Compliance Perspectives

Post By: Adam Turteltaub The Challenger and Columbia disasters were as instructive as they were tragic, providing countless lessons for organizations, including for compliance and ethics professionals. The January 2022 issue of Ethikos focuses exclusively on them and features an extended article by Professor J. Mark Maier, Founding Chair of the Leadership Program at Chapman University Professor Maier has dedicated much of his career to studying the disasters and sharing lessons from them, even producing a documentary. Of particular focus for him were the efforts of Roger Boisjoly and Allan McDonald, who refused to sign off on the Challenger’s launch. Professor Maier and McDonald frequently spoke about leading with integrity, including for US Space Command’s Leadership Development Program. In the latest Compliance Perspectives podcast Professor Maier explores the many ethics issues that led to these disasters. The topics discussed include: Speaking Truth to Power It’s not easy for people to speak up to individuals who are more senior than they are. There’s inherent risk, especially when delivering bad news that can imperil a project. Adding to it, management often signals, intentionally or not, that they want things to stay on track, schedule and budget. This calls for a focused effort by leadership to create a different mindset, one that encourages people to bring up unpopular truths. Risk Complacency In the case of the Columbia disaster, the spec was for no foam to fall off the external fuel tank, but it kept happening. In fact, it happened so frequently and with no effect. As a result, NASA grew complacent about the risk, until ultimately the foam did damage a wing and all aboard perished. The Dynamic of Internal vs. External Risk It can be too easy to downplay the external risks and focus on the internal risks we perceive to ourselves and our careers. The Fallacy of “It’s a Business Decision” Often a decision is treated as “just a business decision” when, in fact, there is an ethical issue at stake. Focusing solely on the results, dollars and cents fails to consider the importance of the means, and not just the end. The Importance of Little Things It is easier to fix a problem when it is small than when it is big. However, when it is small it is too easy to ignore until it is too late. The Value of Servant Leadership This often-misunderstood term is explained, and Professor Maier argues that when management leads as a servant of common cause rather than from a position just of power, it is far more advantageous. Listen in to learn more lessons from these two tragedies.

Post By: Adam Turteltaub Stephen Paskoff has some serious concerns about Diversity, Equity & Inclusion (DE&I) training. The President and CEO of ELI definitely believes training has advantages, but too often he has seen it done improperly. Sometime is a part of a one and done proposition. Other times he has found the training to be divisive, which runs counter to the unifying message of DE&I. The training proposes stereotypes for a group, which can cause both internal problems, as well as legal risk. So what’s the right way forward? First, he argues for recognizing that the purpose of the training, like the DE&I initiative, is to change habits, which is very complicated. The new habits need to be specific, clear and few, and they have to be consistently reinforced. Second, the training has to align behavior with the values, vision and mission of the organization, not an unattached initiative. It has to be a part of an organization imperative, like sales, quality and innovation. Communication has to extend beyond the training. Leadership must support it publicly, and so too must line managers. What else makes for success? * There needs to be consequences * The effort must be continuous, like safety, quality and innovation * The program needs to be seen as bringing values to life * There needs to be clear standards that are linked to the organization’s growth Listen in to learn how to make your DE&I initiative and training work.

Post By: Adam Turteltaub At the 2022 HCCA Compliance Institute, Tonja Wise (LinkedIn), Corporate Director of Compliance, Sharp HealthCare will be leading a session “Your Audit Plan is on Point…but How is Your Moderating Game?”  It’s a very good question, and in this podcast she offers very helpful advice on how to improve your monitoring efforts. First, since monitoring and auditing are often referred to together as if they are the same thing, she defines the difference between the two.  Monitoring, she explains, tend to come after a problem, or potential one, is identified and there is a need to ensure that the remediation in place is working. Like other areas of compliance she advises a risk-based approach.  Health care entities should focus on areas of recent government audits or any place they already have a correction plan in place.  Avoid focusing on areas where the risk is low of either an incident or having to pay a substantial penalty. To have a strong monitoring program in place, Tonja explains, you need an experienced staff and the right software.  An Excel spreadsheet to track things is probably not enough. Listen in to learn more about how to effectively monitor your healthcare compliance program, and then join us for the 2022 HCCA Compliance Institute.

