Compliance Perspectives

By Adam Turteltaub Well, it turns out that you can be in two places at once, if you are a surgeon. Even better, you can bill the government under the Medicare program for being at both of them. It’s not quite as strange as it sounds, explains Sara Brinkmann, Partner, and Lauren Gennett, Counsel, of King & Spalding, and, of course, there are rules. Overlapping surgeries occur when one attending surgeon is responsible for procedures that overlap in time. The attending may perform the critical part of the procedure in both, assuming they are not supposed to happen at the exact same time. Non-critical portions of the procedure, such as closing the patient, are left to a resident. There must also be a backup surgeon in case something goes awry. Payment for both surgeries is possible so long as there are the requisite safeguards in place and the various other CMS rules are followed. There may also be state requirements to be mindful of as well. If those rules aren’t followed, there is substantial risk. As they explain, overlapping surgeries have been the subject of intense scrutiny and enforcement actions. Listen in to learn more, and, for the record, overlapping podcast listening is not approved. Listen now

By Adam Turteltaub On November 22, 2024, Principal Deputy Assistant Attorney General Nicole Argentieri recapped the changes made during the Biden Administration in enforcement policies and announced a few new ones. To better understand what this all means, we spoke with Daniel Kahn (LinkedIn) , partner at Davis Polk, and himself a veteran of the DOJ. There were a number of meaningful changes during the last few years, he noted. Most notably the voluntary disclosure program was significantly expanded, with companies with aggravating circumstances now able to still have the possibility of a declination. There is a catch, though, the bar for cooperation has been raised. The organization must have disclosed promptly, engaged in extraordinary cooperation and remediation and have had an effective compliance program at the time of the incident. A new change, just announced, is the addition of what we referred to in the podcast as “clawforwards” in addition to clawbacks.  Organizations are expected to not pay bonuses to employees involved in suspected wrongdoing. Perhaps the greatest change just announced is a difference in how the DOJ handles self-disclosures. In the past companies that did not have a perfect self-disclosure might find themselves a bit stranded. Now the DOJ is recognizing good faith efforts even when the voluntary disclosure may not have been as timely as it could have been. Listen in to learn more and to hear what he says companies should do with an upcoming change in administration. Listen now

By Adam Turteltaub Once again it is time to sit down with Matt Kelly (LinkedIn), Editor and CEO at Radical Compliance and discuss what happened last year and where the compliance profession is going in the new one. In this podcast we looked back at 2024 and explored five key topics. Changes from the DOJ The DOJ recently issued a recap of its key activities over the last year or so, and Matt notes that a key change has been an increased willingness to give credit to companies that work with the Department of Justice.  In the past, the DOJ had only given full credit to companies that had self-disclosed, but now there is greater leniency for organizations who have demonstrated that they are willing to cooperate with the government and make serious remediation efforts. Lessons from Recent Dispositions Matt pointed to the TD Bank case and noted that, as he saw it, the company laid the seeds for its scandal by having a zero expense growth strategy  across its business.  That led to compliance spending shrinking, rather than growing, as the business rapidly expanded.  The key lesson there:  recognize the compliance risks of your business strategy. Looking at Boeing’s continued woes he notes that the court has now made quality a central part of the company’s compliance metrics.  The definition of compliance and scope of compliance programs could well be growing, with the recognition that having a speak up culture and effective controls isn’t just valuable for legal and regulatory compliance. From the RTX case he finds a lesson for companies in the importance of thorough due diligence and taking the time to understand the risks fully prior to acquisition. Compliance Team Struggles Compliance teams still need to earn their place fully as a trusted advisor for issues outside of the traditional compliance lane, such as AI and supply chain risk, which is often divided up among several departments. Compliance Program Progress The vast majority of CEOs now see compliance as much more than a check the box exercise.  They also recognize that having an ethical workforce is an asset. Matt also notes great progress in anticorruption due diligence and an opportunity to show that the same tools that help vet third parties in this risk area can be useful in many others. Listen in to learn more about his thoughts about 2024 and to prepare for a successful 2025. Listen now

By Adam Turteltaub Retaliation is the bane of every compliance program, with the potential of destroying employee confidence in reporting systems, not to mention embarrassing and expensive lawsuits. It is also complex and can be subtle, explains Keith Read, a former chief ethics and compliance officer and author of the book The Unconventional Compliance Officer: Doing Things Differently. There is overt retaliation, such as firing an employee for blowing the whistle. But there is also softer, more subtle retaliation, such as not including the whistleblower in meetings or on projects. He advises compliance teams to be sensitive to all of the many forms of retaliation and to treat it  as a risk area. That means look at where and how retaliation can occur, and then take the time to determine if is occurring. Track how the careers of whistleblowers go and see if the trajectory has changed for the worse. Also, look to patterns in management.  He found that retaliation followed certain managers around the organization. With this data in hand, you are better able to both support the whistleblower and foster a stronger culture of compliance. Listen in to learn more about how to prevent retaliation from undercutting your compliance program. Listen now

