Never Again by Power Trade Media

H E L P I N G L E A D E R S B E C O M E B E T T E R S T E WA R D S .

NEVER AGAIN Presented by: The National Catholic Risk Retention Group, Inc.

CHURCH EXECUTIVE • N E V E R A G A I N

churchexecutive.com

Table of Contents RISK CONTROL

It’s an often-ignored — but critically important — ministry. But ... • What is risk control, exactly? • Can risk control really be ministry? • Isn’t risk control complex and expensive? By Michael J. Bemi

FROM DREAM TO NIGHTMARE

Proactive measures to protect children in your church’s care from sexual misconduct. By Michael J. Bemi

THE LITTLE THINGS REALLY DO COUNT

When it comes to risk management, a few extra steps — literally — can prevent a tragedy. By Michael J. Bemi

BOARD DUTY IS SERIOUS BUSINESS!

Before saying yes, be sure you understand the duties — and how to abide by them. If not, you and your ministry could pay a high price. By Michael J. Bemi

‘HEADS UP’ SAFETY — A PARAMOUNT CONCERN

APPROPRIATE BOUNDARIES FOR A HEALTHY RELATIONSHIP WITH CHILDREN

We frequently ask ourselves questions such as, “What’s an acceptable way to show affection to youth in my care?” or “How should I react if a child runs up for a hug?” These are important questions, because boundaries promote a lifetime of healthy relationships. By Patricia L. Neal

POLICIES AND PARAMETERS

How to protect your church before tragedy strikes By Crispin Ketelhut

THE COST OF ‘KNOWLEDGE’ IN THE INFORMATION AGE

The synod headquarters office — being a central repository of a great deal of sensitive information — had taken security very seriously, in every possible regard. So, what went wrong? By Michael J. Bemi

BALANCING RELIGIOUS FREEDOM AND EMPLOYMENT RIGHTS

The young woman had been a mathematics teacher at the churchrelated high school for more than seven years. She was beloved by her students; they praised her ability to convey difficult concepts in an accessible, clear and engaging style. By Michael J. Bemi churchexecutive.com

N E V E R A G A I N • CHURCH EXECUTIVE

NEVER AGAIN Presented by: The National Catholic Risk Retention Group, Inc.

RISK CONTROL An often-ignored — but critically important — ministry By Michael J. Bemi

In this very first “Never Again” Series article, I hope to clearly and simply answer a number of questions surrounding a critically important task in the church, but one that’s all too frequently underused — or worse yet, totally ignored. Namely, I’m talking about risk control. What is risk control, exactly? Risk control is a risk management tool that comprised by two subset elements: 1) Loss prevention — in which we employ policies, procedures, protocols, maintenance programs, training programs and certain devices to actually prevent losses and their attendant damage from ever occurring. 2) Loss control — in which we use these same mechanisms to mitigate the severity of damage from losses we simply could not prevent. Can risk control really be ministry? 1 Corinthians, Chapter 12 (New International Version) identifies “gifts of administration” as a gift that God has designated people in the Church to have. While it’s obvious that administration undertaken as risk control isn’t liturgical and doesn’t include a pastoral aspect, it’s equally clear that not nearly as much pastoral ministry will take place in any congregation where the church has burned down, or a major embezzlement has occurred, or a shocking sexual misconduct offense has taken place, or a person has fallen on icy steps leaving church after services, leading to permanent paralysis or death. Attending to the prevention and resolution of these matters can involve the same level of care, commitment, dedication and hard work as that expended by a youth minister, music director, teacher or principal in a church school, etc. So, at the risk of inadvertently offending someone, I’ll say yes: Risk control can be pursued as a ministry. Isn’t risk control complex and expensive? Risk control can be both complex and expensive; but seldom so when considered in a church operations and activities context. Generally speaking, with very few exceptions (hospitals or skilled 4

