Compliance Perspectives

By Adam Turteltaub A good employee survey on compliance and ethics can yield a wealth of data on how your program is and isn’t working, where the risks are, and how to move forward. The challenge is getting the survey right and getting employees to respond. Klaus Moosmayer, Member of the Executive Committee and Chief Ethics, Risk and Compliance Officer at Novartis, shares in this podcast that the compliance team has just completed the second round of their survey. The goal was to get first-hand data from as many employees globally as they could about any unethical behavior they perceive around them and how it is acted on. The survey was developed with substantial help from behavioral scientists, who created a questionnaire that captured where the company is now but also enabled them to dig deeper into key issues. For example, in the first round of the survey the Novartis team discovered that approximately 80% of employees go first to their leaders and managers when seeing unethical behavior. In the second

By Adam Turteltaub When it comes to AI, there is little agreement. Some see great potential, while others see great nightmares. Some see opportunities, and many see nothing but risks. In the EU, though, there is agreement on one thing, a new EU AI Law. In December 2023 the EU Parliament and Council agreed to  a bill “…to ensure AI in Europe is safe, respects fundamental rights and democracy, while businesses can thrive and expand.” Longtime compliance professional Letitia Adu-Ampoma (LinkedIn) explains that while the law won’t fully come into force for two years or more, it’s time for compliance teams to start paying attention and preparing. The act is a part of the EU digital strategy, which is very focused on human-centric legislation. Its goal is to keep positive the impact of AI on people and society. The approach it takes is risk-based, categorizing AI systems based on the level of risk: unacceptable (and prohibited), high risk, minimal risk and no risk. The act is very specific in how it defines whi

By Adam Turteltaub Having a compliance champions or ambassadors program can be a great boon for the compliance program, if you keep the champions engaged. Unfortunately, that doesn’t always happen. If not managed properly your champions may end up sleep walking through the job. In this podcast, Matt Silverman, author of the book The Champions Network and Global Trade Director and Senior Counsel at Viavi lays out several strategies for maintaining the involvement and commitment of your champions network. To ensure engagement, he recommends remembering that the people who decided to be champions did so for a reason. It may be for a wage stipend or for altruistic reasons.  Tapping into that motivation is essential. On an ongoing basis it’s important that they see the impact of their work on the organization and their own career. That means sharing outcomes, as best you can, and providing them with access to development opportunities. These could be specific to deepening compliance expertise or as broad as de

By Adam Turteltaub Mergers and acquisitions create stress, opportunity and risk both for the organization and the compliance team. In this podcast, Sergio Leal, who until recently was head of M&A compliance at Ericsson along with Jan Sprafke, the company’s chief compliance officer, share their advice for compliance professionals in the midst of a transaction. They stress that the compliance team needs to be involved during the entire lifecycle, from target identification to due diligence to post-acquisition integration. This will help the organization avoid unanticipated liabilities and risks. To ensure success the compliance team needs to be embedded in the M&A team. Meet with the stakeholders regularly to ensure you are aligned with their processes. When you do, remember that compliance is just one piece of a very complex puzzle. Be prepared to move quickly. The DOJ amnesty program for issues discovered in an acquisition has a rapidly ticking clock. At the start of an acquisition or merger, they recomm

By Adam Turteltaub To quote CMS, “The Open Payments program is a national disclosure program that promotes a more transparent and accountable health care system. Open Payments houses a publicly accessible database of payments that reporting entities, including drug and medical device companies, make to covered recipients like physicians.” For this transparency to work, though, it’s important for the data to actually be used. Kelly Cooper (LinkedIn), Compliance Specialist at UF Health Shands Compliance Services, reports that too often it isn’t. There is a downward trend of providers reviewing the data collected, she reports, due to lack of awareness of the program and why it matters. That needs to change. Physicians and the hospitals that employ them are now required to post a notice for patients about the Open Payment system and how to access it. This will likely lead to more questions from patients and the need for providers to monitor the data more closely. So what should compliance teams do? She recomm

