2019 Legal Spring Clean
Housekeeping tips for maintaining your franchise compliance program annually.
By Richard Morey, CFE, and Will Woods, CFE
Now that the polar vortexes are gone for another year and the FDD annual update process is finished or almost finished (at least for franchisors with December 31 fiscal year ends), it’s time to start thinking about Spring Cleaning. This is a great time of year to review old compliance processes and clean them up to make sure they remain current and reflect best practices. Some good areas of focus are financial performance representations (FPRs), joint employer/no-poaching issues and data protection policies.
FPRs in the Sales Process
FPRs remain one of the best sales tools for strong brands, but also one of the areas of greatest risk for franchise law claims. Hopefully with this year’s FDD update, franchisors have carefully reviewed their Item 19 FPRs to make sure they have a “reasonable basis,” as the franchise regulations, NASAA Commentary on FPRs, and state examiners interpret that term, and are the most effective sales tools for the organization.
Now it’s important to make sure the franchise sales staff, and anyone else who might have contact with prospective franchisees, are familiar with the current FPRs. Perhaps more importantly, they all should be reminded that the information in the new Item 19 is the only sales, revenue or profit information that the franchisor’s staff are permitted to provide to prospective franchisees. This includes not only prospects who are considering their first franchise, but also existing franchisees who are buying additional franchises, and in many cases renewing franchisees. Ensuring that all franchisor personnel understand what is, and what isn’t, included in the current Item 19 will go a long way to eliminating violations for unauthorized FPRs.
Retaining Only Necessary Brand Controls
Joint employer issues have been on franchisors’ minds for some time as they attempt to navigate the narrow path of providing their franchisees guidance on labor and employment issues without exercising (or potentially reserving the right to exercise) the level of control that would make them a joint employer with their franchisees.
A more recent, related issue involves state attorneys general and franchisee employees bringing actions against franchisors alleging that the “no-poaching” provisions in the franchise agreements violate the antitrust laws. These provisions take various forms, but in general prohibit one franchisee, and in some cases the franchisor, from hiring away certain individuals employed by each other and/or other franchisees. Politicians, regulators and plaintiffs’ lawyers argue that these provisions unlawfully prevent individuals from obtaining positions at other brand locations with better pay and benefits.
While most franchisors have already addressed these joint employer and no-poaching concerns in their franchise agreements, the broader lesson is to review all aspects of the standards and compliance program to ensure they remain necessary to protect the brand, the customer experience, and other critical components of the franchise system. Many franchisors, particularly experienced ones, regularly develop standards and requirements for franchisees but fail to review them to ensure they remain relevant.
These non-critical standards and requirements can be evidence that the franchisor retains excessive control over the franchisees’ day-to-day operations in a way that is more likely to render them responsible for employment law and other problems at the franchised locations. Providing (and enforcing) standards involving only system-critical issues can also provide franchisees the flexibility to appropriately adapt to their local customers’ needs.
Data Privacy Throughout the System
Major brands, both franchised- and non-franchised systems, are dealing with data breaches. These breaches result not only in the inevitable class action lawsuits but can also involve regulatory actions by the Federal Trade Commission, state regulators and regulators in other jurisdictions. Laws in this area are constantly changing, from the implementation of the European Union’s General Data Protection Regulation (GDPR) to the California Consumer Privacy Act (CCPA) scheduled to take effect on January 1, 2020. Credit card processors also have their own standards, the Payment Card Industry Data Security Standards (PCI DSS).
Franchisors should review the privacy policies and data security standards for both company-owned and franchised locations to confirm that they comply with all applicable laws, regulations, contractual requirements and industry best practices. Many, if not most, franchise agreements impose on the franchisee the obligation to comply with these requirements. However, in many cases the franchisor has identified point-of-sale and other technology that franchisees are required to use; in those cases, franchisors should confirm that those providers are complying with all relevant standards and legal requirements.
Some franchisors may be reluctant to delve too deeply into their franchisees’ data security compliance, as doing so may increase the risk that those franchisors would be held vicariously liable for any damages arising from a data breach at a franchisee’s location. But as brands that have dealt with data breaches know, in addition to legal liability, the risks to the brand’s goodwill and reputation can be very significant. Many franchise companies have decided to assume the increased vicarious liability risk in an effort to minimize the likelihood that a data breach incident occurs. Regardless, it is critical that franchisors understand the data security landscape in their systems so they can assess risks they face and determine how they can best address them.
Compliance is a year-round task, and should not end with updating the franchisor’s FDD and state registrations. By continually reviewing and improving the areas that are most likely to result in compliance issues, franchisors can minimize the damage to the brand and the franchisor-franchisee relationships that compliance problems create.
Rick Morey, CFE is a Partner at DLA Piper in Chicago. Learn more at franchise.org/dla-piper-supplier. Will Woods, CFE, is a Partner at Baker McKenzie in Dallas.