Agent-Skills.md

Agent Skills: Legal & Compliance Expert

Legal and compliance expertise for corporate governance, contract analysis, regulatory compliance (SOX, GDPR, HIPAA), risk assessment, intellectual property, and litigation management. Use when reviewing contracts, ensuring compliance, or managing legal risk.

UncategorizedID: travisjneuman/.claude/legal-compliance

Repository

travisjneuman/.claude
travisjneuman
3

Install this agent skill to your local

pnpm dlx add-skill https://github.com/travisjneuman/.claude/tree/HEAD/skills/legal-compliance

Skill Files

Browse the full folder contents for legal-compliance.

Download Skill

Loading file tree…

skills/legal-compliance/SKILL.md

Skill Metadata

Name
legal-compliance
Description
Legal and compliance expertise for corporate governance, contract analysis, regulatory compliance (SOX, GDPR, HIPAA), risk assessment, intellectual property, and litigation management. Use when reviewing contracts, ensuring compliance, or managing legal risk.

Legal & Compliance Expert

Comprehensive legal frameworks for governance, contracts, regulatory compliance, and risk management.

Corporate Governance

Board Structure & Responsibilities

BOARD COMPOSITION:
- Independent directors (majority required for NYSE/NASDAQ)
- Lead independent director
- Committee structure
- Board diversity requirements
- Skills matrix

KEY COMMITTEES:
1. Audit Committee (all independent)
2. Compensation Committee (all independent)
3. Nominating/Governance Committee (all independent)
4. Risk Committee (financial institutions)

Fiduciary Duties

| Duty | Definition | Key Considerations | | ---------------------- | ---------------------------------- | -------------------------------------- | | Duty of Care | Act with reasonable prudence | Informed decisions, due diligence | | Duty of Loyalty | Act in corporation's best interest | Avoid conflicts, corporate opportunity | | Duty of Good Faith | Act honestly and fairly | No intentional harm, follow law | | Duty of Disclosure | Full and fair disclosure | Material information, no omissions |

Business Judgment Rule

PROTECTION REQUIREMENTS:
1. Decision made in good faith
2. No personal interest in outcome
3. Reasonably informed decision
4. Rational belief action is in company's best interest

ENHANCED SCRUTINY (Revlon Duties):
- Triggered in change of control
- Duty to maximize shareholder value
- Active market check required

Regulatory Compliance

Sarbanes-Oxley (SOX) Compliance

KEY SECTIONS:

Section 302: CEO/CFO Certifications
- Certify financial statements
- Certify disclosure controls
- Report control deficiencies

Section 404: Internal Control Assessment
- Management assessment required
- External auditor attestation (accelerated filers)
- Material weakness disclosure

Section 906: Criminal Penalties
- Criminal certification of financial reports
- Up to $5M fine / 20 years imprisonment

COMPLIANCE FRAMEWORK:
- COSO Internal Control Framework
- Documentation of key controls
- Testing program (design + operating effectiveness)
- Deficiency evaluation process
- Remediation tracking

GDPR Compliance

| Requirement | Description | Penalties | | ------------------------------ | ------------------------------------------------------ | ----------------------- | | Lawful Basis | Consent, contract, legitimate interest | Up to 4% global revenue | | Data Subject Rights | Access, rectification, erasure, portability | Up to 4% global revenue | | Data Protection Officer | Required for large-scale processing | Administrative fines | | Breach Notification | 72 hours to authority, without undue delay to subjects | Up to 4% global revenue | | Privacy by Design | Built-in privacy controls | Up to 4% global revenue | | Data Processing Agreements | Required with all processors | Up to 2% global revenue |

HIPAA Compliance

PRIVACY RULE:
- Protected Health Information (PHI) protections
- Minimum necessary standard
- Patient rights (access, amendment)
- Business Associate Agreements

SECURITY RULE:
- Administrative safeguards
- Physical safeguards
- Technical safeguards
- Risk assessment requirement

