Compliance Perspectives

By Adam Turteltaub What do we do with ESG? Is it a part of compliance? Something different? How do we handle it? Renee Murphy, Distinguished Evangelist at Diligent argues in this podcast that while there are compliance aspects to ESG, it is best to quickly make it a part of operations and under the general risk management structure. Of the three elements of ESG, it is the environmental sustainability side, she believes, that will be the most challenging. With new requirements for organizations to report on their fossil footprint, companies are being forced to march into unexplored territory. As a result, they will need to evolve their process, which, she believes, will become easier as management comes to understand the balance sheet implications. Listen in to learn more about what is happening with ESG, and what compliance teams need to know.

By Adam Turteltaub Healthcare enforcement is never quiet. There’s always something, or many things, going on, and compliance teams need to stay on top of the trends to ensure that their programs are staying ahead of the risks. To find out where things are today, we spoke with Ronald Chapman II, author of the book Unraveling Federal Investigations, defense attorney with Chapman Law Group and president of Chapman Consulting Group. In this podcast he identifies several areas of intense enforcement activity: Drug testing labs are under scrutiny, particularly around the number of panels and reflex testing Telemedicine continues to be a hot area as well Venture capital firms are entering healthcare and/or deepening their investment, often with complex payment arrangements and without sufficient antikickback review Aggressive telemarking in the durable medical equipment space persists Credentialing issues, especially for smaller entities, are resulting in non-payments and fraud allegations On the crim

By Adam Turteltaub Creating the right corporate culture is an idea that’s sacrosanct in the field of compliance and ethics. The folks at Gartner, though, are challenging that belief. In this podcast Chris Audet, Vice President and Chief of Research for General Counsels and Chief Compliance Officers, tells us that their newly released report finds that focusing on key quality measures in the compliance program may be more important. The firm reached the conclusion after surveying over 1000 employees about the situations that lead to employee noncompliance. To quote from the press release, “In the survey, 87% of respondents said they faced situations where they didn’t know how to comply in the last 12 months, followed by 77% of respondents who experienced situations of rationalization and 40% experiencing situations of malice.” Improved quality standards – the design and accessibility of policies, training and so forth – had much more of an effect on reducing uncertainty than culture did. As he notes, when

By Adam Turteltaub There’s no General Data Protection Regulation (GDPR) in the US. Absent a comprehensive, national privacy law, states have stepped in to fill the gap. As Adam Greene (LinkedIn), Partner at Davis Wright Tremaine explains in this podcast, that’s creating some complications. The California Consumer Privacy Act (CCPA) already differs from subsequent laws in several states which use language reminiscent of the GDPR. And while there are many similarities, some differences are substantial. For example, some state laws are targeted at businesses, not non-profits. That’s an important distinction for healthcare with so many non-profit institutions. Perhaps the greatest challenge for organizations is figuring out which standard to follow, if any. Do they take a state-by-state approach, or one national approach based on the toughest state laws? Whatever the choice, it’s important to determine what data you have since there may be limits on collection and a requirement to share that data with consumer

By Adam Turteltaub For as much as there is talk about the force of the US Foreign Corrupt Practices Act (FCPA), the impact of the OECD’s anticorruption efforts deserves a great deal of credit. By encouraging laws against foreign bribery, anticorruption compliance efforts, and grading the work of the countries who are parties to their Antibribery Convention, the OECD continue to raise the bar. In Australia, the OECD’s push for more resources for small and medium enterprises (SMEs) seeking to avoid corruption led to the creation of the Bribery Prevention Network, explains Dan Wilcock (contact), Head of Sustainability Governance for the UN Global Compact Network Australia and Manager of the Bribery Prevention Network. This public-private partnership was born out of the work of more than thirty organizations working collaboratively. The end product is a robust online hub filled with practical resources on topics such as anticorruption programs and conducting risk assessments. The Network also facilitates shari

