Compliance Perspectives

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Most companies don’t start out with a full-time compliance team.  Heck, most probably don’t even start with a part-time team.  But as an organization grows, eventually it is time to take the plunge. Tony Joy from Empower Audit Training & Consulting has worked with several companies who have made the transition from a parceled out compliance function to a dedicated one.  Not surprisingly, over the years he has found that sooner is better than later when it comes to starting a compliance program. That doesn’t mean, however, that you need to dive completely in.  He recommends a phased approach beginning with leadership buy-in.  Then it’s time to get some help, whether by forming an internal team, engaging outside consultants or turning to resources of outside groups like the SCCE. Listen in to this podcast as he provides some more helpful insights into the formation of a compliance program, as well as the missteps that can leave you farther behind than if you hadn’t started at all.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org On April 16, 2018 Daniel R. Levinson, the Inspector General at the Department of Health and Human Services once again returned to the stage for the HCCA Compliance Institute.  As he has done so many times and so well, he provided the Institute attendees the latest in thinking from the Office of Inspector General. This year he also sat down to record a podcast covering the highlights of his talk.  Whether you attended the session looking for a refresher or were unable to attend, you’ll find his insights invaluable. Listen in as he addresses key issues such as: * The importance of mastering data * Rethinking compliance and healthcare in terms of inputs, outputs and outcomes * The need to separate luck and risk: they are sides of the same coin, but you can’t rely on luck * Thinking of self-disclosure in terms of demonstrating an understanding of risk and a commitment to reduce it * Thinking about “dynamic compliance” to reflect a fast-changing healthcare environment * How the OIG’s office is responding to the opioid crises, and the role compliance can play The podcast is filled with invaluable information and takes less than fourteen minutes to listen to.  Still hungry for more?  Visit the OIG’s new Compliance Resources Portal

By Adam Turteltaub adam.turteltaub@corporatecompliance.org There is a lot written and discussed about ethical business practices.  Not so much, though, if anything, on ethical business regulation. Ruth Steinholtz of AreteWork wants to change that.  A former general counsel with a passion for ethics, she works with numerous companies on making their values real.   She is also the co-author of Ethical Business Practice and Regulation. In her book, and in this podcast, Ruth argues for the development of a new approach to regulation based on informed trust.  In a nutshell, companies with a strong commitment to ethical, compliant behavior, and, critically, with the evidence to prove it, should be able to bring their data to regulators.  The goal:  to lay a foundation of trust, which leads to a more constructive relationship both day to day, and when things go bad. Listen in for her thought-provoking ideas that are already being piloted with one government.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org For years most of the focus on compliance training has been focused on web-based programs.  While there is much discussion about issues like the use of comedy in that training, or whether it should be a full hour or just a few minutes, there is relatively little talk about when is live training better?  And, how do we make live training work at its best? David Barr of the firm CampbellBarr is a specialist in live compliance training.  In this podcast he argues that live training is best when looking for a behavioral change.  For simply exchanging knowledge, web-based training is idea, but when looking at affecting human dynamics, live training can be a better choice because of the interaction with the instructor and with their peers in the room. He shares his advice for making live training work at its best including: * Avoiding training with so large a group that interaction is limited * Getting participants active and moving * Training in the language participants truly are comfortable in * Recognizing that the invitation to the training is the actual start of the learning process Listen in, if you can get past the irony of turning to web-based training to learn about the virtues of in-person learning.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org NAVEX Global recently released its 2018 Ethics & Compliance Hotline and Incident Management Benchmark Report, which leverages their database of helpline/hotline calls and other incident data.  In 2017 the company logged approximately 900,000 reports, which it used for this analysis. Compliance veteran Carrie Penman, who serves as the company’s Chief Compliance Officer and Senior Vice President, Advisory Services join us for a podcast in which she covers some of the highlights of the report.  Among the points discussed from the report: * A rise in the amount of reporting * Substantiation rates across reports as a whole, as well as the differences in rates between helpline calls and incidents reported through other means * The wide “normal” range for the number of reports in an organization * The substantiation rates of anonymous calls – it’s higher than many would think * The rise in harassment reports * The latest figures on retaliation Be sure to listen to the podcast.  A copy of the report can be found here on the NAVEX site.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Your organization has just reached a settlement with the government, and you have a corporate monitor.  Making that relationship work is essential not just for meeting the terms of a Deferred Prosecution Agreement.  It’s also essential for coming out of the monitorship with a much stronger compliance and ethics program. Eric Feldman of Affiliated Monitors, Inc. and Tom Topolski worked closely together when Tom’s previous employer had engaged Eric as a monitor.  In this podcast they discuss what made their relationship work, and the lessons every compliance professional can take away when in the middle of, or about to face, a monitorship. They explain: * Getting a monitor is not always negative; it’s also a good opportunity to adopt best practices * Red flags that a monitor would see as a symptom of a larger problem than expected * The importance of trust to the relationship * The monitor has to go in with a mindset that they are there to be collaborative, and that collaboration and independence are not mutually exclusive * The goal is to work together to build the best organization possible using compliance best practices