BREACH NOTIFICATION:
- Individual notice within 60 days
- HHS notification (>500 individuals: immediate)
- Media notification if >500 in state

PENALTIES:
Tier 1: Unaware - $100-$50,000/violation
Tier 2: Reasonable cause - $1,000-$50,000/violation
Tier 3: Willful neglect (corrected) - $10,000-$50,000/violation
Tier 4: Willful neglect (uncorrected) - $50,000/violation

Anti-Corruption (FCPA/UK Bribery Act)

FCPA ELEMENTS:
Anti-Bribery:
- No payments to foreign officials
- For purpose of obtaining business
- Includes third-party payments

Books & Records:
- Accurate books and records
- Internal controls over assets
- Applies to all issuers

UK BRIBERY ACT:
- Broader than FCPA
- Includes commercial bribery
- Facilitation payments prohibited
- Adequate procedures defense

COMPLIANCE PROGRAM:
- Risk assessment by geography/business
- Third-party due diligence
- Training program
- Gift and hospitality policy
- M&A due diligence
- Reporting mechanism
- Audit and monitoring

Contract Management

Contract Review Checklist

ESSENTIAL TERMS:
- [ ] Parties correctly identified
- [ ] Scope clearly defined
- [ ] Price/payment terms
- [ ] Term and termination rights
- [ ] Representations and warranties
- [ ] Limitation of liability
- [ ] Indemnification
- [ ] Insurance requirements
- [ ] Confidentiality
- [ ] IP ownership/license
- [ ] Governing law
- [ ] Dispute resolution
- [ ] Assignment restrictions
- [ ] Force majeure
- [ ] Notice provisions
- [ ] Entire agreement clause

Key Contract Provisions

| Provision | Purpose | Negotiation Points | | --------------------------- | ------------------------- | ---------------------------------------- | | Limitation of Liability | Cap damages exposure | Direct vs. consequential, cap amount | | Indemnification | Allocate third-party risk | Scope, procedure, caps | | IP Ownership | Define ownership | Work product, background IP, licenses | | Confidentiality | Protect information | Definition, term, exceptions | | Termination | Exit rights | For cause vs. convenience, notice period | | Warranties | Quality assurance | Scope, disclaimers, remedies |

Contract Risk Matrix

| Risk Level | Contract Value | Approval Level | | ---------- | -------------- | ------------------ | | Low | < $100K | Department manager | | Medium | $100K - $1M | Director/VP | | High | $1M - $10M | SVP/EVP | | Critical | > $10M | C-Suite/Board |

Intellectual Property

IP Portfolio Management

PATENT STRATEGY:
- Freedom to operate analysis
- Competitive patent landscape
- Filing strategy (utility, design, provisional)
- Geographic coverage
- Prosecution management
- Licensing opportunities
- Enforcement program

TRADEMARK STRATEGY:
- Brand clearance searches
- Registration program
- Monitoring and enforcement
- Domain name portfolio
- Social media handles

TRADE SECRET PROGRAM:
- Identification and classification
- Protection measures (physical, technical, contractual)
- Need-to-know access
- Exit interview protocols

IP Due Diligence (M&A)

| Area | Review Items | | ----------------- | ------------------------------------------------------ | | Patents | Ownership, encumbrances, validity, infringement claims | | Trademarks | Registrations, common law rights, oppositions | | Copyrights | Work for hire, assignments, licenses | | Trade Secrets | Protection measures, potential misappropriation | | Licenses | Inbound/outbound, change of control provisions | | Litigation | Pending/threatened, settlements |

Litigation Management

Litigation Hold Process

TRIGGER EVENTS:
- Receipt of complaint or demand letter
- Reasonable anticipation of litigation
- Government investigation notice
- Internal investigation findings

HOLD PROCESS:
1. Issue litigation hold notice
2. Identify custodians and data sources
3. Suspend routine destruction
4. Interview key custodians
5. Collect and preserve documents
6. Monitor compliance
7. Update as needed
8. Release when appropriate

