Kusserow on Compliance: OIG and DOJ raising stakes on board compliance obligations

From the days of the first compliance guidance documents from the HHS Office of Inspector General (OIG), it has called for a “top-down” compliance program, beginning at the Board level. For example, it issued a joint White Paper, titled Practical Guidance for Health Care Governing Boards on Compliance Oversight,” which emphasized holding boards more accountable for proper oversight of compliance within their organizations. Language from these pronouncements about Board obligations and use of compliance experts is now included in corporate integrity agreements (CIAs). During the 2017 Health Care Compliance Association (HCCA) Compliance Institute, speakers from the OIG discussed a number of changes in CIAs, including new mandates for Board members. The OIG believes a key factor in determining effectiveness of the compliance program is how well the Board has been meeting its fiduciary duties and responsibilities for overseeing compliance. If it finds the organization has an effective program with proper oversight by the Board, the OIG may decide that a CIA is unnecessary or mitigate terms and conditions.   However, if it finds the program is inadequate, there will be a CIA and it will include stringent requirements for the Board. Among the best practices for Boards is to include one or more members who are “compliance literate” to ask the right questions and assess program effectiveness.  A compliance-literate person is someone with experience and expertise from having been a compliance officer or a consultant to compliance programs.  Alternatively, Boards should engage compliance experts to provide advice on asking compliance officers the right questions, evaluating the answers, and determining what metrics to rely upon in determining compliance program effectiveness.  By following one or both of these steps, Boards can go a long way to ensure they are meeting their fiduciary duties and responsibilities.

The Department of Justice (DOJ) has also been ramping up to better focus on Boards meeting their fiduciary obligations in guarding against corporate wrongdoing. Its Fraud Section published “Evaluation of Corporate Compliance Programs” as guidance for compliance officers on how the adequacy of their companies’ compliance programs is evaluated by prosecutors.   They laid out a series of questions prosecutors are likely to ask in evaluating the effectiveness of compliance programs. The following highlights questions that relate to Board involvement in compliance oversight.

  • What compliance expertise does the Board have or not have to meet its fiduciary obligations?
  • How frequently does the Board meet with the compliance officer and outside experts (auditors and consultants) outside the presence of management?
  • What information does the Board receive to assist it in its compliance oversight?
  • How does the Board evaluate the compliance program effectiveness?
  • How does the Board determine resources necessary for the operation and management of the compliance program?
  • How have management and the Board followed up on identified potential problems?

Tips and suggestions for compliance officers

Compliance officers should:

  • educate the Board on its fiduciary obligations and personal consequences for not meeting them;
  • meet with the Board regularly, including in executive session without management presence;
  • ensure that the Board receives all types of relevant audit findings and remediation progress reports on a regular basis;
  • urge the Board to include one or more members who are “compliance literate” to assist in evaluating compliance program effectiveness and be able to ask the right questions; and
  • engage compliance experts to assess the program before encountering the DOJ and OIG and use results to brief the Board evidencing they are providing active compliance oversight.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.