Skip to Main Content
Publications

Evaluating the Effectiveness of Corporate Compliance Programs – What the Government is Looking For

Health Law Alert

The U.S. Justice Department has updated its "Evaluation of Corporate Compliance Programs," a guidance document detailing topics and questions prosecutors should weigh when determining whether a company has demonstrated sufficient commitment to compliance that it can receive credit in a corporate settlement. This guidance, issued April 30, 2019, provides clarifications to earlier guidance on the Justice Department's expectations for compliance programs when determining whether to bring charges and negotiating plea or other agreements.

Three Major Considerations are the Focus of the Guidance

Is your corporate compliance program

  • well-designed;
  • effectively implemented; and
  • working in practice?

This is what federal prosecutors will want to know when determining the appropriate form of any agreed resolution or prosecution, the amount of monetary penalty to be paid, if any, and compliance obligations included in any criminal resolution with your company (for example, imposing an independent review organization or a monitor under a corporate integrity agreement required as a part of a settlement agreement).

The Justice Department previously warned companies against having a compliance program which is only a "paper program"; failing to provide sufficient staffing to audit, document, and analyze the company's compliance efforts; and not adequately training and informing its employees about the company's compliance program and the company's commitment to it. The Fraud Section's Compliance Counsel in February 2017 provided a list of relevant questions to ask about different considerations in a compliance program. As presaged by new Assistant Attorney General Brian Benczkowski's October 2018 comments, the new Guidance is more explicit.

Board and Executive Leadership Must Set Tone at the Top and Downward Through Management for Corporate Compliance

Of primary concern to prosecutors is that a company should develop a "culture of ethics and compliance" with all relevant federal laws. The Justice Department expects that company leadership have and communicate a high level of commitment to implementing a culture of compliance from the top. A company's board of directors and senior executives are to set this tone of compliance through shared commitment and oversight. With this leadership, a company should have and maintain a well-designed, comprehensive compliance program which is implemented, reviewed, and revised as appropriate. Through the development of policies and procedures enforced by middle management and the education and training of staff, the company's compliance standards are reinforced and encouraged.

Failure by a company's board of directors and senior officers to provide this leadership can result in misconduct going undetected or ignored, thus creating increased risks for civil and criminal liability to the company, its board members, officers, and employees.

The Justice Department advises that its answers to the "fundamental questions" in its Guidance are not to be considered a checklist or formula. In fact, the relevance of these questions will be dictated by the facts at issue in a particular case. However, the questions and answers can be used by your company to evaluate the health of your compliance program and identify risks, gaps, and areas for improvement.

What is a Well-Designed Compliance Program?

The Guidance provides that a well-designed compliance program requires a robust risk assessment process, and appropriate and updated policies and procedures; tailored training and communications; confidential reporting structure and investigation process; and the application of risk-based due diligence to its third-party relationships. In addition, the Justice Department emphasizes that a company should engage in comprehensive due diligence of any acquisition targets, warning that "flawed or undetected due diligence can allow misconduct to continue at the target company."

How to Judge the Effectiveness of the Implementation of a Compliance Program

Whether a compliance program has been implemented effectively will be measured by the commitment of the company's top leaders, the board of directors, and executives to fostering a culture of ethics and compliance with the law. The Justice Department warns that it will look to how senior leaders, through their words and actions, have encouraged or discouraged compliance.

Effective implementation requires a company to give appropriate autonomy and resources to those charged with the day-to-day oversight of the compliance program so that they can act with adequate authority and stature. Prosecutors are advised to address the sufficiency of personnel and resources within the compliance function by evaluating whether those responsible for compliance have: (1) sufficient seniority within the organization; (2) sufficient staff and resources to effectively undertake the requisite auditing, documentation, and analysis functions; and (3) sufficient autonomy from management in order to have direct access to the board of directors or the board's audit committee. Internal audit functions must be conducted "at a level sufficient to ensure their independence and accuracy." In addition, a company should have established incentives for compliance and disincentives for noncompliance. The company should ensure that disciplinary actions and incentives are fairly and consistently applied across its organization.

How to Measure Whether a Compliance Program "Works in Practice"

Whether a company's compliance program works in practice will be judged by how frequently the company engages in internal audits, testing, and reviews; whether the company engages in timely and thorough investigations of allegations or suspicions of misconduct; how the company documents and responds to its findings, including documentation of any disciplinary or remediation measures taken; and whether the company conducts a root cause analysis of the misconduct and acts timely and appropriately to remediate and address the identified root causes. Obviously, this effort dovetails with the obligations of companies to investigate and identify those individuals "substantially involved" in misconduct under the 2015 Sally Yates Memorandum and its 2018 modification by Deputy Attorney General Rod Rosenstein.

Time to Evaluate Compliance Programs

With today's increase in government enforcement and investigations impacting the health care industry, every health care organization needs to have a compliance program that meets the standards required of an effective compliance plan established by the Justice Department. Gone are the days of getting credit with the government just for having a compliance program in place. Now, the government wants to know if your compliance program is actually effective.

BakerOber Health Law, together with the Firm's Government Enforcement and Investigations Group when investigations loom, has a team of health care regulatory, compliance, and civil and criminal defense lawyers with years of experience who are ready to help. To assist our clients, we have developed an innovative approach to conducting compliance effectiveness reviews.

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept