The US Consumer Product Safety Commission (CPSC) continues to encourage manufacturers to attain compliance with the Consumer Product Safety Act (CPSA) and related regulations, and to sternly punish those who fail to do so. In this era of heightened regulatory scrutiny and enforcement, in-house counsel can bring value to their clients by proactively assessing current risk management practices and thinking ahead. Companies can reduce the risk of violating reporting obligations and incurring penalties by developing a compliance program that establishes, monitors and maintains protocols for identifying product hazards or non-compliance and reporting to the CPSC accordingly.
Tips for Consumer Product Manufacturers By Andrew Rink, John F. Kuppens and Jessica P. Goodfellow In this age of increased government regulation, greater transparency and omnipresent social media, consumer product manufacturers, importers, distributors and retailers must be proactive to ensure regulatory compliance and to protect their brands by either setting the record straight or taking corrective action. The US Consumer Product Safety Commission (CPSC) has been among the most active government agencies in the last four years. Armed with greater power by way of amendments1 to the Consumer Product Safety Act (CPSA), the CPSC continues to use all means available to encourage consumer products manufacturers to attain compliance with the CPSA and related regulations, and to sternly punish those who fail to do so. Among the measures the CPSC has utilized are increased filing of administrative lawsuits to ban products from the market, civil penalties that are assessed with greater frequency and in larger amounts, and civil penalties that include requirements that compliance programs be implemented or improved. 30-SECOND SUMMARY The US Consumer Product Safety Commission (CPSC) continues to encourage manufacturers to attain compliance with the Consumer Product Safety Act (CPSA) and related regulations, and to sternly punish those who fail to do so. In this era of heightened regulatory scrutiny and enforcement, in-house counsel can bring value to their clients by proactively assessing current risk management practices and thinking ahead. Companies can reduce the risk of violating reporting obligations and incurring penalties by developing a compliance program that establishes, monitors and maintains protocols for identifying product hazards or non-compliance and reporting to the CPSC accordingly. ACC DOCKET DECEMBER 2013 51 Why is this important to in-house counsel? In-house counsel are called upon daily to advise clients on regulatory compliance requirements and risks, including reputational risks. In this era of heightened regulatory scrutiny and enforcement, companies are best-serve d to think proactively about the CPSA and to integrate risk management considerations into their business processes. As strategic advisors, in-house counsel play an important role and bring value to clients by helping them assess current practices and to think ahead. Companies should take heed by familiarizing themselves with their reporting obligations under the law and examining their internal processes to help ensure they position the company to achieve compliance. This article will provide an update on the CPSC’s recent initiatives, and suggest means to proactively design an effective product safety and regulatory compliance program. United States Consumer Product Safety Commission Background and jurisdiction Established by Congress in the CPSA, 15 U.S.C. § 2051-2089, the Consumer Product Safety Commission has jurisdiction over approximately 15,000 different types of “consumer products.” The CPSA broadly defines “consumer product” as any article, or component part thereof, produced or distributed: ■■ For sale to a consumer for use in or around a permanent or temporary household or residence, a school, in recreation, or otherwise; or ■■ For the personal use, consumption or enjoyment of a consumer in or around a permanent or temporary household or residence, a school, in recreation, or otherwise. (15 U.S.C. § 2052(a)(5)). Changes at the CPSC Many notable developments have already occurred in 2013, including the assessment of the largest civil penalty since the 2008 amendments were announced and confirmation of two new commissioners.2 President Obama will also have the opportunity to nominate at least two more commissioners before he leaves office.3 In June, the president of an import company was sentenced to jail by a federal judge for violations of consumer product safety laws, signaling that CPSC is willing to pursue criminal sanctions to enforce CPSC standards and other laws. Additionally, the CPSC is pursuing expanded participation on voluntary standards committees under a proposed rule that would amend the existing regulation on Commission participation in voluntary standards activities, which currently allow employees to participate in voluntary standard development groups only on a non-voting basis. The proposed rule would allow Commission employees to participate as voting members and to accept leadership positions in voluntary standard development groups. The Commission’s participation in developing voluntary standards has grown to 71 products in 2013, up from 35 projects a few years ago. Reporting requirements under CPSA Section 