By Adam Turteltaub The 2024 CMS Medicare Physician Fee Schedule extends no less than ten different pandemic flexibilities related to telehealth. In this podcast, Randi Seigel, partner and Jared Augenstein, managing director, at Manatt take us through all of them, including in-person visit requirements, audio-only services, physician supervision and opioid treatment. They also address: Changes in the structure of the telehealth services list Changes to payment by place of services Remote psychological and therapeutic monitoring Enrollment and revocation A new opportunity for payments for social needs of Medicare beneficiaries Listen in to learn more about what’s new, what’s the same, and what will sunset at the end of 2024.

By Adam Turteltaub Effective investigative interviews are both important and sensitive. To get some pointers about how to conduct them properly, we turn in this podcast to Wendy Evans, Senior Corporate Ethics Investigator at Lockheed Martin. Wendy is also an instructor for the SCCE Fundamentals of Compliance Investigations workshops. She recommends starting by doing your homework. Before you talk with anyone, whether a possible witness or the subject, get all the information you can from the reporter. Then, review it to see if it includes the what, where, when, why and who. If you don’t have all that information, take the time to find it since it can identify what the potential motivation behind the incident was. With that information in hand, check your case management system to see if any of the parties were involved in previous reports. Follow that by notifying HR and the subject’s manager that you will be conducting an interview. They may have important insight. Think through what other evidence you m

By Adam Turteltaub Matt Kelly (LinkedIn), Editor and CEO at Radical Compliance is a close watcher of all things compliance, and in this podcast he shares his take on both the top stories of 2023 and what he sees in the cards for 2024. FCPA On the Foreign Corrupt Practices Act front, he noted a change in enforcement. While the volume of resolutions declined on the DOJ side, the SEC has remained very active. Perhaps most notably, the Albermarle case had an interesting twist. The way the company did business was changed dramatically as a part of the settlement, he reports, with a restructuring of its overseas sales and the end of the use of third parties. He speculates this may be the start of a new trend in which monetary penalties are accompanied by required changes to the way companies do business. Also of note in FCPA was the announcement by Lisa Monaco at the SCCE Compliance & Ethics Institute of a leniency policy in mergers and acquisitions. Because of the relatively short timeline for finding and dis

By Adam Turteltaub We all want the compliance team to be approachable. It would be ideal if, when people thought of compliance, they had positive, maybe even warm and fuzzy, associations in their mind. But, how do we get there? For BroadPath, a friendly blue koala was the answer. In this podcast, Jaime Watkins, the compliance officer there, explains that she drew inspiration from the Basic Compliance & Ethics Academy and an exercise that called for creating a compliance mascot. Back at the office she created a contest among employees to create a mascot as a part of the company’s celebration of their compliance and ethics week. A winner was selected, and, with the help of the marketing team, the blue koala was born. Since then, the furry critter has been a regular part of their training, newsletter and is used everywhere that they can, even sometimes straying to the activities of other groups in the company. The impact of the koala has been enormous. People enjoy seeing variations of how it is dressed u

By Adam Turteltaub Decades ago, while at a bit of a career crossroads, I was thinking of making a dramatic change and moving halfway around the world. I was talking it through with a friend who said that one day he asked himself whether he wanted to have a successful career or an interesting one. He realized that interesting was more important to him. That decision led him from Missouri to New York to Hong Kong, Singapore and Thailand, where he ended up enjoying great success. Ricardo Weffer, Group Ethics and Compliance Head of Al Dahra, has had a similar career journey that ranged from Venezuela to Dubai with countless points in between. In this podcast he shares his almost two decades of work in compliance and anticorruption in Latin America, the Middle East, Sub-Saharan Africa, Central Europe and Asia. A lawyer by training, he has worked in energy, banking, tobacco, logistics and agriculture. Despite all this variety, both in geography and industry, he shares that there are professional commonalities w

