Liability driven investing conference 20111

We are not sanctioning the code itself. It's going to be challenged in court. Currently, there's a lawsuit against Treasury by some Coinbase employees and on this exact issue, we're going to be talking about this again, Anna, over the next few months, but I leave you with that.

Look, OFAC has provided some guidance. It's helpful. I think we're likely to see more. Delaney: Complex but a clear explanation. I really appreciate that, Ari. Always brilliant talking with you. Thank you. Redbord: Great talking to you too. We'll talk soon. Delaney: So Tom, it's over to you. Field: I always learn a lot from Dr. Crypto or the Blue Devil, whatever you want to call him today. So I appreciate you bringing Ari on to our stage here. I want to bring back another long-time guest.

He's been a figurehead on our stages and on our sites for years now. He's David Pollino. David, always a pleasure to see you. David Pollino: Good morning. It's great to be here. Field: David, we have the privilege and the responsibility of living in, as they say, interesting times, and particularly interesting for cybersecurity leadership. On one hand, we've got the former Twitter head of security appear before Congress this week, talking about his explosive whistleblower disclosures which alleged that Twitter has got serious security and privacy vulnerabilities.

Same time, we see an upcoming landmark trial where Uber's previous security officer is facing criminal charges in regards to a breach at that organization. CISOs are watching these two cases closely. Pollino: These cases are fascinating to state something up-front, what we know about the whistleblower case is largely one-sided from, the whistleblower from Mudge. And what we know about the Uber cases was largely from the Department of Justice.

So we're seeing one side of each story. But it is fascinating to be able to look into these highly respected companies with these highly respected CISOs and see what's going on by reading the information that's been publicly provided. These cases have a lot in common. But they also show that even these highly funded, highly respectable companies have challenges with cybersecurity. And what we can do as CISOs and security professionals is to read through them and say, "How can we learn and apply or potentially, in some cases, avoid making the same mistakes as these companies had," because what you had was, you had very public security issues that were highlighted, and then regulatory action, you had several years to work on those issues.

And then you had basically not the anticipated amount of progress, and incidents continue to happen. So how do you highlight those things? How do you use the lessons learned there, and there are a couple of things in there that I think that kind of highlight to the top. And for both of them, I think security culture is one of those key aspects. A CISO, by himself, is not going to be able to keep a company secure. Absolutely not. You need the full support of the board, you need the executive committee to be on with you, and you need to make sure that incentives and behavior are aligned to promote good security practices.

We see in the whistleblower report that some of the measurements that were used, that were proxies for how secure or how many bots were on the network, that those were tilted in such a way to promote revenue and earnings. And maybe not necessarily made to find all the bots on the network.

And because of the culture of the company that was allowed to be the prevalent attitude, and, as a result, a lot of the initiatives that the CISO wrote about in the whistleblower report, we're not receiving the traction. So learning from these reports is very important.

And it's up to us as security professionals to take advantage of this public information. Now, I realize this was under Chatham House rules, I'm not going to ask you to disclose anything and you shouldn't. But talk about the mood in the room. Where do you see your peers standing regarding the ethical implications for CISOs and cybersecurity leaders? Pollino: That's an excellent question there. I think what you're seeing here is the stakes are higher than ever, one case you have being called before Congress.

And like it or not, Mudge is one of the most respected security people, I've known him for several years, used to work with him. He's probably forgotten more about security than most security people will ever know. Taking this step in his career is life changing for him, so he must have thought through it and understood what he was getting into. And on the flip side, having two felony cases or accounts brought against you by the Department of Justice, that's life changing as well for another well-respected chief information security officer.

So what we tried to talk about a little bit is, as this is one of the things that I'm pondering as well is, as you're thinking about where the CISO operates and what level of authority that the CISO has and how the CISO is viewed by the board and even how board members are part of, or not part of, that interview process and what insurance might be appropriate for a CISO, you're getting what in many cases, it used to be that the CISO was not executive committee member.

And maybe much of the messages from the CISO were filtered through an executive committee, a CIO or some other executive committee member, now wanting to have direct engagement with the board, wanting to make sure that the CISO is put in the position and if there are real security issues that are found, that they're able to make progress on it, highlight it, and also report on it in a way that makes the CISO feel comfortable.

One of the quotes in the whistleblower report is that Mudge said that they had 10 years of unpaid security bills. And if you talk to anyone in that room, everybody has some level of unpaid security or tech debt, you have some companies that are good at encryption, but terrible at patching.

Some are good at least privilege and administrative access, and others are bad at education and awareness. So there's always going to be some areas where you're higher or lower than your peers. But I think the key thing that's coming out of this is the "So what can you do about it now? And where does that take you? What's the disconnect? So I think when it comes to having an accurate measurement of where you are, and where you need to go, and having the authority to be able to push in the right direction is very important.

One of the surprising things also that fell out of the whistleblower report had to do with the focus on production and that sometimes, the focus on production outweighed the need for security. So many of the tests were not in a full test environment, they were tested in production, according to that report, and when the September or the January 6th events were happening, and the CISOs, we locked down our production environment.

