what is effective compliance
play

WHAT IS EFFECTIVE COMPLIANCE? Darrell Armer & Chris Davis Gray - PowerPoint PPT Presentation

WHAT IS EFFECTIVE COMPLIANCE? Darrell Armer & Chris Davis Gray Reed HFMA Lone Star Winter Conference January 2020 Darrell Armer Gray Reed Dallas Managing Partner, Leader of the Healthcare Transactions Practice Group Education


  1. WHAT IS EFFECTIVE COMPLIANCE? Darrell Armer & Chris Davis Gray Reed HFMA Lone Star Winter Conference January 2020

  2. Darrell Armer Gray Reed • Dallas Managing Partner, Leader of the Healthcare Transactions Practice Group Education • B.B.A., The University of Texas • J.D., Texas Tech University Primary Clientele • Hospitals, ambulatory surgery centers, physical therapy companies, diagnostic imaging centers, medical and dental practices, and home health agencies, as well as various provider networks.

  3. Chris Davis Gray Reed • Partner, Leader of the White-Collar Defense Practice Group Education • B.B.A., Baylor University • J.D., The University of Texas Before joining Gray Reed … • Senior Trial Counsel in the SEC's Fort Worth Regional Office

  4. The Landscape

  5. Many agencies cover the waterfront, often with overlapping jurisdiction. Federal-Criminal Federal-Civil State and Local • DOJ • DOJ • Attorney General • FBI • HHS/HHS-OIG • Texas Medical Board • CMS • HHS • FTC (Cyber)

  6. Regulatory Focus on the Healthcare Industry • 2019: $2.6 out of $3 billion in DOJ settlements and civil judgments (almost 90% ) healthcare related • 10 th consecutive year to exceed $2 billion • Hot areas: managed care providers, labs, pharmacies, physicians • 633 whistleblower actions filed in FY 2019; $2.1 billion recovered in whistleblower-related actions • HCF Strike Force (Dallas and Houston) • 2018 HCF takedown: 601 individuals, including 76 doctors charged (most ever in a single operation)

  7. DOJ’s April 2019 Guidance on Corporate Compliance • What is it? • Standardized set of factors DOJ will consider when deciding: • Whether to charge; • How much to fine (if any); • Whether a monitor is required; • Disclosure requirements

  8. DOJ’s April 2019 Guidance on Corporate Compliance Framework - three fundamental questions: • “Is the corporation’s compliance program well designed?“ • “Is the program being applied earnestly and in good faith?“ In other words, is the program being implemented effectively? • “Does the corporation’s compliance program work“ in practice?

  9. Is the program well designed?

  10. Is the program well designed? • Key Factors • Is it customized? • Is it comprehensive? • Is it aligned with employee incentives?

  11. Is the program well designed? • Risk Assessment • What are the particular types of misconduct most likely to occur at this particular company? • “Prosecutors may credit the quality and effectiveness of a risk-based compliance program that devotes appropriate attention and resources to high-risk transactions, even if it fails to prevent an infraction in a low- risk area.” • Deploy resources appropriately: “Does the company devote a disproportionate amount of time to policing low-risk areas instead of high- risk areas?” • Regularly re-assess • Prosecutors should consider “revisions to corporate compliance programs in light of lessons learned.”

  12. Is the program well designed? • Policies and Procedures • “As a threshold matter, prosecutors should examine whether the company has a code of conduct that sets forth, among other things, the company’s commitment to full compliance with relevant Federal laws that is accessible and applicable to all company employees.”

  13. Is the program well designed? • Training and Communications • Especially for employees in high-risk areas. • Tailored and risk-based? • Senior management involvement/emphasis?

