Although compliance officers have access to an abundance of materials to help them identify risks facing their organizations—on the HHS Office of Inspector General (OIG) website and webinars, for example—there’s not as much help available to “understand what’s putting us at risk,” according to a compliance officer. They may want to take some steps to secure their own “safety net” especially now that some compliance officers are asked to sign certifications as part of corporate integrity agreements (CIAs) and corporate criminal fraud settlements.
“We are really good at protecting our colleagues, organizations and leadership from harm by putting our programs in place and being diligent,” said Regina Morano, chief legal and compliance officer at Premier Biotech LLC and executive regulatory and compliance counsel at Liles Parker PLLC. “But it’s time for us to put ourselves on the same level of concern and manage our own risks and our own careers and our own reputations.”
Compliance by definition is high risk because it’s designed to ward off fraud, waste and abuse and be a “culture builder,” Morano said at the Health Care Compliance Association’s Compliance Institute April 24. Even so, there are “high-risk environments.” Here are signs that a compliance officer may be at high risk:
-
The compliance officer is recruited to manage a company’s way through its CIA. It’s a red flag if organizations under a CIA continue to insist they didn’t do anything wrong a year or two into it. It’s one thing when you come in on the heels of the CIA “and folks are saying ‘we didn’t do anything wrong. We settled it because there’s wear and tear on the organization,’” but if leadership is singing the same song to the workforce much later, “you have to question whether your organization is at readiness level for building out and supporting the compliance program and moving the culture in the way you want to move.”
-
You’re recruited to help a company prepare for a merger or acquisition. “Either they haven’t had a compliance program until now or it’s time to upgrade because they want the company to look as good as possible,” she said.
-
The organization is upfront in disclosing the compliance program “has been deficient,” she said. Maybe the C-suite was swept out and a compliance program never got off the ground. As good as you are at setting up the essential elements of a compliance program and a compliance committee, “it takes a long time to change the culture of an organization, and in that respect, you are in a high-risk environment.”
-
You’re recruited to establish and run a compliance program for a start-up. Start-ups “have all these expressions: ‘we will build the plane while flying’ and ‘we all wear many hats.’ It’s just risky because the investment [in compliance] isn’t there. The knowledge isn’t there,” Morano said. “Typically, they’re new folks with dollar signs in their eyes. They’re not creating a start-up because they want to be the world’s most compliant organization.”