CHURCH EXECUTIVE • N E V E R A G A I N

nursing facilities, for example), the church doesn’t undertake operations and activities that produce the type of exposure to loss demanding significant outlays for effective and efficient risk control. In fact, when compared to the costs of resolving large claims, risk control clearly demonstrates itself to be a genuine bargain. Further, it’s inarguable that preventing any loss from occurring is vastly preferable to doing an excellent job of handling the claim(s) from a loss that you did not prevent. Consider what’s better: 1) caring in an eminently fair, just and compassionate fashion via excellent claims management for a victim your vehicle hit in a crosswalk, or 2) never hitting the person in the first place, because you employed excellent loss prevention to teach your drivers about the inordinate danger of distracted driving? The answer is obvious: it is far better — from both a Christian perspective and a financial perspective — to expend your money, time and effort on loss prevention, rather than on great claims management after the fact of an avoidable incident. Is risk control good stewardship? When you consider that risk control protects and preserves the physical, financial and human resources that the Lord has blessed us with and in regard to which he expects us to exercise responsible administration, then risk control clearly meets the test of good stewardship. It meets another critical test, as well: what any good Christian should expect of herself or himself. We are, after all, called to love, nurture, respect and protect other people, and the various mechanisms employed by risk control have prevented countless deaths, disabilities, disfigurements and the related pain, suffering, anxiety and emotional disruption experienced by both the people directly affected and by all those who love and respect them. Risk control also prevents harm to property (ours and others’) and to pursuits of those with whom we interact. The inescapable conclusion is that you cannot perform good stewardship without including risk control as part of your efforts. Michael J. Bemi is president & CEO of The National Catholic Risk Retention Group, Inc. (Lisle, IL) — a recognized leader in risk management. To learn more about available coverage — and to get valuable tools, facts and statistics — visit www.tncrrg.org . churchexecutive.com

NEVER AGAIN Presented by: The National Catholic Risk Retention Group, Inc.

From dream to nightmare Proactive measures to protect children in your church’s care from sexual misconduct By Michael J. Bemi The youth minister’s CV and application, background screening, interviews and reference checks were all stellar. He was a “dream” candidate — seemingly sent to the parish as a gift from God. He was a happily married man; possessed of athletic ability and musical talents; and, he held a Master’s degree in Child Psychology. Four years later, the dream became a nightmare as this youth minister was convicted of sexual misconduct with more than a dozen victims. The litigation, settlements, counseling and therapy costs totaled many millions of dollars. What went wrong? The initial assessment of this candidate fulfilled virtually all (some faith organizations also employ fingerprinting) of the typically recommended protocols to employ to properly evaluate an individual seeking to work with children. A detailed application was required in addition to a résumé. A background screening service was utilized as an independent and objective review. Interviews were conducted by the pastor and parish youth coordinator — during which it was made very clear that the parish adhered to a multi-layered program to protect children, and would cooperate maximally with law enforcement to prosecute offenders who abused children. Calls were made to every reference provided. It is critical to note, however, that it is quite common for offenders to surmount all these screening hurdles, because their generally outstanding grooming skills allow them to successfully coerce, manipulate and exploit their victims, as well as parents, guardians, coworkers and administrators responsible for the care of these children. Quite frequently, the perpetrators can effectively employ these grooming skills to hide their activities for many years, until they eventually “slip up” and are apprehended. Only then is a searchable record created. Does this mean that these screening tools should be abandoned? Absolutely not, as they do often surface issues that don’t pass the “smell test” and can be utilized to keep a perpetrator from ever joining the organization. Note that computer security experts will tell you that the best secured system can — and likely will — be hacked at some juncture. Consequently, security product providers are now rethinking their security program churchexecutive.com

functions and changing the emphasis from blocking / filtering all malware, to now enhancing functions that immediately recognize a breach and take automatic (i.e., machine) action to remove and quarantine the malware and immediately report it to human IT administrators. So, what is the analogue to this computer security industry development, from a child-safety perspective? Recognizing the risk Stopping abuse “dead in its tracks” begins with knowledge and recognition of the warning signs of a potential abuser. Look for individuals who: 1) always seem to want or attempt to be alone with children; 2) are more excited and enthused to be with children than with adults; 3) give gifts to children, often without permission from the child’s parent or guardian; 4) go overboard touching or hugging; 5) frequently want to wrestle with or tickle children; 6) allow or encourage children to engage in activities their parents would not allow; 7) use bad language around or tell dirty jokes to children; 8) show children pornography or sexually suggestive material; 9) discourage other adults from participating in or monitoring children’s activities; and 10) demonstrate by their attitude or actions that they think the rules do not apply to them. Other critical mechanisms to employ that will help to discern and / or highlight the characteristics just enumerated include: utilizing the screening tools described herein; insisting that all youth-related activities be formally approved by the church administration; ensuring that all youth-related activities be closely monitored and involve multiple employed and / or volunteer adult participants; physically securing and monitoring all premises utilized for children’s activities; regularly communicating with your children; and readily communicating your concerns to church officials (which, dependent upon your role and your state, might include law enforcement or human service agencies). Michael J. Bemi is president & CEO of The National Catholic Risk Retention Group, Inc. (Lisle, IL) — a recognized leader in risk management. To learn more about available coverage — and to get valuable tools, facts and statistics — visit www.tncrrg.org .