Post By: Adam Turteltaub Given the dangers of third-party risk, it’s not surprising that so many organizations have developed supplier codes of conduct. Like everything else in compliance, though, the trick is in just having one, its in having the right one. Patty Houser (LinkedIn), Compliance Counsel at Land O’Lakes reminds us in this podcast that a supplier code of conduct should be like an internal one: set high expectations ,provide guidance and promote ethical practices. It is also a chance for the company to confirm its commitment to integrity and sound business practices. The supplier code should be recognized as a statement to suppliers and public about what it stands for, including the company it keeps. Going much beyond that, and getting too far into the weeds, though, is not advisable she says. There are other documents for getting into the specifics, including the terms of the contract. When drafting a supplier code she recommends: * Focusing on the challenges of the jurisdictions with the most risk * Looking at what your own internal code of conduct says * Examining supplier codes of others in your industry * Taking the time to understand the sophistication of your suppliers * Assessing the risks inherent in the industry * Reviewing internationally-recognized standards * Setting expectations and giving guidance * Asking your suppliers for feedback to see if what you has written is workable. As she warns, “Compliance with the impossible is no compliance at all.” Finally, don’t forget one other key audience for the supplier code: your organization’s business unit. To secure their buy in, take them back to your own code of conduct and the commitment to doing things the right way. Also, show them the risk of a supplier that doesn’t do things properly, including the reputational damage it can do to your firm. In the end this is all about finding well qualified business partners that can both supply and protect your business.

Post By: Adam Turteltaub The pandemic is both increasing burnout and making it harder to differentiate between needing a break and being, well, just completely done. As Ellen Hunt of Spark Compliance and Melanie Sponholz, Chief Compliance Officer, Waud Capital Partners explain in this podcast (and will also share in their session at the HCCA Compliance Institute), common signs are fatigue (to the point of not wanting to get up and start work), feeling cynical or jaded, irritability, inability to concentrate, not feeling your usual self, and no sense of purpose. Another sign to watch out for: the inability to have a sense of accomplishment. If being able to cross something off of your list no longer brings with it any feeling of reward, it’s a telltale sign of burnout. To avoid burnout they recommend building a separation between work and not working. That’s harder to do with so many of us working from home, but it’s necessary. Try to focus on doing some things completely separate from work that make you happy. Anything involving movement – walking, running yoga – can help. Think about things that you used to do at home that filled your cup when you left work. It could be cooking a meal, reading a good book, or spending time with non-work friends (safely, of course). At work, they recommend three specific behaviors: * Always assume positive intent. Don’t think that people are out to get you, even if their words may seem a bit hostile. * Practice the pause. Take a deep breath and ask yourself, “Are they really insulting me, trying or be rude, not understanding?” Ask people why they asked the question or made the decision that they did. It could have just come from a misunderstanding. * Ask yourself: Do I really care?  Is this something that is going to matter next week or year? Finally, they advise making that effort to revive and build out your network. It will help you expand beyond the core people you normally interact with and find others than inspire you. It’s also beneficial to talk with others going through similar circumstances to be reminded that you are not alone. So, schedule that 30-minute virtual coffee, or just send a note to someone you haven’t been in touch with to see how they are doing. Reach out to people you admire. Many will be surprisingly happy to hear of your support and be more than willing to talk. You can even take the next step of creating something of a board of advisors for yourself. Listen in to learn more, and then be sure to attend their session at the 2022 HCCA Compliance Institute, which takes place in Phoenix, March 28-31 and is also available online.

Post By: Adam Turteltaub Markus Juttner, Vice President & Global Head of Compliance at E.ON doesn’t focus on individual blind spots or taboos. Instead, he focuses on the organizational ones. In fact, as he argues in this podcast and will explain during his talk at 2022 SCCE European Compliance & Ethics Institute, he thinks it’s a mistake to focus on the individual. Since the core task for compliance teams is to prevent, detect and respond to corporate misconduct, it calls for an organizational level of analysis. You need to understand that the organization is an entity of its own. There are four common challenges that he sees: * The compliance team not being transparent to the management board: If they ask if the program is effective, you need to be honest and admit if you do not know * The risk assessment only addresses what we expect to see. There may be other factors we have not thought about. * A lack of transparency by the business side when reporting to compliance * The habits that are normal and a part of life in the organizations All of these can have dramatic effects on the compliance program, and all reflect the culture of the organization. As a result, it is essential to take the time to determine what the culture is, as well as the many subcultures. Listen in to learn more and then join him at the 2022 SCCE European Compliance & Ethics Institute.

