Compliance Perspectives

By Adam Turteltaub When it comes to AI, there is little agreement. Some see great potential, while others see great nightmares. Some see opportunities, and many see nothing but risks. In the EU, though, there is agreement on one thing, a new EU AI Law. In December 2023 the EU Parliament and Council agreed to a bill “…to ensure AI in Europe is safe, respects fundamental rights and democracy, while businesses can thrive and expand.” Longtime compliance professional Letitia Adu-Ampoma (LinkedIn) explains that while the law won’t fully come into force for two years or more, it’s time for compliance teams to start paying attention and preparing. The act is a part of the EU digital strategy, which is very focused on human-centric legislation. Its goal is to keep positive the impact of AI on people and society. The approach it takes is risk-based, categorizing AI systems based on the level of risk: unacceptable (and prohibited), high risk, minimal risk and no risk. The act is very specific in how it defines which AI systems fall into each category. The unacceptable risk category, for example, includes social credit scoring, emotional recognition and behavioral manipulation. Creators and users of high risk AI will be required to register the system in a public record. They will also need to conduct an impact assessment and be transparent. Transparency will also be critical for generative AI. Providers will need to disclose the content generated and ensure that the models are not designed to create illegal content. There will also need to be governance in place to protect against copyright violations. So what should compliance teams do now? Letitia recommends reading the guidance and to start preparing the business unit for what is to come. Listening to the podcast would be good, too. NOTE: This podcast was recorded in January 2024. The final version of the EU AI Act is yet to be released - a final EU parliament debate on the text will take place before its release. In the meantime, some 'unofficial' pre-final versions of the text have been leaked online in advance of this debate. The final EU definition of AI and key timescales for enforcement mentioned in the podcast are based on proposals made public. Listeners should look out for the final position which will be detailed in the EU AI Act when it is officially published in the next few weeks.

By Adam Turteltaub Having a compliance champions or ambassadors program can be a great boon for the compliance program, if you keep the champions engaged. Unfortunately, that doesn’t always happen. If not managed properly your champions may end up sleep walking through the job. In this podcast, Matt Silverman, author of the book The Champions Network and Global Trade Director and Senior Counsel at Viavi lays out several strategies for maintaining the involvement and commitment of your champions network. To ensure engagement, he recommends remembering that the people who decided to be champions did so for a reason. It may be for a wage stipend or for altruistic reasons. Tapping into that motivation is essential. On an ongoing basis it’s important that they see the impact of their work on the organization and their own career. That means sharing outcomes, as best you can, and providing them with access to development opportunities. These could be specific to deepening compliance expertise or as broad as developing business and soft skills. Whichever you choose, it is a way for them to see what’s in it for them. Give them an opportunity, as well, to be recognized for their work, whether that’s an official recognition by the CEO or an opportunity to interact with leadership. Remember, appreciation can be a powerful reward. And, of course, make sure there is actual work that they need to do as a part of being a champion. Having the title alone is not enough. Listen in to more about how to create engaged compliance champions.

By Adam Turteltaub Mergers and acquisitions create stress, opportunity and risk both for the organization and the compliance team. In this podcast, Sergio Leal, who until recently was head of M&A compliance at Ericsson along with Jan Sprafke, the company’s chief compliance officer, share their advice for compliance professionals in the midst of a transaction. They stress that the compliance team needs to be involved during the entire lifecycle, from target identification to due diligence to post-acquisition integration. This will help the organization avoid unanticipated liabilities and risks. To ensure success the compliance team needs to be embedded in the M&A team. Meet with the stakeholders regularly to ensure you are aligned with their processes. When you do, remember that compliance is just one piece of a very complex puzzle. Be prepared to move quickly. The DOJ amnesty program for issues discovered in an acquisition has a rapidly ticking clock. At the start of an acquisition or merger, they recommend focusing on three areas: The ultimate beneficial owner The operations of the business The already existing compliance program, if any, and internal controls Be especially vigilant if the acquired entity had some government ownership or government contracts. And, be very diligent if there is not a compliance program already in place. Listen in to learn more about how to be an integral part of mitigating the risks of mergers and acquisitions.

By Adam Turteltaub To quote CMS, “The Open Payments program is a national disclosure program that promotes a more transparent and accountable health care system. Open Payments houses a publicly accessible database of payments that reporting entities, including drug and medical device companies, make to covered recipients like physicians.” For this transparency to work, though, it’s important for the data to actually be used. Kelly Cooper (LinkedIn), Compliance Specialist at UF Health Shands Compliance Services, reports that too often it isn’t. There is a downward trend of providers reviewing the data collected, she reports, due to lack of awareness of the program and why it matters. That needs to change. Physicians and the hospitals that employ them are now required to post a notice for patients about the Open Payment system and how to access it. This will likely lead to more questions from patients and the need for providers to monitor the data more closely. So what should compliance teams do? She recommends looking at training, awareness and policies. In addition, be sure that the profiles of covered individuals are correct and up to date. And, be prepared to navigate the dispute process. It can be a long one, but there are shortcuts. Finally, she urges compliance teams to use the data to get a better handle on staffing, credentialing, what the payment trends are and any red flags. Listen in to learn more about what the Open Payments program is and how your compliance team should be working with it.

