Summary: Podcast featuring the top Compliance and Ethics thought leaders from around the globe. The Society of Corporate Compliance and Ethics and the Health Care Compliance Association will keep you up to date on enforcement trends, current events, and best practices in the compliance and ethics arena. To submit ideas and questions, please email: firstname.lastname@example.org
By Adam Turteltaub email@example.com Kim Brandt, Principal Deputy Administrator for Operations at the Centers for Medicare & Medicaid Services (CMS) shared with the attendees at the 2019 HCCA Compliance Institute what the latest is from CMS, and what to expect in the coming months. For those who missed her talk, she was kind enough to sit down for a podcast and provide us with an extensive look at what CMS has done and will be doing. Listen in as she shares: * The vast number of comments received on provider burdens, and how extensively CMS is actively addressing them * The comprehensive review of Medicare Conditions of Participation with the goal of removing obsolete, duplicative or unnecessary requirements * Progress on the Patients Over Paperwork initiative * CMS’s efforts to make data more transferable and accessible for patients * What CMS is doing to stem the opioid epidemic, including for new opioid prescriptions * Exploration of new value-based models * The new Medicaid program integrity strategy, and the audits that followed There’s a lot to learn. Don’t miss the chance to learn directly from her.
By Adam Turteltaub firstname.lastname@example.org Steve Priest of Integrity insight International has been a part of the corporate ethics scene for decades now. He’s worked with companies all over the world and is expert at assessing corporate culture. In April 2019 we sat down for an atypical podcast. Rather than dissecting one specific ethics or compliance challenge, we explored what’s concerning him these days. The conversation began with a discussion of cellphones and how disturbing they can be, as well as the poorly understood data protection risks. From there we moved on to the related and broad topic of another area where the understanding isn’t what it should be: human psychology and behavior. Steve argues that, for example, when it comes to training we tend to treat employees like children, telling them they shouldn’t do this or that. He argues instead for a more prosocial approach, which goes hand in hand with the need to help employees better engage with the company. That’s getting harder to do with so few employees staying with one employer for very long. One potential solution for addressing these challenges: get more professionally diverse voices in compliance, people with skills outside of legal and audit. Along the way Steve also explains what he calls “The Three R’s” of putting in place a compliance program and the weakness of the fraud triangle. Listen in and enjoy an illuminating and entertaining conversation.
By Adam Turteltaub email@example.com The European Bank for Reconstruction and Development (EBRD) was created after the fall of the Berlin Wall to help develop open and sustainable market economies in countries that were committed to and applying democrat principles. To date, the EBRD has invested €130 billion in 5200. Its focus is on private sector investment and supporting six market transition qualities: competitive, green, inclusive, well governed, resilient and integrated. Lisa Rosen, the bank’s Chief Compliance Officer, along with her team play a central role in helping the EBRD succeed in its mission. It’s not always easy, she explains in this podcast, since many of the countries where the bank has investments have serious corruption risks. Alongside this risk are many others, including difficulties in determining the ultimate beneficial owner, anti-money laundering, terrorist finance controls, economic sanctions, as well as present and former government officials who may sit on corporate boards, or even in management. Listen in as she explains the challenges of compliance, the risks in former Communist countries, and the role the EBRD is playing in fostering compliance and being a beacon of integrity.