The answer was we can't, we don't know how to do it. So I think there's lots to be thought through for not only what can go wrong, but also what could go right when faced with foreseeable situations. And so there was lots of conversation in the room, we had to cut it short at the hour. The questions were flying, the opinions were on display, but it was a great conversation.

And if you haven't dove into both the whistleblower report, watch the C-span coverage of Pietrzak, or read the Department of Justice Report. It's some pretty good reading for your next airplane fly. Field: They will change our conversation. And it makes a strong point that if the CISO is in a position to be called before Congress and report to Congress, perhaps the CISO is in position to be reporting to senior business management, the board as well.

David, as always, appreciate your time, your insight. Pollino: Absolutely. Field: Anna. So we bring Ari back into the room and wrap up our conversation today. Delaney: Let's do that. Well, as we mentioned earlier, the November US midterm elections are just two months away. What are your concerns of election interference as we approach the vote? Redbord: Is that for me? Delaney: We'll give David a break. Redbord: Absolutely, this is probably taking my TRM crypto hat off.

And when I was a prosecutor, these were issues that we were looking at for a long time, spanned a number of elections at the US Department of Justice. And I think we've only just seen it get more serious. And I think what we saw this week and some reporting is that Russia is using real resources, which are becoming more valuable as the war effort goes on, and all of that, and we're seeing the gains by Ukraine.

So, but the reality is, this is still focus. And we're going to continue to see and I think it's that we need to remain vigilant from a social media perspective, we need to remain vigilant when we're even talking about these things and talk really responsibly about them. So I think Tom made a great point in that outset that this is a reality that we are now living with. And we've talked for a long time that wars have moved to a digital battlefield, with exceptions, and this is a prime example like that.

And in the age of the Internet, that was more centralized. I think we're seeing it become more decentralized and it becomes harder to get your hands around. So I think the key is remaining vigilant. And yeah, I think it's going to be a tough question, but something we're going to live with for a long time. Pollino: Yeah, it was a great point, Ari. And I think it's much like the supply chain issues that we've seen over the last couple of years. It's amazing how something, that maybe not that you're not thinking about could impact your ability to deliver to your customers.

So in some cases, it was semiconductors or other things that may have been still stuck on the boat are not readily available. So there's no doubt going to be cyber activity related to the election. And much like NotPetya was kind of targeted at one particular area, but the blast area was a lot larger, and what are ways that either misinformation or cybersecurity activity could negatively impact your business. I think it's important for everybody to think about not only the primary areas that they could be impacted, but also the second and third areas to be able to say, what should we be investing in, either from a cyber defense perspective, or monetary perspective.

That way, if things get bad, or if activity ratcheted up, how can we do it in such a way that we can continue to deliver to our customer, so I think approaching it first from a tabletop and from an academic perspective will put people in the best position to not be impacted from their businesses and what's going to happen at the election. Delaney: Yeah, very important perspectives.

And I heard that there's a new risk in And that's physical safety threats to election officials and their families and their workplaces. And I don't think this was so much of an issue or that was discussed as much in , It seems like yet another way to weaken election infrastructure, I don't know if you've heard the same. Field: I see some of that down, I would just say that the concerns I have is that we did see what happened , and on a large national scale. My personal concern is that might be the year of small ball.

In other words, we've got so many regional elections happening that can reshape Congress in many ways. I wouldn't be surprised to start seeing some of the tactics we saw on a national scale now come down to a smaller scale. And I don't know that states and regions are prepared for that. Pollino: That's a great point, Tom. Another thing that I like to bring up with some of my clients is around thinking about not only yourself, but also your perimeter, your orbit, when you're thinking about these security issues.

So whether it's Daxin, or physical attacks, what information is out there about you, where you are, how you operate? And then you go to the next level. What about my family? What about my kids? How could that be used either against me, or in such a way that if somebody was planning some cyber Daxin-type of attack, or physical attack that they'd be able to do that? I think it's important for everybody to sit down, have a serious conversation with their family, those people who they trust and say, "What are we doing from a security perspective?

Are we limiting information sharing? Are we turning on good authentication? Are we staying away from reusing passwords? Redbord: Yeah, it's scary. There's absolutely no doubt. And just constantly feeling like a victim of these attacks, thankfully, not many, but we're all getting these text messages these days that say, "Hey, Ari, long time, no talk," and it's just this, you almost feel like you're being attacked so often.

In jobs where workers are not actively engaged or have "time on their hands," harassing or bullying behavior may become a way to vent frustration or avoid boredom. Not surprisingly, then, workplace cultures that tolerate alcohol consumption during and around work hours provide a greater opportunity for harassment.

In other workplaces, particularly those where social interaction or client entertainment is a central component of the job sales, for example , alcohol use may be more ritualized and thus present more of a potential risk factor. Decentralized Workplaces Decentralized workplaces, marked by limited communication between organizational levels, may foster a climate in which harassment may go unchecked.

In such workplaces, some managers may feel or may actually be unaccountable for their behavior and may act outside the bounds of workplace rules. Others may simply be unaware of how to address workplace harassment issues, or for a variety of reasons may choose not to "call headquarters" for direction.

