Look 1st Logo

What Leaders Need to Know to Protect
Their Organizations, People, and Themselves


Public and nonpublic organizations face legal jeopardy if there is an incident that could have been prevented if they had a protection and notification system, and public organizations can face consequences for not having such a system even if no incident occurs.

Notification systems are mandated by federal law for public corporations under the Sarbanes-Oxley Act of 2002. Sarbanes-Oxley also directed the U.S. Sentencing Commission to ensure that their guidelines “are sufficient to deter and punish organizational criminal misconduct” for all organizations. The associated and routinely revised Sentencing Guidelines require all entities, regardless of size, including corporations, partnerships, associations, joint stock companies, unions, trusts, pension funds, unincorporated organizations, governments, and nonprofit organizations to have an effective protection program including a notification system. Programs should be “designed, implemented, and enforced so that they are generally effective in preventing and detecting criminal conduct.” This includes standards, policies, and procedures that facilitate notifications regarding potential or actual criminal conduct without fear of retaliation. The Sentencing Commission requires even small organizations to continually look to effective and best-practice solutions for their protection program including their notification systems. Notification systems available at the time were not conducive for most of these entities and until recently, there have been few practical options for most small and medium organizations.

Nonpublic organizations face legal consequences if there is an incident that the guidelines are intended to prevent and if they do not have a protection program that includes a notification system.

All organizations are held responsible for the acts and decisions of their employees, contractors, and even volunteers. Organizations may face criminal charges whenever an employee, contractor, or volunteer commits an illegal act within the scope of their responsibilities, even if they acted contrary to policy and instructions. A protection system and notification system can help shield organizations from this risk. U.S. prosecutors are required to consider “the adequacy and effectiveness” of the organization’s protection program and notification system to prevent and detect criminal conduct at the time of the offense, as well as at the time of a charging decision. Therefore, an effective protection program and notification system may permit a company to mitigate the terms of a criminal resolution or avoid one altogether. And if prosecuted, just having an effective protection program and notification system can reduce a sentence by up to 95%.

The U.S. Department of Justice is now increasing its focus on organizations’ efforts to prevent and detect criminal acts. Organization leaders were recently admonished to support their protection program and notification system now, “or pay later.” The Department of Justice expects protection programs “to be much more than policies, procedures, and internal controls.” They must “work in practice” and organizations are expected to maintain data that verifies that their program, including the notification system, is effective.

The government has long emphasized the importance of protection programs and continually adds incentives for companies to adopt them and increased punishments, particularly associated with government programs, for failing to do so. Examples include:

  • Under the civil False Claims Act, the absence of a protection program, including a notification system, to prevent and detect criminal conduct will be viewed as an element of “recklessness,” which is the key element that can turn a routine contract noncompliance into a civil fraud.
  • Under the Federal Acquisition Regulation (FAR)
    • A suspension/debarment official will evaluate a company’s existing and updated protection program to determine whether mitigating factors exist that counsel against an exclusion from federal contracting.
    • A contractor that does not implement adequate internal controls, including a protection program, can be found to be in breach of its contract.
  • The Defense Contract Audit Agency includes a review of a contractor’s protection program to prevent and detect criminal conduct as part of its standard business systems audit.

There are also national mandatory reporting requirements for National Governing Body (NGB) sports organizations and U.S. Olympic & Paralympic Committee (USOPC) organizations. And every U.S. state and territory and the District of Columbia has their own mandatory child abuse and mandatory elder abuse reporting requirements.




Having a protection program and notification system protects all organizations because it could prevent an employee, contractor, or volunteer from committing misconduct in the first place. It is crucial for every organization to maintain an effective protection program and notification system because they are held responsible for the acts, including decisions, of their employees, contractors, and volunteers. In some situations, an organization and its leaders can use a protection program and notification system as an affirmative defense to the misconduct. But whether the organization is charged or not, they will likely face civil consequences. Not having a protection program and a notification system, or if the protection program or notification system is ineffective, undermines the organization's defense in civil litigation.

Organizations that provide high value and or critical services should be prepared to implement a protection program and a notification system, on demand or release their clients from agreements.

If there is incident associated with an organization outside the U.S., and the organization has ties to a U.S. based entity, they should be prepared for at least civil actions.

The American Bar Association notes that in addition to avoiding liability, programs to raise and address problems are a good business practice and regardless of governance or size, every organization should voluntarily implement them. “Should the benefits of compliance not be significant, avoiding liability should be.”

Organization Leaders and Owners

Prosecutors maintain that there are grounds for which they could charge organization leaders and owners personally if their organization did not have a protection program and notification system. Potential grounds include if the matter is considered egregious or if a leader or owner had maintained that the organization had a protection program and notification system but did not. Civil actions are likely to include actions against organization leaders and owners personally.