15(b) Companies must be aware of the rules and regulations applicable to their products in order to promote compliance, and to effectively identify and make any required reports of noncompliance. Section 15(b) of the CPSA establishes reporting requirements for consumer product manufacturers, distributors and retailers. Each is charged with a duty to notify the CPSC immediately if it receives information that reasonably supports the conclusion that a product: ■■ fails to comply with an applicable consumer product safety rule; ■■ fails to comply with a voluntary consumer product safety standard upon which the CPSA has relied under Section 9 of the CPSA; ■■ contains a defect that could create a substantial product hazard; or ■■ creates an unreasonable risk of serious injury or death to consumers.4 Substantial product hazards Defects that could create a substantial product hazard to consumers trigger a reporting requirement under CPSC regulations. The CPSA defines substantial product hazard as “a product defect which (because of the pattern of defect, the number of defective products distributed in commerce, the severity of the risk, or otherwise) creates a substantial risk of injury to the public.”5 A defect need not manifest itself through actual product failures or injuries to trigger an obligation to report. “Even one defective Andrew Rink is associate GC at JELD-WEN, Inc., in Charlotte, NC. He is responsible for overseeing product, environmental and general liability litigation for JELD-WEN throughout North America. Rink also acts as GC to JELD-WEN’s operating divisions, and advises senior management regarding warranties, product safety and compliance. firstname.lastname@example.org John F. Kuppens is a partner in Nelson Mullins Riley & Scarborough LLP’s Columbia, SC, office. Kuppens practices in the areas of product liability litigation, and regulatory and preventive counseling. He is on the BOD of DRI and the South Carolina Defense Trial Attorneys’ Association. email@example.com Jessica P. Goodfellow is an associate in Nelson Mullins Riley & Scarborough LLP’s Columbia, SC, office. She practices in general litigation and products liability. firstname.lastname@example.org 52 ASSOCIATION OF CORPORATE COUNSEL RISK MANAGEMENT TIPS FOR CONSUMER PRODUCT MANUFACTURERS product can present a substantial risk of injury and provide a basis for a substantial product hazard determination under Section 15 of the CPSA if the injury which might occur is serious and/or if the injury is likely to occur.”6 Unreasonable risk of serious injury or death The CPSC also requires a report if a reasonable person could conclude, given the information available, that a product under any circumstances creates an unreasonable risk of serious injury or death.7 “The use of the term ‘unreasonable risk’ suggests that the risk of injury presented by a product should be evaluated to determine if that risk is a reasonable one.”8 In determining whether an unreasonable risk exists, the manufacturer should examine the: ■■ utility of the product, or the utility of the aspect of the product that causes the risk; ■■ the level of exposure of consumers to the risk; ■■ the nature and severity of the hazard presented; and ■■ the likelihood of resulting serious injury or death.9 Firms that obtain information indicating that their products present an unreasonable risk of serious injury or death should not wait for such serious injury or death to actually occur before reporting.10 A company may obtain such information, triggering the duty to report, from experts, test reports, lawsuits or claims, complaints, quality control data or any other relevant information.11 Time to report If a manufacturer has information reasonably supporting the conclusion that a reportable incident has occurred, it must report to the CPSC immediately, which means within 24 hours. Manufacturers can conduct an investigation to evaluate whether an incident is a “reportable incident,” but the investigation period should not exceed 10 days. The CPSC considers a company to have knowledge of product safety-related information when that information is received by an employee or official of the firm who may reasonably be expected to be capable of appreciating the significance of that information. Once that occurs, five working days is the maximum reasonable time for that information to reach the chief executive officer or the officials assigned responsibility for complying with the CPSC’s reporting requirements. Confidentiality Section 6(b)(5) of the CPSA prohibits the release of information reported under section 15(b) unless: ■■ a remedial action plan has been accepted in writing; ■■ a complaint has been issued; ■■ the reporting firm consents to the release; or ■■ the CPSC publishes a finding that public health and safety requires disclosure. Additionally, the CPSC is prohibited from disclosing trade secret or confidential commercial or financial information. A firm claiming that information it has submitted is a trade secret or confidential commercial or financial information must mark the information as “confidential” in accordance with section 6(a)(3) of the CPSA when the information is submitted to the CPSC. Searchable Consumer Product Safety Incident Database The Searchable Consumer Product Safety Incident Database (the Database) is a publicly searchable