Marijuana’s Cost to Employers

With the adoption of more state laws to legalize marijuana, employers will face challenges to protect their employees from injury and to comply with federal requirements to maintain a drug-free workplace.

Employers also face potentially costly litigation as case law surrounding legal marijuana develops, according to the Quest Diagnostics whitepaper “What Will ‘Legal’ Marijuana Cost Employers?”


Quest reports that medical marijuana legalization brought forth a new phenomenon: the production of marijuana-infused foods and gadgets, which presents a special problem for employers. Today, nearly half of marijuana users in states where it is legal consume marijuana by eating it rather than smoking it. In addition, vape pens, which are like e-cigarettes but contain capsules of concentrated marijuana oils, leave no marijuana smell and are impossible to tell apart from e-cigarettes. These two modes of consumption will make it more difficult, if not impossible, for employers to tell when employees are using marijuana on the job.

As marijuana use increases, so will workplace injuries, accidents, mistakes, and employee illnesses, escalating the costs of companies’ liability, workers’ compensation and health insurance.

Questions companies should ask include:

  • Will employers have to accommodate marijuana use in their workplaces? A closely watched case. Before the Colorado Supreme Court will establish, at least in Colorado, whether employees can use marijuana off the clock even if they may be impaired the next day.
  • Must employers pay for employees’ medical marijuana if they are injured on the job? By allowing a court of appeals decision to stand, the New Mexico Supreme Court finds that the answer is yes.
  • Must employers pay unemployment compensation to employees fired for failing a marijuana drug test?
  • What does increased adolescent marijuana use portend for the future workforce? Research shows that compared to nonusers, teens who smoke marijuana on weekends over a two-year period are six times more likely to drop out of high school, three times less likely to enter college, and four times less likely to earn a college degree?
  • How can employers meet federal requirements to maintain a drug-free workplace if states require proof of impairment rather than the presence of marijuana in the body when no level of impairment has been scientifically established and no noninvasive test to denote impairment has been developed?
  • If courts hold that drug testing is no longer a valid indicator of impairment, how can employers whose businesses involve driving or other safety-sensitive positions protect their workers and the public from injuries and deaths cause by stoned drivers?
  • What if courts hold that failing a pre-employment drug test is no longer a valid reason to deny employment to applicants?

There are, however, steps employers can take to protect themselves:

1) Stay up-to-date with the changing legal landscape and adjust workplace policies accordingly.

2) Remember that marijuana is still illegal under federal law.

3) Join other employers to monitor state legislation and take action with legislators to ensure workplace protections are included in any marijuana laws.

4) Educate your workforce about the dangers marijuana poses to children, families and the workplace.

5) Challenge the notion that marijuana is medicine, or risk paying for it in your health insurance program. No marijuana medicines being sold in states that legalized them have been approved by FDA as pure, safe, or effective. Doctors cannot prescribe them and pharmacies cannot sell them.

Risk Link Roundup

Link Roundup

Here are a few recent articles highlighting some interesting issues that impact the world of risk and insurance. Topics include the impact of the Paris attack on the stock market, the emergence of the world’s largest hotelier, a former Department of Defense director of operations charged with taking bribes, criminal charges in a huge cyberfraud ring and four business owners charged with workers compensation fraud.

Wall St. Rises as Little Impact Seen From Paris Attacks

Reuters: U.S. stocks were higher in early afternoon trading on Monday after a choppy start as investors absorbed the impact of Friday’s deadly attacks in Paris.

Marriott Becomes World’s Largest Hotelier, Buying Starwood

Associated Press: Hotel behemoth Marriott International is becoming even larger, taking over rival chain Starwood in a $12.2 billion deal that will catapult it to become the world’s largest hotelier by a wide margin.

Former DoD Contractor Pleads Guilty to Taking Bribes from UK Company

FCPA Blog: The former director of operations of a Department of Defense contractor in Washington, D.C. pleaded guilty to soliciting and receiving nearly $200,000 in kickbacks in return for steering U.S. government subcontracts to a U.K. company.

