Compliance Matters Newsletter

IN THIS ISSUE ...

Conflicts of Interest

Do you know how to disclose a conflict of interest?

The Travel Registry

Why do you need to register your business travel?

Compliance Training

A big thank you!

Guest Corner: March Madness – Athletic Compliance   

Learn about the University’s Office of Athletic Compliance Services.

Conflicts of Interest

Questions about conflicts of interest are one of the most frequent questions submitted to the Compliance Office. A conflict of interest occurs when personal interests affect or appear to affect an employee’s professional judgment in performing any University duty or responsibility.   As employees, we have an obligation to act in the University’s best interests when making decisions on the job. 

Sometimes, it is difficult for us to recognize our own conflicts of interest.  We feel confident that we are acting with good intentions and with the University’s best interest at heart, without pausing to think critically about how are actions might appear to those around us.  That’s why it is so important to be aware of potential or perceived conflicts that might crop up.  

The basic standard for dealing with conflicts of interest is simple: if you believe a conflict of interest exists, then treat the situation as if a conflict does exist until you have disclosed and resolved the potential conflict with your supervisor, manager, director, or Human Resources.

The University’s Conflict of Interest policy and the Nepotism and Personal Relationship policy are helpful resources and provide additional information on recognizing a conflict of interest and how to report it.   

The Travel Registry

Faculty and staff traveling internationally on University business must complete the online Travel Registry.  Once you register your travel, you will receive a confirmation email with information about your international travel coverage provided by the University.  

Specifically, registering your travel can activate the University’s authorized international health insurance, political and natural disaster evacuation, facilitate the University’s emergency assistance, and provide you with important pre-departure information/support, as needed and where applicable on your travel.

You will also receive helpful resources on the impact of export control regulations on your travel including a helpful checklist to assist you in determining if further steps are needed for your trip.

You can find the registry here

Compliance Training

A big thank you to all faculty and staff who completed the compliance training modules by the March 1 deadline.  Compliance training lays the groundwork for a healthy workplace culture where we can discuss issues, and head off potential problems before they arise.

If you have not yet completed the modules, it is not too late.  Please go to Talent Web, find the trainings in your transcript and hit the launch button.  

GUEST CORNER:  Athletic Compliance – March Madness  

By Ryan Colton, Deputy Athletics Director and Chief of Staff

What is the role of the Office of Athletics Compliance Services?

The Office of Athletics Compliance Services’ mission is to promote a culture of shared responsibility, accountability, and compliance with NCAA, conference, and University rules and regulations.  The Athletics Compliance Office is designed to ensure that the University’s intercollegiate athletics program is operated within the rules and regulations of the National Collegiate Athletic Association (NCAA), the University, the Atlantic 10 Conference, the CAA Football Conference, and the Patriot League (Women’s Golf).  Compliance with these rules and regulations is the shared responsibility of everyone associated with the University of Richmond.

What are the important NCAA rules University employees must be aware of?

As an employee of the University, you would likely be considered a Representative of Athletics Interests under the NCAA’s broad definition of the term. 

NCAA legislation consists of two main rules that govern the conduct of representatives of athletics interests: 

• Representatives of athletics interests cannot recruit; and

• Representatives of athletics interests cannot give impermissible benefits to student-athletes (current or prospective) or their friends or families.

Other important rules and responsibilities UR employees must know.

Listed below are a few more specific rules that could apply to your interactions with University of Richmond prospective student-athletes:   

Transportation  - University of Richmond employees cannot provide personal transportation to prospects or prospects’ family members. 

Benefits – University of Richmond employees cannot provide prospects or prospects’ family members any money, items of value (e.g., t-shirts, hats, souvenirs), or discounts on items or services unless the same benefits are provided to the general public, the general student population or to all prospective students. 

In-person contacts – Face-to-face recruiting contact between a prospect and an employee of the University that is directed by a University of Richmond coach or otherwise related to athletics is prohibited unless it occurs (a) on the University of Richmond campus; or (b) if off-campus, during a prospect’s official visit and within 30 miles of campus. 

Telephone calls – University of Richmond employees are not permitted to call prospects regarding the athletics program or at the direction of University of Richmond coaching staff member. Employees of the University may receive calls from prospects so long as those calls are unrelated to athletics. All athletically related questions must be directed to the Department of Athletics. 

Electronic communications (e.g., Email, text messaging, Facebook, Twitter) – In most sports, emails to a prospect that relate to athletics are prohibited until September 1^st of the prospect’s junior year. Like telephone calls, employees of the University can receive electronic communications from prospects provided the communications do not relate to athletics. 

