1. Do board members have responsibilities related to compliance?
Yes, it’s well established that board members have responsibilities related to the organization’s compliance program. Several credible sources illustrate the important relationship of the board and the compliance program and highlight an individual director’s potential liability:
– A landmark case found that directors are potentially liable for a breach of duty to exercise appropriate attention if they knew or should have known that employees were violating the law, declined to make a good faith effort to prevent the violation, and the lack of action was the proximate cause of damages. Effectively, oversight responsibilities extend to compliance programs and failure to provide adequate oversight can render a director liable for losses caused by non-compliance.
–The Yates Memo sets forth individual accountability for corporate wrongdoing and recognizes individual accountability. The focus is on holding individuals responsible for corporate misconduct and highlights enforcement priorities.
– In 2016 following a corporate resolution, the former CEO of Tuomey Healthcare settled his own liability for $1 million and agreed to a four-year period of exclusion from participating in federal health care programs.
-The Office of Inspector General provides references for board members with Corporate Integrity Agreements and helpful reference documents that include Practical Guidance for Boards on Compliance Oversight.
2. Should compliance officers report directly to the board?
We know that the board must ensure that the compliance program operate in practice and not simply exist on paper, so it’s necessary to have a process that ensures appropriate access to information. Structures vary among organizations, but generally it’s a good idea to establish a direct reporting relationship between the company’s Chief Compliance Officer and the board.
Effective board oversight includes asking the right questions of management to determine that there are mechanisms in place to ensure timely reporting of suspected violations and to evaluate and implement remedial measures. Ideally, a risk-based reporting system, is used by those responsible for the compliance function to provide reports to the board on a regular basis. Fortunately, there are tools available to track and identify areas of compliance concern in an efficient manner.
Regular meetings and reviews that provide a board with overall compliance insight should lead to better results. A 2018 survey shows that compliance officers meeting with the board more than four times per year is the norm.
3. How can board members mitigate risk and avoid liability?
Every board is responsible for ensuring that its organization complies with laws and regulations. Obviously, this is necessary to protect patients and public funds. A growing awareness of potential individual liability and the relationship between the board and the compliance officer highlights the need for an effective compliance program. Exercising oversight and monitoring of the organization’s compliance program is essential to corporate governance. And a director who acts in good faith may not be held liable for bad outcomes. Follow these tips to detect non-compliance early and mitigate your risk:
- Follow OIG guidance and implement a robust compliance program
- Take steps to educate and inform board members about compliance
- Keep an eye out for risk areas and red flags and respond appropriately
- Stay engaged and communicate with management and the compliance officer