Associations and Groups

Any association or group which coordinates, supervises, or exercises control over policy, or assists or advises one or more chapters, members, or affiliates, could be found at civilly and potentially criminally liable, if they have not compelled their organizations to have an effective protection program and notification system, and an entity has an incident that the guidelines are intended to prevent and detect.


Franchisors can now expect to be held at least civilly liable, if they have not compelled their franchisees to have an effective protection program and notification system, and a franchisee has an incident that the guidelines are intended to prevent and detect.


A notification system is as essential to preventing and detecting criminal acts in organizations as the 911 system is to prevent and detect crime in our communities.

Anyone can call 911 at any time to report any crime, anywhere. The effectiveness of a notification system is contingent on the people that can and will use it to submit notifications. The more people that are comfortable using the notification system, the more effective the system will be.


Virtually all organization experts strongly recommend that every entity have a system that facilitates notifications of what the organization “needs to know.” Avoiding liability is less of an issue to the experts than the potential catastrophic implications for an organization’s brand and effectiveness. The associated risk benefit analyses are very compelling: Extremely low cost for notable benefits, even without factoring in the personal consequences for organization leaders and owners.

Organization experts also note that effective notification systems foster trust which significantly improves and sustains customer and workforce engagement.


Most of the benefits of a protection program and notification are associated with prevention – preventing wrongful acts and conditions which also guard against negative consequences for the organization and people. But there are also immediate and continuing synergistic benefits particularly to a notification system.

People want to be heard, especially regarding serious matters. All parties prefer that the organizations with which they work have a notification system and they are a key factor in staying a provider of choice.

The percentage of parents indicating that notification systems are important ranges from 73% for trade schools to 98% for PreK-K. Excepting lawyers (60%) and restaurants (78%), over 80% of consumers consider notification systems important for all categories. More than 90% report that they are important for food processing, home care, resorts, and senior living.

There are countless examples why over 94% of B2B organizations consider notification systems important. Candidates are not (yet) making employment decisions based on whether an employer has a notification system. But over 80% the workforce prefers employers that have a notification system.

Protection programs including notification systems enhance trust and trust is the optimum basis for any positive and continuing relationship.


Less than 5% of small and medium organizations have a protection program or a notification system. Most nonprofits that work with minors, or the elderly have a protection program but not an effective notification system.

Look 1st Solutions has been studying organization behavior for decades to optimize notifications and spent the last ten years conducting seminal and extensive research on why people do not report serious issues and what it would take for them to do so.

We identified ten features that constitute an effective notification system, and they work. They increase notifications from 6.9% for current procedure(s) to 92.1%. Effective notification systems prevent wrongful acts and condi-


It is not enough to have any protection program and notification system – they must be effective. Graduate students at Temple University’s Fox School of Business developed the Protection and Trust Scorecard for small and medium organizations. It includes all the U.S. government requirements for an effective protection program and notification system. More than three quarters of the scoring is based on a notification system with these criteria:

  • Hosted and managed by independent third party
  • Visible and easily accessible
  • Simple to use
  • Cloaks/protects the identity of notifiers
  • Notifiers can check status
  • Confidential, two-way messaging
  • Data can neither be hacked nor destroyed



If a notification system includes these, the organization will have a high Protection and Trust score, without them it will be low.


Based on the research, applications were developed, evaluated, and refined to optimize serious issue notifications. We also respond to continual input from populations that may have critical information to report to set an ever-higher standard for notification effectiveness. Organizations provide input regarding functionality including dashboards and reports.

Look 1st Solutions Notify is now the solution most likely to prevent and the first to detect wrongful acts and conditions.

Look 1st Solutions protection program standards, policies, and procedures meet all requirements established by the U.S. Sentencing Commission and is included with all packages. Notify features and functionality exceeds the Protection and Trust Scorecard criteria.

Look 1st Solutions also facilitates all mandatory reporting requirements in the U.S., including territories, from the client dashboard. It is also designed to be able to meet any government requirements as well as facilitate mandatory reporting worldwide




Every Look 1st Solutions package includes a seal, there is even one for competitor solutions. Seals are an indicator of trust and link to a certificate which can include credentials (Awards, certifications, degrees, designations, licenses…), and feedback that an organization wants to share. Certificates can also be used to submit notifications and other information.

Which seal do you want associated with your organization?


Your consumers, workforce, and suppliers will respond positively to any of the first three.Let Look 1st Solutions protect your organization and people, and boost your reputation, 24/7All for less than $1.00 a day

Contact us for special pricing and assistance