Kusserow on Compliance: DOJ compliance program guidelines once again focus on sufficiency of compliance resources

The 2020 Department of Justice (DOJ) Compliance Program Guidance for prosecutors places increased emphasis on questioning the adequacy of compliance resources that the DOJ views as essential for any program’s effective functioning. The DOJ elaborated that prosecutors should ask questions concerning whether the program is “adequately resourced and empowered to function effectively.” Put differently, even the most artfully constructed program is doomed to fail without sufficient funding, qualified compliance personnel, and widespread support throughout all levels of an organization. A question for many health care organizations is whether the organization would pass DOJ scrutiny on this point.

Results from the 2020 SAI Global Healthcare Compliance Benchmark Survey developed with and analyzed by Strategic Management included information regarding the adequacy of resources for Compliance Officers in meeting their challenges. Reading the details of the responses in the Survey suggest that many compliance offices are likely operating with less than fully adequate resources to meet DOJ expectations. The Survey results indicated that the average compliance office staff levels are five individuals with about one third of respondents reporting only one full-or part-time person. In a related question, over half of respondents indicated they are expecting their budget to remain mostly the same with about one quarter expecting some increase, while at the same time assuming new responsibilities, most notably those related to HIPAA Privacy and Security. Given the average staffing level of compliance offices, increasing responsibilities, heightened enforcement by government agencies, and limited increases in budgetary resources, it is likely that most compliance offices are stretching their limited resources and would have difficulty meeting the DOJ standards. The Survey also found that many are turning to external vendors to provide services and tools, to stretch limited staff resources and to lower operating costs.

 

For more information on this subject, contact Richard Kusserow at rkusserow@strategicm.com

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: ‘Mock’ DOJ compliance program evaluations may be worthy of consideration

In 2018, Assistant Attorney General Brian Benczkowski developed guidance to educate prosecutors on taking a deep look into the sufficiency and proper functioning of a subject company’s compliance program, giving leniency to an organization with an effective compliance program. In 2019, the DOJ Compliance Program Guidance set the stage with 179 questions that prosecutors should use. The 2020 DOJ version advanced significantly upon the guidance and nearly doubled the number of factors and questions to be considered. It concentrated on a “deep dive” beyond the “paper program” in assessing the effectiveness of program operations. The guidance has now been extended from just the Criminal Division to include all of DOJ, including the Civil Division, where most health care cases are handled.

The multitude of questions and factors related creates a great challenge for Compliance Officers trying to convince prosecutors that their program meets these standards. Inasmuch as the DOJ would have already determined the organization has violated federal law, it is reasonable to expect the DOJ will want hard credible evidence from the Compliance Officer. The fact is, very few programs can withstand detailed examination by the DOJ. Compliance Officers may find a “Mock DOJ Compliance Program Evaluation” as a useful step to advance the program to meet the challenge.

A “Mock Review” is an assessment that mirrors the tenets of a formal evaluation by DOJ prosecutors. When Strategic Management performs such reviews, it take a very different approach from a traditional evaluation or “Gap” analysis.  Those reviews result in something like a report card, whereas the “Mock Review” is more limited and less costly consulting advisory engagement conducted in collaboration with the Compliance Officer that focuses on identifying ways to better document answers to the DOJ question. Results are action items to fortify and fix noted weaknesses and can be used foundation for the annual Compliance Office workplan. A “Mock Review” also has the benefit of evidencing the continuing improvement and advancement of the Compliance Program.

For more information on this subject, contact Richard Kusserow (rkusserow@stratgicm.com).

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Evidencing compliance culture is a major focus of the DOJ compliance guidance

“Has the company surveyed employees to gauge the compliance culture”

The DOJ 2020 Evaluation of Corporate Compliance Programs calls for prosecutors to “assess whether the company has established policies and procedures that incorporate the culture of compliance into its day-to-day operation.” The effectiveness of a compliance program requires a high-level commitment by company leadership to implement a culture of compliance from the middle and the top. Additionally, “beyond compliance structures, policies, and procedures, it is important for a company to create and foster a culture of ethics and compliance with the law at all levels of the company.” Prosecutors are told to review the company’s culture of compliance and give consideration to the following questions:

  1. “Has the company surveyed employees to gauge the compliance culture”
  2. “How often and how does the company measure its culture of compliance?”
  3. “What steps has company taken in response to its measurement of compliance culture?”

