03/10/2023
what is a corporate compliance program and why is it crucial to all organizations
By Paul Edmund Flanagan, President, Portum Group International
A corporate compliance program is a set of policies, procedures, and practices that a company establishes to ensure that its employees and business practices comply with all applicable laws, regulations, and ethical standards. The primary goal of a corporate compliance program is to prevent and detect violations of legal and ethical standards that could result in financial penalties, legal liabilities, damage to the company's reputation, and other negative consequences.
Corporate compliance programs are important to organizations for several reasons. Firstly, they help to ensure that the company operates within legal and ethical boundaries, which helps to protect the company's reputation, and minimize the risk of legal or regulatory violations. Secondly, they help to establish a culture of compliance within the organization, which can help to promote ethical behavior and reduce the risk of misconduct or unethical practices. Thirdly, a robust corporate compliance program can help to identify and mitigate potential risks and improve overall business operations. Finally, having a strong corporate compliance program in place can demonstrate to stakeholders, including investors, customers, and regulators, that the company is committed to ethical behavior and compliance with legal and regulatory requirements, which can enhance the company's reputation and build trust.
The 7 ELEMENTS OF A CORPORATE COMPLIANCE PROGRAM (Based on the Office of Inspector General Compliance Guidance ).
Elements for an Effective Compliance Program (Introduction)
1. Implementing written policies and procedures
2. Designating a compliance officer and compliance committee
3. Conducting effective training and education
4. Developing effective lines of communication
5. Conducting internal monitoring and auditing
6. Enforcing standards through well publicized disciplinary guidelines
7. Responding promptly to detected problems and undertaking corrective action
A comprehensive compliance program should include the following elements:
1) The development and distribution of written standards of conduct, as well as written policies, procedures and protocols that verbalize the company’s commitment to compliance (e.g. by including adherence to the compliance program as an element in evaluating management and employees) and address specific areas of potential fraud and abuse, such as the pricing and rebate information to the federal health care programs, and sales and marketing practices;
2) The designation of a compliance officer and other appropriate bodies (a corporate compliance committee) charged with the responsibility for developing, operating, and monitoring the compliance program, and with authority to report directly to the board of directors and/or to the president or the CEO:
3) The development and implementation of regular, effective education and training programs for all effected employees;
4) The creation and maintenance of an effective line of communication between the compliance officer and all employees, including a process (such as a hotline or other reporting system) to receive complaints or questions, and the adoption of procedures to protect the anonymity of complainants to protect whistle blowers from retaliation;
5) The use of audits and or other risk evaluation techniques to monitor compliance, identify problems areas, and assist in the reduction of identified problems;
6) The development of policies and procedures addressing the non-employment or retention of individuals or entities excluded from participation in federal healthcare programs, and the enforcement of appropriate disciplinary action against employees or contractors who have violated company policies and procedures and or applicable federal health care program requirements; and
7) The development of policies and procedures for the investigation of identified instances of noncompliance or misconduct. These should include directions regarding the prompt and proper response to detected offenses, such as the initiation of appropriate corrective action and prevention measures and processes to report the offense to relevant authorities in appropriate circumstances.
1) Written Policies and Procedures
In developing a compliance program every organizations should develop and distribute written compliance standards, procedures, and practices that guide the company and the conduct of its employees in day-to-day operations. These policies and procedures should be developed under the direct supervision of the compliance officer, the compliance committee, and operational managers.
Code of Conduct:
Although a clear statement of detailed and substantive policies and procedures is at the core of a compliance program, the OIG recommends that company’s also develop a general corporate statement of ethical and compliance principles that will guide the company’s operations. One common expression of this statement of principles is the code of conduct. The code should function in that same fashion as a constitution, i.e., as a document that details the fundamental principles, values, and framework for action within an organization.
2) Designation of a Compliance Officer and Compliance Committee
The compliance officer’s primary responsibilities should include:
• Overseeing and monitoring implementation of the compliance program;
• Reporting on a regular basis to the company’s board of directors, CEO or president, and compliance committee (if applicable) on compliance matters and assisting these individuals or groups to establish methods to reduce the company’s vulnerability to fraud and abuse;
• Periodically revising the compliance program, as appropriate to respond to changes in the company’s needs and applicable federal health care program requirements, identified weakness in the compliance program, or noncompliance
• Ensuring that independent contractors and agents, particularly those agents and contractors who are involved in sales and marketing activities, are aware of the requirements of the company’s compliance program with respect to marketing activities, among other things;
• Coordinating personnel issues with the company’s Human Resources/Personnel office to ensure that the List of Excluded Individuals/Entities has been checked with respect to all employees and independent contractors;
• Assisting the company’s internal auditors in coordinating internal compliance review and monitoring activities;
• Reviewing and, where appropriate acting in response to reports of noncompliance received through the hotline (or other established reporting mechanism) or otherwise brought to his or her attention (e.g. as a result of an internal audit or by corporate counsel who may have been notified of a potential instance of noncompliance);
• Independently investigating and acting on matters related to compliance.