N E V E R A G A I N • CHURCH EXECUTIVE

NEVER AGAIN Presented by: The National Catholic Risk Retention Group, Inc.

THE LITTLE THINGS REALLY DO COUNT

When it comes to risk management, a few extra steps — literally — can prevent a tragedy. By Michael J. Bemi Anne was a devoted and highly regarded parish volunteer. She was well-known for her sunny personality, kindness, patience and reliably positive “way with people.” Anne enjoyed working with people of all ages and from every station in life, but she disliked paper work and similar organizational activities. Accordingly, she readily volunteered to transport people for attendance at various parishsponsored events. The parish itself was well-versed regarding transportation risk control measures, having received some excellent guidance from both its insurer, and also sources such as the National Safety Council, AAA and the National Highway Traffic Safety Administration. Consequently, the parish required that Anne comply with several measures to ensure her ability to safely transport individuals. These included: • Agreeing to annual MVRs (motor vehicle report – driving history checks); • Submitting a letter annually from her personal physician that she had no physical conditions or disabilities that might impair her driving proficiency; •Providing records of regular vehicle maintenance; • Submitting evidence of appropriate, high-quality auto insurance; • Agreeing — via written documentation — that her coverage would be primary to that of the parish, with parish coverage being excess; and even • Submitting to an “on the road” driving skills test administered by the parish’s insurer. Anne was not disturbed by any of these parish requirements. She had not been involved in any auto accident for more than 35 years. She’d had no moving violations for more than 30 years. Her vehicle was only two years old and excellently maintained. She was in excellent health. She had voluntarily taken (and easily passed) a defensive-driving training program developed by the National Safety Council. And, her personal auto policy easily met all the required insurance standards demanded by the parish’s insurance agent. Finally, she and her insurer were comfortable with the requirement that her coverage be primary.

Anne dutifully waited until they safely entered their home. Then — after checking both her side and rearview mirrors, and then rotating her body so she was looking backward as she pulled out, she proceeded to drive in reverse. She heard a sickening thud, a crunching sound and a scream. She exited her car in a panic to find she’d driven over a 4-year-old girl seated on her tricycle on the sidewalk, directly behind Anne’s car. THE TRAGIC RESULT? First and foremost, a beautiful little girl is now a quadriplegic for the remainder of her lifetime, requiring intubation and stomach tube feeding. Yet, she retains undamaged and high-level mental capacity, allowing her to be intimately and perpetually aware of her diminished state of life. Anne suffered — and is still suffering — from extreme emotional anguish, depression, guilt and unremitting remorse. She repeatedly states that she will never forgive herself. Undoubtedly, Anne’s life is also forever diminished. Finally, both Anne’s insurer and the parish’s insurers combined to provide a settlement well in excess of $15 million to provide for the intense daily nursing care necessary to sustain the young victim throughout her projected lifetime. SMALL STEPS, BIG REASONS In an earlier article in this series, I made the point that risk control need not be expensive, cumbersome or unduly time-consuming. While a back-up camera and / or radar would have prevented this incident (Anne’s vehicle was not so equipped), they were unnecessary. In this case, a simple walk to and glance behind the vehicle prior to exiting the driveway would have prevented a tragedy. The little things really do count — so don’t overlook them. Michael J. Bemi is president & CEO of The National Catholic Risk Retention Group, Inc. (Lisle, IL) — a recognized leader in risk management. To learn more about available coverage — and to get valuable tools, facts and statistics — visit www.tncrrg.org .