Publication of a prospect’s recruitment – University of Richmond and its employees are prohibited from publicizing the recruitment of any prospect or prospect’s visit to campus (e.g., posting a picture of a prospect’s athletically-related visit on social media). 

ASK BEFORE YOU ACT:  The OACS is a resource for the Spider Community.

The forgoing does not constitute an exhaustive list of areas to which NCAA rules and regulations may apply to your interactions with prospective or current student-athletes. Therefore, if you ever have a doubt concerning permissible actions – ASK BEFORE YOU ACT!

The University of Richmond Office of Athletics Compliance Services is here to assist you whenever you have questions about NCAA legislation.  If you have any questions or concerns regarding NCAA rules and regulations, please do not hesitate to reach out.

IN THIS ISSUE ...

How to Prevent Ethical Backslides

Learn how we can avoid one.

How Can You be Compliant in the New Year?

A helpful checklist for the new year.

Guest Corner: Workers’ Compensation  

Learn about the University’s Workers’ Compensation Program.

HOW TO PREVENT ETHICAL BACKSLIDES

Richmond works hard to train staff and faculty in ethics and compliance.   Many other universities and other organizations do this as well.  So how come we still read about scandals and controversies in the areas of ethics and compliance?  One of the reasons – ethical backslides.

It is important to remember that unethical behavior didn’t start out that way.   Behavior often snowballs.   Perhaps there is unrealistic pressure to perform that drives employees to commit unethical or illegal acts. 

How can we avoid this snowball effect? 

Keep ethics at the forefront by creating a culture that encourages employees to report problems.  You often hear this described as a “speak up” culture. 

Good ethical practices don’t just happen.  They need to be worked on continuously by everyone within the University.   You have to live it every day.

You can help in these efforts by completing compliance trainings: familiarize yourself with all the policies and procedure that apply to your job duties and follow them:  support your colleagues’ ethical behavior with positive reinforcement; and report problems to your supervisor or to the Compliance Helpline (804) 287-1800.

These tips were taken from:  Business Ethics: What Everyone Needs to Know by J.S. Nelson and Lynn A. Stout (https://global.oup.com/academic/product/business-ethics-9780190610265?cc=us&lang=en&)

HOW CAN YOU BE COMPLIANT IN THE NEW YEAR?

Every New Year’s, plenty of people create resolutions to learn a new skill, stop a bad habit, or create a good one.  Why don’t we apply this to our Richmond life as well.   Below is a checklist to help you stay compliant during the year:

What do you do when you come across an compliance or ethical issue?

• Know where to locate your department policies: https://policy.richmond.edu/library/index.html?
• Stay current with changing laws and regulations that apply to your department; ask your supervisor to keep you and your team updated
• Develop a best practices guide for your work and your team’s work
• Report any potential issues to your supervisor or to the compliance helpline (804) 287-1800
• Contact the Compliance office if you have any questions regarding potential issues. We are here as a resource. 

GUEST CORNER:  WORKERS’ COMPENSATION 

By Robin Walinski, Risk Management Specialist 

 Q:  What is workers’ compensation?

Workers’ Compensation (WC) is a type of insurance that provides benefits to employees who are injured on the job or develop an occupational illness due to their employment.  The most common WC benefits are Medical – coverage for medical bills and expenses related to the injury or illness; and Wage Loss Replacement – reimbursement to the employee for lost wages when unable to work due to medically-authorized time away from work.

Q: Who is eligible for workers’ compensation benefits?

Employees who suffer work-related injuries or illnesses may be eligible for benefits under the Virginia Workers’ Compensation Act.  Eligible employees include faculty, staff, and student employees whether full-time or part-time.  To qualify, the injury or occupational illness must be in the course and scope of the employee’s job duties.

Q: How does the claims process work?

When an employee is injured due to their work activities, the employee should report the injury to their supervisor immediately, but no later than 30 days from the date of injury, and before seeking medical treatment.  The employee’s supervisor will initiate the claims process by completing the Supervisor’s First Report of Injury found on the Risk Management website.  Next, the supervisor will provide the employee with the Approved Panel of Physicians and alert Risk Management to the location the employee has chosen for medical care so that an authorization for treatment can be sent.  Risk Management will notify the University’s WC insurer of the incident.

Q: What happens the next day after an injury?

After receiving medical treatment, the employee will be given a Work Status Note that states when the employee is able to return to work and/or provides any work restrictions.  It is the employee’s responsibility to provide the Work Status Note their supervisor after each medical visit.  Failure to do so could impact or delay the employee’s WC benefits.  The supervisor must notify Risk Management if the employee is unable to work at any time during the claims process.