By Adam Turteltaub Best known as The FCPA Professor, Mike Koehler argues that that many people have it all wrong when it comes to enforcement of the Foreign Corrupt Practices Act (FCPA). Citing historical data he argues that there is not, contrary to popular opinion, a slow down in enforcement of the FCPA. The pace of roughly 12-13 resolutions per year has continued. In fact, the three resolutions in the first quarter of 2024, he notes, puts it on track to continue the trend. How do compliance teams get management attention to FCPA enforcement? He recommends against just focusing on the likely price of the settlement. Instead, outline all the costs. Those start with the multiple years before the resolution when the costs of legal, accounting and other fees may be as much as twice the resolution. Then, point to the eighteen months or so after the settlement when the organization will be under ongoing scrutiny, likely at a substantial cost. All of this, of course, is in addition to the diminished productivi

By Adam Turteltaub Jessica Zeff (LinkedIn) loves government audits. I know, it’s hard to believe, given the dread they inspire. But, the founder and lead consultant of Simply Compliance makes a very good case in this podcast that audits can be much better than people expect and actually helpful for the compliance program. How is this possible?  She argues strongly that, given the inevitability of an eventual audit, compliance teams should prepare for them on an ongoing basis rather than just when the audit notification arrives in the mail. By assessing what data an auditor might need, what gaps they may find, and what concerns they may have, compliance teams can complement their risk assessment process and have a better handle on where they should be focusing their efforts. As importantly, having this information handy can be helpful during the audit. Not only does it reduce last minute rushing to prepare, it enables the team to tell auditors their story in a way that shows the organization is doing the ri

By Adam Turteltaub Integrity is like peace, love and brotherhood.  We’re all for it, but when it comes to practicing it, that’s when the challenges start. Paul Fiorelli hopes to change that. The Director, Cintas Institute for Business Ethics at Xavier University has just written a new book: Establishing Workplace Integrity. In it, Paul addresses six lessons in values-based leadership. To benefit from some of his long-established and well-recognized expertise we asked him to join us for this podcast. He discusses the importance, of values-based leadership. He also cites six factors that lead people into unethical or non-compliant behavior: Pressure to perform Going down a slippery slope Rationalization Groupthink Altruism (violating the law to help the company) Greed One or several of them are at play when wrongdoing occurs. So what makes for success and helps to prevent wrongdoing? He makes an argument for SMART goals: specific, measurable, attainable, relevant and time-based. Listen in to

By Adam Turteltaub What makes for an effective compliance program, not just from a legal perspective but from a practical one? Getting that answer, and sharing it is the focus of the LRN 2024 Ethics & Compliance Program Effectiveness Report To learn what it contains we sat down with Meredith Hunt (LinkedIn), Ethics and Compliance Specialist at LRN. In this podcast she shared that more effective programs are focused on values rather than rules, and underscore the importance of ethical culture. They are also taking a risk-based approach. Their research also revealed the importance of adapting to the current business environment. With employees working remotely has come a change in how they gather information. The code of conduct, policies and procedures have to be accessible wherever workers are. Within the compliance program’s internal operations, effective programs, they report, are focusing more on data and metrics, looking for the data that show where the program is and isn’t working, and enabling conti

By Adam Turteltaub The 340B Drug Pricing Program was created to protect safety net hospitals from rising drug prices. It allows them to purchase outpatient drugs, and pharma companies to sell those drugs, at a discount. In this podcast, Jason Reddish (LinkedIn), Principal and Mark Ogunsusi (LinkedIn), Associate, at Powers Pyles Sutter & Verville provide an overview of the program and the compliance requirements. They are also two of the authors of the chapter “Pharmacy:  340B Drug Pricing Program” in the Complete Healthcare Compliance Manual. The 340B program helps hospitals that are the last line of defense for underserved communities, including those with a large percentage of Medicaid patients. Often, they are the only hospital around in rural areas. Also helped by the program are federal grantees such as Ryan White clinics and those providing treatment for STDs. The program dictates which entities can buy discounted drugs and have very specific requirements including two very important ones. First, th