Litigation Budget Management

| Phase | Activities | Cost Factors | | ------------------ | -------------------------------- | ------------ | | Pre-litigation | Investigation, demand letters | Limited | | Pleadings | Complaint, answer, motions | Moderate | | Discovery | Document production, depositions | Highest | | Pre-trial | Expert reports, motions | High | | Trial | Preparation, testimony | Very High | | Appeal | Briefing, oral argument | Moderate |

Settlement Analysis

SETTLEMENT VALUE FORMULA:
Expected Value = P(win) × Expected Recovery - Legal Costs

CONSIDERATIONS:
- Probability of liability
- Range of potential damages
- Litigation costs (both sides)
- Management distraction
- Reputational impact
- Precedent setting
- Insurance coverage
- Business relationship preservation

Risk Assessment Framework

Legal Risk Categories

| Category | Examples | Impact | | ----------------- | -------------------------------------- | ----------- | | Regulatory | Enforcement, fines, license revocation | High | | Contractual | Breach, termination, damages | Medium-High | | Litigation | Class actions, IP disputes, employment | High | | Compliance | SOX, FCPA, data privacy | Very High | | Transactional | M&A, JV, financing | Medium | | Reputational | Public relations, brand damage | High |

Risk Assessment Matrix

PROBABILITY × IMPACT = RISK SCORE

         Impact
         Low   Medium   High
Prob
High     3      6        9
Medium   2      4        6
Low      1      2        3

RISK RESPONSE:
9: Immediate mitigation required
6: Active management plan
3-4: Monitor and review
1-2: Accept risk

Compliance Program Framework

Effective Compliance Program Elements (DOJ)

1. STANDARDS AND PROCEDURES
   - Code of conduct
   - Policies for risk areas
   - Clear and accessible

2. COMPLIANCE LEADERSHIP
   - Board oversight
   - Senior management commitment
   - Adequate resources

3. TRAINING AND COMMUNICATION
   - Risk-based training
   - Regular updates
   - Accessible channels

4. REPORTING MECHANISMS
   - Hotline/helpline
   - Non-retaliation policy
   - Investigation procedures

5. RISK ASSESSMENT
   - Regular assessment
   - Emerging risks
   - Control mapping

6. MONITORING AND AUDITING
   - Testing program
   - Third-party audits
   - Data analytics

7. INCENTIVES AND DISCIPLINE
   - Performance integration
   - Consistent enforcement
   - Root cause analysis

8. THIRD-PARTY MANAGEMENT
   - Due diligence
   - Contractual protections
   - Ongoing monitoring

9. CONTINUOUS IMPROVEMENT
   - Root cause analysis
   - Lessons learned
   - Program updates

Whistleblower Programs

SEC WHISTLEBLOWER PROGRAM:
- 10-30% of sanctions > $1M
- Anti-retaliation protections
- Confidentiality protections

DODD-FRANK PROTECTIONS:
- Broad retaliation prohibition
- Reinstatement, back pay, attorney's fees
- Two-year statute of limitations

INTERNAL REPORTING:
- Anonymous reporting option
- Clear escalation path
- Timely investigation
- Communication of outcomes

Data Privacy Framework

Privacy Program Components

| Component | Description | | --------------------- | --------------------------------------------- | | Governance | Privacy officer, steering committee, policies | | Data Inventory | What data, where, purpose, retention | | Legal Basis | Consent management, legitimate interest | | Rights Management | DSR process, verification, response | | Vendor Management | DPAs, assessments, monitoring | | Security | Technical measures, breach response | | Training | Role-based, regular updates | | Auditing | Compliance testing, gap remediation |

Data Classification

| Level | Definition | Handling | | ---------------- | --------------------------------- | ------------------------- | | Public | Approved for public release | Standard controls | | Internal | General business information | Access controls | | Confidential | Sensitive business data | Encryption, access limits | | Restricted | Highly sensitive (PII, PHI, etc.) | Strict controls, audit |

See Also