By Adam Turteltaub How do you know your compliance program is working, both for your peace of mind or if the government comes knocking? It’s a tough question, and many wonder either how to start measuring or if they’re measuring the right thing. Andrew McBride, Founder & Chief Executive Officer at Integrity Bridge, has a great deal of experience in this area from his time serving as Chief Compliance Officer at Albemarle. In the wake of an FCPA scandal, the company had to be able to demonstrate the strength and effectiveness of its efforts. In this podcast he advises you remember three key questions from the US Department of Justice’s compliance program evaluation criteria: Is the program well designed? Is it applied earnestly and in good faith? Is it working? At the same time, though, he cautions not to just seek simple metrics alone. It’s important to also track why you are measuring what you are measuring. Compliance teams need to take the time to build out the supporting narratives that explain why and how their choices were made and have a fully written out risk assessment. These documents help guide what is measured and establish why those measurements are worth taking. Having the narrative in place also helps the program keep its focus. Over time people change and memories fade as to why a given compliance path was taken. With strong documentation of the original thinking, the compliance team can better assess if the program is delivering what it needs to or if it needs adjustment. When it comes to who does the analysis of the data, he highly recommends hiring a data analyst. These individuals have the capacity to turn the numbers into meaningful dashboards and graphics that everyone can understand. They can also be adept at finding data where you might not think to look. Listen in to learn more about how to effectively measure the effectiveness of your measurement efforts. Listen now

By Adam Turteltaub Oh, come on, we all know it: sometimes the business people get tired of all those compliance requirements. That’s okay and to be expected.  But, how do you know when it has progressed beyond the usual (and maybe healthy) resistance to full-blown exhaustion? Cecilia Fellouse, General Manager of Compliance for Good, warns that, ironically, when the business team stops pushing back, it can be a sign of compliance fatigue. They may just be going behind your back to get what they want. Another troubling sign to watch out for is systematic escalation. Instead of addressing issues to you, they’re taking the issue straight to higher-level management. So, what can cause compliance fatigue and these bad behaviors? She cites several factors and ways to avoid them. Saying “no” too often and being perceived as operating from an ivory tower. Constantly denying requests without providing constructive feedback can make the compliance team seem out of touch. Lack of engagement with frontline teams. Take the time to talk with them and learn their needs Limited or lack of support from top management. Without their support, the job is all but impossible An isolated compliance team. Without interaction with others, including members of the compliance community, it’s easy for the compliance team to get burned out.  You need to make the effort get out there and connect. She also strongly advocates for taking the time to truly understand the business, not just as a whole but also on a more granular basis, down to what is done day to day. Listen in to learn more, including some signs to watch for in the compliance team that suggests that it, too, may be suffering from compliance fatigue. Listen now

By Adam Turteltaub Do you ever ask yourself, “What kind of compliance officer am I?” Netherlands-based  Susan du Becker, Director, Risk & Compliance at Microsoft, thinks we all should. To her experience, there are two answers to that question. One is a regulatory compliance officer: someone who is focused on the requirements of regulators, potential fines and legal consequence. The other is a business compliance officer, who is focused on what the business needs and how to ensure it achieves its goals while staying within the multitude of white lines the laws and regulations have painted. She envisions herself as the latter, balancing business and regulatory requirements. She recognizes that the business unit will test the limits, and that she is there to make sure there are always two feet solidly on the ground. To keep the business team focused on their legal and regulatory obligations, she advocates for making it clear what lines absolutely may not be crossed, taking the time to meet with them regularly and being prepared to have some difficult conversations if necessary. She also believes that compliance teams are most effective when not positioning themselves as just a gate keeper. Listen in to learn more about the approach, the role of governance and how to ensure the business understand this it owns compliance. Listen now

By Adam Turteltaub Rob Tull (LinkedIn), Managing Director at Effective Compliance LLC wants every compliance officer to be both competent and able to demonstrate it. He advocates for the development of four sequential, underlying skills: Communication The ability to be aware of risks Adaptability, and Decision-making/judgement Underlying all of them is knowledge, and together they form a framework for effective compliance programs. The single most important competency area, he argues, is communication. The ability to translate complex laws and regulations into simple language that helps the business make good decisions is paramount. So, too, is the ability to tailor your message to the audience:  management and the board likely need to hear something different than line managers. Listen in to learn more about what makes for competency for compliance professionals. Listen now

By Adam Turteltaub Who are you talking to? When you think about all the employees in your organization, who do you see in your mind? You probably, and should, think of several people: the person in the plant, the R&D people, the sales team. They all have different needs, maybe even different cultures. Adam Balfour, Carsten Tams and Karen Moore (LinkedIn), each of whom is a veteran compliance professional, explain in this podcast why it’s so important to truly know who the people are in your organization and the risks they interact with. They explain that you have to take the time to get in their heads to understand what their needs are and how best to communicate with them. One technique they advocate for is developing personas: Create fictional, yet realistic descriptions of the types of people in your organization. That will help you better flesh out who they are, their goals and their skills. This process also helps you stand in their shoes and understand not what you want to say but how they are likely to interpret and use that information. Listen in to learn more about how to bring your workforce to life in front of you and have a real impact on their behavior. Listen now

By Adam Turteltaub It’s a complex world, we all know, and we all try to simplify it and our lives, at least from time to time. Nitish Upadhyaya, Director-Behavioral Insights at Ropes & Gray’s R&G Insights Lab and podcaster, wants compliance teams to appreciate complexity and, if not embrace it, at least understand how to work with it. For him this journey started many years ago with the recognition that disincentives don’t always work. He wanted to understand why. This led him to an understanding of complexity, which explores the connections between people and systems and how nonlinear and unpredictable things can be. Appreciating that knot of connections is important for compliance teams, he argues, since the nature of the job involves affecting individual behavior and culture. He outlines several principles that compliance teams should follow: Move away from the idea that you can map everything. Context matters. Understand the human dynamics and stories. The only real rule in a complex system is it will have unintended consequences. When dealing with a complex system, think of the direction you want, not just the end point. It's about managing energy in the system and following natural contours Anomalies are helpful. Outliers can be your next risk or innovation. Map constraints, the things that connect or limit people, such as fear of retaliation or cultural issues, And when it comes to a root cause analysis, dig until you find not just the root, but the several roots that likely underlie it. Listen in to learn more about approaching and harnessing complexity. Listen now