But the instinct of our Select Task Force members that we should devote time and resources to exploring and categorizing possible risk factors is borne out by what we have learned. The objective of identifying risk factors is not to suggest that having these risk factors will necessarily result in harassment in the workplace.

A single risk factor may make a particular workplace more susceptible to harassment; more broadly, industries with numerous risk factors may be at greater risk of harassment in their workplaces and greater risk of the harassment not being identified and remedied. The objective of identifying and describing these risk factors is to provide a roadmap for employers that wish to take proactive actions to ensure that harassment will not happen in their workplaces.

We stress that employers need to maintain "situational awareness" - an employer noting surprise that women were being sexually assaulted on the night shift when they worked in isolation and their schedules were controlled by men is cold comfort to the victims of these assaults. The next Part of our report describes a number of actions that employers can take to prevent harassment, including an assessment of these risk factors. In addition, Appendix C includes a chart with suggestions for addressing each of these risk factors in a proactive manner.

The question is whether there is anything we can do to prevent harassment to a significant degree. We believe the answer to that is "yes. If it were easy, it would have happened a long time ago. The following sections lay out our analysis, based on what we have learned over the past year, for achieving what some may see as a quixotic goal, but which we see as a moral and legal imperative.

We heard this from academics who testified to the Select Task Force; we heard it from trainers and organizational psychologists on the ground; and we read about it during the course of our literature review. Two things - perhaps two faces of the same coin - became clear to us. First, across the board, we heard that leadership and commitment to a diverse, inclusive, and respectful workplace in which harassment is simply not acceptable is paramount.

And we heard that this leadership must come from the very top of the organization. Second, we heard that a commitment even from the top for a diverse, inclusive, and respectful workplace is not enough. These accountability systems must ensure that those who engage in harassment are held responsible in a meaningful, appropriate, and proportional manner, and that those whose job it is to prevent or respond to harassment, directly or indirectly, are rewarded for doing that job well, or penalized for failing to do so.

These two sides of the coin - leadership and accountability - create an organization's culture. An organization's culture is set by the values of an organization. To achieve a workplace without harassment, the values of the organization must put a premium on diversity and inclusion, must include a belief that all employees in a workplace deserve to be respected, regardless of their race, religion, national origin, sex including pregnancy, sexual orientation, or gender identity , age, disability, or genetic information, and must make clear that part of respect means not harassing an individual on any of those bases.

In short, an organization's commitment to a harassment-free workplace must not be based on a compliance mindset, and instead must be part of an overall diversity and inclusion strategy. Organizational culture manifests itself in the specific behaviors that are expected and formally and informally rewarded in the workplace. As one of our witnesses explained, "[O]rganizational climate is an important driver of harassment because it is the norms of the workplace; it basically guides employees.

This common-sense assumption has been demonstrated repeatedly in research studies. First, leadership must establish a sense of urgency about preventing harassment. That means taking a visible role in stating the importance of having a diverse and inclusive workplace that is free of harassment, articulating clearly the specific behaviors that will not be acceptable in the workplace, setting the foundation for employees throughout the organization to make change if change is needed , and, once an organizational culture is achieved that reflects the values of the leadership, commit to ensuring that the culture is maintained.

For example, if employees tend to work in isolated workspaces, an employer may want to explore whether it is possible for the work to get done as effectively if individuals worked in teams. In a workplace where an employee's compensation is directly tied to customer satisfaction or client service, the employer may wish to emphasize that harassing conduct should be brought immediately to a manager's attention and that the worker will be protected from retaliation.

In workplaces with many teenagers and young adults entering the workforce, the employer may wish to have an orientation in which conduct that is not acceptable is clearly described and workers are encouraged to come forward quickly with any concerns. Another way to communicate a sense of urgency is to conduct a climate survey of employees to determine whether employees feel that harassment exists in the workplace and is tolerated.

Several researchers have developed such climate surveys, and the military has adopted them on a widespread scale in recent years. Second, an organization must have effective policies and procedures and must conduct effective trainings on those policies and procedures.

Anti-harassment policies must be communicated and adhered to, and reporting systems must be implemented consistently, safely, and in a timely fashion. Trainings must ensure that employees are aware of, and understand, the employer's policy and reporting systems. Such systems must be periodically tested to ensure that they are effective. Our detailed recommendations concerning these policies and trainings are discussed in the following sections. Third, leadership must back up its statement of urgency about preventing harassment with two of the most important commodities in a workplace: money and time.

Employees must believe that their leaders are authentic in demanding a workplace free of harassment. Nothing speaks to that credibility more than what gets paid for in a budget and what gets scheduled on a calendar. For example, complaint procedures must be adequately funded in the organization's budget and sufficient time must be allocated from employee schedules to ensure appropriate investigations. Similarly, sufficient resources must be allotted to procure training, trainings must be provided frequently, and sufficient time must be allocated from employee schedules so that all employees can attend these trainings.