Q:  Will I receive phone calls from anyone regarding my injury?

Yes, the injured employee should expect to be contacted by individuals from the following areas: department supervisor, Risk Management, the WC insurer, and medical providers.  It is very important to take these calls and remain in communication throughout the claims process.  Failure to do so could impact or delay the employee’s WC benefits.

Q:  Who should I contact if I have further questions regarding the WC Process?

Feel free to contact the Risk Management team if you have any questions regarding Workers’ Compensation coverage or procedures.  Our office number is 804-289-8824 and we can be reached by email at:  risk@richmond.edu. 

For more information, the Virginia Workers’ Compensation brochure can be found at: https://workcomp.virginia.gov/sites/default/files/documents/Workers-Compensation-Brochure.pdf.

IN THIS ISSUE ...

Compliance Week Recap:

Did you miss Compliance week?  Keep reading for a recap of the week and the winners of our great prizes.

Holiday Phishing Attacks

Be on the lookout for these potential attacks!

Guest Corner: Internal Audit 

Come meet our Associate Vice President for Internal Audi

COMPLIANCE WEEK RECAP

On November 6 – 10, 2023, the Compliance Office celebrated our annual Ethics and Compliance Week observation.   The Week was a chance for all employees to learn about compliance and ethics and have a little fun too. 

The Week started with a dedicated website announcing a Jeopardy game, a word find and an athletic compliance challenge.   Each day, Compliance Bytes featured an important Word of the Day.  The Director of Compliance participated in the Morning Blend for the Faculty Hub with a presentation on “Sexual Misconduct and Your Role as a Faculty Member”.  If you missed the presentation, the Hub has archived the talk.  The week ended with a compliance table at the Benefits Fair.

Prize Alert

For all those that participated in the activities and games, thank you!!   If you are curious as to who won the prizes, see below

Richmond Swag Bundle – Ingrid Lasrado

Women’s Basket Ball tickets – Kristen Ball

Men’s Basketball tickets – Kathy Ziegenfus

Richmond Sweatshirt – Bryan Moyer

Basketball signed by both men’s and women’s basketball coaches – Danise Stetson  

 Done but Not Gone

Although Ethics and Compliance Week is over, it doesn’t mean that resources are gone.  Check out the Compliance website:  Richmond.edu/compliance for helpful information and resources.

HOLIDAY PHISING ATTACKS

Between Thanksgiving and New Year’s Day, cybercriminals are especially active.  As we are thinking about family, time off, and gifts, we may pay less attention to the many emails we receive, order confirmations, promotional offers and e-cards.  This is when cybercriminals try to lure you into action.  Don’t be a victim.  Check out these helpful tips:

Gift card scams

Many holiday scams involve buying and selling fake gift cards or tricking you into paying someone with a gift card. If you receive an urgent call or email asking for payment via gift card, assume it is a scam. According to the Federal Trade Commission (FTC), real businesses and government agencies will never request gift cards as payment. If you purchase gift cards in a store, carefully examine the PIN to ensure it hasn’t been altered, and get a receipt so that you can verify the purchase in case the card is lost or stolen.

Charity scams

Hackers often take advantage of people’s goodwill by creating fake charities, such as GoFundMe campaigns. Before donating money or sharing any information, do your research — double-check that the URL and charity details are legitimate.

Online Shopping

As more folks opt for the convenience of online shopping, it’s important to consider these best practices to stay safe this season.

• Use secure Wi-Fi
  Shopping online while using public Wi-Fi at places like restaurants, hotels and airports is risky. If you need to make purchases on the go, connect to a virtual private network or use your phone as a hotspot for secure shopping.
• Think before you click
  If you receive a sales offer via email or text that seems unbelievable, it could be a phishing scam. Keep an eye out for the classic signs of phishing, like typos and grammar mistakes, suspicious links and unusual email addresses. To verify an offer, go directly to the company’s website rather than clicking a link.

• Consider payment options
  Because most credit card companies offer more consumer protections, credit cards are a safer form of payment than debit cards. Fraudulent debit card charges can also take 30-60 days to be reversed, during which time your account may be frozen. Consider using a virtual credit card number or third-party payment service such as Amazon Pay, PayPal, Google Pay or Apple Pay to avoid entering your credit card information directly.

GUEST CORNER:  Internal Audit

By Du’Neika Easley, Associate Vice President for Internal Audit

Du’Neika Easley, Associate VP of Internal audit has been with the University since 2012. After spending almost three years in the Office of Planning & Budget, she transitioned to Internal Audit. She is a Certified Public Accountant with 20 years of auditing experience.

