Has your business ever received a Business Software Alliance Notice of Inquiry or Audit?
I. Existing Liability from Within.
Most of the chatter related to avoiding risk in the payments landscape centers on the new various regulations related to merchant processing. But sponsor banks, ISOs, and processors need to also be aware of existing potential liability related to their internal operations that threaten similar fines. The Business Software Alliance (“BSA”) works with a team of attorneys nationwide to investigate violations of the Copyright Act for a business’s unregistered use of proprietary software such as Windows Office programs.
Many companies provide employees and agents with computer workstations, and even that person’s unauthorized use of any unlicensed product or software that is used will create liability. Take, for example, a recent client that asked an employee to create marketing material. That employee, with an eye on maximizing resources, and saving the company money, downloaded software programs to help with the layout and formatting. When the BSA audit was completed it deemed the employer liable for failure to conduct oversight on its employee’s download and use of software since there was no written compliance program in place to monitor such activity. Or, consider another instance where an employee provided a company laptop loses that laptop, then feeling responsible purchases a replacement and proceeds to borrow copies of certain licensed software products from a friend or counterpart, and subsequently uses those in furtherance of their employment. While these facts will be considered by the BSA attorneys, it still triggers liability under the statutes enforced by the BSA.
Thus, even if your company’s practice is to only buy and use licensed software directly from the manufacturer, employees can create unintended liability even when their intent is honorable.
II. The Fines Assessed Are Excessive.
The major risk for fines resulting from a BSA audit relates to the BSA’s practice of unbundling product packages so that each computer with an unlicensed/unregistered version of Microsoft Office will receive separate fines for each program. This results in fines for unauthorized use of MS Word, MS Excel, PowerPoint, Outlook, etc. The BSA has a useful damage calculator on its website to give you an estimate of what soaking wet will look like. Although, the BSA often settles for a percentage of the amounts it could if a company’s response is handled properly.
III. Response Strategies with an Eye on Favorable Settlement.
The schools of thought are split, but most recommend cooperating with a BSA audit. The BSA attorneys and firms know that they are entitled to their fees should litigation ensue, and are therefore happy to push the case to a full-blown lawsuit that will likely end up with the same or worse result as far as BSA fines assessed, and a much worse result of having to pay your lawyers to fight it and BSA’s attorneys if you do not prevail. But some say sticking your head in the sand is a good strategy to any regulatory or investigative inquiry. This is a mistake because that strategy is not sustainable for any business that plans for longstanding financial success. Thus, it’s recommended to respond and cooperate with the BSA investigators. Even then strategies exist to bring any audit to a favorable resolution.
Like anyone in a position of authority, the BSA and its representatives appreciate when the person speaking addressing a BSA audit acknowledges that authority. When a company hires an experienced firm as its voice to respond to a BSA audit that shows the BSA that the company is seriously considering the matter and respects the BSA’s authority. It also puts the BSA at ease because it assures them that the audit response is being handled appropriately and ethically. This assures the BSA that it will not have to expend significant resources to enforce its rules. The result is sometimes that the BSA is willing to allow for an extended period of time for the company to provide a response. This has a couple of benefits, but presents a potential drawback as well.
First, any impending fine is best delayed so that the company can better plan to absorb the impact should the assessed fine be large. Second, the BSA, like many organizations have quotas or milestones that they hope to achieve and collect; and they are very busy. The BSA is therefore more likely to have filled their quotas by the end of the year. And if your settlement agreement comes after the quotas are filled, you may get more favorable terms. Note that this is only the settlement agreement, not the actual payment. The BSA is likely to accept payment plans over time as to not financially constrain a company to its demise.
The drawback to delaying the inevitable is that the BSA may take the inability to respond as an indicator that the company is disorganized, and therefore more likely to have committed extensive violations and will submit an inaccurate audit. While a speedy response shows that the company is a well prepared to respond and likely to be more on top of issues like purchasing licensed software and then registering their use of it.
Also, along the line of respecting the BSA’s authority an producing the most favorable result, a company should encourage the person communicating with the BSA attorney during the audit to exhibit good rapport and consistent cooperation and communication.
IV. The Audit and Response
Your attorneys or a competent company agent qualified to conduct the audit and provide a response to the BSA will have a template or sample response that you can use and review. The audit itself should be performed by attorneys so that the process and findings are privileged in case litigation ensues. With hundreds of thousands of dollars of fines being levied on small companies, it may be cost-effective to engage in litigation. And although a company is required to verify the truthfulness of the audit, there remains a need to “control” the information disclosed to the BSA or its attorneys.
V. Avoiding Liability
As part of a complete compliance package, all companies should have an audit conducted either internally or a third party such as the author to know whether it is committing unauthorized use of licensed software by failing to register to ensure that the company will not be subject to an unwieldy fine from the BSA. At a minimum, companies planning for the future should determine its exposure to potential liability to assure that success will not be derailed when it could be prohibited by proper compliance protocols and regular audits. Companies should perform a self-audit on its own operations or with the assistance of a third party.
— — Written by James Huber, partner at Global Legal Resources, LLP law firm. James practices law heavily the corporate space, and his team is experienced in performing BSA audits and preparing a response and negotiating settlements. Contact James Huber at email@example.com.