Compliance Perspectives

Glenn Sweatt, Vice President at ECC, shares his insights from the front lines of disaster response and compliance. He discusses the urgent necessity of adaptability when managing compliance in the chaotic aftermath of wildfires in Los Angeles. Glenn highlights the importance of clear communication in a linguistically diverse city, where unexpected language needs arose. With a focus on training and innovative methods, he offers valuable tips for organizations to effectively navigate compliance challenges when crises strike.

By Adam Turteltaub Here’s a little nightmare every compliance officer dreads.  You leave your current job for an exciting new one, only to find out that you just walked into a position where the compliance efforts are token at best because the organization’s leadership doesn’t take compliance seriously. In this podcast Mary Shirley, Vice President, Chief Compliance and Privacy Officer, Scion Health, shares what to look for and how to protect yourself if this bad dream becomes your reality.  And, for the record, she has not run into this disaster at Scion Health. So, what are the signs there is insufficient commitment?  Any or all of the following could be, although generally one or two, she notes, may not be definitive: The title and standing of the top compliance officer is relatively low with little authority The compliance teams is greatly understaffed compared to industry benchmarks (cross-industry, healthcare data), without some compelling reason such as the organization is undergoing financial difficulties There is insufficient or no budget for necessary outside resources A lack of management appetitive for even inexpensive compliance initiatives Lack of support for professional development for the compliance team Compliance not included in major deals or transactions A chief compliance officer with no background in compliance If you find yourself in a situation where the compliance role is not worth keeping, it’s best to determine if there is hope for change or if it is best to leave. Either way, take the time to protect yourself by documenting what you have done and recommended, including what management ultimately decided. To prepare to leave, turn to your network, if you have one.  If you don’t have one, it’s time to start building it out. And, regardless of whether you are in a bad situation looking for a better one, or just looking at a potential career move, she advises asking these questions during the interview to determine if the new position is one that is set up for success or failure: What gets people fired around here? It’s a good way to see if there is real and consistent discipline. Can I speak to my predecessor? What would you like to see improved in the compliance program in the next six months? How would you describe the company’s risk appetite? What would the rank and file say about whether leadership is held to the same standards as they are? What deliverables from the compliance team were rewarded? What types of meeting does compliance attend? Does it have a seat at the table? What professional skills development programs were the compliance team sent to or given last year? What is the full-time staffing of the compliance office? What percentage of that is dedicated vs. liaisons? Is there budget for travel for investigations, training, compliance and ethics week activities and other purposes as needed? Listen in to learn more about how to find the right compliance role.

By Adam Turteltaub There is so much hype and drama when it comes to AI, that it’s good to hear the voice of Mujo Vilasevic, Senior Compliance Officer, Raiffeisen Bank  International.  Contrary to most, he makes the case that the problem with AI is overdramatization.  Despite the fears, it’s not going to take over the world or our jobs, as he sees it. So what should be doing when it comes to AI?  Educating ourselves is a very good start.  Also, look at AI both, as he describes it, outside in and inside out:  Look to see where it can be useful for the compliance department and how the business unit is putting it to use. Do so, he advises, recognizing that there is, as of yet, no global regulatory consensus.  While laws are emerging, there is still a patchwork out there. However, there are some principles of responsible AI use that do seem to have global relevance.  The EU law, for example, is based on the principles of integrity, data confidentiality, consumer data protection, personal data protection and the reliability of data used.  Few would argue against them. In sum, he argues for avoiding the easy temptation of fearing the unknown.  Instead, learn what you need to know to understand this technology (starting with this podcast), and be prepared for global regulations to provide helpful guardrails.

Justin Ross, Vice President and Chief Compliance Officer at Sysco, and Carrie Penman, Chief Risk and Compliance Officer at NAVEX, dive into the transformative use of helpline data. They discuss how reporting should be tailored for different stakeholders to boost transparency. The conversation shifts from reactive to proactive approaches, highlighting the potential to uncover organizational culture and risks through data trends. Key topics include the importance of analyzing discipline outcomes, retaliation, and regional differences to address compliance challenges effectively.