BASES COVERED? NOT SO FAST One day, Anne was dropping off an elderly couple who no longer owned a car. She pulled into their driveway, but not very far; they indicated they were happy to get out and walk up the rest of the way to their front porch via the curved entry walk that connected the porch to the driveway. 6

CHURCH EXECUTIVE • N E V E R A G A I N

churchexecutive.com

NEVER AGAIN Presented by: The National Catholic Risk Retention Group, Inc.

BOARD DUTY is serious business!

Before saying yes, be sure you understand the duties — and how to abide by them. If not, you and your ministry could pay a high price. By Michael J. Bemi People of faith are frequently mission-driven and ministerially THE DUTY OF FIDELITY oriented. For many of these, volunteering is often considered more This duty demands that directors always function in a manner that privilege than obligation. remains faithful to the mission of the Church and the board’s specific When such folks have managerial or leadership experience, or when ministry, and also that is consistent with and obedient to the Articles of they possess special expertise or have Incorporation, Bylaws and other legal received professional education and documents associated with the board. training, it is not uncommon that It is paramount to understand “It is paramount to understand they volunteer to serve the Church that even when the Church agrees that even when the Church agrees via board membership and activity. to indemnify directors of boards to indemnify directors of boards to to the maximum extent allowed It is critically important to recognize, however, that even the maximum extent allowed by law, directors remain personally highly educated, skilled and by law, directors remain liable for their actions that breach experienced people do not board duties. This is primarily why personally liable for necessarily understand what Directors’ & Officers’ insurance their actions that breach board service entails and requires coverage exists. An example of an board duties.” of them. The consequences of actual breach should help drive the such ignorance can be very costly point home. to the ministries of the Church, THE MISDIRECTED BEQUEST and also to the individual An international mission society directors themselves. This is because statutes and legal precedents in all jurisdictions board was ecstatic when informed of a very large, high-six-figure bequest impose several legal duties upon directors of boards. These duties are: left by a gentleman who had always admired the Christian outreach and 1) the duty of care (sometimes referred to as the duty of due diligence); 2) service provided to impoverished and disadvantaged people served by the duty of loyalty; and 3) the duty of fidelity (also known as the duty of the society’s African missions. However, the society’s board noted that the African missions were currently well-funded and resourced, so the obedience). Let’s examine each in turn. decision was made to divert the funds to the Asian missions, ignoring THE DUTY OF CARE the fact that the legal bequest was earmarked solely and specifically for This duty demands that directors always act in good faith, in a manner African ministry use. that the director reasonably believes to be in the best interests of the Sometime thereafter, the deceased gentleman’s children — who were Church (or specific ministry of the Church). This requires that directors not people of great faith and religious devotion — asked for evidence of how attend all board meetings and all committee meetings that they might be the funds had been put to use. When they learned that the funds had been involved with; that they read and review board materials and are prepared directed in conscious violation of the legal bequest, they demanded that the to participate in meeting deliberations via their questions, comments and money be returned to African ministry use. Sadly, the money had already vote; and that they seek and pursue further education on complex matters been spent. The children then sued. After negotiating a partial recovery before the board. with the insurance carrier (which could have denied the claim as an THE DUTY OF LOYALTY intentional breach) and including legal defense costs, the society ended up This duty demands that directors serve with undivided loyalty and with an actual net expense roughly half the amount of the original bequest. attention to the interests of the Church and the stakeholders of the The cautionary moral is: If you intend to serve on a board, fully specific ministry; that they scrupulously avoid conflicts of interest; understand what your duties are, and then faithfully and diligently abide by and that they never disclose confidential information regarding them. Otherwise, your ministry — and you — might pay a high price! undertakings of the board. Michael J. Bemi is president & CEO of The National Catholic Risk Retention Group, Inc. (Lisle, IL) — a recognized leader in risk management. To learn more about available coverage — and to get valuable tools, facts and statistics — visit www.tncrrg.org .