1. What is Internal Audit’s role at the University of Richmond?

Internal audit provides independent, objective reviews of the University’s business processes, as the third line of defense in managing risk. We gather information throughout the audit process and make recommendations to improve internal controls and compliance with University policies or other regulations.

1. How does Internal Audit determine which areas to audit?

Each year Internal Audit develops a project plan to review areas of potential risk. Risks are assessed through conversations with leadership, data from the University’s Enterprise Risk Management process, and trends in higher education. The Board of Trustee’s Audit and Compliance Committee approves the final plan.

Risk Assessment Process

1. What is a common misconception people often have about Internal Audit?

There are two common misconceptions. The first being that our goal is to find errors. While this may occur it’s not the goal. The audit process is designed to be collaborative and support our auditees in addressing concerns. The second misconception is that we “approve” or define the appropriate internal controls. On the contrary, we only make recommendations. Management is responsible for determining which controls to implement based on a number of factors including feasibility and resources.

1. What other services does internal audit offer?

Internal audit is available to provide advice on policies, procedures, and process changes. As previously mentioned, we must remain independent, but we offer our industry knowledge to support management in making decisions.   We are always just a phone call or email away!

IN THIS ISSUE ...

Political Activity on Campus

A description of what political activity is allowed

Don’t Forget Compliance Education

Reminders for your training

Compliance and Ethics Awareness Week

Mark your calendars!

Guest Corner: John Craft

Recognizing Cybersecurity Month

Political Activity on Campus 

Watch television or surf the web for just 10 minutes these days and you can’t miss the fact that we are deep in political campaign season.

You might not know that the University is prohibited by law from participating, directly or indirectly, or intervening in political campaigns.  This restriction is essential to the University maintaining its status as a tax-exempt organization under Section 501(c)(3) of the Internal Revenue Code.

However, there are situations when the University’s facilities and resources can be used in connection with political campaigns.  You can find detailed information on these exceptions in the Policy on Political Campaign Activities on Campus. 

Please remember that this policy does not apply to or restrict in any way the discussion of political issues, teaching of politics or campaign-related subjects, or academic research involving political issues, or campaigns.

Don’t Forget Compliance Education!

If you haven’t yet already done so, don’t forget to complete your compliance training.  All Faculty and Staff and Administrators are assigned annual training in the areas of Cybersecurity, Harassment and Discrimination Prevention and FERPA (Family Educational Rights and Privacy Act) if you access to student educational records.

Your training invites will come from Kris Henderson, Director of Compliance, and you can find the training on Talent Web on the Human Resources website (hr.richmond.edu) 

If you have any questions, reach out to khender3@richmond.edu

Compliance and Ethics Awareness Week!

Mark your calendars for November 5-11, 2023 for the University’s observance of National Compliance and Ethics Awareness Week.

The week is a chance for faculty and staff to learn about compliance on campus and to celebrate our collective efforts to make UR a wonderful place to work. 

The week will bring online activities and compliance officer appearances – all with opportunities to win some fun prizes.

We look forward to your participation!

GUEST CORNER:  Cybersecurity Awareness Month

By John Craft, Director of Information Security

October is Cybersecurity Awareness Month, and this is a great time of year to think about securing your digital life.  In this age of ever-increasing reliance on technology in our daily lives, securing your data and devices is of the utmost importance. Think about how many times you use technology in your daily life.  It may be that trip to the coffee shop or grocery store, getting gas, registering for an event, or just sending a message to your friends or family through email or social media.  All of these could be impacted if you do not remain aware of cybersecurity risks and take steps to protect yourself.

Research estimates that a successful cyber-attack occurs every 39 seconds and that by 2025 cybercrime will cost the world $10.5 trillion annually.  Statistics like those are very daunting and might easily discourage you.  However, you are very unlikely to be a victim of cybercrime if you follow some fundamental best practices for your information security.