database of consumer product safety incidents. The consumer portal allows consumers to report harm or potential hazards associated with consumer products at SaferProducts.gov. “Consumers” who may instigate reports, however, are not limited to the person who used or was allegedly injured by the product, but includes anyone with a connection to the product or with some knowledge of the incident or hazard. The individual filing a report is not required to have firsthand knowledge of the incident they are reporting. Before publishing a report, the CPSC will review and verify the report, and notify the manufacturer implicated in the report and provide an opportunity to respond. Publicly accessible incident reports provided by the CPSC will contain the following limited information: ■■ product description, ■■ identification of the manufacturer, ■■ description of the harm, and ■■ state of occurrence of incident. The CPSC will notify manufacturers upon receiving an incident report involving one of its products. Manufacturers must register with the CPSC to receive email and text message alerts of the incident reports. It is important that the CPSC’s notification go to the right people — those who are extremely responsive, such as legal or product safety departments. Deadlines The CPSC must publish the incident report no later than 10 business days after transmitting the report to the manufacturer. The manufacturer must submit its comments to the CPSC by the tenth business day. Therefore, companies should establish an investigation cutoff date that leaves enough time for drafting and approval of comments Companies may consider developing an internal docketing system to monitor the 10-day deadline, particularly when dealing with multiple incident reports at the same time. Confidential information on incident reports Confidential information, such as financial information, confidential commercial information and trade secrets, likely will not appear in most of 54 ASSOCIATION OF CORPORATE COUNSEL RISK MANAGEMENT TIPS FOR CONSUMER PRODUCT MANUFACTURERS the database incident reports because consumers will be submitting the majority of the incident reports. However, class action plaintiff ’s counsel or even competitors, suppliers, retailers and distributors may comment and introduce confidential information. If someone other than a consumer, such as a former employee, were to submit confidential information, a manufacturer can request that the CPSC keep the confidential information off the database by flagging its comments as pertaining to confidential information when submitted through the Business Portal. If the CPSC agrees that the information is confidential, then the CPSC will redact the designated information. Redacted information in the public database will create curiosity about what was redacted and why. If the CPSC disagrees, then the CPSC will notify the manufacturer and will include the information in the database. The manufacturer may then bring a district court action seeking removal of the information from the database. Materially inaccurate information on incident reports The CPSC may remove or correct materially inaccurate information in the database. Similar to confidential information, manufacturers must flag its comments for the CPSC staff review in the Business Portal. If a manufacturer notifies the CPSC of materially inaccurate information, the CPSC must notify the manufacturer if it plans to disclose that information. Companies can bring a district court action to stop disclosure, but it must do so before the date the documents are set to be disclosed. CPSC penalties and enforcement The Consumer Product Safety Improvement Act of 2008 significantly increased the CPSC’s power to regulate product hazards that pose a risk of harm to consumers. Major changes implemented by the CPSIA are: ■■ shorter deadlines for responding to the CPSC to prevent public disclosure of information; ■■ enhancements to the CPSC’s enforcement power; and ■■ dramatic increases to the limits of the civil and criminal penalties the CPSC can assess. CPSIA penalties and increased authority Penalties increased dramatically under CPSIA as illustrated in the chart below. Civil penalties The number of companies paying civil penalty settlements over alleged Section 15 violations has increased. The chart below is published by the CPSC on www.cpsc.gov, detailing civil penalties issued in 2013. Expansion to include compliance system improvements Recently, the CPSC has begun to negotiate for the inclusion in civil penalty agreements of provisions requiring companies to institute or improve comprehensive compliance processes and procedures. Three product manufacturers/retailers have recently entered into civil penalty settlement agreements with the CPSC to resolve allegations that they failed to report product hazards, as the CPSC’s governing statutes and regulations require. In each settlement, the CPSC has imposed specific product safety compliance requirements on the companies. In March 2013, Kolcraft Enterprises, Inc., agreed to pay a civil penalty of $400,000 for allegedly failing to report a product defect. The $400,000 penalty was significant, but the most striking provision was the agreement to expansive internal and external compliance system changes. The CPSC commissioners had differing opinions about this expansion