By Adam Turteltaub Compliance professionals can face a lot of resistance in the course of their work: leaders who don’t have the time, budget limits, managerial indifference, and even outright hostility. But, sometimes the impediments are inside us. In this podcast, Kristy Grant-Hart, CEO of Spark Compliance Consulting and author of the new book Your Year as a Wildly Effective Compliance Officer, points out that sometimes we get in our own way. It’s just easier for us to see what the external blocks are than it is to see those we create for ourselves. Overcome them, she argues by trusting your own value. Ask for what you want, and don’t trust that others will see the need. And, when you do ask, be sure to make clear what value the compliance program provides. She also cautions against falling into Imposter Syndrome and feeling as if you don’t belong in the room. Sitting there quietly doesn’t help, in fact it hurts by giving others the impression that you and the compliance team are not adding value. Inste

By Adam Turteltaub We are starting a new year of Compliance Perspectives podcasts by going back to basics with an episode designed for those who are charged with starting a compliance program. While the conversation is directed to this audience, there are some good reminders even for established programs. Providing guidance are Pam Cleveland, Compliance Officer – Medicare Advantage for UCLA Health FPG and Megan Grifa, Senior Director, Compliance at Sidecar Health. So, if you are charged with launching a program, where do you begin? They advise starting by taking the time to develop a work plan that outlines your compliance program elements. Look to see what the regulatory requirements are for the business you are in and make a catalog of them. That, in turn, will help you set the objectives of your program. Next, take the time to tailor those requirements to the unique aspects of your organization. To do so, first spend time with operations to understand their level of knowledge, processes, resources and

By Adam Turteltaub When compliance professionals discuss AI most of the conversation tends to focus on the risk.  Frank Orlowski (LinkedIn), Founder and President of Ation Advisory Group, though, is far from all gloom and doom on the topic. In fact, he believes AI can be an asset to compliance programs. AI, he explains, can be of great value for compliance any place where there are large amounts of transactions that need to be monitored and checked. Two notable examples are travel & entertainment and accounts payable/vendors. AI is very useful for identifying outlier transactions that could be a sign of trouble. In manufacturing, it can be very helpful in monitoring materials being used. AI can also be helpful, he believes, in ESG efforts. But, there are limits. AI is not ready for handling contracts, he argues. It is also chronically deficient when it comes to addressing the gray areas of ethics and fairness. There it’s important for compliance teams to work with the business unit closely to ensure decis

By Adam Turteltaub The topic of conflicts of interest (COIs), especially in healthcare, is a very broad one. It can encompass professional activities, board membership, purchasing, procurement and more. But it is the financial conflicts, especially for those that conduct research, that can be most problematic. To help unpack the topic we are joined in this podcast by Will Crawford (LinkedIn), an associate in the DC office of Hogan Lovells. He explains that, in the case of research, a COI occurs whenever the interest of the investigator, their spouse or children can affect the design, conduct, or reporting of institutional research. And, of course, there is a potential conflict when activities like consulting and speaking can affect primary employment areas. Federal regulations have expanded greatly in this area, with the Public Health Service now being joined by the US Department of Energy and even NASA with regulations of their own. Compliance teams need to monitor the changing direction from all three.

By Adam Turteltaub Record retention and information governance have grown exponentially more complex as the number of laws have proliferated and the amount of data housed has exploded. This has vastly complicated the question of what data to hold onto and for how long. Mark Diamond, CEO of Contoural, points out that sometimes there are even competing and conflicting compliance regimes. For the most part, the rules specify a minimum number of years that information must be retained. However, organizations can typically retain records longer if there is a compelling and documented business need. Still, the temptation to just hold onto the data must be resisted. In this podcast he outlines the importance of getting a good handle on what data the organization has, categorizing it appropriately, determining how long it will be retained, and how it will be destroyed. Typically, this is an exercise involving multiple disciplines, including compliance, legal, IT, security, privacy and the business unit. A committ