By Adam Turteltaub firstname.lastname@example.org These days everything is online, well, most everything. As Kristy Grant-Hart of Spark Compliance Consulting discovered, compliance program information is often the exception. It may not be there at all, or not be as optimized as it should be. For example, one third of the Codes of Conduct available on sites surveyed weren’t even in color. When she sat down with us at the Berlin European Compliance and Ethics Institute she advised compliance professionals not to think of the website as just the website. Instead, ask: What does the website say about the compliance program? Is it painting the right picture of your program? Do you have the disclosures necessary under the UK and California human trafficking and modern slavery laws? Is the code of conduct up? Is there a CEO letter? Your employees, venture capital firms, and even prospective employees may be looking. Also looking at the site are individuals who want to raise a potential issue. These people may work at your organization or for a vendor or supplier. If it’s difficult for them to find the helpline info, they may keep silent or raise their issues elsewhere. Listen in to learn more about how your compliance program can raise its web game
By Adam Turteltaub email@example.com Going from good to great has a different meaning to all of us, but generally, it means moving the compliance program up from informal to evolving to optimized. Along the way, there are a number of barriers to evolution, including potentially hundreds of offices around the world to reach, where compliance sits in the organization, resource constraints, and culture. The key to going from good to great is to move away from just being a compliance program manager into part of the business decision-making process, explains Jacki Cheslow, Director-Business Ethics and Compliance, Avis Budget Group. In this podcast, recorded at the 2019 European Compliance and Ethics Institute, she explains that making yourself valuable from a business perspective makes all the difference. Some of the other pieces of advice she offers: * Changing the conversation from “no you can’t” to “yes you can” but with the explanation of what’s required * Focusing on the “what’s in it for me” for your audience * Using data analytics to demonstrate progress * Leveraging your contacts across the organization to be a connector when business people have challenges Listen in for more good advice on being great.
By Adam Turteltaub firstname.lastname@example.org While Romania is a part of the European Union (EU), it has a corruption problem typical of less-developed states. Admitted to the EU under a Cooperation and Verification Mechanism, it is subject to monitoring, according to Charles Vernon, an attorney in Bucharest with a large compliance practice. Lately, the country has not fared well with its EU monitors who have added eight additional steps for the country to take. The reason for the remedial action is what Charles describes as steps backward when it comes to fighting corruption. The leadership has tried to loosen anticorruption laws and constitutional courts have stepped in, overturning verdicts on narrow technical grounds, he reports. At the same time, however, the public has not been quiet, taking to the streets in protest. In addition, the younger generation recognizes the need for better governance nationally and looks to multinational companies as places where they can work with integrity and rise on their own merits. Listen in as Charles explains the risks of doing business in the country, the need for greater vetting of suppliers, and what’s going on in privacy laws. GDPR is not as well implemented as elsewhere in Europe, but it is still a force to be reckoned with, and privacy is already closely monitored in the healthcare industry.
By Adam Turteltaub email@example.com One of the most provocatively titled sessions at the 2019 SCCE European Compliance and Ethics Institute was “Becoming ‘Invited In’: Creating Compliance ‘Addicts’ Globally.” Aversion, not addiction, is more typically associated with compliance, unfortunately, and it made me want to learn more. So, I asked the two co-presenters to sit down for a podcast to share what they meant by the term. Nadege Rochel, Global Compliance Manager and Susan Roberts, Chief Compliance Officer of Hollister Incorporated both readily agreed. A compliance addict, they explained, is someone who does something extra beyond simple compliance. So, how do you get people to become addicts? Not surprisingly by rewarding them. But what may be surprising is how simple a reward it was: a pin. It turned out to be both an offer of recognition and a way for the recipient to be recognized by his or her peers as someone with a strong commitment to ethics and compliance. It also triggered a competitive streak, with others wanting to earn the pin as well. This simple approach has infused their compliance programs and offers lessons for others seeking to create cultures in which the compliance program is embraced. As they explain, they did not stop with pins. At sales meetings they try to schedule lunches and breakfasts with people, and even join in at the end of the day. There’s a compliance booth where employees can win a ribbon or candy for answering a question correctly. And, once again, those who wear the ribbon generate interest in those who have not yet earned one. These techniques, coupled with several other business-team friendly initiatives, have helped the compliance team and program make tremendous strides. Listen in, even though we can’t give you a pin for doing so. Note: Nadege speaks first.