of power. CPSC Commissioner Nancy Nord issued a statement expressing concern over the many compliance obligations dealing with conformance to general safety standards — particularly the “extensive record-retention requirement and the on-demand reporting of compliance data” — even though Kolcraft’s past recalls had not reflected legal violations, and the CPSC had not accused the company of violating safety standards. Expressing the majority view, CPSC Chairman Inez Tenenbaum and Commissioner Robert Adler issued a joint statement, which stated their view NEW CIVIL PENALTIES OLD CIVIL PENALTIES ■ $100,000 max per violation ■ $15,000,000 cap for related series of violations ■ $5,000 max per violation ■ $1,825,000 cap for related series of violations NEW CRIMINAL PENALTIES OLD CRIMINAL PENALTIES ■ Five years prison for willful violation ■ No notice from the CPSC required for criminal liability of company, officers, or directors ■ Forfeiture of assets possibility ■ One year prison for willful violation ■ Companies, directors or officers criminal liability only if they engaged in violation after receiving notice from the CPSC of a violation CIVIL PENALTIES PAID IN FISCAL YEAR 2013 Fine Product Type $987,500 Wooden Hammock Stands $400,000 Playpens/Play yards/ Portable Cribs/Sleepers $750,000 Furniture $450,000 Clothing (Children) $650,000 Baby Boats $850,000 Blenders 56 ASSOCIATION OF CORPORATE COUNSEL RISK MANAGEMENT TIPS FOR CONSUMER PRODUCT MANUFACTURERS that the broad compliance obligations imposed on Kolcraft should be the way of the future for all consumer product companies, voluntarily or otherwise: “[G]oing forward, we expect those companies that lack an effective compliance program and internal controls to voluntarily adopt them. If not, we will insist that they do so.” In May 2013, Williams-Sonoma entered into a voluntary settlement agreement that imposed a three-part compliance program very similar to the one in the Kolcraft agreement. The CPSC also imposed a $987,500 fine. Notably, the product was also manufactured by a wholly-owned subsidiary of Williams-Sonoma. Commissioner Nord’s statement on the Williams-Sonoma settlement criticized the “broad compliance program” as “inappropriate” and “smell[ing] of regulatory opportunism disguised as enforcement.” Commissioner Nord noted that this was “the second recent instance in which the agency has insisted on a comprehensive compliance program even absen[t] any evidence of wide-spread noncompliance.” In Nord’s opinion, the Williams-Sonoma settlement “represents a shift in agency policy that will stretch across all of our enforcement activity.” Most recently, Ross Stores, Inc. (Ross), a national discount retailer, agreed to pay a $3.9 million civil penalty to settle allegations that it failed to report its continued sale of banned children’s product. In addition to agreeing to pay the civil penalty, Ross agreed to maintain a comprehensive compliance program designed to ensure its compliance with safety standards for these products. The program also aims to ensure that Ross will follow the CPSC’s product incident reporting requirements in the future. This settlement comes on the heels of the two similarly structured civil penalties assessed against Kolcraft and Williams-Sonoma. CPSC compliance checklist for in-house counsel REPORTING ■■ Mark trade secret, confidential commercial information or financial information as “confidential” in accordance with CPSA section 6(a) (3) when the information is submitted to the CPSC in a report. SEARCHABLE DATABASE ■■ Manufacturers must register to receive email and text message alerts of incident reports in the Business Portal. It is important that the CPSC’s notification go to the right people — those who are extremely responsive, such as legal or product safety departments. ■■ Establish an investigation cutoff date that leaves enough time for drafting and approval of comments to incident reports. ■■ Develop an internal docketing system to monitor the 10-day deadline, particularly when dealing with multiple incident reports at the same time. ■■ Request that the CPSC keep confidential information off the database by flagging its comments as pertaining to confidential information when submitted through the Business Portal. ■■ Flag comments for CPSC staff review in the Business Portal. ■■ Notify the CPSC of materially inaccurate information in incident reports. The CPSC must then notify the manufacturer if it plans to disclose that information. Companies can bring a district court action to stop disclosure, but it must do so before the date set for disclosure. COMPLIANCE SYSTEMS ■■ A compliance program should be designed to establish, monitor and maintain protocols for identifying product hazards or noncompliance and reporting to the CPSC accordingly. ■■ Remember that if there is information sufficient to reasonably support the conclusion that a defect could create a substantial product hazard, then there is a duty to report that information to the CPSC immediately. ■■ Identify the team of individuals responsible for product safety compliance, including the persons responsible for monitoring the compliance program and keeping track of safety incidents involving the company’s products, and members of relevant departments within the company, such as product safety, legal, public relations and marketing. ■■ A compliance coordinator should be responsible for ensuring compliance policies and procedures are followed. The compliance coordinator should be the contact point for information or incident reports coming from the CPSC. ■■ Establish clear guidelines for reporting hazards, both within the company and to the CPSC, and for determining whether a recall is necessary. The compliance coordinator should be the point person handling such communications and should have guidelines directing when and how to report to the CPSC. 58 ASSOCIATION OF CORPORATE COUNSEL RISK MANAGEMENT TIPS FOR CONSUMER PRODUCT MANUFACTURERS However, the Ross civil penalty is different from the others in two important ways: ■■ Ross’s role was solely as a retailer. Ross’s response to the CPSC’s allegations was that it did not manufacture the non-compliant products and relied upon its vendor to ensure compliance. In response, Chairman Tenenbaum stated “the fact that Ross did not design, manufacture, or import the garments did not relieve it of the obligation to ensure that they comply with all applicable safety statutes and regulations.” ■■ There was unanimous support for the imposition of a targeted compliance program. All three commissioners supported inclusion in the settlement agreement of targeted compliance program requirements for Ross. The Kolcraft and Williams- Sonoma civil penalty agreements required those companies to maintain compliance programs that assure compliance with all applicable CPSC rules — something Commissioner Nord believed was inappropriate because the scope of the compliance programs addressed actions beyond those that were the subject of the penalty. Criminal penalties In another notable enforcement case, the CPSC sought criminal penalties directly against the president of a consumer product importer and retailer. Hung Lam, the president of LM Import-Export, Inc., was sentenced to 22 months in prison and fined $10,000 after pleading guilty to conspiracy to smuggle banned children’s products that contained lead and small parts. Prior to the imposition of criminal penalties, Lam agreed to a civil penalty and permanent injunction that imposed an even more stringent compliance program than the one placed on Ross, including the hiring of an independent product safety coordinator. Administrative complaints In addition to civil and criminal penalties for violations, the CPSC has also become more aggressive in filing administrative complaints seeking recalls of products if a company fails to voluntarily recall a product that the CPSC believes creates a “substantial product hazard.” In May 2013, the CPSC was granted leave to add a former CEO to its administrative complaint against manufacturers of high-powered magnets (e.g., Buckyballs) seeking a product ban, recall and compliance reports.12 The threat of administrative lawsuits and the potential for personal liability against corporate officers signals a new enforcement tool that the CPSC may use to negotiate recalls and penalties with consumer product manufacturers. Preventing and mitigating penalties Compliance systems Companies can reduce the risk of violating reporting obligations and incurring penalties by developing systems for ensuring compliance with CPSC regulations. A compliance program should be designed to establish, monitor and maintain protocols for identifying product hazards or non-compliance and reporting to the CPSC accordingly. Also, the CPSC does not want firms to delay in reporting potential hazards, even if it the company later determines that the defect does not in fact create a substantial product hazard. As a general rule, firms must report to the CPSC within 24 hours of obtaining the information described above. Firms should not delay reporting in order to determine with certainty whether a report is required. Firms should report potential hazards and risks even if they are investigating a matter. If a firm is uncertain whether information must be reported, it may spend a reasonable amount of time investigating the matter. A firm usually should not spend more than 10 business days on an investigation before reporting.13 However, if the company does not report a potential hazard and later determines that one does exist, the company has already violated its reporting obligations and may face penalties. Companies should identify the team of individuals who will be responsible for product safety compliance. This compliance team should include the persons responsible for monitoring the compliance program and keeping track of safety incidents involving the company’s products, as well as members of relevant departments within the company, such as product safety, legal, public relations and marketing. A compliance coordinator should lead the team, and be responsible for ensuring compliance policies and procedures are followed. The compliance coordinator should communicate with the CPSC and be the contact point for information or incident reports coming from the CPSC. Procedures should be established to identify and track potential hazards by tracking potential safety indicators, such as customer complaints and incident reports. There should be clear guidelines for reporting such hazards, both within the company and to the CPSC, and for determining whether a recall is necessary. Companies should prepare in advance to evaluate the