By Adam Turteltaub The 2024 CMS Medicare Physician Fee Schedule extends no less than ten different pandemic flexibilities related to telehealth. In this podcast, Randi Seigel, partner and Jared Augenstein, managing director, at Manatt take us through all of them, including in-person visit requirements, audio-only services, physician supervision and opioid treatment. They also address: Changes in the structure of the telehealth services list Changes to payment by place of services Remote psychological and therapeutic monitoring Enrollment and revocation A new opportunity for payments for social needs of Medicare beneficiaries Listen in to learn more about what’s new, what’s the same, and what will sunset at the end of 2024.

By Adam Turteltaub Effective investigative interviews are both important and sensitive. To get some pointers about how to conduct them properly, we turn in this podcast to Wendy Evans, Senior Corporate Ethics Investigator at Lockheed Martin. Wendy is also an instructor for the SCCE Fundamentals of Compliance Investigations workshops. She recommends starting by doing your homework. Before you talk with anyone, whether a possible witness or the subject, get all the information you can from the reporter. Then, review it to see if it includes the what, where, when, why and who. If you don’t have all that information, take the time to find it since it can identify what the potential motivation behind the incident was. With that information in hand, check your case management system to see if any of the parties were involved in previous reports. Follow that by notifying HR and the subject’s manager that you will be conducting an interview. They may have important insight. Think through what other evidence you may need for the investigation, including expense and audit reports. If you are going to conduct the interview remotely, she offers four pieces of advice: Be sure to schedule it appropriately. Sending a meeting request on a Friday for a Monday meeting can create an entire weekend of unnecessary stress for the individual. Mark the meeting request as private so you, and they, don’t have to worry about others seeing it. Ensure that the person has video and a private place to talk. Always include your phone number in case a technology glitch gets in the way. At the time of the interview, don’t just jump into the questions. Take time to build some rapport. This will help reduce the stress level. Then, when you start asking questions, begin with broad ones -- “tell me about your work” or “what were your last three business trips?” -- that aren’t simple yes or no. Then, over time, move in to more narrow, specific questions. When it’s time to get to the hard questions, help the subject prepare themselves psychology. Preface then by saying something along the lines of, “I have to ask you a tough question.” When concluding the interview, ask: Is there anything else I should know but didn’t ask you? That can prompt the sharing of additional information. Finally, be sure to thank them for their time and cooperation. Be sure to also reiterate what the investigation process is and what they can expect next. Listen in to learn more, and, maybe, join her at an upcoming Fundamentals of Compliance Investigations workshop.

By Adam Turteltaub Matt Kelly (LinkedIn), Editor and CEO at Radical Compliance is a close watcher of all things compliance, and in this podcast he shares his take on both the top stories of 2023 and what he sees in the cards for 2024. FCPA On the Foreign Corrupt Practices Act front, he noted a change in enforcement. While the volume of resolutions declined on the DOJ side, the SEC has remained very active. Perhaps most notably, the Albermarle case had an interesting twist. The way the company did business was changed dramatically as a part of the settlement, he reports, with a restructuring of its overseas sales and the end of the use of third parties. He speculates this may be the start of a new trend in which monetary penalties are accompanied by required changes to the way companies do business. Also of note in FCPA was the announcement by Lisa Monaco at the SCCE Compliance & Ethics Institute of a leniency policy in mergers and acquisitions. Because of the relatively short timeline for finding and disclosing problems, there is a strong incentive for organizations to involve the compliance team early and deeply in these transactions. SEC Cybersecurity Rules The July SEC rules on disclosures of cyber incidents require firms to disclose an incident within four days. Companies will need to describe the nature, timing and material consequences. That will increase the importance of thorough and prompt cyber materiality assessments, as well as both quantitative and qualitative impacts. Greenhouse Gas Disclosures The SEC’s proposed rule on greenhouse gas disclosures is now the longest and most commented rule in history. It also has not been finalized while, in the meantime, both California and Europe have passed their own laws. The rule is likely to be very complex and impose a significant burden on companies. Healthcare The biggest news he saw in 2023 was the new General Compliance Program Guidance issued by the Office of Inspector General at HHS. The document makes it clear that it expects a fully independent compliance program. As the document states: The compliance officer should: report either to the CEO with direct and independent access to the board or to the board directly; have sufficient stature within the entity to interact as an equal of other senior leaders of the entity; demonstrate unimpeachable integrity, good judgment, assertiveness, an approachable demeanor, and the ability to elicit the respect and trust of entity employees; and have sufficient funding, resources, and staff to operate a compliance program capable of identifying, preventing, mitigating, and remediating the entity’s compliance risks. The Future Looking to the future he asks if others will be as supportive as the OIG at HHS. He also points to other things to watch such as the Foreign Extortion Prevention Act, the PCAOB’s extremely controversial NOCLAR proposal and SEC v. Govil, which could eliminate disgorgement in many cases. Listen in to learn more about what has and may happen in the world of compliance.

