by Kortney Nordrum, CHC
This session was presented by:
Christopher Bennington, Principal and Senior Consultant, INCompliance Consulting
Mark Chilson, EVP General Counsel, CareSource
Jeffrey McFadden, Partner, Stradley Ronon Stevens & Young, LLP
Kurt Lenhart, Vice President and Corporate Compliance Officer, CareSource
Lawyers tell you whether you can do something, compliance tells you whether you should.
Independence between legal and compliance is the key to avoiding trouble. As a compliance officer examine every step you take, and every decision you make, through the eyes of a third party (auditor, regulator, investigator, qui tam plaintiff’s lawyer, the media) and ask yourself if they will see a conflict?
In the last few years, Pfizer, Tenet Health, HSBC, JP Morgan Chase, and Johnson & Johnson have all had issues co-mingling compliance and legal. In each of those cases, those organizations have been forced to divide their corporate compliance programs from their egal departments. Since 2002, the federal government has been telling us that they want legal and compliance separate.
The overarching question when determining if you have a conflict between compliance and legal: In responding to the compliance issue are BOTH the process and the result free of conflicting interests and undue influence. Some key considerations:
- Should compliance officers supervise self-audits or internal investigations?
- Consider the tensions. Can compliance be objective when considering and accepting weaknesses or failures in their own department?
- Attorney/Client Privilege and work product problems – if you don’t work under the supervision of the legal department, your opponents will say your work is not protected by privilege and is discoverable.
- Should the company retain outside counsel or other third-party experts? Do a full self-evaluation to learn what you don’t know. Bring in experts to fill in the gaps in your own expertise.
- Should legal be involved? What are the independence concerns?
- Have a hotline, that you actually monitor.
- Have a policy on hotline protocol, that you actually follow.
- Have a policy on government investigations, that you actually communicate to your organization.
- Include employee expectations in your Compliance plan and/or Code of Conduct, including making everyone aware that non-retaliation is very important. Communicate this everywhere.
- Take every submission seriously.
- Evaluate if you have a live witness—are they actively engaged and willing to talk to you? Jump out of your chair and run to that person as fast as you can and validate the facts. These are the employees that will go outside the organization and speak to counsel.
- Determine if you should you pursue attorney-client privilege? This includes weighing the potential publicity of the matter, if the information is sensitive or severe, and if senior management is involved. Remember that calling everything privileged can result in nothing being privileged.
- Develop an investigation plan with your intent of what information you want to gather, what questions you want answered, and what you should document along the day.
- Keep in constant contact with in-house and outside counsel. Make sure everyone is informed of the process and any pertinent facts to their part of the organization.
If both compliance and legal have reviewed the issue and have differing opinions, how does the issue get resolved? The speakers suggest counsel and compliance working together, both with the greater good of the organization in mind. Often times, taking a step back and evaluating the situation as a whole will allow compliance and legal to come to an agreement.