• Participating with company’s counsel in the appropriate reporting of self-discovered violations of federal health care program requirements; and
• Continuing the momentum and, as appropriate, revision or expansion of the compliance program after the initial years of implementation
Compliance Committee
Once a company chooses the people who will accept the responsibilities vested in members of the compliance committee, the company needs to train these individuals on the policies and procedures of the compliance program, as well as how to discharge their duties. In essence the compliance committee is an extension of the compliance officer and provides the organization with increased oversight.
3. Conducting Effective Training and Education
A company must take steps to communicate effectively its standards and procedures to all affected personnel by requiring participation in appropriate training programs and by other means, such as disseminating publications that explain specific requirements in a practical manner.
These training programs should include (1) general sessions summarizing the company’s compliance program, written standards, and applicable federal health care program requirements. All employees and, where feasible and appropriate, contractors should receive the general training.
(2) More specific training on issues, such as i) the anti-kickback statute and how it applies to sales and marketing practices and ii) the calculation and reporting of pricing information and payment of rebates in connection with federal health care programs, should be targeted at those employees and contractors whose job requirements make the information relevant. The specific training should be tailored to make it as meaningful as possible for each group of participants.
The OIG recommends that participation in training programs be made a condition of continued employment and that failure to comply with training requirements should result in disciplinary action. Adherence to the training requirements as well as other provisions of the compliance program should be a factor in the annual evaluation of each employee.
4. Developing Effective Lines of Communication
Access to Supervisors and/or the Compliance Officer
In order for a compliance program to work, employees must be able to ask questions and report problems. Supervisors play a key role in responding to employee concerns and it is appropriate that they serve as a first line of communication. In order to encourage communications, confidentiality and non-retaliation policies should also be developed and distributed to all employees.
Hotlines and other forms of communication
The OIG encourages the use of hotlines, e-mails, newsletters, suggestion boxes, and other forms of information exchange to maintain open lines of communication. In addition an effective employee exit interview program could be designed to solicit information from departing employees regarding potential misconduct and suspected violations of company policy and procedures.
5. Auditing and Monitoring
An effective compliance program should incorporate thorough monitoring of its implementation and an ongoing evaluation process. The compliance officer should document this ongoing monitoring, including reports of suspected noncompliance, and provide these assessments to company’s senior management and the compliance committee. The extent and frequency of the compliance audits may vary depending on variables such as the company’s available resources, prior history of noncompliance, and the risk factors particular to the company. The nature of the reviews may also vary and could include prospective systemic review of the company’s processes, protocols, and practices or a retrospective review of actual practices in a particular area.
6. Enforcement Standards Through Well Publicized Disciplinary Guidelines
An effective compliance program should include clear and specific disciplinary policies that set out the consequences of violating the law or the company’s code of policies and procedures. A pharmaceutical company should consistently undertake appropriate disciplinary action across the company in order for the disciplinary policy to have the required deterrent effect.
7. Responding to Detected Problems and Developing Corrective Action Initiatives
Where the compliance officer., compliance committee, or a member of senior management discovers credible evidence of misconduct from any source and, after a reasonable inquiry, believes that the misconduct may violate criminal, civil, or administrative law, the company should promptly report the existence of misconduct to the appropriate federal and state authorities within a reasonable period. Prompt voluntary reporting will demonstrate the company’s good faith and willingness to work with governmental authorities to correct and remedy the problem. In addition, reporting such conduct will be considered a mitigating factor by the OIG in determining administrative sanctions (e.g., penalties, assessments, and exclusion), if the reporting company becomes the subject of an OIG investigation.
Register for Paul Flanagan’s “What is Data Privacy and why is Privacy such an important risk to address for organizations”
Date : March 29, 2023 | EST : 01:00 PM | PST : 10:00 AM | Duration : 60 Minutes
https://assentglobal.us/webinar/2000/What-is-Data-Privacy-and-why-is-Privacy-such-an-important-risk-to-Address--for-organizations