churchexecutive.com

N E V E R A G A I N • CHURCH EXECUTIVE

NEVER AGAIN

‘HEADS UP’ SAFETY — a paramount concern

The Christian high school had much to be proud of: a history of academic excellence; a great reputation for community service; and also, as a much respected perennial contender for state football champion. By Michael J. Bemi Critically, the school’s head injury prevention and care program was in many regards enviable and a model to be emulated. For example, this high school invested in only the finest athletic equipment and ensured that all equipment was certified to meet the safety standards promulgated by the National Organization for Care and Safety of Athletic Equipment (NOCSAE). Further, an excellent Concussion Management Protocol (CMP) was in place and enforced. The school employed a certified athletic trainer and engaged a board-certified sports medicine specialist as school physician. All coaches, physical education teachers, the certified athletic trainer and the school nurse were trained on concussion management and care, and each repeated this training every two years. Prior to the beginning of each season, every student athlete participating in contact sports had to be evaluated via a baseline Standardized Concussion Assessment Tool (SCAT) or Impact Assessment Tool. Parents were given materials to educate them on the issue of head injuries / concussion and were required to sign a document each season acknowledging the inherent risks of contact sports and authorizing their child to participate. The certified athletic trainer was required to be present for all training, practice and actual events, and arrangements were made for an emergency care vehicle / team to be present at all games, even though state law did not require this. Finally, when an injury did occur, the school employed the Zurich Progressive Exertion Protocol as a minimum return to activity plan, plus insisted that the student’s personal physician approve in writing the return to activity. The high school’s star (and All State) wide receiver experienced a concussion following a hit early in the season. Employing the CMP, he was immediately assessed by the certified athletic trainer and coaching staff and pulled from the game. He was restricted from training, practice or play until his personal physician released him to resume activity. Ten days later, he returned to practice. The following weekend, he started the game and played well. In the third quarter, he was blind-sided in a vicious hit. He walked to the sideline and immediately collapsed. He then experienced a rare, frequently fatal (and medically controversial) phenomenon referred to as Second Impact Syndrome (SIS), in which the brain cannot control its blood volume, leading to cerebral hemorrhaging and possible herniation — with devastating results. He received immediate emergency care, due to the presence of the pre-arranged emergency vehicle / team, but he nevertheless suffered massive brain trauma with resultant life-long, very major physical and cognitive deficiencies.

CHURCH EXECUTIVE • N E V E R A G A I N

COULD ANYTHING ELSE HAVE BEEN DONE? Yes, according to the post-incident investigation and analysis, several additional preventive measures could have been taken. For example, interviews with fellow players indicated that several had noticed during practice that week that the young star seemed at times disoriented and confused. They simply attributed this to him being “rusty” after missing a week’s practice and a Friday night game. The school should have required all athletes participating in contact sports to be educated on the signs / symptoms of concussion. Also, the school’s CMP suggested — but didn’t require — performance of a new SCAT assessment before return to practice and play. The suggestion in the protocol should have been a requirement. Finally, the school failed to wait for their physician specialist’s assessment of the personal physician’s release report, with which the specialist, in fact, took issue. The school medical specialist should be the source of final approval for return to training, practice and play. Most schools value the benefits of physical activity and athletic participation. They need to remember that when it comes to head injury prevention — whether on the field or the playground — you can never do too much. Michael J. Bemi is president & CEO of The National Catholic Risk Retention Group, Inc. (Lisle, IL) — a recognized leader in risk management. To learn more about available coverage — and to get valuable tools, facts and statistics — visit www.tncrrg.org . churchexecutive.com

NEVER AGAIN

APPROPRIATE BOUNDARIES FOR A HEALTHY RELATIONSHIP WITH CHILDREN With ongoing concerns of child sexual abuse, discomfort often exists when considering acceptable physical boundaries when encountering children in our roles within a church ministry. We frequently ask ourselves questions such as, “What’s an acceptable way to show affection to youth in my care?” or “How should I react if a child runs up for a hug?” These are important questions, because boundaries promote a lifetime of healthy relationships. By Patricia L. Neal How do we define boundaries? Until someone “crosses the line,” we tend not to give much thought to personal boundaries. Have you ever been in a situation where you are speaking with an individual and they begin to crowd your personal space, and you realize that you continue to back up until you are in a completely different area in the room? This is an example of your reaction to a violation of the physical boundary of personal space. Boundaries are defined as the limits that define one person as separate from another person, and physical boundaries are the limits established in our physical interactions — such as physically touching someone. Appropriate boundaries promote and preserve personal integrity, and give each person a clear sense of “self” and a framework for how to function in relation to others and thrive in those situations. Boundaries bring order to our lives and empower each of us to determine how others will interact with us. How do we incorporate healthy physical boundaries? Various types of boundaries exist, with physical boundaries being an important type to use when interacting with youth. To help incorporate healthy boundaries in our relationships with children, the “PAN” acronym is a great way to measure if our behavior is appropriate and transparent. PAN is outlined as behavior that is: • Public • Appropriate • Non-Sexual in nature By paying attention to our own physical behavior, as well as that of other adults, we will expand the boundaries of our safe environment and serve as role models for others. What are additional best practices to foster and maintain healthy physical boundaries? In understanding appropriate touch, it is best to have guidelines for what is acceptable within any situation. A responsible approach is to establish standards or criteria for physical contact that allows an adult to assess any situation and act appropriately — perhaps through a code of conduct at your location, an overarching policy, and even safe environment training. The following basic questions can help us determine “best practices” in any situation: • Could the contact condition the child to accept behavior that is more intimate than they might otherwise accept? churchexecutive.com

