Kusserow on Compliance: Codes of conduct part 1—Meeting the challenge of developing and revising codes

Without question, one of the basic foundations of any effective compliance program is the code of conduct. All compliance guidance from the U.S. Sentencing Commission to the HHS Office of Inspector General (OIG) has called for having such a foundation document for any effective compliance program.  Many codes are far out of date and fail to provide the needed guidance for employees on their obligations toward compliance.  A round table of compliance experts, experienced in developing and revising codes, offered the following observations and ideas on the subject.

Tom Herrmann, J.D., was a leader in the OIG General Counsel’s office when the first guidance was published and has since assisted many organizations in drafting and/or revising codes of conduct. He observed that the initiation of OIG compliance program guidance provided the major stimulant for having codes of conduct.  Others have added weight to code development, including the Sentencing Commission, Department of Justice (DOJ), and The Joint Commission (TJC).  In the early days of responding to such guidance, it was common for law firms and others to provide template codes that were imbedded in what organizations referred to as their ‘Compliance Plan.’ However, plans are statements of intent and converting them into fully functioning and effective programs has taken years for some organizations.  Unfortunately, many are still ‘stuck in first gear’ and have not converted their plans into effective programs.  This includes bringing their codes up to date by reviewing, revising, and updating them, along with related compliance policies.

Steve Forman, CPA, has decades of experience as a compliance officer, internal auditor, and compliance consultant. He reminds people that compliance programs and all that falls under them should be subject of ongoing monitoring, as called for in compliance guidance.  Codes should be part of that process to ensure it remains timely and consistent with policy development and changes in regulatory environment. A review of the code should be done annually to ensure it is up to date. As compliance-related laws are passed or revised, or internal policies are developed or revisited, a company must adapt and respond quickly to the changing legal and regulatory environment. This includes updating the code. The code review process can be a major undertaking and should be approached with careful planning and involvement of the right people.

Carrie Kusserow has been developing codes of conduct for fifteen years and believes they should be an elaboration on the organization’s mission or vision and identify specific values that help accomplish the mission. To be truly effective, the code needs to reflect the spirit, tone, and culture of the organization. This means having the Board and executive leadership supporting and approving the document. If it doesn’t ring true to staff, securing their participation and cooperation in the compliance program will be much more difficult.  Furthermore, the context for the review of a code should be whether there have been problems with covered persons understanding the content. For many organizations, the code may have been written at a level beyond many employees’ understanding.  Kusserow strongly recommends that the code be written at no higher than the tenth grade reading level.

Camella Boateng, another expert who has both been a compliance officer and a consultant, makes the point that the OIG has repeatedly stated that when it comes to compliance programs, including the code and policies, there is no “one size fits all.” Though this is the case, there are certain best practices, such as beginning the code with an introductory statement and strong endorsement from the CEO.  This should make it very clear that everyone in the organization is expected to act in an ethical manner and abide by all applicable laws and regulations affecting the organization. It should also state that it is everyone’s duty to report suspected wrongdoing, and they can do so without fear of retaliation.  The body of the code should address all the stakeholders in the organization, including the patients being served, employees, management, and regulatory agencies.

Suzanne Castaldo, J.D., worked with many clients in revising and updating their codes and found that too many codes have been written more like legal briefs than user-friendly advice. Some of the least useful codes she has reviewed included legalese with formal footnotes.  That is not user friendly. Rather, the code should be presented in the form of general guidelines to assist employees in understanding appropriate conduct and ways to deal with improper behavior.   The OIG compliance guidance documents call for including in codes the operation of the compliance program, along with explanations of applicable laws, such as the Anti-Kickback Statute, Stark Laws, and fraud statutes.

Jillian Bower, an expert on code and policy development, suggests that reviewing a variety of codes of organizations in the same sector provides a good benchmark for comparison and may provide ideas and insights that could be incorporated into revisions. She has found that one of the biggest problems in the way codes are presented to employees occurs when they are written like journal articles in lengthy paragraphs, making them too long and complicated in presentation.  She believes it is important to divide the code into topical subjects headed by an introductory statement of principles, followed by short bullet points that set standards for meeting them.

Al Bassett, J.D., has more than 30 years’ experience with compliance guidance. He believes the most effective means to develop or revise a code that will have wide acceptance and buy-in by everyone is to use a broad-based committee, under the leadership of the compliance officer, that provides input from a variety of perspectives.  Critical to such an effort is having human resources management and legal counsel be part of the effort.   However, he has found that sometimes an effort by a committee gets bogged down for a variety of reasons, including determining the form and format for the code, subject matter to be included, amount of detail needed, timing problems, etc.  Failure to keep the process moving on track is important.  As such, it is best to establish a plan at the beginning of the effort that has firm deadlines for each stage of the process.  If management of this process is considered a problem, outside experts could be considered to facilitate matters.  They can be useful for three reasons:  (1) as outsiders they can sidestep ‘turf’ issues; (2) they have done it many times before and know how to focus the process; and (3) they have the credibility from doing this before.

All were invited to provide specific tips and suggestions for effective development and/or revision of codes of conduct that will be summarized in a March 9, 2017, blog posting.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.