The challenge is finding the best method by which a compliance culture survey can be administered, analyzed, and evidence a positive compliance culture. This also means having results which are convincing and credible to both those surveyed and those who review the results. One answer is to employ the Compliance Benchmark Culture Survey© which has been employed since 1993 by hundreds of health care organizations and entities with survey population of over three quarters of a million employees. It is the only such survey focused exclusively on the health care sector. It is time tested, reliable and provides credible results meeting the tests of validity in the accuracy of measurement and reliability with the quality of the data obtained and overall survey viability. Unlike the Compliance Knowledge Survey© that uses dichotomous “yes-no” answers, a culture survey uses a Likert Scale where respondents specify their level of agreement or disagreement to a question or statement, thus capturing the intensity of their feelings for a given item. As such, using this type of survey applies when trying to gauge attitudes and perceptions of employees regarding the compliance program.

 

Compliance Benchmark Culture Surveys© are a very cost-effective method and excellent way to gather lots of information from many people. The cost of a most surveys is approximately $5,000 – 7,000.  This includes a 30 page plus report that provides a “deep-dive’” data analysis and interpretation of results for individual questions, panels, or overall scoring with suggested actions for making improvements. It can also be used for internal benchmarking of current results as a baseline against which future surveys can be benchmarked, as well as for external benchmarking against the universe of organizations using same using the same survey instrument.

 

For more information on this topic, contact Richard Kusserow at rkusserow@strategicm.com.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: DOJ issues 2020 compliance program guidelines

Provides a more in-depth analysis of compliance programs

The DOJ released the updated Evaluation of Corporate Compliance Programs to assist prosecutors in making an informed analysis about an organization’s compliance program at the time of charging decisions. It has not changed much from the prior releases that included a list of 119 compliance-related questions. The new guidance continues to focus on three core questions derived from the Justice Manual, namely,  whether a compliance program is “well designed,” “being applied earnestly and in good faith,” and “works in practice.” It restates the importance of having a compliance program suitable for the company’s risk profile but added context and detail for companies to ensure that their compliance priorities are aligned with the DOJ’s expectations.

These include: (1) the importance of having an evolving, dynamic program; (2) the need for the compliance function to engage with company employees; (3) ensuring the program is thoughtful and responsive to the company’s context; and (4) the importance of adequate compliance resources and empowerment of the compliance function. Additional attention is given to these principles for companies to enhance their compliance program and adhere to best practices that would best position themselves in the event of an inquiry or enforcement action from a government regulator. It reflects the continued expectation that a compliance program should continue to evolve and improve over time as the business changes and the compliance function matures. Meaningful risk assessments and program evaluations are critical to this end. There is added language asking prosecutors to assess “why and how the company’s compliance program has evolved over time” and “has the periodic review led to updates in policies, procedures, and controls?”

The DOJ has continued to move away from the antiquated model of a generic, “off-the-shelf” compliance program and focus more on how an organization acts in response to risk assessments. Other questions include whether the company has a process for tracking and incorporating into its periodic risk assessment lessons learned either from the company’s own prior identified issues or from those of other companies operating in the same industry and/or geographical region. The DOJ asks about effective monitoring of compliance and whether a company’s compliance program has continuous access to operational data and information across functions. The DOJ underscores, once again, the importance of having regular reviews of the compliance program; and make it clear that this should not be “cookie cutter” “check the box” type reviews. These reviews should lead to useful findings that result in meaningful changes and improvements. Greater emphasis is also given to the adequacy of compliance resources, quality of trained staff, and empowerment for the program. The importance of oversight of any third-party agents that act on a company’s behalf is stressed, including whether the company engages in risk management of third parties throughout the lifespan of the relationship. The questions include whether the company completed pre-ad post-acquisition due diligence; and a process for timely and orderly integration of the acquired entity into existing compliance program structures and internal controls.

The guidance asks whether the company tracks access to various policies and procedures to understand what policies are attracting more attention from relevant employees; and if the policies have been published in a searchable format for easy access and reference. Employee training received new attention, suggesting companies consider the format of their trainings to be more responsive, including by: (1) investing in shorter, more targeted training sessions, and (2) ensuring a process by which employees can ask questions arising out of the training. In addition, there is the question as to the extent to which the training has an impact on employee behavior or operations. With regards to the hotlines, the guidance had added language to ensure that the hotline is an accessible, responsive tool, whether the company test whether employees are aware of the hotline and feel comfortable using it, and if reports are tracked from inception to finish.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.