In this discussion, Stacy Parks, an Ethics Officer at Lockheed Martin, shares insights from her experience as a parent to a teenager, reflecting on the vast generational shifts in communication styles. She highlights how terms and preferences have evolved, especially among Millennials, Gen Z, and Gen Alpha, leading to a preference for digital, visual communication over traditional, verbal methods. Parks emphasizes the need for compliance teams to adapt their messaging strategies, employing engaging formats like visual content to connect with younger employees effectively.

By Adam Turteltaub If you’re looking for compliance direction only from the US Department of Justice, you’re missing the wider picture. There is a lot going on in Europe that companies operating in that geography need to be complying with. Dr. Tobias Kruis, Head of Corporate Compliance, Giesecke+Devrient, shares what is going on both in this podcast in his session “Dancing with the Acronyms: Jiving Through LkSG and CSDDDD in the European Compliance Ballroom” at the 2025 SCCE Annual Compliance & Ethics Institute. The German Supply Chain Due Diligence Act, also known under the acronym LkSG, is focused on human rights, occupational health and safety and environmental projects. It requires regular and systematic risk assessments as well as remediation and preventative measures if risks are found. Grievance procedures are also a mandate, as are annual effectiveness reports on the supplier due diligence process. Sanctions for non-compliance can be as high as 2% of annual turnover. The German regulator has already conducted over 1,000 proactive reviews since the act was adopted. The EU Corporate Sustainability Due Diligence Directive was adopted in 2024 and builds on some existing national laws. The aim is to ensure a level playing field for companies in Europe by requiring them to address human rights and environmental concerns in the supply chain. It has much broader reach than the German law in its requirements, including a mandate to conduct due diligence beyond the first tier of suppliers. While enforcement has not yet begun and several changes are contemplated, compliance teams can begin preparing now, taking a risk-based approach to their due diligence efforts. They should also start building cross-functional partnerships with HR, quality, management, procurement and the sustainability teams. Listen in to learn more about what’s happening in Europe, and then don’t miss his session “Dancing with the Acronyms: Jiving Through LkSG and CSDDDD in the European Compliance Ballroom” at the 2025 SCCE Annual Compliance & Ethics Institute. Listen now The Compliance Perspectives Podcast is sponsored by Athennian, a leading provider of entity management and governance software. Get started at www.athennian.com.

By Adam Turteltaub There’s always a “but” when it comes to AI. It has great potential, but there’s always the risk of bad things happening. In the case of the False Claims Act and healthcare, that’s very much the case. In a recent article for Compliance Today – “AI and the False Claims Act: Navigating compliance in the age of automation” -- Phoebe Roth and Colton Kopcik of Day Pitney warn that the same “but” applies to medical coding. AI and coding seem to be a match made in heaven. There is enormous potential for ensuring that bills get processed quickly and all the proper charges are made.  But (of course) plenty of risks come with it. First and foremost, a lack of human oversight can lead small errors to quickly multiply, especially if the AI model was trained on biased historical data or follows patterns of mis-billing. False claims can then can quickly spiral out of control, leading to expensive refunds and settlements. Other areas of risk include telehealth and remote care fraud, especially at a time of increased government scrutiny of medically unnecessary services or improper billing. So what should you do? It is prudent when embracing AI, they warn, to ensure that the algorithm is always up to date on the latest changes to the regulations. Whether the AI was created in-house or by a vendor, be sure there is a plan in place to monitor for changes and make accurate, real-time adjustments. Having in place an AI steering committee is also a good idea. Be sure to include IT, coders, clinical staff, compliance and others. Finally, turn the staff into your front line of defense. Help them be on the alert for potential issues so that you can head off problems before they become big problems. Listen in to learn other ways to manage the “buts” of AI. This podcast is for educational purposes only and does not constitute legal advice. Listen now The Compliance Perspectives Podcast is sponsored by Athennian, a leading provider of entity management and governance software. Get started at www.athennian.com.