many issues which may require immediate action should the need for recall arise, such as the need to stop production, isolate a product, and inform distributors, ACC DOCKET DECEMBER 2013 59 Three product manufacturers/retailers have recently entered into civil penalty settlement agreements with the CPSC to resolve allegations that they failed to report product hazards, as the CPSC’s governing statutes and regulations require. retailers, consumers and the media about the danger. Again, the compliance coordinator should be the point person handling such communications, and should have guidelines directing when and how to report to the CPSC. The CPSC’s Handbook & Standard for Manufacturing Safer Consumer Products covers recommendations for executive action, which include a public statement of commitment to product safety and assignment of a product safety manager at the executive level. Additionally, companies can learn from what the recent settlement agreements that include compliance programs require. A program designed to ensure compliance with the safety statutes and regulations should contain: ■■ Written standards and policies — including one on record keeping; ■■ Reporting mechanism — a mechanism for confidential employee reporting of compliancerelated questions or concerns to either a compliance officer or to another senior manager with authority to act as necessary; ■■ Effective communication — of company compliance-related policies and procedures to all employees through training programs or otherwise; ■■ Management oversight — of compliance personnel; and ■■ Records retention — retention of all compliance-related records for at least five years and availability of such records to the CPSC upon request. The CPSC’s latest enforcement actions underscore the point that all retailers, manufacturers and importers should evaluate current CPSC reporting practices and remain vigilant concerning their independent product safety compliance and reporting obligations. As stated by Chairman Tenenbaum in her statement on the Ross settlement: This case clearly demonstrates that policies cannot exist solely on paper; individuals must be charged with and held accountable for carrying them out. It is my hope and expectation that the message we are sending with the substantial fine and the compliance requirements in this agreement will increase the likelihood that Ross — and other firms — will not only make the right decision next time they are confronted with whether to report a safety issue, but also — and more importantly for consumer safety — will take all necessary steps to ensure they produce and market only compliant products, thus obviating the need for any reporting at all.14 Mitigating penalties The factors considered by the CPSC in determining an appropriate penalty can also be factors used by the company to mitigate a penalty. However, it is up to the company to provide the Commission with mitigating information. For example, when considering how to mitigate any undue adverse impact on a small business, the burden lies with the company to present clear, reliable, relevant and sufficient evidence relating to the business’s size and ability to pay.15 If faced with a potential enforcement action, consider the following four measures: ■■ Cooperation: Open cooperation with the CPSC can be a factor considered in determining the appropriate penalty to impose, and communicating with the CPSC at this point is as important as ever. Request to meet with CPSC staff in person to respond to issues and inquiries; build a line of communication and establish credibility. ■■ Present evidence of a robust compliance system: Presenting evidence of a robust compliance system such as the type discussed above may also be helpful in mitigating a penalty. If the company can show the CPSC that it has good systems in place that are rigorously adhered to, even if that system failed in a particular instance that is not likely to be repeated, then a pattern of good faith efforts toward compliance can be established. If the purpose behind penalties is deterring non-compliance, then there is little utility in penalizing a company that maintains rigorous compliance standards and proactively operates in a genuine effort to maintain compliance. ■■ Demonstrate good track record for reporting: A good track record of reporting to the CPSC and evidence that the company has incurred no If the company can show the CPSC that it has good systems in place that are rigorously adhered to, even if that system failed in a particular instance that is not likely to be repeated, then a pattern of good faith efforts toward compliance can be established. 60 ASSOCIATION OF CORPORATE COUNSEL RISK MANAGEMENT TIPS FOR CONSUMER PRODUCT MANUFACTURERS ACC EXTRAS ON… Product safety and manufacturing ACC Docket International Consumer Product Safety Regulations (June 2012). www.acc.com/ docket/prod-saf_jun12 Quick Reference Key Issues in a Manufacturing Agreement from the Manufacturer’s Perspective (Oct. 2011). www.acc.com/manu-agree_oct11 Presentation Using Risk Analysis and Creative Negotiation in Contract Negotiations in Manufacturing or Product Agreements (Oct. 2011). www.acc.com/risk-contract_oct11 ACC HAS MORE MATERIAL ON THIS SUBJECT ON OUR WEBSITE. VISIT WWW.ACC.COM, WHERE YOU CAN BROWSE OUR RESOURCES BY PRACTICE AREA OR SEARCH BY KEYWORD.