  14. Is the program well designed? • Confidential Reporting Structure and Investigation Process • DOJ says “highly probative” of whether a company has established mechanisms that can effectively detect and prevent misconduct. • Considerations • Anonymity • Internal publicity • Independence • Scope and resources

  15. Is the program well designed? • Third Party Management • Compliance doesn’t stop at the company walls. • “[P] rosecutors should assess the extent to which the company has an understanding of the qualifications and associations of third-party partners, including the agents, consultants, and distributors.” • “Prosecutors should further assess whether the company engaged in ongoing monitoring of the third-party relationships, be it through updated due diligence, training, audits, and/or annual compliance certifications by the third party.”

  16. Is the program well designed? • Third Party Management • Considerations • Business rationale for the use of third parties? Due diligence on third parties? • Mechanisms to ensure that the contract terms specifically describe the services to be performed, that payment terms are appropriate, and that compensation is commensurate with the services rendered? • Ongoing monitoring? Right to analyze the books and accounts of third parties?

  17. Is the program implemented effectively?

  18. Is the program implemented effectively? • Prosecutor will probe whether a compliance program is a “paper program” or one “implemented, reviewed, and revised, as appropriate, in an effective manner.” • Commitment by senior management? • Cannot just “set it and forget it” • The company’s “governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight” of it. • Lead by example (tone at the top) • Does management model proper behavior to subordinates? Do managers tolerated greater compliance risks in pursuit of new business or greater revenues?

  19. Is the program implemented effectively? • Commitment by senior management? • Have the proper skills and expertise • Compliance expertise on the board of directors? • Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions?

  20. Is the program implemented effectively? • Autonomy and Resources • Structural considerations • Sufficient seniority within the organization; • Sufficient resources, namely, staff to effectively undertake the requisite auditing, documentation, and analysis; and • Sufficient autonomy from management, such as direct access to the board of directors or the board’s audit committee. • Not one size fits all • Each factor, will depend on the size, structure, and risk profile of the particular company. “A large organization generally shall devote more formal operations and greater resources . . . than shall a small organization.”

  21. Is the program implemented effectively? • Autonomy and Resources • Evaluation framework • Structure: Where is compliance housed? Is there a designated CCO/other compliance person? • Seniority and Stature: Rank/title? Compensation? Access to key decision makers? • Experience and qualifications • Funding and resources: Are there enough people/resources to do the job and do it right? • Autonomy: Direct reporting line to board/audit committee? Meet independently of senior management? • Outsourcing: If so, why? What level of access does external consultant have? Independent, qualified, etc?

  22. Is the program implemented effectively? • Incentives and Disciplinary Measures • “Another hallmark of effective implementation of a compliance program is the establishment of incentives for compliance and disincentives for non- compliance.”

  23. Is the program implemented effectively? • Incentives and Disciplinary Measures • Carrots and sticks • E.g. promotions, bonuses, or other rewards for ethical leadership. • E.g. swift disciplinary action; public disciplinary action. • Other considerations • Consistent process for each instance of potential misconduct? • Similar consequences for similar misconduct? • Compliance input on compensation, promotions, etc.?

  24. Does the compliance program work in practice?

  25. Does the compliance program work in practice? • “[ M]isconduct does not, by itself, mean that a compliance program did not work or was ineffective.” • “[t]he Department recognizes that no compliance program can ever prevent all criminal activity by a corporation's employees .”

  26. Does the compliance program work in practice? • Key Components • Continuous improvement, periodic testing, and review • Responses to misconduct • Identify root causes, system vulnerabilities, and accountability lapses, including among supervisory manager and senior executives • Analyze and remediate

  27. Other recent DOJ guidance

  28. Other recent DOJ guidance • FCPA corporate enforcement policy (and possible impact on other areas) • Presumption of declination when company: 1. Voluntarily self-discloses, 2. Fully cooperates, and 3. Timely and appropriately remediates. • Think about these issues before you have misconduct.

  29. Thank you! Darrell Armer Chris Davis darmer@grayreed.com cdavis@grayreed.com Gray Reed www.grayreed.com

Recommend


More recommend