Assessing your 2015 Compliance Goals
It is hard to believe that we are half way through the year. Now entering prime vacation season, the office tends to be a little quieter and the work flow slower. This brief reprieve from the office hustle and bustle provides compliance professionals a great opportunity to look back at what has been accomplished thus far this year and prepare for what is to come as we quickly move into the second half of the year. Whether you started the year by conducting a formal risk assessment and prepared a formal remediation and compliance plan, or simply jotted some compliance goals on the office whiteboard, now is the perfect time to check the boxes on the tasks that were completed and see what is left to do. It is also important to ensure the plan you put in place at the beginning of the year still “makes sense” both based on your internal business environment as well as enforcement trends and expectations for the year made known by government agencies such as the DOJ and OIG. Taking advantage of the slower summer to do these things now will prove invaluable so that you can hit the ground running in the fall with a focused and achievable compliance game plan that will allow you to check the boxes all the way down your list.
So what should manufacturers be focused on for the remainder of 2015? It is always difficult to identify “one key compliance issue” to advise manufacturers to prioritize since we are all aware that risks exist in many different areas of the business. For example, the familiar risks of noncompliance with anti-bribery anticorruption laws and guidelines, the Anti-Kickback Statute, product promotion and research and development guidelines are all very much still relevant and in the minds of government enforcement agencies. What also continues to be true is the ever increasing volume of data that is available to both manufacturers and the government that is, has or will be used to gain greater visibility into the business operations implicated by these risks. And of course, there is the specter of personal liability of the compliance officer which was introduced by two recent cases in the financial services industry, an issue that will undoubtedly weigh heavily on every compliance professional going forward.
The role of data analytics in compliance planning
The use of data analytics has become widely prevalent in the modern era of compliance. Virtually every compliance department utilizes a variety of data and data sources to manage their compliance function. Whether it’s to compile information for government reporting (e.g. CIA mandates, Open Payments, etc…) or to gather metrics for internal reporting and assessments, the ability to capture, analyze and use data is a critical element in compliance program administration. The availability of this increased data is not overlooked by government regulators and enforcers. Earlier this year, for example, a Department of Justice (“DOJ”) enforcement panel at the Pharmaceutical Compliance Congress hosted by CBI in Washington, DC, discussed the now available Open Payments data, and made clear that this is one of the data streams the prosecutors have and will be using at their disposal. Further, the Office of Inspector General (“OIG”) included in its work plan for 2015 an intent to review financial interests reported under the Open Payments program. If the government is looking at your data with an intense focus to identify outliers that could lead to potential fraud and other non-compliance, then there is no doubt it is prudent that you look even closer at the data.
With two Open Payments reporting cycles under their belt, manufacturers likely now have substantial policies, procedures, and processes in place in order to capture and report Open Payments data to CMS. But now what? Now is the time to look past the collection and reporting of the data and use the second half of the year to develop a plan for data analysis and metrics. Manufacturers should determine how to use the data to further identify risks within its business operations. For example, with Open Payments data, you may be able to identify issues such as payments made outside of company determined Fair Market Value rates; identify an unexpected high volume of payments made to a single physician or teaching hospital; identify payments made to physicians who may also be a government official; and the potential insights go on and on. Manufacturers should also consider whether it is valuable to analyze competitor data for potential risks in the market place generally, while also using the data for internal benchmarking purposes. For example, is the number of interactions your company is reporting in line with what similarly sized competitors are reporting? If not, is there a business rationale to support the difference? Is there a particular health care professional or institution that appears to be receiving a large number of transactions within the industry? If so why? These are just a couple questions that you should being asking yourself and have answers to long before a government official is the one asking the question.
Manufacturers should use the analytical skills and tools they have acquired to analyze other third party vendor relationships. Although Open Payments and other transparency reports (such as state level and even international requirements) are the latest and greatest data sets available to manufacturers, your data analytic efforts should not stop there. Manufactures should conduct a full assessment to determine what other information they have available to them. Identifying other data sets provides its own insights individually, but perhaps more importantly also allows the company to pair information together further enhancing the data’s use. Other data sources should consider include clinical trial data, sales data, budget information (such as sales and marketing spend), grant and donation reconciliation data, and reimbursement data. Using these various data points allows a manufacturer to view and assess the full extent of its business operations and relationships and address and remediate any compliance concerns identified from the data.
Personal liability considerations
Two prominent cases this past year have raised awareness amongst the compliance professional community. This past February, FINRA fined Harold Crawford, Brown Brothers Harriman’s then-acting global compliance officer, alleging that Mr. Crawford failed to erect and maintain an effective anti-money-laundering program that could reasonably be expected to detect and report potential infractions. Similarly, the Treasury Department’s Financial Crimes Enforcement network fined Thomas Halder, Money Gram International’s former Chief Compliance Officer, and $1 Million for allegedly failing to design a compliance program to ensure that his company complied with anti-money-laundering laws.
These cases were a wake- up call for the compliance community. Both of these cases underscore the need to have a well-functioning compliance program designed to address and mitigate the specific risks each company faces. Equally as important, the prosecutors expect a company be able to demonstrate, through objective documentation and metrics, the compliance program in action. This includes documenting the detailed steps taken during an investigation, policy and SOP deployment and implementation, training and education. Everything must be documented. While many companies currently operate under this mandate, others do not. Arguably, proper documentation of the efforts undertaken to mitigate anti-money-laundering risk in the two cases at hand may have enabled the avoidance of prosecutorial action altogether. As my former boss was known to say, “If you’re not keeping score, you’re just practicing.” Clearly, the government is keeping score, and industry must follow suit.
Now is the time to put a data analytics and monitoring plan in place. By making this a priority now, it will provide you with greater flexibility as you move into 2016. In this day and age, data analytics and monitoring must factor as key components of an effective compliance risk assessment. Since many companies conduct their annual risk assessments in either the 4th or 1st quarter of the year, assessing your data now will allow manufacturers to enhance its risk assessment with this greater visibility and detail.
From year to year, the issues compliance professionals and government enforcers alike are focused on will likely not change dramatically. But what are certain to change are the tools available to identify risks and the expectation that these risks be adequately monitored. If your company has not already done so, using the remainder of this year to understand the data available to your company and developing a plan to begin to use that data to enhance your compliance program will put you and your company in a great position to head off the government enforcers when they come asking questions of their own.
The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC or its other employees and affiliates.