Post By: Adam Turteltaub There are a lot of good reasons to do a periodic review of your healthcare compliance program, not the least of which is that the government expects it. But when’s the right time?  How do you get the management support?  What outside experts do you need?  And how do you integrate the results into your workplan? Those questions are tackled by Anne Daly, Vice President of Compliance, Samaritan health System, Judy A. Ringholz, Vice President of Compliance and Ethics & Chief Compliance Officer, Jackson Health System and Steven W. Ortquist, Founder & Principal, Arete Compliance Solutions in this podcast and at their session “How to Assure that Your Next Compliance Program Review Confirms Performance and Helps Improve Your Compliance Program” at the 2022 HCCA Compliance Institute. It’s important, they explain, to make sure that you have your arms around the program before you begin the review.  If you’re new to the role, you probably don’t know enough about the program to make the review as successful as it could be. Once you feel that you are ready and that it’s time to have outside eyes review the program, it’s important to select a vendor with healthcare-specific experience, ideally with experience interacting with enforcement.  Make sure they also have a solid understanding of the government’s expectations as well as your organization’s goals.  Be sure they also are well versed in the fiduciary duties of healthcare boards and have the personal presence to be able to present to the board. One thing else to do: make sure the consultant is reasonable.  You want someone who will give you actionable recommendations, not someone caught up in a quest for perfection. Be prepared to dedicate significant staff resources to help the review, most likely including a dedicated person who will be on point for the project.  A consultant is going to need your team to provide a lot of documents about the program and assistance in scheduling interviews with key employees. Once the work is done and the report is drafted, it’s a good idea to review it with the consultant to make sure that he or she truly understands the organization and didn’t misinterpret any information. Be sure also to meet with the board and key leadership so that they understand the purpose and benefits of the review, including that it is a part of their fiduciary duty to have an effective compliance program. And, be sure to bring your workplan to the final presentation to the board.  That’s an ideal time to both demonstrate what you plan on doing and ask for the resources you need to get the job done. Listen in to learn more, and then join us in Phoenix (in person or virtually) March 28-31 for the 2022 HCCA Compliance Institute.

Post By: Adam Turteltaub At the 2022 SCCE European Compliance & Ethics Institute Dr. Jan Sprafke, Head of Compliance, Europe and Latin America and Jad Mhanna, Regional Compliance Officer at Ericsson will be leading a session entitled Cultural Divide and Compliance. The session, and this podcast, will examine some of the challenges in implementing compliance programs in non-Western countries. There are three common issues that they find when implementing a program, especially in the anti-corruption area. First is the belief that it is a foreign law being imposed upon the local community. Second, there are different perceptions of what constitutes a bribe. Third, many believe that this is another Western way to mingle in local affairs. Some may also see anti-corruption laws as weaponized: designed to penalize economic competitiveness. When considering how to overcome these barriers they caution to remember that not all of the workforce shares the same perspective when it comes to compliance. Some don’t really care and will do what they are asked to. Others will be smiling and saying “yes” but thinking about how to get around the rules to do what they want. The third is a small minority who will speak up and share their concerns. This group needs to be handled carefully. It is easy to see them as opposition when, in fact, they are not. So what should a compliance team do when faced with these challenges? Jan and Jad recommend avoiding the temptation to force compliance and instead take the time to understand the culture. In some places simply sharing the rules will be enough. In others it may mean taking the time to explain your goals and build a deeper understanding of why this initiative is important. Other advice they provide: * Don’t make this a headquarters initiative, partner locally * Leave room for discretion and flexibility * Understand what the local definition of corruption is and what is considered a bribe * Run frequent risk assessments and compliance audits * Help the local business team understand their risk exposure Finally, take the time to put yourself in the shoes of others. It will help you better understand your colleagues’ thinking and help make compliance more of a two-way street.

Post By: Adam Turteltaub Anyone who works in healthcare knows that the regulations are complex, subject to change and hard to keep up with, especially if you don’t have a software solution tracking it all. Jerry Shafran, CEO and Founder of YouCompli recommends identifying and focusing on the highly-regulated portions of your organizations first. For hospitals, he explains, those tend to be revenue cycle, lab, physician services and pharmacy. They represent about 70% of the regulations that come out. Next, he advises nurturing relationships with the people in these parts of the enterprise. The keys to success include modifying how regulatory changes are perceived in the organization and making regulatory change management foundational to the compliance program. Unfortunately, that can be trickier than it seems. Training needs to be checked regularly to ensure it is up to date. And, with the changes being so highly clinical and entering the organization in a disorganized fashion, there are ample opportunities for error. To succeed, he suggests making things as simple as possible by creating repeatable processes, such as following the steps of know, decide, manage and verify: * Know that you are tracking all the regulator you need to and who in the organization is responsible. * Decide if it applies to your organization and what needs to be done. * Manage by ensuring all stakeholders are aware of what they are supposed to do and the deadlines * Verify that the required changes have been put into effect, behavior changed and policies have been modified. The verify step is especially important since that is what regulators will be looking for if they knock on your door. Finally, as with so much else in compliance, communication is key. Every regulatory communication the compliance team shares with the organization has to be simple and simple to follow.  Write it for businesspeople and avoid legalese. Look to methods of communication other than email so the communication doesn’t get lost. And include in your communications plan a process for calling people to make sure that they have done what the regulation requires. That helps increase compliance and provides a record of the steps taken to comply. Together this should make the process of keeping up with healthcare regulations more than a bit easier.

