Kusserow on Compliance: Drifting into corporate integrity agreements is dangerous

Compliance Officers are well aware of impending Corporate Integrity Agreements (CIAs) as cases move through investigations and settlements with the Department of Justice (DOJ) and HHS Office of Inspector General (OIG).  This lead time permits time to prepare for meeting obligations. Consultants with extensive experience in this area offer some thoughts and suggestions to avoid making costly mistakes, or failing to meet CIA deadlines.

  • Suzanne Castaldo, J.D., has assisted many organizations in meeting CIA terms and makes the point that, “When a matter falls into an investigation by the DOJ and OIG, legal counsel takes over to resolve the matter. After the case is settled with the DOJ, they continue to work with the OIG on terms and conditions for the CIA.  The result often catches the organization and their Compliance Officers, executive leadership, and Board about the full scope of what needs to be done in the 120 days following agreement.”
  • Tom Herrmann, J.D., had a number of years at the OIG coordinating with the DOJ, developing settlement agreements, and appointing monitors, as well as working as an Independent Review Organization (IRO) with more than a dozen organizations. He urges “Compliance Officers or organizations moving to DOJ settlement and OIG to not sit back and wait for an agreement to be negotiated.   They should be in communication with their legal counsel to understand what is being discussed in terms of timing and obligations and begin maneuvering with plans to meet the obligations that will be in the CIA.”
  • Carrie Kusserow, who worked as both a Compliance Officer and a consultant in meeting corporate integrity agreement (CIA) obligations, agrees, in that, “When CIAs are signed, most Compliance Officers and their executive leadership are often surprised by the implications of what has been agreed; and ill prepared to meet the terms and stringent timelines that are included in them. They wake up and begin to focus on the real scope of what has been agreed in the CIA.  Suddenly they find they begin to understand the scope of their commitment and begin racing the clock to accomplish all that to which they have agreed.  Frequently this leads to mistakes and delays in trying to do all that is required within strict timeframes established that include securing the Independent Review Organization, as well as Compliance Experts for the Board.  All this is the backdrop to preparing the first report to the OIG.  The last thing any organization needs is to fail in meeting obligations at the outset of a CIA.”
  • Steve Forman, CPA, who also has extensive experience both in leading IRO teams as well as being a Board appointed Compliance Expert for three organizations, observed that “There is little by way of excuse for Compliance Officers, leadership and the Board not being adequately prepared for what is coming in terms of a CIA. Compliance Officer should, at the first sign that there will be a settlement with the government begin their homework and preparation, by reviewing recent CIAs posted on the OIG website.   CIAs follow a pattern, granted that terms and conditions evolve, it does so slowly.  All a Compliance Officer needs to do is find a CIA with factual similarity to their situation; and then read the terms and apply them to their own organization.  By doing this, they will know how much time they will have to do certain things.”
  • Al Bassett, J.D., who has more than 20 years’ experience in providing compliance advisory services, adds, “Many of the tasks that will be required under a CIA can and should be undertaken well in advance of an agreement. It is foolish to wait until a CIA is signed.  The race is on once a case is moving to the DOJ, not OIG.  In many cases this provides a year or more of advance preparation to meet what will likely be included in the CIA in terms of being able to evidence compliance program effectiveness. It is important that organizations realize that CIAs are no longer just focused upon substantive issues that led to the problem that are monitored by an IRO.  Recent CIAs have turned their attention to compliance and certifications.  Compliance standards are set forth and there are mandated certifications by the executive leadership, including the Compliance Officer, along with members of the Board.  Board certifications have also led to mandates to engage in addition to an IRO, a Compliance Expert to assist and give advice to boards to prepare them to personally certify the compliance program.  Knowing this, the Compliance Officer should be working in overdrive, before any settlement, in preparing to meet what is needed to evidence compliance program effectiveness.”
  • All of the experts agreed that it is strongly advisable for Compliance Officers to begin looking for qualified experts to fill the roles of an IRO and Compliance Expert. They underscore this as a very serious responsibility, for once selected, they are likely to have that role for up to five years.  Although there are many who would like to fill those roles, finding the right qualified experts will take some time and weeding.  Far too many organizations find themselves rushed on finding the right experts and are forced to settle on lesser qualified parties.  A bad selection can result in many additional unnecessary burdens, higher costs, and increased problems with the OIG.  The best advice given is to find an organization with experience in these roles with many CIAs.  They will know what needs to be done and not learn on the engagement at the expense of the organization.  They also will be known by, and have experience and credibility with, the OIG.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2016 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Board compliance experts and certifications under corporate integrity agreements

The HHS Office of Inspector General (OIG) now requires the engagement of independent compliance experts in its corporate integrity agreements  (CIAs) to assist it in meeting its obligations of compliance program oversight. This trend has been part of a movement to hold members of governing boards more accountable for such oversight.  Those engaged as compliance experts must create a compliance review work plan, perform the program review, and provide a compliance program review report.  The report has to describe the review performed, findings, and any recommendations for program improvement.  The board must review the report and act upon any findings and recommendations. A copy of the report must be sent to the OIG as part of each CIA Annual Report.   In addition, the OIG can access to any materials provided by compliance expert, as well as any minutes of meetings must be available to OIG upon request

Carrie Kusserow has a long history as a compliance officer, as well as a compliance consultant working on compliance with CIAs.  She noted that the “real game changer” in CIAs has been the movement towards increased certifications by executives, compliance officers, and board members.  Board members now have the burden to adopt and sign a resolution for each CIA reporting period.  This is serious business, in that making false certifications could criminally violate 18 U.S.C. §1001.  In order to hold boards fully accountable, they mandate that they engage a compliance expert to assist them in carrying out their compliance program oversight and to assist them in being able to make their certification, so, selecting the right compliance expert is critical. Once selected, they are likely to have them doing this work for five years.  She also warns that time is not an ally when CIAs are signed.  The attorneys handling the litigation and settlement process often are working ahead of the organization and those that will have to implement the terms and conditions of the CIA.  What this means is that many organizations find themselves in a race against time to do all that is required, including engaging independent review organizations and compliance experts.   She advises organizations moving toward settlement to begin looking and evaluating potential parties to be engaged as outsider experts.

Tom Herrmann, J.D. had many years experience with the OIG in managing the CIA process, as well as being engaged by numerous organizations in meeting CIA obligations.  He believes that it is important to remember that moving from settlement to meeting obligations under a CIA is also moving from parties advocating on behalf of the organization to parties assisting in meeting the requirements that have been agreed to. He speaks from firsthand experience when he says that the OIG does not like parties trying to re-litigate a case and any effort to do so will likely prove counter-productive.  This means that the compliance experts engaged must focus implementation on the terms of the agreement.  To do this, they must be free of any conflicts of interest, if they are to meet the independence and objective standards required by the OIG.  The OIG wants to see organizations select true experts who will carry out their responsibilities with independence and integrity.  He agrees that the more experience that parties have as experts under the CIA, the better they are known to the OIG and more credible will be their work.

Selecting compliance experts

  • An independent expert must be properly qualified to perform the work described in the CIA.
  • Work to be performed consists of operational reviews, not financial audits.
  • Focus is on compliance program expertise.
  • A CIA may require several different types of expert (e.g. IROs, compliance experts).
  • Those selected should be qualified and experienced in the industry sector covered by CIA.
  • A lack of expertise in area engaged equals potential problems with OIG.
  • Sub-standard reports risks loss of compliance credibility.
  • Work performed by experts must be professionally independent and objective.
  • Compliance Experts follow GAO GAGAS standards for operational reviews.
  • Experts should certify to OIG professional standards.
  • Ensure and seek certification that the experts have no conflicts of interest with the entity.
  • Check references.
  • Steve Forman, CPA has been engaged as a compliance expert on behalf of several organizations. Based upon his experience, he offered tips on how to go about selecting an outside compliance expert. He believes it is very important engage parties with considerable experience doing this kind of work.   Using people inexperienced in compliance as compliance experts is risky. Those lacking experience tend to be more costly, as they charge for their time in learning what needs to be done at the expense of those that have engaged them. The more experience they have doing this kind of work under a CIA, the better. As a result, it is advisable to find experts who have been engaged by entities under CIAs on multiple occasions. This also permits reference checking on how well they did with organizations that used them. He also added that serving many years as a compliance officer, along with experience as a health care consultant, was critical in being able to deal with real and practical considerations in acting as a board Compliance Expert. He believes having that combination of experience provided those organizations using his services with the most efficient results.
  • Did the firm meet its obligations satisfactorily?
  • Were there any problems?
  • Did the OIG find a firm’s work satisfactory?
  • Did a firm perform services economically and efficiently?
  • Was a firm sensitive to the entity’s operations and needs?
  • Was a firm’s work professional, competent, and timely?

One last piece of advice for compliance officers is that they educate their boards on this new trend, whether or not the organization may be involved in settlements with the government. What the OIG mandates is what it believes all organizations should follow–greater board oversight of the compliance program.  All boards should add members who are “compliance literate” and/or secure outside experts to advise them on the progress in development of an effective compliance program

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.