Moreover, if an organization has a budget for diversity and inclusion efforts, harassment prevention should be part of that budget. Finally, in working to create change, the leadership must ensure that any team or coalition leading the effort to create a workplace free of harassment is vested with enough power and authority to make such change happen. An employer that has an effective anti-harassment program, including an effective and safe reporting system, a thorough workplace investigation system, and proportionate corrective actions, communicates to employees by those measures that the employer takes harassment seriously.

This in turn means that more employees will be likely to complain if they experience harassment or report harassment they observe, such that the employer may deal with such incidents more effectively. With regard to individuals who engage in harassment, accountability means being held responsible for those actions.

We heard from investigators on the ground, and we read in the academic literature, that sanctions are often not proportionate to the inappropriate conduct that had been substantiated. When I asked them what they wanted to accomplish, they indicated that several individuals were continuing to tell off-color jokes and make inappropriate comments. While I welcomed the opportunity to be of service, it seemed to me that the issue was not what training to do next but rather why these decision-makers hadn't taken steps to deal with these individuals' behavior and failure to perform to clear standards.

Stephen Paskoff, 8 Fundamentals of a Civil Treatment Workplace With regard to mid-level managers and front-line supervisors, accountability means that such individuals are held responsible for monitoring and stopping harassment by those they supervise and manage.

For example, if a supervisor fails to respond to a report of harassment in a prompt and appropriate fashion, or if a supervisor fails to protect from retaliation the individual who reports harassment, that supervisor must be held accountable for those actions. Similarly, if those responsible for investigations and corrective actions do not commence or conclude an investigation promptly, do not engage in a thorough or fair investigation, or do not take appropriate action when offending conduct is found, that person must be held accountable.

When C-level employees [i. Everyone notices what the C-Suite notices. Accountability also includes reward systems. If leadership incentivizes and rewards responsiveness to anti-harassment efforts by managers, that speaks volumes. For example, a number of witnesses noted that companies who were successful in creating a culture of non-harassment were those that acknowledged and "owned" its well-handled complaints, instead of burying the fact that there had been a complaint and that discipline had been taken.

We heard that using the metric of the number of complaints lodged within a particular division, with rewards given to those with the fewest number of complaints, might have the counterproductive effect of managers suppressing the filing of complaints through formal and informal pressure. In contrast, if employees are filing complaints of harassment, that means the employees have faith in the system.

Thus, using the metric of the number of complaints must be nuanced. Positive organizational change can be reflected in an initial increase of complaints, followed by a decrease in complaints and information about the lack of harassment derived from climate surveys. Before moving on to detailed recommendations, we pause to highlight a radically different accountability mechanism that we find intriguing, and solicited testimony regarding at one of our public meetings.

A number of large companies, such as McDonald's and Wal-Mart, have begun to hold their tomato growers accountable by buying tomatoes only from those growers who abide by a human rights based Code of Conduct, which, among other elements, prohibits sexual harassment and sexual assault of farmworkers. The companies agreed to the program because of consumer-driven market pressures, and most of the agricultural companies that entered the program did so because of the resulting financial pressures.

There is also a worker-triggered complaint resolution mechanism, which can result in investigations, corrective action plans, and if necessary, suspension of a farm's "participating grower" status, which means the farm could lose its ability to sell to participating buyers.

If employers put a metric in a manager's performance plan about responding appropriately to harassment complaints, but then do nothing else to create an environment in which employees know the employer cares about stopping harassment and punishing those who engage in it - it is doubtful that the metric on its own will have much effect.

If an employer has a policy clearly prohibiting harassment that is mentioned consistently at every possible employee gathering, but does not have a system that protects those who complain about harassment from retaliation, the policy itself will do little good.

It is not that policies and metrics are not important. To the contrary, they are essential components of a harassment prevention effort. But holistic refers to the whole system. Every activity must come together in an integrated manner to create an organizational culture that will prevent harassment. In light of what we have learned in this area, we offer the following recommendations: Employers should foster an organizational culture in which harassment is not tolerated, and in which respect and civility are promoted.

Employers should communicate and model a consistent commitment to that goal. Employers should assess their workplaces for the risk factors associated with harassment and explore ideas for minimizing those risks. Employers should conduct climate surveys to assess the extent to which harassment is a problem in their organization.

Employers should devote sufficient resources to harassment prevention efforts, both to ensure that such efforts are effective, and to reinforce the credibility of leadership's commitment to creating a workplace free of harassment.

Employers should ensure that where harassment is found to have occurred, discipline is prompt and proportionate to the severity of the infraction. In addition, employers should ensure that where harassment is found to have occurred, discipline is consistent, and does not give or create the appearance of undue favor to any particular employee.

If employers have a diversity and inclusion strategy and budget, harassment prevention should be an integral part of that strategy. In this section, we set forth what we have learned about how to make each of these components as successful as possible. Anti-Harassment Policies An organization needs a stated policy against harassment that sets forth the behaviors that will not be accepted in the workplace and the procedures to follow in reporting and responding to harassment.

Employees in workplaces without policies report the highest levels of harassment. An employer's policy should be written in clear, simple words, in all the languages used in the workplace. The points we note above describe the content of an effective policy, but the words of the policy itself should be simple and easy to understand.

