Transcript Roadmap for an Effective Compliance and Ethics Program

Non Profit Board Responsibilities
Effective Compliance Program Oversight
Presented To The Board of Directors of
Your Favorite Hospital
John H. Fisher, II, JD, CHC
Duty As A Director
Oversight of Corporate Compliance Program
Common Law Duty of Care



Includes Duty To Assure Compliance With Laws
Reasonable Care To Assure Systems In Place
Not Responsible For Every Problem That Arises


2
United States Sentencing Guidelines
• United States Sentencing Guidelines (“Guidelines”).
• Effective Compliance Program is a mitigating factor in sentencing.
• 2004 Amendments to the Guidelines set forth specific goals for
Programs.
• 2010 Amendment places more responsibility on the Board.
• The Department of Justice and the SEC measure Programs against
Guidelines’ standards when considering actions.
• Other government agencies use the Guidelines as the principle
benchmark for assessing Programs.
3
Not Only Based On Sentencing
Regulatory Focus On Individuals (Park Doctrine)
OIG Compliance Guidance – Board Responsibility Clear
OIG Public Comments and Articles
Increased Fraud Enforcement
Return On Investment Mentality





4
Regulatory Oversight Duties
5
Duty To Assure Effective Systems




6
In re Caremark International, Inc. Derivative Litigation,
698 A.2d 959 (Del. Ch. 1996)
Established Board obligation to assure information and
reporting systems are in place.
Adequate to assure that appropriate compliance
information will come to the attention of the Board.
Judicial proclamation that the board has an affirmative
obligation to assure that systems are in place to
proactively monitor compliance.
Mandatory Compliance Programs
Affordable Care Act Mandates Compliance Programs
Condition of Participation Under Medicare
Nursing Homes Are First In 2013
Waiting For Regulations On Other Providers
New York State Model
Medicaid Revenues $5 Million or More







7
Already Require Certain Aspects
Impact of 60 Day Repayment Rules
Overpayment Becomes A False Claim



60 Days After Identification
10 Year Look Back
False Claim Penalties


Triple Damage/Up To $11,000 Per Claim
Comment In Proposed Regulations



Expect Proactive Audit
Create System To Identify Risk
Board Responsibility Over Finances

8
This organization will eventually be
required to defend the effectiveness of
it’s compliance program and compliance
efforts.
9
Key Duties of the Board







Assure Program In Place
Everyone Doing Their Job
Process Being Actively Operated
Program Proactive
Board/Compliance Committee Proactive
Adequately Funded
Program Is “Effective”
10
Current Board Recommendations

Obtain Outside Independent Effectiveness Assessment of
Compliance Program





Recommend Law Firm – Control Over Privilege
Authorize Retaining Firm That Is Not Our Regular Counsel –
Independence
Integrate Recommendations Into Next Budget Cycle
Consider Current “Dual Role” Compliance Officer
Structure
Consider Creating Separate Compliance Budget
11
Overview of Effective Compliance Program
Elements
12
7/8 Elements of Compliance








Policies and Procedures
Oversight and Leadership
Education and Training
Auditing and Monitoring
Reporting and Investigating
Enforcement and Discipline
Response and Prevention
Risk Assessment
13
Key Requirements for Program
Board needs to be knowledgeable of and oversee

compliance.

Create a “tone at the top.”

Requires effective organizational structure.

Senior personnel responsible for the Program

Individual responsible for day-to-day operations

Authority and access to the Board.

Adequate resources.

Standards and procedures to achieve compliance.
14
Key Requirements for Program (continued)

Effective compliance training throughout
organization.

Confidential and anonymous disclosure mechanism
(“hotline”).

Incentives to comply with Program.

Consistent disciplinary measures for misconduct.

Risk Assessment drives the Program.

Regularly assess program for effectiveness.
15
Board Duty To Oversee Program
Sentencing Guidelines Require
“The [Board] shall be knowledgeable about the content and
operation of the compliance and ethics program and shall
exercise reasonable oversight with respect to the
implementation and effectiveness of the compliance and ethics
program.” (§8B2.1(b) (2) (A)).
Implementation
 Board Training
 Regular compliance reports to the Board
 Other
16
Tone at the Top
Guidelines Require

Establishment and maintenance of an organizational culture
that “encourages ethical conduct and a commitment to
compliance with the law.” (§8B2.1 (a) (2)).
Implementation

Code of Conduct

Board Statement On Compliance

Organizational Culture
17
Organizational Structure
Sentencing Guidelines Require

High level personnel who have substantial control over the
organization or who have a substantial role in making policy
are responsible for the compliance program. (§ 8B2.1(b) (2)
(B).

