this particular email.  Be alert to subtle and not-so-subtle changes.  Chances are you’re not the first person to get this particular scam, so research an email in a search engine before you open it.

Bottom line – keep your eyes out for the phisherman and don’t get caught!

 

Posted in , , , | Tagged , , , , , , , , , , ,

Gone Phishing – The Better Business Bureau?

By on November 30, 2012

Does your business swim in a pond that is likely to be phished?  Will your business be the target of hackers?  What are the chances of your company getting scammed in Internet schemes?  Are you or your employees likely to be duped into revealing personal or confidential information which a scammer can use illicitly?  What about your data at home? Does this ever keep you up at night?  Perhaps it should.

Larger corporations usually have chief information officers to help ensure corporate data is secure.  Smaller companies, as well as folks at home, look to other consultants and advisers, including online sources, such as the Better Business Bureau (the BBB), an organization that provides the “Accredited Business Seal for the Web.” Yet, consider the recent impact of an effective, if not comprehensive, ongoing phishing scam affecting the (BBB).  Yes, the same BBB that offers “Assurance on the Internet” services.

One of Rade Law’s not for profit clients recently received a very official looking e-mail from the New York BBB.  It appeared authentic, nothing amiss in the return e-mail address, and informed the “Owner/Manager” that the BBB had received a complaint from one of its customers regarding “their dealings with you.” In uncomplicated language it encouraged the recipient to contact the BBB because “Failure to promptly give attention to this matter may be reflected in the report we give to consumers about your company.”  There was a .zip file attached and my client was “encouraged” to open it, print out the complaint and answer the questions.

Most smaller companies, including not for profits, that provide services, sell products or solicit funds, know that the BBB, for better or worse, is one of the top places consumers rely on to investigate whether they wish to proceed with doing business with a new company.  If the BBB has complaints against your company, that can be a major concern.  The tendency, upon learning about a complaint lodged against your company at the BBB, is to see how to resolve it as soon as possible.  This is an ideal scenario for a smart phisherman – the “phish” seizes the bait immediately and runs with it, only to be reeled in for dinner.

Fortunately, our client had good radar for phishing, enhanced in part because this organization does very limited business in the State of New York.  Additionally, the client had never received a direct complaint from anyone.  Our wise client did not open the .zip file and asked whether it should be opened.  Our firm called the New York BBB and, while not speaking to an actual person and being forced to go through a labyrinth of voicemail, we learned from a recorded message that the BBB name and logo are being fraudulently used by criminals in an on-going phishing scam. Investigating this further, it turns out that this scam has been going on for a very long time.  Ironically and, perhaps, too light heartedly, the BBB included this phishing scam in its Top 10 Scams of the Year 2011 (It’s Us!).

The BBB alerts visitors to its website that the phishing emails look very much like a real notice of a complaint from the BBB.  They warn the links include malware that can infect your computer, steal your passwords and otherwise compromise your identity. This is no small matter.  The BBB is working with law enforcement and a “private deactivation firm to shut down as may criminal websites as possible” (which begs the question, how large can this phishing scheme really be?).”  The BBB claims to have shut down over 100 sites – a massive attack on the BBB.  Clearly this scam goes unabated throughout 2012.

So, at this point in time, if you get an e-mail that looks like it is from the BBB, here is what they tell you to do:

1.    Do NOT click on any links or attachments.

2.    Read the email carefully for signs that it may be fake (for example, misspellings, grammar, generic greetings such as “Dear member” instead of a name, etc.).

3.    Be wary of any urgent instructions to take specified action such as “Click on the link or your account will be closed.”

4.    Hover your mouse over links without clicking to see if the address is truly from bbb.org. The URL in the text should match the URL that your mouse detects. If the two do not match, it is most likely a scam.

5.    Send a copy of the email to phishing@council.bbb.org (Note: This address is only for scams that use the BBB name or logo)

6.    Delete the email from your computer completely (be sure to empty your “trash can” or “recycling bin,” as well).

7.    Run anti-virus software updates frequently and do a full system scan.

8.    Keep a close eye on your bank statements for any unexpected or unexplained transactions.

If you have a business and are not certain whether the complaint is legitimate, contact your local BBB (www.bbb.org/find).

Yes, it’s ironic that all this information is coming from an organization that sells its Internet security services to other companies to deliver a BBB Accredited Business seal on its website because their seal “is backed by the standards, credibility and high name recognition of BBB, which brings its almost 100 year old reputation for marketplace trust to the Internet.” This phishing attack may tarnish that reputation or serve to make it an even stronger organization.  It may also provide a clue as to which companies may be directly under attack – namely companies and organizations with sound reputations that are well known and which consumers trust.  One might reasonably infer that if your corporation or organization fits that description, be extra, extra vigilant because you have more to lose.

Is nothing sacred?  First, a word to the BBB. It’s time to take your own advice.  As for the rest of us, this is a good time to confirm the security of your websites and domains, and do your best to ensure its integrity. If you’re on the board of a company, the CEO, or the general counsel, go pay a visit to your CIO.  Many corporations or organizations might not survive the reputational harm of a phishing scheme like this.  If your corporation has an internal or outsourced IT department, check with the head of IT to ensure that your domain and user names are appropriately protected. If your company or not for profit is smaller, you might want to check out the BBB’s website on Data Security to get started.  While the information provided by the BBB certainly did not protect them, it remains valuable basic information.

Also, time to inform your employees about phishing schemes. Tell them about this one – and that they should not open an e-mail from the BBB; instead, they should refer such emails to a person designated for the purpose of receiving business complaints.  Recognize, however, that you may well have a problem if the BBB really does want to reach you.  The best way to answer that question is to pick up your phone and call the BBB directly to determine whether a real complaint has been lodged.

Both businesses and individuals have a need to keep confidential information safe and secure. Don’t let anyone phish in your data pond.

(A redacted copy of the e-mail received by our client follows below.  A .zip file accompanied it.  The name of an actual BBB employee has also been deleted in the sender’s block)

Posted in , , | Tagged , , , , , , , , ,

Next »