U.S. Charges Three in Huge Cyberfraud Targeting JPMorgan, Others

Reuters: U.S. prosecutors on Tuesday unveiled criminal charges against three men accused of running a sprawling computer hacking and fraud scheme that included a huge attack against JPMorgan Chase & Co and generated hundreds of millions of dollars of illegal profit.

4 New York Business Owners Charged in Workers’ Comp Fraud Sweep

Insurance Journal: The New York inspector general’s office announced the arrests of four New York state business owners on fraud and theft charges as part of an ongoing series of investigations into employers and employees who defraud the state workers’ compensation system.

Prosecutors Reveal ‘Securities Fraud on Cyber Steroids’

The investigation into a huge cyberattack on JP Morgan Chase last year has exposed one of the largest computer hacking and fraud schemes to date. According to U.S. prosecutors, Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein, all from Israel, hacked a total of 12 companies to expose the personal information of more than 100 million people, netting hundreds of millions of dollars in profit. The men face 23 criminal counts, including wire fraud, computer hacking, illegal internet gambling and money laundering, with alleged crimes targeting 12 companies, including nine financial services companies and media outlets including the Wall Street Journal. Investigators say their massive criminal empire used 75 shell companies that employed hundreds of people, and hacked seven major banks, ran an online casino, laundered money around the world and set up an illegal Bitcoin trading operation.

“It is hacking in support of a diversified criminal conglomerate,” said Preet Bharara, U.S. attorney for the Southern District of New York. “In short, it is hacking as a business model.”

In addition to the hack of JP Morgan, which U.S. Attorney General Loretta Lynch called “the largest theft of customer data from a U.S. financial institution” and exposed the personal information of 83 million customers, the criminals also attacked E*Trade Financial Corp., TD Ameritrade, Scottrade Inc., Fidelity Investments and News Corp’s Dow Jones, which publishes the Wall Street Journal. The breaches date as far back as 2007.

“By any measure, the data breaches at these firms were breathtaking in scope and in size,” Bharara said. “This showcases a brave new world of hacking for profit.”

Breaking into these financial institutions gave the attackers information to target specific people, and gave them extra insight into the stock market. According to the indictment, they used the customer data to contact individuals and push them to buy stocks in order to manipulate their prices. In addition to the pump-and-dump scheme, sometimes the defendants reportedly engineered mergers with shell companies to create publicly traded stocks that could be manipulated. Bharara called the scheme “securities fraud on cyber steroids.”

Beginning in 2012, in addition to disguising payments and constantly obtaining new bank accounts, the men further tried to evade detection by hacking into a company that assessed merchant risk for credit-card issuers. The breach allowed the defendants to read employees’ emails and figure out how to sidestep the company’s efforts to monitor illegal payments, according to the indictment.

The defendants are also accused of operating at least 12 illegal internet casinos, even launching cyberattacks against rival gambling businesses to review executives’ email and gain a competitive edge. Shalon hacked competitors’ customer databases and directed denial of service attacks to shut down their businesses.

Several compliance officers may soon feel the heat as well: the investigation found that, in operating the online casinos and illegal pharmaceutical payment processing enterprises, the co-conspirators deceived financial institutions into processing and authorizing payments between the casino companies and others. “They colluded with corrupt international bank officials who willfully ignored its criminal nature in order to profit from, as a co-conspirator described it to Shalon, their payment processing ‘casino/software/pharmaceutical cocktail’,” the indictment charges.

According to prosecutors, the case illustrates the growing power of criminals and their tools, and makes such crimes particularly difficult to solve. But it may also highlight one key resource to do so: self-reporting to law enforcement. Officials credited JP Morgan’s early cooperation for helping to uncover the network of criminal activity. The firm came forward early on to share information with the government, a move many forensic investigators encourage. This case provides one of the clearest examples of why: hackers frequently use the same schemes to target a swath of companies in a given industry. While many companies worry about the reputational and regulatory risks of disclosing a breach to law enforcement, as hackers grow more sophisticated in their techniques and complex in their operations, it may prove an ever more critical step in the breach response and investigation process.