Similarly, an effective policy should make clear that harassment on the basis of any protected characteristic will not be tolerated. Itis also not sufficient simply to have a written policy, even one written in the most user-friendly fashion. The policy must be communicated on a regular basis to employees, particularly information about how to file a complaint or how to report harassment that one observes, and how an employee who files a complaint or an employee who reports harassment or participates in an investigation of alleged harassment will be protected from retaliation.

Appendix B includes a checklist for an effective harassment prevention policy. Social Media An additional wrinkle for employers to consider, as they write and update anti-harassment policies, is the proliferation of employees' social media use. Arguably, the use of social media among employees in a workplace can be a net positive. As noted by a witness at the Commission's meeting on social media, social media use in the workplace can create a space for "less formal and more frequent communications.

Unfortunately, social media can also foster toxic interactions. Nearly daily, news reports reflect that, for whatever reasons, many use social media to attack and harass others. For example, an anti-harassment policy should make clear that mistreatment on social media carries the weight of any other workplace interaction. Supervisors and others with anti-harassment responsibilities should be wary of their social media connections with employees.

And, procedures for investigating harassment should carefully delineate how to access an employee's social media content when warranted. In context, social media - specifically its use in the workplace - is relatively new. Plus, it seemingly changes at an exponential pace. For now, however, the constant for employers is that social media platforms are potential vehicles for workplace-related interactions. And wherever that exists, employers must be aware that harassment may occur.

Accountability requires that discipline for harassment be proportionate to the offensiveness of the conduct. For example, sexual assault or a demand for sexual favors in return for a promotion should presumably result in termination of an employee; the continued use of derogatory gender-based language after an initial warning might result in a suspension; and the first instance of telling a sexist joke may warrant a warning. Although not intended as such, the use of the term "zero tolerance" may inappropriately convey a one-size-fits-all approach, in which every instance of harassment brings the same level of discipline.

This, in turn, may contribute to employee under-reporting of harassment, particularly where they do not want a colleague or co-worker to lose their job over relatively minor harassing behavior - they simply want the harassment to stop. Thus, while it is important for employers to communicate that absolutely no harassment will be permitted in the workplace, we do not endorse the term "zero tolerance" to convey that message. Reporting Systems for Harassment; Investigations; Corrective Actions Effective reporting systems for allegations of harassment are among the most critical elements of aholistic anti-harassment effort.

A reporting system includes a means by which individuals who have experienced harassment can report the harassment and file a complaint, as well as a means by which employeeswho have observed harassment can report that to the employer. Ultimately, how an employee who reports harassment either directly experienced or observed fares under the employer's process will depend on how management and its representatives act during the process.

If the process does not work well, it can make the overall situation in the workplace worse. If one employee reports harassment and has a badexperience using the system, one can presume that the next employee who experiences harassment will think twice before doing the same. For employers that have a unionized workplace, the role of the union in the employer's reporting system is significant.

If union representatives take reports of harassment seriously, and support complainants and witnesses during the process, that will make a difference in how employees who are union members view the system. Similarly, because unions have obligations towards all union members, the union must work with the employer to have a system that works in a fair manner for any individual accused of harassment.

There is a significant body of research establishing the many concerns that employees have with current reporting systems in their workplaces. In other situations, the employer may need to do an immediate intervention and begin a thorough investigation. Of course, the operational needs and resources of small businesses, start-up ventures, and the like, will differ significantly from large, established employers with dedicated human capital systems or "C Suites" of senior leadership.

But the principle of offering an accessible and well-running reporting system remains the same. We heard some innovative ideas for making that commitment clear. One witness described a company that established a small internal group of key "C-Suite" personnel who were informed immediately regarding any harassment complaint unless a conflict of interest existed.

The small group of senior leaders was then regularly updated regarding investigation outcomes and prevention analysis. In a smaller business, this "group of senior leaders" may be the business's owner or the highest-ranking members of management. We heard strong support for the proposition that workplace investigations should be kept as confidential as is possible, consistent with conducting a thorough and effective investigation. We heard also, however, that an employer's ability to maintain confidentiality - specifically, to request that witnesses and others involved in a harassment investigation keep all information confidential - has been limited in some instances by decisions of the National Labor Relations Board "NLRB" relating to the rights of employees to engage in concerted, protected activity under the National Labor Relations Act "NLRA".

Based on what we have learned over the last year, we believe there are several elements that will make reporting systems work well and will provide employees with faith in the system. These are largely consistent with the recommendations made above regarding the content of an effective anti-harassment policy: Employees who receive harassment complaints must take the complaints seriously.

Many witnesses told us it would be extraordinarily valuable for employers to allow researchers into their workplaces to conduct empirical studies to determine what makes a reporting system effective. We agree with that suggestion, although we are cognizant of the concerns that employers may have in welcoming researchers into their domains. For example, we recognize that employers will want to have control over how data derived from its workplace will be used, and equally important, not used.