By Adam Turteltaub Currently on hold due to pending court challenges, the SEC’s rules to standardize climate-related disclosures created a fire storm of controversy and comments when first proposed. The final rules (assuming the courts sides with the SEC), explains Laura Ann Smith and Judy Mayo of the communications firm Labrador (LinkedIn), reflected strong industry pushback, easing the burden on some 4000 filers. Nonetheless, there are serious demands on industry. To quote from the SEC press release, registrants will be required to disclose: Climate-related risks that have had or are reasonably likely to have a material impact on the registrant’s business strategy, results of operations, or financial condition; The actual and potential material impacts of any identified climate-related risks on the registrant’s strategy, business model, and outlook; If, as part of its strategy, a registrant has undertaken activities to mitigate or adapt to a material climate-related risk, a quantitative and qualit

By Adam Turteltaub It used to be that tracking email usage was considered tough. These days the workforce is also communicating via text, WeChat, Slack and countless other channels both internally and externally. That can be a total nightmare since prosecutors want access to all those conversations. What makes things harder is that employees may be resistant, feeling that the communications they have on their phone, especially in organizations with a Bring Your Own Device (BYOD) policy, is private. The employee owns the phone, not the company. Eddie Green (LinkedIn), CEO of SnippetSentry advises companies get their heads around this problem. Digital compliance is broadening out from the investment community to pharma and elsewhere. To manage the issue, some companies are now scrapping BYOD policies and making it clear that all work communications need to go on work-owned devices. They are also looking for solutions which enable employees to communicate in familiar ways, but with the tracking that logs all

By Adam Turteltaub In January 2024 the US Attorney’s Office for the Southern District of New York (SDNY) set a shockwave through the business world by announcing a new whistleblower pilot program. To understand what the policy says and what it likely means for compliance programs, we spoke with Todd Haugh (LinkedIn), Associate Professor of Business Law and Ethics, Arthur M. Weimer Faculty Fellow in Business Law at the Kelley School of Business at Indiana University. Under the policy, he explains, individuals who have participated in a fraud may be eligible for a non-prosecution agreement, if the individual meets three key criteria: They provide information that is not previously known to prosecutors and is produced voluntarily, not subsequent, say, to an arrest. The information is full, substantial and truthful. The individual is not otherwise disqualified, such as serving as a government official or the CEO or CFO of the company. Given the incentives already in place for companies to self-report wr

By Adam Turteltaub In late 2023, The Office of Inspector General (OIG) at the Department of Health and Human Services issued its new General Compliance Program Guidance. In this podcast, David Schumacher, Partner and Co-Chair of the Fraud & Abuse Practice at Hooper Lundy & Bookman explains that this document is both evolutionary and revolutionary. For years the OIG’s office had been offering guidance through the Federal Register. To make that information more accessible it moved it online, consolidated the information, added interactive features and created a much richer resource which makes it both easier for compliance teams to understand the OIG’s expectations and more difficult for some to claim that they were unaware of the rules. The changes, though, are more than just the media used to communicate OIG expectations. The document demonstrates both the ongoing expectations by OIG for robust compliance programs and communicates changes in focus. For one, it reveals an enhanced emphasis on quality issues

By Adam Turteltaub Tired of being last to the party and then perceived as a party pooper? There’s a solution to that problem embraced by Dana McMahon, Global Chief Compliance Officer, Head, Privacy & Enterprise Risk at Stryker. She works to have her team embedded in the business unit. It’s a process that begins with getting a seat at the table and being intentional about conversations. From there the relationship evolves into being a consultant on sticky issues and then on to being integrated into decision making and proving yourselves indispensable. The key to the process, she explains, is to show up with a problem-solving mindset. Throughout, the compliance team has to be aware of the needs of the business and its challenges. To solidify compliance’s place takes three things: Adopt a problem-solving approach Tailor your efforts to the most pressing issues Timing: anticipate what the business needs to move forward Listen in to learn more and gain other tips for fully embedding compliance into th