“Shalon, Aaron, and their co-conspirators allegedly robbed victim companies, often for months at a time, stealing the contact information of tens of millions of customers,” said FBI Assistant Director-in-Charge Diego Rodriguez. “They cloaked themselves in secrecy, but their methods rivaled those of the traditional masked robber. Today’s indictment sheds light on an increasingly complex threat. But just as criminals continue to develop relationships with one another in order to advance their objectives, the law enforcement community has developed a collaborative approach to fighting these types of crimes.”

Emerging Market Risk: Leaders, Laggards and Rules for Avoiding Loss

world map

When the developed world’s economies ground to a halt during the Great Recession of 2009, large, Western-based multinational companies turned their growth-hungry eyes toward developing markets. The slow recovery that followed the recession in the U.S. and Europe did little to change this trend. In fact, according to the United Nations Conference on Trade and Development (UNCTAD), foreign direct investment in emerging markets reached a new high in 2013 of $759 billion (the most recent year for which data is available). This represented more than half the world’s estimated $1.46 trillion total outward investment flows for that year. Given this intense interest in doing business in emerging markets, FTI Consulting, a global professional services firm, conducted a survey in November and December 2014 on the character of the risks businesses face in these markets and how they attempt to mitigate them.

FTI surveyed 150 companies with revenues of more than $1 billion and business interests in developing economies, as well as interviews with 32 executives focused on compliance and risk management from those companies. Our results indicated an enormous difference between leaders (defined as companies whose self-reported losses as a percentage of revenues was in the lowest quartile, averaging 0.2%) and laggards (those in the highest quartile, with a loss rate averaging 2.2% of revenues), not only in the ways they managed overseas risk, but how they thought about it.

Quantifying Risk: The Numbers

According to our survey, 83% of multinational companies have suffered significant losses in emerging markets since 2010, with an average cost per company over that time of $1.38 billion, and the average loss per year $260 million, or 0.7% of revenues.

In virtually all loss-making incidents (99%), our respondents reported that the issue was either a matter of a regulatory violation, bribery or fraud, or reputational damage. In incidents with the highest losses, two or three of these types of risk converged: 60% of reported incidents involved more than one type, 35% involved two, and 25% were perfect storms that involved all three.

Regulatory issues are the most frequent cause of loss (either due to the difficulty of keeping up with ever-changing regulations or lax or inattentive corporate compliance policies), but legal and criminal issues (engaging in fraud or paying bribes) lead to the most expensive incidents. The most frequently cited consequences of getting caught were noted as reputational harm (67%), loss of revenues (56%), and prosecution (44%). In all cases, reputational issues invariably make matters worse.

These are serious issues, and some companies respond with equal seriousness. Some do not.

Leaders vs. Laggards: The Three Greatest Ways They Differ

According to our survey, there are enormous differences in the ways companies that have suffered the lowest rate of loss in emerging economies and companies that have experienced the highest approach risk mitigation in the three major categories. (See Figure 2.) From these differences, we have derived three rules that leaders follow to best mitigate overseas risk.

Rule 1: Walk Away From Countries Where Compliance is Impossible

Our leading companies believe it is more important to avoid doing business in jurisdictions where compliance may not be possible than do laggards by a ratio of more than 5:1. In other words, our leaders are willing to walk away, even when environments are hyped and offer the potential for quick profits. Globalized companies often overestimate their ability to estimate and analyze overseas risk accurately.

For instance, it is extraordinarily difficult to stay compliant with Brazil’s tax laws. According to Renato Niemeyer, Chief of Tax Legislation in Roraima State, each of Brazil’s 27 states has its own tax regulations “and the rules change all the time.” Neimeyer said this has led some companies to postpone paying taxes as the penalties for late payment are relatively low. However, when a company does pay the penalties, “corrupt officials will solicit the organization for bribes in order to lessen the penalties,” Neimeyer said. This, of course, is the proverbial slippery slope that can lead to both bribery and fraud prosecution and concomitant reputational damage – the perfect storm.