By Adam Turteltaub adam.turteltaub@corporatecompliance.org By any measure, Abu Dhabi-based Mubadala is a large company.  It operates in 30 different jurisdictions, has tens of thousands of employees and has over half a trillion dollars in assets. This posed a substantial challenge for the compliance team.  Printing and distributing codes of conducts in multiple languages was not easy, and likely did not serve their employee base well.  People don’t typically have their copy of the code of conduct with them out in the field when issues come up.  Plus, with most of the company’s employees aged 35 or less, a paper code didn’t really match the way they consumed information. The solution for Mubadala was to create an app for its code of conduct (just search “Mubadala” in your app store to download it). As Shahzad Khad, Mubadala’s Head of Compliance and Ethics explains, the company saw an app as a better way to connect and engage with stakeholders — employees, partners, suppliers and agents in field. In this podcast, he explains how the Mubadala compliance and ethics department: * Put together a development team focused on making the app work from a technical, content, business and usability perspective * Decided what to include in the app and what not to * Made the app interactive to increase learning and involvement Listen in also to learn about how they did it, the app’s impact on helpline calls, and how employees actually use it.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Public-private partnerships are formed jointly by government entities and the private sector.  Like joint ventures they have two organizational owners.  Also like joint ventures they share a risk:  each side thinks the other is in charge of compliance, while neither side actually is. Kent Swagler is there to makes sure that compliance is very much taken care of for Bi-State Development in St. Louis.  He serves as the organization’s Director, Compliance and Ethics. In this podcast he shares how to make compliance work in a public-private partnership.  The key, he explains, is to work together collaboratively to turn compliance into an asset for protecting mutual interest.  He shares numerous pieces of advice including: * The importance of demonstrating that this is not a duplication of effort * The need to gain the support of the employees by demonstrating you are listening * Providing metrics of success, even if it just progress * The value of a consolidated requirements spreadsheet Kent concludes by sharing how he was also able to demonstrate how much the compliance program saved the partnership. It’s good listening for anyone in a public-private partnership, or even a joint venture.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Over the last seventeen-plus years that I have worked in compliance, the dialogue about training has morphed in many ways.  There was the debate over whether you could make compliance training mandatory.  There was discussion about whether you could do something shorter than the typical 40 minutes to an hour course. Both issues have long-since been settled, but one issue still gets hotly discussed:  whether comedy can work in compliance training. Jim Shields of Twist & Shout Media, strongly disagrees.  He is one of the forces behind the compliance training series Tuesdays with Bernie (not weekend with Bernie, as I mistakenly said in the podcast). In our discussion, he argues that there is a place for humor in compliance.  He strongly believes that it can be very useful for gaining people’s attention and open a channel for communication, turning training from an interruption of the day to an interesting addition to it. Listen in and then decide whether humor can enhance your compliance communications.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org The term “data mining” is coming up a lot in the news and conversations today.  Perhaps surprisingly to some, it’s very relevant for compliance. Tom Zeno is no stranger to the topic.  He spent 25 years in the US Attorney’s Office in Washington, DC and is currently with the law firm of Squire Patton Boggs. In this podcast, he explains that data mining is an intelligent method to collect data patterns.  The government is already using data mining to identify terrorist financing, money laundering, and healthcare fraud.  It’s even being used to analyze opioid prescriptions. Most interesting of all, he explains, the Department of Justice in 2017 announced that it had opened a data mining unit in the fraud section. Listen in to this podcast as he discusses what the government is doing, how compliance professionals can start using the same techniques to identify potential problems, and the IT resources they will likely need.  