• Could the contact condition the community to accept behavior between children, young people and ministers that the community might otherwise find uncomfortable or too familiar? • Does the contact display appropriate forms of communication? Understanding appropriate contact will help adults find ways to nurture the children and young people in their care without compromising anyone. Some general examples of appropriate physical contact include: • K neeling / bending down for loose hugs with younger children; side hugs for older children • Pats on the head for small children; high-fives and pats on the shoulder or upper back for older children • Holding hands while walking with small children • Shaking hands as a greeting. Teaching boundary safety is only one part of an overall best practice solution for protecting children from child sexual abuse and creating healthy relationships. The more time we devote to understanding boundaries, the more capable we are in responding appropriately to unhealthy situations. It is imperative to have the tools to create a safer environment, and understanding appropriate physical boundaries is an important part of the overall solution. Patricia L. Neal is national Director of the VIRTUS Programs, NCS Risk Services, LLC, in Tulsa, OK www.virtus.org . The VIRTUS Programs are highly recognized in providing educational materials and training for the prevention of child sexual abuse and abuse against vulnerable adults. N E V E R A G A I N • CHURCH EXECUTIVE

NEVER AGAIN

POLICIES AND PARAMETERS How to protect your church before tragedy strikes By Crispin Ketelhut A church decided to hire a coach from the congregation for its intramural sports league’s youth softball team. It conducted an extensive screening process with professional background checks, an application process, reference checks and two face-to-face panel interviews. Once hired, the coach was provided with an unmonitored smart phone and left to conduct his coaching and communications as he saw fit. Since his position description encouraged him to use social media to reach out to youth, he immediately began to “friend” the congregation’s teens using his personal social media accounts. A year after he was hired, Lena, one of the 15-year-old girls on the softball team, was hospitalized for attempted suicide. Her mother reviewed Lena’s cell phone and found dozens of “sexts” and naked images sent between Lena and the coach. She also discovered cyber-harassment from the coach via private messages on Lena’s social media accounts, threatening that he’d anonymously publish Lena’s nude photos for the whole church to see. Lena’s suicide attempt was an extreme coping response to the cyberharassment and bullying from the coach. Eventually, Lena’s mother sued the church for negligence, stating it was responsible and subsequently negligent in monitoring its employee and his technology devices — and that Lena’s physical, psychological and emotional trauma was entirely preventable. Didn’t the church do everything possible to prevent the possibility of risk? Imagine a well-cared for, impenetrable fence designed to keep vermin out of a prosperous, highly visited vineyard — an excellent way to ensure protection from pests. Now envision a gatehouse attached to the fence where guests must go through access-control procedures. However, once inside, near the fruit, there aren’t any rules to stipulate proper behavior. Comparably, it wasn’t what occurred during the hiring process that put the children and church at risk; it was what didn’t occur after. Even though prior due diligence was performed, rules were never established prescribing conduct and policies weren’t written — nor were acknowledgement receipts signed and kept on file. The coach had sole, unfettered access to the youth via the Internet in intrinsically private electronic communications, without oversight or monitoring. What should the church have done? To protect not only the youth within their care, but also its reputation and financial assets, the church should also have established the following policies, including but not limited to: • A written policy with definitions and parameters to foster accountability, outline specific behavior, delineate ministry timeframes, etc., for each method of communication, including all social networking sites / applications. • Safe-environment training. Employees / volunteers must be held to the same standard, with training on the reality of abuse, appropriate behavior, 10