By Adam Turteltaub firstname.lastname@example.org Few can look back at a career in compliance and ethics as rich as Alan Yuspeh’s. He served as the coordinator of the Defense Industry Initiative (DII), Senior Vice President and Chief Ethics and Compliance Officer for HCA Healthcare and as a president of the Health Care Compliance Association. In a fascinating conversation he shares his experiences and learning from a remarkable career. In 1986 he began his role with the DII, which includes 50 of the largest defense contractors. Many of the elements of compliance programs that are commonplace today owe much of their existence to the efforts of DII members: codes of conduct, compliance training, and hotlines to name a few. Then in 1997 he joined HCA and moved from the highly-regulated defense arena to the equally regulated healthcare industry. A great deal of what worked in defense found a place in healthcare as well. During his time at HCA he developed a compliance program that had three aspects that he felt were particularly valuable and distinctive: * Having effective local compliance and ethics officers * The development of Responsible Executives for each area of compliance risk: experts tasked with developing strategies, policies and procedures for mitigating key risk areas * Energetic compliance reviews processes Listen in as he explains more about this trio of programs and discusses both micro and macro ethics.
By Adam Turteltaub email@example.com For many organizations outsourcing their data management is very desirable. It can provide a wide range of benefits, including the ability to capitalize on machine learning. But outsourcing has risks that must be well understood and managed, says Dan Fabbri, the Founder and CEO of Maize Analytics and Assistant Professor of Biomedical Informatics and Computer Science at Vanderbilt University. In this Compliance Perspectives podcast he explains that there are risk areas to consider and important questions to ask your vendor: Is the data being held separately or mixed with data of other covered entities? Will the vendor be using the data for non-contracted purposes? Who has physical access to the data? Is the data being accessed by IT and support people located outside the U? Will the data be stored outside the country? Understanding the implications of the answers to these questions can make an enormous difference in whether your organization can trust that its data is secure, and exposure of Personal Health Information is unlikely. It can even protect you from poorly-informed AI affecting your organization. Listen in to learn more about how you can safeguard your healthcare data more securely.
By Adam Turteltaub firstname.lastname@example.org Compliance is never easy, and it is especially difficult for mid-sized companies in emerging markets. Many of them operate in countries where there is not even a word in the native language for compliance. Frank Brown and Anna Kompanek of the Center for International Private Enterprise (CIPE) help companies meet this challenge. Fortunately, they report in this podcast recorded at the 2019 Compliance and Ethics Institute in Berlin, help is coming. Large, international businesses that they partner with are encouraging, and often requiring, compliance programs from firms in their supply chain. This has helped midsized firms see the benefits of investing in compliance, not just as a means to prevent corruption but also as a way to have a more complete risk management system. At the same time, though, challenges remain. Some tools offered by risk management vendors are causing confusion. ISO37001 is sometimes presented as a panacea but can be a trap because of its one size fits all approach, they argue, and many midsized companies don’t have the resources to comply with the standard. In sum, it’s a challenge, but by listening in to the podcast compliance professionals in large companies will gain a better appreciation of the struggles of their midsized suppliers in developing markets.
By Adam Turteltaub email@example.com Each year countries lose billions to corruption, fraud and other compliance failures. When it comes to stemming this problem, helplines are crucial. In fact, a study by the Association of Certified Fraud Examiners found that 50% of corruption cases were found through tips from employees. The challenge for helplines is that there is often an assumption that the calls will come in through a landline. For much of the world, though, that’s not the case. Employees are more likely to have mobiles, and that toll-free number isn’t toll-free. Worse, problems often arise in developing countries where English or other European languages may not be widely spoken. If your helpline provider doesn’t have a native speaker on premises, it can lead to long delays and awkward three-way calls with a translator. Paula Davis of Waypoint GRC encourages compliance officers to begin rethinking how they put their helplines to use and explore alternatives such as apps. She also advises “mystery shopping” the line: making test calls in multiple languages to see how well the helpline provider handles them. Also, she suggests asking the provider for abandoned call rates, to see if people are staying on the line. Listen in to get ideas for how you can improve your helpline’s effectiveness.