Post By: Adam Turteltaub What does your organization have in common with a well-inflated basketball? Maybe not enough. As Vanessa Mathews, Founder and Chief Resilience Officer at Asfalis Advisors explains, business resilience is like the air in the basketball: It’s what makes the ball bounce. And, we all want a business with the resilience to bounce back from a crisis. Building resiliency depends on having the right capabilities, processes and people. It starts with understanding that a crisis is an incident that can impact your organization’s reputation, profitability, operations or all three. Once you determine if you are in a crisis, the next step is assessment. This includes asking questions such as: * What is the scope? * What are the likely consequences? * How long will this be in the news? * What risks are we willing to take? Once you have those answers it is time to determine if you need to activate the crisis management team. Surviving a crisis depends on preparedness, which includes leadership support, training and development, the resources to investigate, ongoing risk assessments, workforce tracking, and, of course, a culture of compliance. Resilience in a crisis also requires a strong commitment to communications with regulators, third-party stakeholders, leadership, the board, employees, and in the case of healthcare providers, their patients, visitors and the community. It’s not something that comes overnight, but it’s an investment well worth making to ensure that your business has the bounce it needs. Listen in to learn more about how to build in resiliency, including what you will need from leadership, who needs to be on the crisis support team, and the role of organizational values.

Post By: Adam Turteltaub When you think of online compliance and ethics training, you likely imagine courseware developed by a vendor and used by hundreds of other organizations. USBank broke that mold, creating online training in house. It did so for a number of reasons, not the least of which is cost. While there were a lot of options out there from vendors, the expense of customizing and integrating it with their system was too high. The training they created ranges from a humorous video showing people using chat to discuss a challenging (not in a good way) manager to a series of videos featuring Katie Lawler, SVP, Global Chief Ethics Officer, talking with various leaders of the bank while driving in her own car. Jon Ackman, VP, Global Ethics Office at USBank explains that the chat exchange was designed to reflect the current time, in which so much communication is written rather than face to face. It delves into behavior that is culturally destructive while also showing the risks in this means of communication.  When people start writing there is more room for interpretation, and misinterpretation. Showing how to communicate more carefully was essential. It also reflected the ethics team’s commitment to being authentic and empathetic to employee life, including the need to self-edit. The driving videos drew their inspiration from both Carpool Karaoke and Comedians in Cars Getting Coffee. The team was thinking about ways to get people engaged and motivated while bringing important topics to life. They considered how people consume information these days and recognized that short videos are extremely popular and can be useful for sharing a more human story. The result was a series of engaging conversations that the workforce could relate to. Producing the videos was remarkably affordable, relying on a pair of GoPros, a microphone pack and some editing software. For any organization thinking of pursuing something similar he recommends giving it a try, and not worrying about the small gaps, bugs and errors. They tend to make things more personal. Also, look at your communication plan and try a more targeted approach to communications. Listen in, and be sure to watch the chat and driving videos.

By Adam Turteltaub What if the face of your compliance and ethics program was a four-year old? It is at Ivy Rehab. Well, actually, several small children recently starred in a series of videos that the compliance team produced to support their annual compliance week. You can see an absolutely charming sample here. In this podcast the company’s Director of Compliance Margarita Derelanko and Compliance Specialist Maria Campbell explain that they were inspired by other compliance-related videos that they had seen featuring kids. They had thought doing something of their own would be fun and attention getting. And, since the company was expanding its pediatric services, it made sense from a strategic perspective as well. Working with the kids proved to be fun, and Margarita and Maria did their best to make it as easy as possible, including giving the flexibility to allow for some improvisation. Little kids aren’t always good at following a script. Producing the videos took approximately two and a half months, and they recommend budgeting plenty of time since there are many steps involved. They brainstormed ideas, created a structure and brought in marketing. In the end they created a communications plan and a suite of tools to focus on a different topic each day: documentation, phishing, revenue cycle, social media and COVID-19. In addition to the kids there was a trivia content, with badges for those who answered correctly, and raffles of a gift card. What was the reaction of the workforce to the videos? Very positive. The videos engaged them and helped them see compliance people in a new light. Be sure to watch a video and then listen to their podcast. If you don’t, we may send you to your room.