In light of what we have learned in this area, we offer the following recommendations: Employers should adopt and maintain a comprehensive anti-harassment policy which prohibits harassment based on any protected characteristic, and which includes social media considerations and should establish procedures consistent with the principles discussed in this report. Employers should ensure that the anti-harassment policy, and in particular details about how to complain of harassment and how to report observed harassment, are communicated frequently to employees, in a variety of forms and methods.

Employers should offer reporting procedures that are multi-faceted, offering a range of methods, multiple points-of-contact, and geographic and organizational diversity where possible, for an employee to report harassment. Employers should be alert for any possibility of retaliation against an employee who reports harassment and should take steps to ensure that such retaliation does not occur.

Employers should periodically "test" their reporting system to determine how well the system is working. Employers should devote sufficient resources so that workplace investigations are prompt, objective, and thorough. Investigations should be kept as confidential as possible, recognizing that complete confidentiality or anonymity will not always be attainable. EEOC and the National Labor Relations Board should confer, consult, and attempt to jointly clarify and harmonize the interplay of the National Labor Relations Act and federal EEO statutes with regard to the permissible confidentiality of workplace investigations, and the permissible scope of policies regulating workplace social media usage.

Employers should ensure that where harassment is found to have occurred, discipline is prompt and proportionate to the behavior s at issue and the severity of the infraction. Employers should ensure that discipline is consistent, and does not give or create the appearance of undue favor to any particular employee. In unionized workplaces, the labor union should ensure that its own policy and reporting system meet the principles outlined in this section.

EEOC should, as a best practice in cases alleging harassment, seek as a term of its settlement agreements, conciliation agreements, and consent decrees, that any policy and any complaint or investigative procedures implemented to resolve an EEOC charge or lawsuit satisfy the elements of the policy, reporting system, investigative procedures, and corrective actions outlined above. EEOC should, as a best practice in cases alleging harassment, seek as part of its settlement agreements, conciliation agreements, and consent decrees, an agreement that researchers will be allowed to work with the employer in assessing the impact and efficacy of the policies, reporting systems, investigative procedures, and corrective actions put into place by that employer.

While we encourage EEOC to seek such an agreement when appropriate, we do not suggest that the agency must do so in all instances, or that failure to obtain such an agreement should derail otherwise acceptable settlement proposals. Employers who care deeply about stopping harassment use training as a mechanism to do so.

After EEOC's guidelines suggested methods for preventing sexual harassment, many employers started to offer training as one of those methods. California and Connecticut have mandated such training for employers with 50 or more supervisors, and Maine has mandated such training for employers with 15 or more supervisors. We came to two overarching conclusions: There are deficiencies in almost all the empirical studies done to date on the effectiveness of training standing alone.

Hence, empirical data does not permit us to make declarative statements about whether training, standing alone, is or is not an effective tool in preventing harassment. The deficiencies notwithstanding, based on the practical and anecdotal evidence we heard from employers and trainers, we conclude that training is an essential component of an anti-harassment effort. However, to be effective in stopping harassment, such training cannot stand alone but rather must be part of a holistic effort undertaken by the employer to prevent harassment that includes the elements of leadership and accountability described above.

In addition, the training must have specific goals and must contain certain components to achieve those goals. Research on the Effectiveness of Training Witnesses who provided testimony to the Select Task Force, and our own reading of the literature, exposed the problems of the empirical evidence to date regarding the effectiveness of training programs standing alone. First, most of the studies use researcher-designed training, and each of those trainings has different content, lengths, and leaders.

It is hard to know if something works when the "what" that you are studying is not the same. Second, our research which was thorough, if admittedly not an exhaustive review of all literature over the past three decades discovered only two studies based on large-scale evaluations of anti-harassment training designed by employers not researchers that were given to a significant number of employees who were taking the trainings in their actual workplaces. A set of studies, conducted in the late s by Professor Magley and her colleagues, evaluated trainings at two large employers - a large regulated utility with one location and a large agribusiness with several worksites.

In many studies, the researchers survey participants pre- and post-training and evaluate the effectiveness of the training based on self-reported answers immediately following the training. These studies are not to be discounted, but their limitations must be acknowledged.

What can we learn from these studies, limited as they are? First, it appears that training can increase the ability of attendees to understand the type of conduct that is considered harassment and hence unacceptable in the workplace. The most interesting study in this regard was of federal employees. Rather than conducting a large-scale evaluation of a particular training, researchers compared results from the three surveys done by the Merit Systems Protection Board of federal employees over the course of a decade and a half - in , , and The training seemed particularly successful in clarifying for men that unwanted sexual behavior from co-workers, and not just from supervisors, can be a form of sexual harassment.

In the study by Professors Bingham and Scherer of a minute training, participants demonstrated more knowledge about sexual harassment than those who had not participated in the training. Given that Hispanic employees in that study did not evidence increased knowledge, the researchers observed that culturally-appropriate training might have made a difference.

The study by Professors Bingham and Scherer evaluated a minute training focused on sensitizing attendees to sexual harassment. Men who completed the training were more likely to say that sexual behavior at work was wrong, but they were also more likely to believe that both parties contribute to inappropriate sexual behavior.