By Adam Turteltaub We all want the compliance team to be approachable. It would be ideal if, when people thought of compliance, they had positive, maybe even warm and fuzzy, associations in their mind. But, how do we get there? For BroadPath, a friendly blue koala was the answer. In this podcast, Jaime Watkins, the compliance officer there, explains that she drew inspiration from the Basic Compliance & Ethics Academy and an exercise that called for creating a compliance mascot. Back at the office she created a contest among employees to create a mascot as a part of the company’s celebration of their compliance and ethics week. A winner was selected, and, with the help of the marketing team, the blue koala was born. Since then, the furry critter has been a regular part of their training, newsletter and is used everywhere that they can, even sometimes straying to the activities of other groups in the company. The impact of the koala has been enormous. People enjoy seeing variations of how it is dressed up for holidays and it even plays a role in regular compliance trivia contests. Listen in to learn more about how a mascot could help your compliance efforts.

By Adam Turteltaub Decades ago, while at a bit of a career crossroads, I was thinking of making a dramatic change and moving halfway around the world. I was talking it through with a friend who said that one day he asked himself whether he wanted to have a successful career or an interesting one. He realized that interesting was more important to him. That decision led him from Missouri to New York to Hong Kong, Singapore and Thailand, where he ended up enjoying great success. Ricardo Weffer, Group Ethics and Compliance Head of Al Dahra, has had a similar career journey that ranged from Venezuela to Dubai with countless points in between. In this podcast he shares his almost two decades of work in compliance and anticorruption in Latin America, the Middle East, Sub-Saharan Africa, Central Europe and Asia. A lawyer by training, he has worked in energy, banking, tobacco, logistics and agriculture. Despite all this variety, both in geography and industry, he shares that there are professional commonalities wherever he has gone. These include great compliance and business leaders who stand for what is right and are willing to fight for it. He has also found, happily, that, no matter what the industry, companies are mostly made up of real, hard-working, well-intentioned people driven by values who want to do the right thing. What wisdom does he have for those thinking of having a global career? He offers three pieces of advice: Be adventurous and open to new experiences. Be willing to be taught. Enjoy it. Working and living abroad can be tough, but the rewards are worth it. Listen in to learn more, including some inspiring words about the impact of compliance professionals.

By Adam Turteltaub Compliance professionals can face a lot of resistance in the course of their work: leaders who don’t have the time, budget limits, managerial indifference, and even outright hostility. But, sometimes the impediments are inside us. In this podcast, Kristy Grant-Hart, CEO of Spark Compliance Consulting and author of the new book Your Year as a Wildly Effective Compliance Officer, points out that sometimes we get in our own way. It’s just easier for us to see what the external blocks are than it is to see those we create for ourselves. Overcome them, she argues by trusting your own value. Ask for what you want, and don’t trust that others will see the need. And, when you do ask, be sure to make clear what value the compliance program provides. She also cautions against falling into Imposter Syndrome and feeling as if you don’t belong in the room. Sitting there quietly doesn’t help, in fact it hurts by giving others the impression that you and the compliance team are not adding value. Instead, speak up at every meeting so that you can be perceived as a contributor. On the personal level, set goals for yourself. Pick an area to deepen your expertise and another to grow personally, such as in speaking publicly or improving your productivity. Also, look to growing your network. Plan on attending in-person meetings and then follow up with the people you meet there. Don’t just make them another entry in your Outlook contact list. When it comes to those external barriers, she advises not taking push back personally because most often it isn’t personal. People have other commitments. In fact, look at why they are pushing back and evaluate if the criticism is fair. If it is, then adjust your efforts. If it isn’t, let it go. Not everyone is going to get along with you. Finally, she discusses how to ensure you don’t let work take over your life. Reserve time for family, friends and your passions, and keep those commitments. When it comes to after-hours emails and texts, don’t answer them if you don’t have to, or if you do, send a delayed respond. That way people learn you won’t be responding 24/7/365. Be considerate, too. If you think of something in the evening and want to get a note out that isn’t urgent, be sure to let the recipient know they don’t need to respond right away. Listen in to learn more about how to clear your internal path and become your own best ally in compliance.