Post By: Adam Turteltaub Due diligence during a merger or acquisition is difficult even in the best of circumstances. There is only so much you can see and so much time to see it before the deal closes. Add the complexities of a pandemic and business in emerging markets, and the challenge increases exponentially. To determine how to conduct due diligence most effectively we turned to Krista Muszak, Global Services SOX Controls and Compliance Supervisor, Johnson & Johnson and Louis Perold, Principal, Citadel Compliance and a member of the Society of Corporate Compliance and Ethics & Health Care Compliance Association board. The two of them will be addressing the topic at the 2022 SCCE European Compliance & Ethics Institute. To ensure that compliance due diligence is conducted effectively they recommended becoming activity engaged with the business and M&A team. This will help ensure you get sufficient information on the upcoming transaction and the business rationale behind it. Be sure also to understand the transaction itself and the various stakeholders. Together these can help provide guidance on how to conduct your due diligence. From there it’s important to get a handle on the ownership of the target company and key staff. Meet with them, if possible, to learn about the compliance program. When assessing the program, be sure to put data analytics to use. Helpline data is very worth reviewing: What is the volume? What issues are coming up? Are inquiries and allegations being responded to in a timely way? Take a look, too, at the risk assessment and audits to see if there is any data that indicates trends of fraud, policy violations or other misconduct. Try and make up for the lack of in-person meetings by increasing your number of touchpoints at the target company. Also, see if there are resources locally that you can turn to who can be your local arms and legs. Finally, make sure you have a handle on the range of legal and regulatory issues that you will have to manage. Anti-corruption gets a lot of attention in emerging markets, but data protection and privacy, money-laundering, human trafficking, modern slavery and a host of other risk areas are present as well. Listen in to learn more and then join us at the 2022 SCCE European Compliance & Ethics Institute.

Post By: Adam Turteltaub When a crisis hits, what do leaders and the crisis team want from the compliance team? It’s a question that Jonathan Armstrong, Partner at Cordery, addresses in this podcast and will be speaking to at the 2022 SCCE European Compliance & Ethics Institute in Amsterdam. For starters he points out an oft-cited admonition: during a crisis the compliance team can’t be the department of “no”. Focusing on what can’t be done or on what happened in the past, for that matter, is counterproductive. The post-mortem will come later.  For now, the emphasis has to be on moving forward. The team is looking for people who will be able to find constructive solutions and alternatives. Be sure, he advises, also to focus on how compliance can reduce the chance and size of penalties. To that end, focus on remediation as early as possible. Prosecutors will, after all, be focused on what the company has done to undo the problem and keep it from reoccurring. Some of the other advice he provides in this podcast includes: * Rehearse a crisis before one occurs * Be a single source of truth: these are the issues we have, this is what we will have to do, and this is where we are on the journey * Bring crisis tools with you: crisis plans, templated press releases, specimen internal communications * Be more directive than consultative As importantly, take the time to understand the psychology and roles of leadership.  Leaders know stakeholders want to see action. Their predisposition will be to act and act quickly; if you’re too slow they may be ahead of you. Recognize, too, that the board is sensitive to their own reputation as well. They will also be leaning to act quickly and decisively. Listen in to learn more about how to prepare for a crisis, manage through one and come out the other end better than you might expect. Then plan on joining us for the 2022 SCCE European Compliance & Ethics Institute.

Post By: Adam Turteltaub When Katie Ignatowski (LinkedIn) stepped into a compliance role for the first time at the University of Wisconsin, she had to learn quickly and on the job. She spent time studying and learning from others and identified what she saw as two distinct approaches to compliance programs. The first approach, which is the most popular, is risk-based. The compliance team provides experts that understand how to comply with high-risk areas. In her case, Title IX was of particular concern. She brought in a Title IX expert who could support the university’s Title IX coordinators and serve as an ongoing resource. This expert also helped write policies and develop training. The second approach is to follow more of a second line of a defense model. Management serves as the first line of defense. Internal audit is the third line, and compliance is in the middle. The compliance team may convene a working group to address all aspects of compliance and culture, and, of course, risks as well. So what makes sense for you and your organization? There’s no simple answer. She advocates in this podcast taking the time to decide which is better fit based on where you are starting out and how well you understand the risk landscape.