However, the personal attitudes of participants toward sexual harassment were minimally changed or completely unchanged. However, on the positive side, complaints to the human resources department did increase after the training. The researchers postulated that the increase was the result of a multi-faceted approach taken by the employer and not the result of the training alone.

For example, prior to the training, the employer had provided employees with a number of additional resources to lodge complaints including hotlines and had begun improving its procedures for complaint follow-up.

Researchers have suggested a range of ideas for creating harassment-free and supportive work environments in which non-training factors are included together with training. It leaves us with a few conclusions: Many anti-harassment trainings offered today seek to achieve two goals - give employees information about the employer's anti-harassment policy including how to file complaints and change employees' attitudes about what type of behaviors in the workplace are wrong.

The limited empirical data we have to date indicates that training can increase knowledge about what conduct the employer considers unacceptable in the workplace. In particular, training may help men understand that certain forms of sexual conduct are unwelcome and offensive to women. The limited empirical data we have to date indicates that sensitivity training as currently done in some instances might be mildly positive, often is neutral, and in some circumstances actually may be counterproductive.

It is possible that individuals who receive training may be more likely to file a complaint, if the training does not stand alone and the employer has taken other steps to convince employees that the employer will be intolerant of sexual harassment. We cautioned above, and we caution again, that the results of these studies implicate only the effectiveness of the specific trainings that were evaluated.

The data cannot be extrapolated to support general conclusions about the effectiveness of training. Indeed, our most important conclusion is that we need better empirical evidence on what types of training are effective and what components, beyond training, are needed to make the training itself most effective.

As we noted above, many witnesses told us that it would be extraordinarily valuable for employers to allow researchers into their workplaces to conduct empirical studies to determine what makes training effective. We agree with that suggestion, although as we noted above, we are cognizant of the concerns that employers may have in welcoming researchers into their domains.

For example, we recognize that employers will want to have control over how data derived from their workplaces will be used, and equally important, not used. Experience on the Ground Regardless of the empirical data from research studies, we heard from practitioners with decades of experience that training - especially compliance training - is a key component of any harassment prevention effort.

We provide below the insights we learned from these practitioners. It's training to keep your job. Segal, Select Task Force Member Compliance Training for All Employees Compliance training is training that helps employers comply with the legal requirements of employment non-discrimination laws by educating employees about what forms of conduct are not acceptable in the workplace and about which they have the right to complain.

We do not believe that such trainings should be limited to the legal definition of harassment. Rather the trainings should also describe conduct that, if left unchecked, might rise to the level of illegal harassment. For example, some instances of gender-based harassment or sexually-motivated harassment will be legally actionable only if they are sufficiently pervasive to create a hostile work environment, as defined by the law.

But compliance training should focus on the unacceptable behaviors themselves, rather than trying to teach participants the specific legal standards that will make such conduct "illegal. Compliance training that teaches employees what conduct is not acceptable in the workplace should not be a canned, "one-size-fits-all" training.

Effective compliance trainings are those that are tailored to the specific realities of different workplaces. In addition, depending on the makeup of the workforce, employers may wish to consider conducting training in multiple languages, or providing for different learning styles and levels of education. Compliance training should also clarify what conduct is not harassment and is therefore acceptable in the workplace. For example, it is not harassment for a supervisor to tell an employee that he or she is not performing a job adequately.

Of course, the supervisor may not treat employees who are similar in their work performance differently because of an employee's protected characteristic. But telling an employee that she must arrive to work on time, or telling an employee that he must submit his work in a timely fashion, is not harassment. Nor do we suggest that occasional and innocuous compliments - "I like your jacket" - constitute workplace harassment, but rather reflect the reality of human experience and common courtesy.

Compliance training should also educate employees about their rights and responsibilities if they experience conduct that the employer has stated is not acceptable in the workplace. Again, the training need not focus on legal issues regarding notice and liability. Rather, the training should make clear to employees the hopefully multiple avenues offered by the employer to report unwelcome conduct based on a protected characteristic, regardless of whether the individual might or might not describe that conduct as "harassment.

Finally, compliance training should describe, in simple terms, how the formal complaint process will proceed. This includes information on how an investigation will take place and what confidentiality a complainant can expect. The training should make clear that the employer will take all reports seriously, investigate them in a timely fashion, and ensure that complainants or those who report observing harassment will not experience retaliation for using the reporting system.

Of course, for participants to believe this, the employer's reporting system must indeed operate in this fashion. But managers and supervisors need additional training if the employer wants to address conduct before it rises to the level of illegal harassment and wants to ensure compliance with employment non-discrimination laws. As noted previously, to create an organizational culture in which employees believe that the organization will not tolerate harassment, managers, and supervisors must receive clear messages of accountability.

Compliance training translates those expectations into concrete actions that managers and supervisors are expected to take - either to prevent harassment or to stop and remedy harassment once it occurs. Compliance training provides managers and supervisors with easy-to-understand and realistic methods for dealing with harassment that they observe, that is reported to them, or of which they have knowledge or information.