By Adam Turteltaub Ronnie Feldman (LinkedIn), CEO, Founder and Creative Director of Learnings & Entertainment, thinks that compliance teams play too much defense and not enough offense. What does that mean?  In this podcast he explains that offense is the proactive preventative measures designed to prevent problems. Defense is reactive and made up of investigating allegations and cleaning up issues. To his experience, the time and money are more focused on defense than offense. So what should we do? He recommends realigning efforts, starting with looking at the key influences of behavior: the social environment and the influence of leadership. That includes changing the perception of compliance and turning it into a more positive one. One specific step he advocates is making the training more relevant and enjoyable to take. On the leadership level, he advocates for making them a larger part of the ethics team by providing them with the tools they need to address ethics issues. This could include videos to

By Adam Turteltaub On February 22, 2022 the European Commission adopted a proposal for a directive on corporate sustainability due diligence.  In this podcast, George Porter, Knowledge and Training Manager at Ground Truth Intelligence reports that the directive, which is still being negotiated, is both a continuation of past measures and something new. It is designed to unify a great deal of previous regulations and create an ESG framework for both EU-based companies and those doing business in the EU. The directive covers three key areas: environmental risk, social goals such as modern slavery and child labor, and governance. The governance portion, importantly, addresses the duty of care and the need to conduct due diligence. It also significantly expands the stakes for organizations. Due diligence of the supply chain continues but organizations will now be responsible not just for how they sourced materials, but also how their products are disposed of. To back it all up there will be substantial potent

By Adam Turteltaub While the pandemic seems, at least for now, to be receding into our past, many of the changes from it have not, including a large percentage of the workforce that works remotely. While in some ways we have gotten used to this new normal, Lori Tansey Martens (LinkedIn), President, International Business Ethics Institute warns that there remains cause for concern. Specifically, the prevalence of high number of remote works has been and continues to negatively impact corporate culture. Culture is made up of the shared values and beliefs, norms, values, mission and purpose, and in many ways it differentiates one organization from another. Recent research shows that the common fabric binding people together into one culture is fraying. Survey data she shares shows that employee feelings of alignment has decreased substantially, and while those declines have leveled off among in-office and hybrid employees, they have not among remote workers. Remote workers also have the highest turnover rate

By Adam Turteltaub While most eyes have focused on the US Department of Justice’s document Evaluation of Corporate Compliance Programs when looking for guidance, it’s not the only DOJ source out there. Josh Drew (LinkedIn), Member, Miller & Chevalier explains that it would be wise to also look to Attachment C. What is it? It’s a document typically attached to Foreign Corrupt Practices Act (FCPA) resolutions. It specifies what the defendant company will need to do to establish and maintain an effective corporate compliance program. As a result, it, like the Evaluation document, provides very clear guidance as to what the DOJ’s thinking is when it comes to compliance. In August and September 2023 there were several changes to Attachment C. For one, it expanded the call for support from senior management down to include midlevel management as well. It specifically points to the importance of their tone and conduct:  “The Company will ensure that mid-level management throughout its organization reinforce leade

By Adam Turteltaub At this point anyone in healthcare who doesn’t have a plan for managing HIPAA compliance risks is behind the eight ball and times. But, for those who do have a program in place, the question is: does it currently reflect your risk profile? Nancy Roht (LinkedIn), Managing Principal at Compliance Pro Consulting points out in this podcast that just because the HIPAA regulations don’t specify how often a HIPAA risk assessment should be done it’s best to do so annually, and perhaps even more frequently if something significant happens. Changes in leadership, organizational structure, goals, quality and major vendors can all call for a fundamental reexamination of your strategy. When conducting the assessment, don’t mistake it for a gap analysis. Make it a true assessment of risk and put together a work plan to address any deficiencies. When conducting the assessment, she recommends interviewing both leadership and staff to get a comprehensive picture. Take an inventory of the PHI you have, p