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Editor’s Note:  Chris Bohjalian’s latest novel The Flight Attendant just made the NY Times Bestseller List.  We are sharing his October 2017 podcast with us again in case you missed it.  We hope you enjoy his perspective on ethics in fiction and in real life. One of the stranger things in compliance and ethics is that if you sit people down for compliance and ethics training, they tend to issue at a minimum a silent groan.  Yet, those same people will happily sit down with a novel where the protagonist is wrestling between right and wrong. There is much that can be learned from the ability of novels, as well as TV and movies, to help us learn about right and wrong.  This media can also teach us a great deal about how we react when we see others behaving badly. To explore this issue I sat down for a podcast with Chris Bohjalian, whose book Midwives was selected for Oprah’s Book Club.  His novel The Sleepwalker was just released in paperback, and in March 2018 (not 2019 like I said in the interview) his newest book, The Flight Attendant, arrives. Listen in to the podcast as we discuss: * The human fascination with moral ambiguity and people who do the wrong thing * Our fascination with how good people can do the wrong thing and the recognition that we easily could make moral mistakes * The influence of television, movies and books on whom we see as good and evil * Our discomfort with people who are “too good” * What Tony Soprano and Don Draper have done to our perception of what people will tolerate * The notion that “it’s only business, nothing personal” and the problems that may create * The cover up being worse than the crime and the value of stopping problems when they are small * Why people welcome ethical dilemmas, and right and wrong in novels, films and TV, but not when it is a part of training

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Hossam El Shaffei from RSM Consulting is an expert on doing business in the Middle East.  An Egyptian by birth, he has worked throughout the region and currently calls Jordan his home (not Lebanon as I mistakenly said on the podcast). We met in Abu Dhabi at the ACFE regional conference there, and his insights were deep and plentiful.  He agreed to share them in this podcast.  Listen in as he explains: * It is important to realize that there is no one culture in the region, but many * Things like baksheesh, the giving of gifts, is common but has risen from a voluntary gift for helping you to an outright bribe that is often considered required * Tribal cultures and family-owned businesses are much more common * Sanctions are a particular risk since they are not consistently followed * Tone at the top is critical * Whistleblowing is a challenge in the Middle East, as it is elsewhere, including protection against retaliation.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org The world is often a difficult place in which to do business.  Many countries lack the rule of law, are corrupt, and make it hard for a company to do business and to do so lawfully and ethically. The Center for International Private Enterprise (CIPE) is trying to make a difference.  Its mission is to strengthen “…democracy around the globe through private enterprise and market-oriented reform.”  That mission puts them on the forefront of the fight against corruption. In this podcast, Frank Brown, the Director of the Anti-Corruption and Governance Center at CIPE, provides an overview of the Center for International Private Enterprise and its work outside the US. The podcast shares some notable progress.  As he explains, there is a very strong anti-corruption wave in Indonesia, and the KPK, the anti-corruption authority there, has had a 100% conviction rate.  In so doing, it has become a model for much of the world. In this far-ranging conversation he discusses: * The traction ISO 37001 is gaining in some countries, but not others * Due to the new French anti-corruption law, a very specific approach to how state-owned enterprises should act is starting to spread * Some mid-sized firms are not always motivated to change their behavior because they may not see the benefits of an anti-corruption compliance program because they feel that they are not likely to be prosecuted

By Adam Turteltaub adam.turteltaub@corporatecompliance.org The EU’s new General Data Protection Regulation (GDPR) is due to come into effect on May 25, 2018, and it is a game changer for companies in Europe and around the world. Robert Bond, a member of the board of the Society of Corporate Compliance and Ethics and Health Care Compliance Association, and a partner at the law firm of Bristows in London, explains that it is a different regime since it applies both to controllers of data and the processors who manage the data. Notably, the new GDPR is also extraterritorial, applying to businesses in non-EU countries if they are handling the data of EU citizens.  Companies in the US, accustomed to dealing with US requirements and having privacy policies based on US laws, may be in for a bit of a shock and will need to do some work to see how their policies measure up to this new, higher bar. As Robert explains in the podcast, to start complying, companies need to understand the who, what, when, why, where and how of what data they are collecting, as well as what data they already have.  In addition, the more sensitive the data, the higher the ante in terms of complying. Costs for non-compliance can be as high as 4% of global avenue revenues.  Plus, class action law suits are likely to occur, and under the law only need to prove emotional distress, not actual financial loss. Listen in to learn more, including what companies need to do first to begin complying with the new GDPR.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org “Root cause analysis” is an oft-used phrase in compliance, but what is it in practice?  In this podcast, Leigh Faugust, Counsel at the North American Electric Reliability Corporation (NERC) brings insight into what root cause analysis is and how to do it properly. She explains that * Root cause analysis looks at what happened, why it happened and should it have happened * Getting to the root cause uses iterative digging: asking a “why” question over and over again until you get to something that you can fix * Generally, five why questions are enough to identify the controls you need to make sure you can get to and fix what went wrong * One key to success is to put together a team of subject matter experts to help you identify what happened * Once there is a clear picture of the problem can start figuring out why it happened * Having a good report writer is essential to help ensure support of the change * Identifying a problem as human error is really the start, not the end Listen in and better understand how to get to the roots of your compliance challenges.