Approximately two years ago, while attending SCCE’s Compliance & Ethics Institute in Las Vegas, I had a brief yet impactful conversation with the CEO of SCCE & HCCA, Gerry Zack. I asked him one question: “When you have the opportunity to have an elevator-style conversation with executives and board members about the goal of compliance programs, what do you say?”
I anticipated he would say something about the importance of implementing the ever-present “seven elements,” but his answer surprised me. He said something to the effect of, “Oh, that’s easy. I tell them the same thing that Roy Snell did: Effective compliance programs are in place to prevent compliance issues from happening, to find them when they do, and to fix them once they are found. Prevent. Find. Fix.”
Gerry’s unexpected response gave me a great deal to think about, and I pondered his answer for the next several weeks. My primary train of thought went something like this, “I like the concepts of prevent, find, and fix. But if the purpose of effective compliance programs is to prevent, find, and fix, how do we prevent, how do we find, and how do we fix?”
What I concluded surprised me—again.
Another look at the “seven elements”
Before moving on, let’s briefly review the seven elements. Several years ago, the U.S. Department of Health & Human Services (HHS) published its “Health Care Compliance Program Tips,” which outlined their interpretation of the seven elements of an effective compliance program.[1] The U.S. Department of Justice (DOJ) has since published guidance that evaluates 12 elements, with many in common with the original seven.[2] And an evaluation of the U.S. Sentencing Guidelines on Effective Compliance and Ethics Programs yields a total of 17 “shalls” that have been distilled down to seven by several entities.[3] Over the past few years, many organizations have adapted the above and other best-practice guidance to develop their own models, which include anywhere from seven to 11 or more elements.
For this discussion, I will use the following nine elements, aligned with the U.S. Sentencing Guidelines on Effective Compliance and Ethics Programs (see Table 1).[4]
|
Element |
FSG Citation |
|---|---|
|
Identify Requirements/Assess Risk |
§8B2.1.c |
|
Establish a Compliance Organization |
§8B2.1.b.2.A-C |
|
Establish Policies and Procedures |
§8B2.1.b.1 |
|
Communicate/Train |
§8B2.1.b.4.A&B |
|
Implement/Promote |
§8B2.1.a |
|
Monitor/Audit/Report |
§8B2.1.b.2.C & b.5.A-B |
|
Investigate and Enforce |
§8B2.1.b.6 |
|
Change/Improve |
§8B2.1.b.7 |
|
Leadership/Corporate Culture |
§8B2.1.a.1&2 |
Look closely at these nine items. Can you see elements for which the primary purpose supports prevent?[5] Find? Fix?
In my pondering, eventually, this is what I saw (see Table 2).
|
Prevent |
|---|
|
|
Find |
|
|
Fix |
|
This does not mean there is no prevent, find, and fix overlap with some elements. For example, there will be an organization in place to assist in finding and fixing. Also, communication and training are often tools used to fix. But, overall, the primary purpose of each element can be viewed as outlined above, with a focus on prevention.
Viewing compliance through the lens of prevent, find, and fix was a huge “aha” moment for me because this paradigm does not replace the elements of a compliance program; it makes them even more relevant than ever. We achieve these goals by proactively designing and implementing the elements of an effective compliance and ethics program!