By Adam Turteltaub At the center of managing cyber risk in healthcare sits the Health Sector Coordinating Council Cybersecurity Working Group (LinkedIn). In this podcast, Executive Director Greg Garcia explains that healthcare has been designated as a part of the critical infrastructure, and the council has as its mission to: “identify systemic cybersecurity threats to critical healthcare infrastructure; collaborate on guidance and policies for mitigating those risks; and promote threat preparedness and incident response awareness and activities.” It’s a needed mission. The number of data breaches have soared, and ransomware has emerged as a top threat, crippling the ability of healthcare providers to care for patients. The Council recently released its Health Industry Cybersecurity – Strategic Plan. A five-year plan, it identifies trends, goals and objectives for securing healthcare technology infrastructure. One key goal, in the words of the plan, recognizes that, “A trusted healthcare delivery ecosyste

By Adam Turteltaub The FCPA sure isn’t what it used to be, or is it? While the headline grabbing Foreign Corrupt Practices Act cases are much less frequent than they once were, there is still substantial risk both for individuals and companies, as recent dispositions have shown. To understand where things are we sat down with Markus Funk, partner at Perkins Coie and author of the chapter “Anti-Bribery and Corruption Compliance Programs” in The Complete Compliance and Ethics Manual 2024. He explains that just because there aren’t cases in the news, doesn’t mean all is quiet. There may remain a steady stream of companies self-reporting violations and reaching less-formal agreements with the DOJ. Whatever the trend may be, third parties remain the greatest risk, and the prescription stays the same. You need to know who the third party is and hire them for the right reason: their expertise and track record for success in the right way. Hiring a government official’s cousin to help get the deal remains a very

By Adam Turteltaub Krista Muszak is organized. More importantly, the longtime compliance professional and Senior Manager, Regional Process & Optimization Lead for Pfizer knows how to keep others organized as well. She will be sharing some of this wisdom in Nashville at the 2024 HCCA Compliance Institute in the session “Muda, Mura, Muri to Veni Vidi Vici: Applying Project Management and Process Improvement to Your Compliance Program.”  She also shares a bit of it here in the latest Compliance Perspectives podcast. First, she explains that the title comes from terms used by Toyota to improve the process flow at their plants and eliminate waste. Muda is about eliminating waste and activities that don’t add value. Mura speaks to addressing variability in operations to increase stability and reduce unnecessary variations. Mudi addresses not overloading people and the business with too many asks, such as releasing a round of training at the same time as year-end activities. Embracing these concepts can incre

By Adam Turteltaub When it comes to compliance technology, there are two challenges. First is finding the right solutions to increase your programs effectiveness. Second is securing the resources to acquire and deploy the technology. Parth Chanda, Founder and CEO of Lextegrity, covers both topics in this podcast. When it comes to tech, he explains, you want tools that give you the confidence that your program is effective in practice and not just on paper. You also need to prioritize based on risk, and your organization’s own experience with technology. If the history is short or non-existent, start with something relatively simple such as training or policy management.  Tools that can make it easier for employees to report wrongdoing are also invaluable. To secure the resources you need, he advises making the business case by focusing on the ROI, for example, by showing that investigations can be completed in less time and with less staff. But, as you look at technology, be realistic and recognize that

By Adam Turteltaub Imagine you are at a large company with thousands of suppliers. As a part of the compliance team you need to understand the risk of working with each and every one of them. To do that you may need to understand the ownership structure, where they source materials, where and how they manufacture, and a host of other data about each and every one of them. That’s a daunting task. It’s also one that Jenna Wells, Chief Customer and Product Officer at Supply Wisdom believes is ideally suited for AI. With human supervision it can help with such a large, seemingly impossible undertaking. AI, she argues, can be an effective tool for enabling compliance programs to better understand the risks they face and then focus on the most important ones. To get there, compliance teams need to get a handle on the data that they have that is normally siloed. Look to external sources for regulatory data and emerging legislation, she suggests. At the same time, though, it’s important to understand the limitat