Latin America is also growing increasingly green in its politics, and environmental regulations are becoming problematic, especially in the energy, mining and construction sectors. Chevron vs. Ecuador, the nasty, ongoing, eight-year trial over liability concerning alleged environment damage, is an example of how damaging running afoul of environmental regulations can be.

When successful companies do attempt to do business in countries where it is difficult to comply with regulations, they invest time and energy into helping host countries develop more rational regulatory frameworks. Our leaders consider this kind engagement more important than do laggards by a ratio of almost 3:1.

Rule 2:  Keep to the Straight and Narrow

In most developed markets, it is understood that paying bribes to win or facilitate business is bad business and, if there were any doubt, the U.S. Foreign Corrupt Practices Act (FCPA) and U.K. Bribery Act remove them. But in many developing economies bribery is just how business gets done. In China, facilitation payments are customary to keep projects on target. The long-established Chinese custom of giving gifts to customers violates both the FCPA and U.K. Bribery Act. For our leading companies, the first rule for avoiding getting caught in the coils of bribery and corruption is to “conduct continuous dialogue with local staff on compliance issues.” Leaders rate that more important than do laggards by a ratio of nearly 7:1.

It is very difficult for local managers to resist making a facilitation payment when that’s the only way to get a pallet off a loading dock, or a critical part to a factory. That’s why companies that avoid getting in trouble make significant investments in internal communication and compliance training. They also go the extra mile when conducting due diligence on potential local partners and suppliers that may not have the same commitment to hewing to the straight and narrow as do their own organizations. Companies sometimes forget that the contractors their local managers hire, and the subcontractors the contractors hire, also need to be vetted and watched. Ted Unton, a former director of global financial compliance at Bemis Company, a U.S. global manufacturer, said his company has hired private investigators to look into partner companies and even partner executives.

Rule 3: Walking the Compliance Talk

Our respondents said that reputational damage – of the sort famously experienced by Walmart (accused of bribery in Mexico) and McDonald’s (accused of using tainted meat in China) – most often leads to loss of revenues, followed by exclusion from markets and even expropriation of assets. In our research, we found the greatest difference between how leaders and laggards approach mitigating reputational risk was how the regarded maintaining a good reputation over the long term. Leaders rate it more important than do laggards by an impressive ratio of 10:1.

This variance is mind-boggling when one considers that those companies that do not rate the importance of maintaining a good reputation highly have, by definition, suffered far greater losses than those that do.

Maintaining that good reputation is difficult as local populations are prone to regard multinational corporations as bad actors, and rich exploiters of resources and people – a belief often reinforced all-too willingly by the local press. It requires action and investment. One former president of an energy company operating in Bangladesh (who requested anonymity) told us his company, which had purchased land for a 40-mile pipeline, set up offices to help displaced farmers find jobs. By demonstrating its concern for the community and by conveying that the company was involved for the long-term, planned protests were averted. (Indeed, many of the farmers were hired by the company and their living standards improved.) According to the former president, the company became seen as a benefactor, not a despoiler, and he believes that reputation will improve the company’s future business prospects.

Notably, laggards believe that running “preemptive publicity campaigns to counteract negative reactions” is a fine strategy. Leaders do not. That spread is one of the largest differences we’ve found.

Do It Right or Don’t Do It at All

As we’ve seen, multinational companies have suffered significant and severe losses in emerging markets. And the difference in the loss-rate as a percentage of revenue – 2.2% for the laggards; 0.2% for the leaders – is certainly wide. Developing risk management competence in the three major categories of risk defined by our survey not only helps to stem these losses, but builds a strong foundation for future profits.

It is bad to be a laggard. What’s more, it is unnecessary.