Day-to-day operational responsibility for the program
delegated to individuals who report to high level personnel.
Individuals responsible for day-to-day operations must have .
. . appropriate authority and direct access to the governing
authority or an appropriate subgroup of the governing
authority (§8B2.1(b) (2) (C)).
18
Dual Role Compliance Officers




CFO
General Counsel
Problems
 Conflicting ethical responsibilities
 Conflicting roles
 Divided attention
 Resources/Budget
This is an issue to be addressed by the Board.
19
Various Guidance On Dual Role







20
OIG Industry Guidance
Corporate Integrity Agreements
Public Statements
Investigations (Tenet, Pfizer)
Federal Sentencing Guidelines
AHLA Reports
Consultant Reports
Current Organizational Structure
Board
CEO
No Compliance
Committee
No Sr.
Management
Compliance
Officer
Legal Counsel
Compliance
Officer
21
Top Level of Management – CCO
CEO
Legal
Counsel
Board
Compliance
Committee
CFO
CCO
Compliance
Staff
22
Program Must Have Adequate Resources
Guidelines Require
Individuals responsible for day-to-day operations must have
adequate resources . . ..(§8B2.1(b) (2) (C)).
Implementation

Budget From Last Year (included in legal budget)

Recommend Separate Compliance Budget

Based On Annual Work Plan

Recommendations Following Effectiveness Audit
23
Compliance Standards and Procedures
Sentencing Guidelines Require
“The organization shall establish standards and procedures
designed to prevent and detect [misconduct].” (§8B2.1 (b) (1)).
Implementation
Risk Identification Process
Reporting
System
Training
All Elements of Effective Compliance
24
Compliance Training
Guidelines Requirements
“The organization shall take reasonable steps to communicate
periodically and in a practical manner its standards and procedures,
and other aspects of the compliance and ethics program, to [the
Board, high level personnel, substantial authority personnel, the
company’s employees, and as appropriate, the company’s agents]
by conducting effective training programs and otherwise
disseminating information appropriate to such individual’s
respective roles and responsibilities.” (§8B2.1(b) (4) (A)).
25
Compliance Training (continued)
Implementation
•
•
•
•
•
•
26
New Hire Compliance Training
Minimum Annual Compliance Training
Additional Optional Training
Risk Area Related Training
Remedial Training
Divisional/Departmental Training
Hotline
Sentencing Guidelines Require
“The organization shall take reasonable steps---(C) to
have and publicize a system, which may include
mechanisms that allow for anonymity or confidentiality,
whereby the organization’s employees and agents may
report or seek guidance regarding potential or actual
[misconduct] without fear of retaliation.” (8B2.1(b)(5)(C)).
Implementation
27
•
Our Compliance Hotline
•
Leave a Message Option
•
Detailed Complaint Handling Process
Reward and Enforcement - Carrots & Sticks
Sentencing Guidelines Require
“The organization’s compliance and ethics program shall be
promoted and enforced consistently throughout the
organization through (A) appropriate incentives to perform in
accordance with the compliance and ethics program; and (B)
appropriate disciplinary measures for engaging in [misconduct]
and for failing to take reasonable steps to prevent or detect
[misconduct].” (§8B2.1(b)(6)).
Particularly important with regard to senior management who
must set the “tone at the top” and whose performance and
compensation may be considered by the Board.
28
Carrots & Sticks (continued)
Implementation
Compliance is an evaluation factor
Management
Service Line Leaders
Discipline for failing to attend training
Promotion of Program Within Organization
Enterprise-Wide Approach
29
Risk Assessment
Sentencing Guidelines Require
“The organization shall periodically assess the risk of
[misconduct] and shall take appropriate steps to design,
implement, or modify [the Program] to reduce the risk of
[misconduct] identified through this process.” (§8B2.1(c)).
Implementation
Risk identification process
Internal Enterprise-Wide Risk Identification
External Sources for Risk Identification
Risk Scoring and Prioritization
Integrate Into Yearly Work Plan and Budget Process
30
Program Needs to be Kept Effective and Regularly Evaluated
Guidelines Require
“The organization shall take reasonable steps—(A) to ensure that
the organization’s compliance and ethics program is followed,
including monitoring and auditing to detect [misconduct]; and B)
to evaluate periodically the effectiveness of the organization’s
compliance and ethics program.” (§8B2.1 (b) (5) (A&B)).
“After
[misconduct] has been detected, the organization shall take
reasonable steps to respond appropriately to the [misconduct] and
to prevent further similar [misconduct] including making any
necessary modifications to the organization’s compliance and
ethics program.” (§8B2.1 (b) (7)).
31
Program Needs to be Kept Effective and Regularly Evaluated
(continued)
Implementation
Independent Process Evaluation
Gap Analysis
Integrate Into Compliance Work Plan
Integrate Into Budget
32
“A compliance program is never finished; it should
always be a work in progress.”
33
Risk Identification Process
Corrective
Action
Risk
Identification
Risk
Prioritization
Audit Results
Audit Plan
34
Effectiveness Revue Cycle
Program
Structure
Create/Approve
Corrections
Prioritize
Actions
35
Effectiveness
Revue
Identified Gaps
©2012 Ruder Ware, L.L.S.C. Accurate reproduction with
acknowledgment granted. All rights reserved.
This document provides information of a general nature
regarding legislative or other legal developments. None of
the information contained herein is intended as legal advice
or opinion relative to specific matters, facts, situations, or
issues, and additional facts and information or future
developments may affect the subjects addressed.
36
John H. Fisher, II, JD, CHC
Health Care Counsel
Ruder Ware
Wausau and Eau Claire, Wisconsin
[email protected]
37