Compliance Program Effectiveness
What factors should be considered in meeting the requirements for an effective program
1. Applicable government regulation and industry practice 2. Size of the organization and appropriate degree of formality for the compliance program 3. Recurrence of similar misconduct
What are some possible outcome measurements for data privacy and security breaches
1. Decrease in number of reportable breaches 2. Decreased in costs from remediation of breaches
What are some possible outcome measurements for Stark and anti-kickback violations
1. Decrease in reports of potential violations 2. Decrease in attorney fees related to Stark issues 3. Decrease in fines paid for violations
How can you measure compliance program effectiveness
1. FSF 7 elements review tool 2. OIG model guidance alignment 3. PEPPR reports and other industry benchmarks 4. Year to year comparison in your organization 5. Overpayments
What are the seven elements of the compliance program
1. Standards and procedures (code of conduct and internal controls) to prevent and detect criminal conduct 2. A compliance officer and a knowledgeable governing authority that exercise is reasonable oversight with respect to the compliance and ethics program 3. Effective education and training 4. Effective Lines of Communication so that employees may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation 5. Internal monitoring and auditing 6. Appropriate incentives to perform in accordance with compliance and ethics rules and appropriate disciplinary measures for those engaging in criminal conduct 7. Prompt and thorough response to compliance issues including self reporting, cooperation with authorities, and restitution/overpayment (8) risk assessment
What were the four criteria for effectiveness established in the 2010 changes
1. The individuals with operational responsibility for the compliance and ethics program have direct reporting obligations to the governing authority or appropriate subgroup 2. The compliance and ethics program detected the offense before discovery outside the organization or before such discovery was reasonably likely 3. The organization promptly reported the offense to the appropriate government authorities 4. No individual with operational responsibility for the compliance and ethics program participated in, condoned, or was willfully ignorant of the offense
What are process indicators
Achievement of individual objectives: survey completed, LE are you screening regularly being done, education plan developed and implemented
What factors does the DOJ used to determine if a compliance program is effective?
Comprehensiveness of the program Extent and pervasiveness of misconduct Number and level of employees involved in misconduct Remedial actions taken by the organization i.e., disciplinary action Promptness of self-disclosure Mechanisms for informing the board of misconduct Whether the board exercised independent judgment on the issue Independence and sufficiency of internal audit mechanisms sufficient resources
How does risk assessment play into the concept of due diligence
In implementing the due diligence factors, the organization must periodically assess the risk of criminal conduct and must take appropriate steps to design, implement, or modify each due diligence factor to reduce the risk of criminal conduct. The organization needs to periodically assess its compliance and ethics program.
What are structural indicators
P&P, compliance committee, reporting structure, hotline
What did the 2004 amendments require
The 2004 amendments require boards of directors and executives to assume responsibility for the oversight and management of compliance and ethics programs, especially active leadership and finding the content and operation of the program. The amendments require organizations to periodically identify areas of risk in which criminal violations may occur, train high-level officials as well as employees in relevant legal obligations, and give their compliance and ethics officer's sufficient authority and resources to carry out the responsibilities
Outcome indicators
The impact that compliance efforts have on the organizations level of compliance. Changing behaviors. Decrease in over payments.
How does the federal sentencing guidelines define effective compliance program
To have an effective compliance and ethics program an organization must exercise due diligence to prevent and detect criminal conduct and otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law. Due diligence is the key, A program can be effective even if it does not detect every offense