By Adam Turteltaub As important as gaining access to the board is, using that time properly is even more crucial. Becky Rohr, Chief Compliance Officer and head of Investigations at Ericsson, will be sharing her insights and advice on this topic in her session “Board Reporting, Not Bored Reporting: Presenting to Boards and Other Senior Stakeholders by Using Data and Storytelling” at the 2025 SCCE Annual Compliance & Ethics Institute in Nashville. In this podcast and preview of her session, she advises that, even before entering the boardroom it’s important to take the time to know your audience. Talking to the board, a board committee or senior executives is different since each has its own priorities. Be sure that what you say and show them speaks directly to their role. Remember, too, that the board is focused on the organization as a whole. She cautions that the board will feel obligated to read anything you send it. So, be sure to avoid overwhelming them and to focus on the larger issues that could materially affect the organization. When presenting data, don’t just give them the raw numbers. Prepare a concise analysis that tells them what those numbers mean and what the key takeaways are. She found that a slide showing opportunities, challenges, highlights and lowlights in a simple quadrant graphic can be particularly useful. Dashboards, too, can be valuable, so long as every light on it isn’t green. That’s bound to raise suspicions. Take the time, too, to anticipate what questions they are likely to ask. She warns that boards tend to want to know how the organization stacks up against its industry peers. So, be sure to take the time to benchmark. Be sure to also take the time to listen to the podcast and join us in Nashville, September 14-17, at the SCCE Annual Compliance & Ethics Institute. Listen now The Compliance Perspectives Podcast is sponsored by Athennian, a leading provider of entity management and governance software. Get started at www.athennian.com.

By Adam Turteltaub What you don’t know can hurt you. And what you do know can hurt you.  Such is the dilemma of background screening. Companies want to know who they are hiring, but, explains Al Firato, CEO & Founder of HireSafe, some information is off limits. The 1964 Civil Rights Act and Title VII prohibit examinations of race, religion, ethnicity and more. In addition, federal and state regulations set limits on what background check firms can look at. That’s not always a bad thing, Al points out. A conviction for a criminal offense from decades earlier should not be cause for immediate disqualification, especially if the person has since made amends. In addition, the conviction may not be relevant for the job at hand: a DUI for a prospective delivery driver is a lot different than one for someone who will be working at a desk all day. The EEOC has also made it clear that people are, in most cases, entitled to a second chance. With that said, background checks can be very useful for revealing exaggerated academic and work histories. Many prospective employees take advantage of the fact that, with so many mergers, it may be difficult, if not impossible, to verify previous employment. Listen in to learn more about the do’s and don’ts of background screening. Listen now The Compliance Perspectives Podcast is sponsored by Athennian, a leading provider of entity management and governance software. Get started at www.athennian.com.

By Adam Turteltaub Dr. Hemma R. Lomax, Vice President, Deputy General Counsel and Global Head of Ethics and Compliance for DocuSign thinks a lot about leaving a legacy, not just for herself but in general. She’ll be addressing the topic Beyond the Rules: The Future of Compliance is Legacy-Driven Leadership at the SCCE 24th Annual Compliance & Ethics Institute, which takes place September 14-17, 2025 in Nashville. She is a strong advocate for thinking beyond quarterly goals and looking to operationalize best intentions to leave something behind that is more enduring. Getting there, she explains, requires first helping leaders understand that they know that a legacy is not out of reach, if they focus on doing the right thing and for the long run. Done correctly, the legacy they create can be an enduring strategic asset. For compliance teams it means recognizing that every human has a survivor and a sage brain. And, while we in compliance need to embrace that survivor brain and embrace bad scenarios, we cannot be prophets of doom, raising already high anxiety levels. Instead, we need to lead with transparency, embed purpose into processes, make ethics a design feature, and create internal accountability. Listen in to learn more and then join her session in Nashville at the SCCE 24th Annual Compliance & Ethics Institute. Listen now The Compliance Perspectives Podcast is sponsored by Athennian, a leading provider of entity management and governance software. Get started at www.athennian.com.