CHURCH EXECUTIVE • N E V E R A G A I N

“[I]t wasn’t what occurred during the hiring process that put the children and church at risk; it was what didn’t occur after.” expectations, warning signs and communicating concerns. This helps the church take preventative measures in reducing the instances of risk and also be proactive in addressing a problem. • Checks and balances. Every social media account representing a church ministry needs monitoring to include oversight from multiple, unrelated adults with password access who regularly review messages and content. Under no circumstances should private accounts be used for ministry purposes, and no adult should “friend” or contact individual students from a personal account. • Permission slips denote what forms of communication are preferred by the parents when communicating with their children. Hard lesson learned Churches can’t always prevent bad situations. But, we can at least create a safer environment where, ultimately, risk is lessened because acceptable behavior and expectations are clearly stated, and there’s less opportunity for grooming / bad actions to occur. And if they do occur, we know how to respond because of safe-environment training. As representatives of church communities, we have a responsibility to protect the vulnerable among us before we can foster ministry. Creating safe environment policies — and following up on them — is an important step in risk control. It’s a whole lot easier to prevent issues than to have to deal with violations and terrible consequences once they occur. Don’t learn this the hard way; protect your church and congregation before tragedy strikes. Crispin Ketelhut is the national Associate Director of the VIRTUS Programs, NCS Risk Services, LLC. The VIRTUS Programs are highly recognized in providing educational materials / training for the prevention of child abuse and risk management. For training options and sample policies, visit www.virtus.org. churchexecutive.com

NEVER AGAIN

The cost of ‘knowledge’ in the Information Age By Michael J. Bemi

The synod headquarters office — being a central repository of a great deal of sensitive information — had taken security very seriously, in every possible regard. The synod building itself was accessible only via secured passkeys issued only to employees — never to contractors or guests — and the use of which was monitored and registered, so that a computer log was maintained which could be referenced to determine whenever an employee entered or exited the building and who that employee was. Guests were required to log in and log out and were given guest IDs that had to be visibly attached to clothing and returned for log entry at the time of guest departure. All entry / exit points were monitored by closed-circuit television, which recorded tapes for later review by building security. The building also employed a central station smoke / heat / fire and burglar alarm system. Archival storage areas in the building were accessible by a very limited group of employees, and the storage cabinets and containers for files, tapes, records, discs, etc., were themselves constructed to be highly fire-resistant, and all were continuously kept locked. This level and quality of attention to detail was also reflected in the information technology / digital realm. IT Department access and synod server access were stringently controlled. An internet service provider (IPS) was selected not only for its available download / upload data transmission speeds and capacities, but also for its data security measures (external to the synod’s measures). The synod IT system was protected by hardware and software firewalls. The system also employed three different anti-malware (anti-virus, spyware, adware, etc.) products which the IT Department configured to be updated automatically on all synod servers, desktops and laptops and which were also configured to automatically run scans daily. The few laptops, tablets and peripheral devices which were allowed to be taken out of synod headquarters were all encrypted. An excellent policy and related protocols were distributed to every employee regarding their privileges and obligations in relation to the synod system and its devices, plus employees’ use of their own electronic devices for work purposes (part of the synod Bring Your Own Device to Work, or BYOD, protocol). By most all conceivable measures, the synod had done everything possible to protect and secure the sensitive personal information which it produced and maintained on employees, volunteers and church members themselves. churchexecutive.com

So, what went wrong? One such critically sensitive set of information was the background screening check data developed in relation to the synod’s very robust safe environment program, for the protection of children and other vulnerable individuals. Apart from any actual criminal history reported, this information contained other highly sensitive personal information, such as social security numbers. Unfortunately, one day a highly regarded and long-standing employee was duped by a quite excellently crafted “phishing” email that essentially duplicated the appearance of the website of the synod’s primary banking partner. Clicking on a link that would supposedly redirect the employee to bank personnel that could address and resolve a serious issue, the employee inadvertently loaded malware onto the synod system, which allowed hackers to breach system security and harvest a huge amount of personally identifiable information (PII) stored on the servers. Worse yet, the breach was not discovered until well after its initial occurrence. The costs to the synod of crisis management for credit monitoring, forensic investigation, repair of public relations damage — and still possible third-party lawsuits — has been very significant and remains as yet incalculable in total. What the synod overlooked It should have had an education program for employees helping them to recognize and avoid “phishing” and other systems-related scams. It should have encrypted all of the most sensitive data it kept. It should have employed some nature of continuous system monitoring to “flag” system anomalies. And, it might also have considered using an outside firm to perform occasional penetration testing and threat assessment. Michael J. Bemi is president & CEO of The National Catholic Risk Retention Group, Inc. (Lisle, IL) — a recognized leader in risk management. To learn more about available coverage — and to get valuable tools, facts and statistics — visit www.tncrrg.org.