1. Use multifactor authentication (MFA) whenever it is available for your accounts. MFA has been proven to stop 99.9% of account compromise attacks.  Don’t delay, enable MFA!
2. Don’t reuse your passwords. If your password is compromised, every account that uses that password is at risk.  Make sure you are using strong, unique passwords for every account.  UR makes this simple by offering all students, faculty, and staff a FREE LastPass Premium account. Just search for “LastPass” on the UR website for instructions on how to get this.
3. Update your systems and applications. Vulnerabilities are regularly discovered in the software on our systems and applications. Make sure you are applying security updates regularly to ensure a bad actor cannot take advantage of unpatched vulnerabilities.
4. Think before you click. Never click on a link in an email or an untrusted website without thinking about the circumstances. Phishers try to impersonate someone you trust or instill a false sense of urgency to make you click without thinking.  So, stop and ask yourself “Do I trust this link?” before clicking.  That simple process can save you from a world of grief if you fall for a phishing scam. Always remember – if it sounds too good to be true, it most likely is not!
5. Back up your critical data. Everyone has heard of the dangers of ransomware. Having a secure backup of your data, protected by MFA, can help you sleep better at night knowing that you can always restore your data if needed.
6. Monitor your credit reports. What used to be a difficult and time-consuming process has become much easier in recent years. Ensure that you take the time to annually review your credit report with the major credit bureaus. Information security has a page dedicated to protecting yourself from identity theft at https://is.richmond.edu/infosec/securityawareness/tips/idtheft.html.

If you can integrate these fundamental practices into your digital lifestyle, you are much less likely to be a victim of cybercrime.

UR Information Security is planning several events to celebrate Cybersecurity Awareness Month.  For a full listing of these events go to our website at https://is.richmond.edu/infosec/events/index.html.  Of note this year, we are hosting a Capture the Flag (CTF) competition that is open to all students, faculty, and staff.  This competition will have fun challenges for users of all skill levels and let you think like a hacker! Come join the fun the first week of November!

In This Issue...

A Short Introduction

Saying hello and setting up expectations for our newsletter

What Exactly is Compliance?

An introduction to newcomers and a refresher to returning employees

Guest Corner: Maribel Street

Staying prepared for emergencies during the fall semester

Introducing Compliance Matters: What to Expect Here

Welcome to the Compliance Matters Newsletter, Volume One!  We’re excited to present to you the latest and greatest from Richmond’s Compliance Office. 

In this newsletter, you can expect to find the following:

• Tidbits and information about the Office of Compliance and compliance-related issues
• Reminders on compliance education and tools you’ll need
• Guest appearances from other Richmond colleagues

Regardless of who you are, compliance is an issue that effects everyone, at every level.   From faculty to students to staff, we hope this newsletter can be a source of information, clarity and interest as we pursue the highest standards of ethical conduct here at Richmond.

The Office of Compliance is a resource that is available to all Richmond departments.  Please reach out for questions or use the Helpline 804 287-1800 or the online reporting form.  

What Exactly is Compliance?

By Kris Henderson, Director of Compliance

Welcome to another academic year at Richmond.   I want to take this space to talk about what Compliance at Richmond is all about.   Richmond’s Compliance program is an ethics-based program not just a regulatory one.  What exactly does that mean?

Let’s start with a few definitions.

Compliance is the adherence to laws, regulations, policies and guidelines relevant to the University.  Our job is to provide guidance on understanding what’s required of each employee.  That’s why compliance education is so important.  You can’t follow a law, regulation or policy unless you know what it is.

Ethics is concerned with what is right and wrong.  Ethics goes beyond what the law requires. It involves doing the right thing and following both the spirit and not just the letter of the law.

Have you ever thought about why the speed limit on your local highway is what it is?   No matter what it is, 60 mph, 65 mph, 70 mph, a local “compliance” officer working with “business” stakeholders developed a policy regarding public safety that involved setting a speed limit and procedure for enforcement as well as discipline for violations.   That sounds like a strong compliance program.  But merely posting a standard, like a speed limit, does not ensure compliance. Wouldn’t it be great if everyone respected the standard because everyone knew it was the right thing to do and by following the standard it would make the organization a better place to work as well as being more effective?  That’s where a culture of ethics comes in working hand in hand with compliance.

Guest Corner: Emergency Preparedness

By Maribel Street, Director of Emergency Management 

In observance of National Preparedness Month, the Office of Emergency Management is hosting a month-long series of events during September. National Preparedness Month exists to raise awareness about the importance of preparing for disasters and emergencies that could happen anytime, both on and off campus. 

National Preparedness Month is a great opportunity for our campus to engage with emergency preparedness and safety, and we are thrilled to be part of that effort in welcoming everyone back to campus for the fall 2023 semester. This month’s activities include:

September 13^th 10-2pm Campus Forum – safety/preparedness fair with activities/info/swag/prizes

September 22^nd 7:30pm Westhampton Green - Disaster movie on the lawn (Student choice)

September 28^th 7pm Alice Haynes Room – Survival Cook Off Event

For more information on National Preparedness Month and to learn more about the Office of Emergency Management download the UR SpiderSafe app!