What does cooperation get you with the DOJ?

Like the Financial Industry Regulatory Authority (FINRA), the U.S. Department of Justice (DOJ), has also released guidelines for evaluating corporate compliance programs and how organizations might receive credit for cooperation and self-disclosure in the Department’s criminal and civil enforcement actions.

Key, says Nelson Mullins Broad and Cassell Attorney Gabriel Imperato in an article appearing in Compliance Today, is well-managed organizational compliance programs and a willingness to pursue effective corrective action to prevent and detect future occurrences of underlying noncompliant conduct.

Does hospital regulatory compliance sound a lot like FINRA?

Indeed, it does. According to Imperato, the DOJ’s update of its 2017 Evaluation of Corporate Compliance Programs is intended to assist federal prosecutors in making decisions about whether and to what extent an organization’s compliance program was effective for determining: 

• Whether criminal charges should be filed against the company; 

• Whether and in what amount a fine should be levied against the company; and whether a monitor or some other compliance obligation should be imposed on the company and;

• Whether a monitor or some other compliance obligation should be imposed on the company. and Whether a monitor or some other compliance obligation should be imposed on the company.

Investigators and regulators will give credit to those healthcare and financial services organizations where wrongdoing has occurred for having compliance programs when they consider levying charges, fines, monitorships, or expulsions.

Can your compliance team answer three fundamental questions?

Imperato writes that when the DOJ is evaluating an institution’s cooperation, it looks at the following three items:

1. Is your compliance program well-designed?
   Included in the answer to this question is a determination of whether your company’s compliance program is appropriately designed to detect the types of misconduct that are most likely to occur in the company’s line of business (i.e., risk assessment). Equally important is to make sure your policies and procedures address key compliance risks and that they are effectively communicated to employees through regular training. DOJ prosecutors also must evaluate whether a company has an “efficient and trusted” system for the confidential reporting of potential violations, and the investigation of those reports. Investigators also must determine whether a compliance program includes procedures for performing meaningful due diligence on its third-party business partners and/or acquisition targets.
2. Is your compliance program implemented effectively?
   Implementation is everything. Poor execution undercuts even the most well-designed compliance program. The DOJ will want to know that your program is “implemented, reviewed, and revised…in an effective manner.” Investigators will want to know that management has clearly articulated the company’s ethical standards, demonstrated adherence to these standards, and encouraged employees to follow them. They also will want to ensure that you and the members of your compliance team have sufficient experience, seniority, resources, and autonomy and that your organization has disciplinary procedures in place to address issues and exposures.
3. Does your compliance program work in the real world?
   Misconduct happens. The DOJ, FINRA, and auditors from the Securities and Exchange Commission know and expect that. However, the investigators, regulators, and prosecutors will want to determine whether your compliance program was actually working effectively – that bad actors are discovered and remedial actions taken

What do the DOJ updated compliance guidelines mean for you?

Just like their financial services compatriots, health care compliance and risk management professionals and company management have a clearer picture of what they need to do to minimize exposure and maximize compliance – with an eye towards positioning their organizations in a more favorable light when the prosecutors come calling (and they will!).

Regardless of whether you are responsible for compliance in your healthcare or financial services organization, it seems that no one is immune from oversight and regulatory compliance. One cannot stop bad actors from acting badly, but a well-run compliance system can spot irregularities and give an attentive compliance team a chance to nip exposures before they get out of hand. That’s where Patrina can help. We’ve built our business based on helping organizations keep track of “bad apples,” and stay on the “straight and narrow” efficiently and cost-effectively. So, let’s talk. Call 212-233-1155 to ask about Patrina’s cost-effective, designated third-party services, our comprehensive 8-module compliance solution, and compliant data capture & file storage, and records archiving specifically designed for the healthcare, insurance, and financial services community. Be smart. Be covered. Let’s talk.