By Adam Turteltaub firstname.lastname@example.org The 2019 European Compliance and Ethics Institute began with a riveting address by Drago Kos, Chair of the OECD Working Group on Bribery. The OECD has played an enormous role in the anti-corruption efforts, setting standards that countries commit to, and holding them to public account if they fail to meet their obligations. After his talk, he took the time to record a podcast in which he shared some of the key points covered in his longer keynote address. These include: * Only half of the OECD members have been active in anti-corruption enforcement, but there has been an increase * Rising nationalism has come with increased indifference to international standards and efforts, including the fight against corruption globally and domestically * High trust, he believes, leads to less corruption: to fight corruption you must first build trust * The OECD is working on revisions to its 2009 recommendations for combatting bribery, and this will include a public comment opportunity * The latest series of country reports shows some progress but also serious deficiencies Listen in for his insights, concerns, and warnings.
By Adam Turteltaub email@example.com A few months ago the threat of ransomware – and some actual cases – was sending chills of fear through hospitals, municipalities and the business community. Since then reported ransomware incidents have decreased substantially, but that doesn’t mean the threat is gone completely, warns John Riggi, the Senior Advisor for Cybersecurity and Risk for the American Hospital Association and a veteran of the FBI. In fact, he explains in this podcast, it remains a real risk, but just one of many risks out there. Supply-chain related attacks remain an issue, for example. Remember when the Target system was infiltrated by hackers who came in through the HVAC provider’s connection to Target’s system? That is still a potential problem, even extending to medical devices plugged into networks at healthcare providers. Another threat to watch out for: business email compromises, in which a cyber adversary impersonates an individual with payment authority in the organization. He or she then sends instructions to an employee to wire funds, ostensibly to a vendor, but in reality to the criminal. So how do we help prevent these issues? According to John training is critical. Employees need to know what to watch for and, in the case of payments, know when to stop and call someone to confirm the instructions. Likewise, employees need to better understand the risks posed by lost files, flash drives and laptops. But, in the healthcare arena, most importantly they need to understand that patient care also means caring for patient data. Listen in to learn more.
By Adam Turteltaub firstname.lastname@example.org Tomell Ceasar has spent the last 10 years working in compliance and governance roles in Dubai, both for local and multinational companies. In that time he’s seen a lot of change in compliance programs. For one, he notes in this Compliance Perspectives podcast, the job used to be a lot lonelier. Until about five or six years ago there weren’t many other compliance professionals. Since then the compliance profession, and compliance programs, have grown dramatically in the region, and with it has come a change in corporate cultures. Gift giving and lavish entertainment, for example, have been reined in as part of an effort to meet international norms. And compliance programs are the norm, rather than the exception. Listen in as he explains how the transformation is continuing to unfold, the cultural issues that still exist, and the ongoing importance of training in the region.
By Adam Turteltaub email@example.com By Adam Turteltaub A merger or acquisition is an expensive proposition for an organization and one that is rich in both business and compliance risks. That’s particularly true for the healthcare industry, with its substantial regulatory burden and constant change. Shirley Qual and Andrea Ekeberg at UnitedHealthcare will be sharing their expertise on M&A compliance risk at the 2019 HCCA Compliance Institute. In this podcast they explain that successful compliance risk management begins with getting a seat at the table and persuading the business team that compliance can bring value to the conversation. Specifically, we can help them to prioritize and identify risks before the deal closes. Once the deal is done, it’s time for compliance to go back to the seven elements of a compliance program and assess whether they are present at the acquired entity. Also, it’s essential to find out if they have a risk assessment, and what it says. Then, Shirley and Andrea suggest, look into past enforcement actions and how the entity has responded. Listen in to learn more about how to manage the compliance role during a merger or acquisition. And don’t miss them at the 2019 Compliance Institute.