This includes practical suggestions on how to respond to different levels and types of offensive behavior, and clear instructions on how to report harassing behavior up the chain of command. It should also stress the affirmative duties of supervisors to respond to harassing behavior, even in the absence of a complaint.

Managers and supervisors are the heart of an employer's prevention system. As one witness with decades of experience in the practice of workplace training and investigation noted succinctly: If I had limited assets to improve the climate of any organization, I would invest ninety-five percent of them in middle managers. These are the people who make all of the difference in the day-to-day lives of organizations and people.

When we train middle managers, we don't just train them about how to spot and address problem behavior -we teach them empirically sound things to do and say when an employee seeks them out to discuss a problem. There are also principles for the structure of successful compliance trainings. As noted previously, employees must believe that the leadership is serious about preventing harassment in the workplace.

Training alone is not sufficient to establish the credibility of the leadership in this regard - but compliance training provides a moment at which the focus is on achieving this goal and thus, leadership should take advantage of that moment. The strongest expression of support is for a senior leader to open the training session and attend the entire training session.

At a minimum, a video of a senior leader might be shown at the beginning of the training and a memo from leadership to all employees sent prior to the training can underscore the importance and purpose of the training. Similarly, if all employees at every level of the organization are trained, that both increases the effectiveness of the training and communicates the employer's commitment of time and resources to the training effort. Training should be conducted and reinforced on a regular basis for all employees.

Again, as we noted earlier, employees understand that an organization's devotion of time and resources to any effort reflects the organization's commitment to that effort. Training is no different. If anti-harassment trainings are held once a year or once every other year , employees will not believe that preventing harassment is a high priority for the employer.

Conversely, if anti-harassment trainings are regularly scheduled events in which key information is reinforced, that will send the message that the goal of the training is important. While this is one area where, in general, repetition is a good thing, we caution against simply repeating the same training over and over, which risks becoming a rote exercise.

Rather, we urge employers to consider training that is varied and dynamic in style, form, and content. Training should be conducted by qualified, live, and interactive trainers. Live trainers who are dynamic, engaging, and have full command of the subject matter are the most likely to deliver effective training.

Since one of the goals of compliance training is to provide employees information about the type of conduct the employer finds unacceptable in the workplace, it is important for a trainer to provide examples of such conduct, or have individuals portray scenarios of such conduct, and then be able to answer questions.

In addition, compliance training teaches supervisors and managers how to respond to a report or observance of harassment. These can be difficult situations and a live trainer is most suited to work through questions with the participants. For some employers, however, providing live trainers will not be feasible because they are cost prohibitive or because employees are physically dispersed.

In such cases, online or video-based trainings should still be tailored to specific workplaces and workforces and should be designed to include active engagement by participants. Training should be routinely evaluated. Employers should obviously not keep doing something that does not work.

Trainers should not only do the training, but should evaluate the results of the training, as well. By this, we mean more than handing a questionnaire to participants immediately after the training asking if they found the training to be helpful.

Share your 54000 satoshi to btc essence

Rocketing rates. Interest rates have been inching higher for months as central banks hiked borrowing costs in a well-flagged manner, giving pension funds time to adjust and find collateral over several days. But when UK bond yields rocketed in just a few trading sessions, it triggered emergency collateral calls for pension funds to cover their LDI-related derivatives in a matter of hours, as rising yields mean the value of bonds falls. Pension funds struggled to find the cash in such a short time, forcing some to sell gilts, thereby putting further downward pressure on the bond market.

To manage the instability in markets, the Bank of England has pledged to buy gilts worth 65 billion pounds in a scheme designed to take pressure off the pension funds. But volumes actually purchased have been modest. On Tuesday, the Bank of England bought just 1. City workers walk past the Bank of England in London February 13, Not just yet. Even after several Bank of England interventions, including a decision to extend the emergency bond-buying programme to include index-linked gilts, the task facing pension funds is intensifying - partly due to fresh collateral calls on newer hedging strategies.

The yearly withdrawals then become the liabilities that the LDI strategy must focus on. More specifically, the focus should be on the assurances made to pensioners and employees. These assurances become the liabilities the strategy must target. There is not one agreed-upon approach or definition for the specific actions taken in regard to the LDI. Pension fund managers quite often use a variety of approaches under the LDI strategy banner.

Broadly, however, they have two objectives. The first one is to manage or minimize risk from liabilities. These risks range from a change in interest rates to currency inflation because they have a direct effect on the funding status of the pension plan. The second objective to generate returns from available assets. At this stage, the firm might seek out equity or debt instruments that generate returns commensurate with its estimated liabilities. The easiest option for the firm is to invest the funds at its disposal into an equity investment that generates the required returns.

Alternately, it can use an LDI approach to estimate split its investment into two buckets. The first one is a defined-benefit income instrument for consistent returns as a strategy to minimize liability risk and the remaining amount goes into an equity instrument to generate returns from assets. Since the goal of an LDI strategy is to cover current and future liability risk, theoretically, it may be possible that the returns generated are moved into the fixed-income bucket over time.

Article Sources Investopedia requires writers to use primary sources to support their work.