Is Your Compliance Program Effective?
Having a compliance program in place is a start but having an effective compliance program is the goal. Proactively assessing the effectiveness of one’s own compliance program is better than the Department of Justice making a determination of the adequacy as a result of an investigation for alleged misconduct.
To set benchmarks for an effective compliance program, a full-time compliance expert, Hui Chen has recently been appointed to the Fraud section of the DOJ. Her extensive background is in corporate compliance specifically in information technology, pharmaceutical and the banking industries. Assistant Attorney General Leslie R. Caldwell revealed this new position in a speech for the Securities Industry and Financial Markets Association underscoring that “hiring of a compliance counsel should be an indication to companies about just how seriously we take compliance.”
Due to the reduced amount of healthcare fraud recovery in 2015, some may think there is less of a concern for a compliance investigation now compared to the last few years. On the contrary, this drop is not due to fewer fraud investigations but is likely due to the lowest number of large pharmaceutical industry settlements and also the lack of government involvement in whistleblowers cases. According to Jennifer Weaver, Esq. (Modern Healthcare Schencker Dec 2015), the overall number of healthcare fraud cases is not decreasing, “the recoveries are still high and there’s still a real focus at the Department of Justice on these cases.”
Prior and ongoing efforts to detect and deter wrongdoing with the company will be considered throughout an investigation, likely impacting fines and penalties. In Caldwell’s speech, Chen’s new position will determine “whether the compliance program truly is thoughtfully designed and sufficiently resourced to address the company’s compliance risks, or essentially window dressing.”
In the case of a Corporate Integrity Agreement, the DOJ Fraud section will routinely monitor the company’s compliance efforts to assess if benchmarks are being met. The DOJ recognizes that there is no need to place “unrealistic unnecessary or unduly burdensome” requirements on a company with limited resources that may be ultimately detrimental. That being said, this does not eliminate the need for instituting an effective compliance program. Although the DOJ will evaluate each program on a case –by- case basis, here are a few metrics they highlighted as part of their assessment of an effective compliance program:
- Does the institution ensure that its directors and senior managers provide strong, explicit and visible support for its corporate compliance policies?
- Do the people who are responsible for compliance have stature within the company? Do compliance teams get adequate funding and access to necessary resources? Of course, we won’t expect that a smaller company has the same compliance resources as a Fortune-50 company.
- Are the institution’s compliance policies clear and in writing? Are they easily understood by employees? Are the policies translated into languages spoken by the company’s employees?
- Does the institution ensure that its compliance policies are effectively communicated to all employees? Are its written policies easy for employees to find? Do employees have repeated training, which should include direction regarding what to do or with whom to consult when issues arise?
- Does the institution review its policies and practices to keep them up to date with evolving risks and circumstances?
- Are there mechanisms to enforce compliance policies? Those include both incentivizing good compliance and disciplining violations. Is discipline even handed? The department does not look favorably on situations in which low-level employees who may have engaged in misconduct are terminated, but the more senior people who either directed or deliberately turned a blind eye to the conduct suffer no consequences. Such action sends the wrong message – to other employees, to the market and to the government – about the institution’s commitment to compliance.
- Does the institution sensitize third parties like vendors, agents or consultants to the company’s expectation that its partners are also serious about compliance? This means more than including boilerplate language in a contract. It means taking action – including termination of a business relationship – if a partner demonstrates a lack of respect for laws and policies. And that attitude toward partner compliance must exist regardless of geographic location.