N E V E R A G A I N • CHURCH EXECUTIVE

NEVER AGAIN

Balancing religious freedom & employment rights By Michael J. Bemi The young woman had been a mathematics teacher at the churchrelated high school for more than seven years. She was beloved by her students; they praised her ability to convey difficult concepts in an accessible, clear and engaging style. The school board awarded her ‘teacher of the year’ status three times for her demonstrated skill at helping many students overcome their fear of mathematics, and for creating a positive learning environment around a topic often dreaded by many students. Parents were regularly vocal about what an outstanding role model she was to her students. It was no secret to the principal and most of the other teachers that this young woman sought to start a family, and that she and her husband were having great difficulty conceiving a child. Further, the teacher informed her principal that she and her husband had finally decided to engage a fertility expert and to pursue in vitro fertilization. They felt strongly that they’d tried everything else and were left with only this remaining alternative. The principal — herself known for being very understanding and compassionate — acknowledged the young woman’s intentions. She simply advised the young teacher to “keep the matter between the two of us,” as in vitro fertilization was inconsistent with the sponsoring Church body’s doctrine and in conflict with the ‘religious doctrines clause’ in the teacher’s contract. Several months later, the young teacher became pregnant. At a holiday weekend faculty get-together, her husband “let it slip” to another teacher that the pregnancy was the result of in vitro fertilization. That teacher reported this to the parish pastor, who instructed the principal to fire the young woman for violation of the ‘religious doctrines cause’ in her contract. The young woman consequently sued for pregnancy discrimination, violation of gender-neutrality requirements, and emotional anguish and distress. The parish and high school countersued for breach of contract and also asserted the ministerial exception. The fallout — and its outcome It’s important here to note that this incident caused tremendous strife and discontent within the parish, the high school, and even the broader 12

CHURCH EXECUTIVE • N E V E R A G A I N

community. Parents and students rallied to the teacher’s defense. People wondered aloud how it could possibly be doctrinal to treat such a fine and admirable young couple in what appeared to be such a patently unChristian fashion. Students threatened class boycotts. The principal herself suggested that she should resign, though the community supported her virtually unanimously; even the pastor had forgiven her “oversight.” The trial court rejected the ministerial exception motion — which, if allowed, would have prevented the court from accepting and hearing the case lest it infringe upon matters of ecclesiastical governance in violation of the First Amendment’s Establishment and Free Exercise clauses. It did so, because the teacher was not an ordained or commissioned minister; she had not received any special religious, theological or doctrinal training; she was never titled or described as a minister or anything similar; and she exclusively taught secular mathematic concepts and principles. Upon later argument, the court noted that the teacher’s contract did not explicitly define doctrinal strictures, nor did the hiring process provide information that would do so for an applicant. Both parties agreed that the principal’s actions appeared to condone or even approve of the teacher’s actions, or at least, created ambiguity for the teacher. Finally, discovery showed that a male teacher — who had used in vitro fertilization with his wife — was not similarly terminated. The parish and high school lost the case and paid a very costly judgement. What might you do to prevent a similar result? First, understand that religious freedom protections are very broad, but not a “silver bullet” in every discrimination or breach of contract action. Next, employee handbook and contract strictures should be very clear; discussed with applicants; and acknowledged in writing by applicants. Finally, employment decisions must be consistently enforced and always gender-neutral. Michael J. Bemi is president & CEO of The National Catholic Risk Retention Group, Inc. (Lisle, IL) — a recognized leader in risk management. To learn more about available coverage — and to get valuable tools, facts and statistics — visit www.tncrrg.org

churchexecutive.com