{"id":1709,"date":"2018-04-11T11:11:57","date_gmt":"2018-04-11T16:11:57","guid":{"rendered":"http:\/\/blogs.luc.edu\/compliance\/?p=1709"},"modified":"2018-04-11T11:11:57","modified_gmt":"2018-04-11T16:11:57","slug":"quis-custodiet-ipsos-custodes-who-watches-the-watchmen-and-oversight-of-compliance-departments-and-professionals","status":"publish","type":"post","link":"https:\/\/blogs.luc.edu\/compliance\/?p=1709","title":{"rendered":"Quis Custodiet Ipsos Custodes: \u201cWho Watches the Watchmen\u201d Oversight of Compliance Departments and Professionals"},"content":{"rendered":"

Emily Boyd <\/em>
\nAssociate Editor <\/em>
\nLoyola University Chicago School of Law, JD 2019<\/em><\/p>\n

In the graphic novel and film \u201cThe Watchmen,\u201d there is a reoccurring phrase: “Who watches the watchmen?” In context, it\u2019s an indictment of the comic book world\u2019s broken justice system. However, in a compliance context, the concept can be just as important. In a recent discussion with a hospital system\u2019s compliance officer, he raised the point that a company\u2019s compliance department is seen as the ultimate authority and expertise in laws and regulations, monitoring compliance and noncompliance, and implementing corrective and disciplinary actions. Yet while many compliance professionals may assume that their actions are always compliant, who oversees those who are overseeing systems and organizations? Who ensures that compliance is compliant?<\/p>\n

Federal efforts to encourage oversight<\/em><\/strong><\/p>\n

The U.S. Federal Sentencing Guidelines<\/a> state that an \u201corganization’s governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.\u201d<\/p>\n

In April 2015, HHS released comprehensive guidelines in the \u201cPractical Guidance for Health Care Governing Boards on Compliance Oversight.\u201d<\/a> That summer, NAVEX Global<\/a> opined that the guidance, drawing from the Federal Sentencing Guidelines, OIG compliance program documents, and trends in Corporate Integrity Agreements, was a landmark document that signaled a potential global trend in compliance and ethics oversight even beyond the healthcare industry.<\/p>\n

Under the guidance section \u201cExpectations for Board Oversight of Compliance Program Functions”<\/a>\u00a0HHS states:<\/p>\n

A Board must act in good faith in the exercise of its oversight responsibility for its organization, including making inquiries to ensure: (1) a corporate information and reporting system exists and (2) the reporting system is adequate to assure the Board that appropriate information relating to compliance with applicable laws will come to its attention timely and as a matter of course.<\/p><\/blockquote>\n

NAVEX<\/a> further encouraged compliance and ethics officers to answer specific questions posed by their Board of directors based on the guidelines. However, having the compliance department be the only source of information about the adequacy of a compliance program still keeps compliance officers in control, despite board \u201coversight.\u201d<\/p>\n

Compliance departments are still encouraged to evaluate from within<\/em><\/strong><\/p>\n

In 2017, OIG and HCCA collaborated to create a list of measurements for each of the seven elements of compliance. The resulting \u201cMeasuring\u00a0Compliance\u00a0Program\u00a0Effectiveness\u00a0\u2013\u00a0A Resource\u00a0Guide,\u201d<\/a> provides approximately fifty pages of measures for compliance programs to evaluate their own effectiveness. Compliance departments use this guide to create evaluations and measuring tools that help compliance officials reflect on the organization, as well as their own performance. However, there is still no external oversight or interpreter of the measures.<\/p>\n

Compliance is a complex field in which many governing Board members, within and beyond healthcare, defer to the expertise of compliance professionals within their organizations. Despite the negative financial or reputational impact their reports may have, most compliance professionals see themselves as \u201cthe good guys\u201d working to ensure compliance within an organization. In every profession however, there are people more interested in personal gain than acting in the best interest of their organizations. In compliance operations, deferring to the judgment of one such person, assuming they are acting in-line with the behaviors expected of compliance professionals, is not sufficient oversight.<\/p>\n

Potential Solutions<\/em><\/strong><\/p>\n

Board members looking for oversight over their compliance departments should begin by asking the questions. Those questions should be extracted from the NAVEX guidance and other authorities. By understanding how a compliance program should operate and maintain its own internal compliance, Board members will be better situated to identify potential issues within the department of their own organization. Internal information is a valuable tool when measuring effectiveness and compliance; however, with objective, third-party information, Board members may be better prepared to ask probing questions and look deeper into potentially suspicious confirmations of compliance. As the named responsible parties for compliance department oversight, Board members should feel autonomously empowered and obligated to know about compliance activities within their organizations. By not completely deferring to the expertise within their own organizations, potential and existing noncompliance can be identified and corrected.<\/p>\n

Organizations themselves should also structure compliance departments to perform their own internal checks and balances. OIG encourages, and mandates under Corrective Action Plans, that compliance departments not report to an organization\u2019s general counsel and legal department. However, maintaining an open connection between the often-overlapping departments can aid in the discovery of noncompliant compliance actions. Within a compliance department, ensuring that no one person reigns supreme over all compliance actions can help distribute authority. Ensuring that even the actions of the Chief Compliance Officer can be checked and limited when necessary can significantly assist organization leaders outside of the compliance department to identify potential problems and conduct inquires and investigations as appropriate.<\/p>\n

The compliance watchmen (and women) are generally acting in the best interests of their organizations. However, implementing proper and informed oversight will ensure they continue to serve us well and organizations remain strong, ethical, and successful.<\/p>\n","protected":false},"excerpt":{"rendered":"

In the graphic novel and film \u201cThe Watchmen,\u201d there is a reoccurring phrase: “Who watches the watchmen?” In context, it\u2019s an indictment of the comic book world\u2019s broken justice system. However, in a compliance context, the concept can be just as important. In a recent discussion with a hospital system\u2019s compliance officer, he raised the point that a company\u2019s compliance department is seen as the ultimate authority and expertise in laws and regulations, monitoring compliance and noncompliance, and implementing corrective and disciplinary actions. Yet while many compliance professionals may assume that their actions are always compliant, who oversees those who are overseeing systems and organizations? Who ensures that compliance is compliant?<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[51],"tags":[310,469,471,762,836,1387,1470,1501],"class_list":["post-1709","post","type-post","status-publish","format-standard","hentry","category-compliance-the-law","tag-board-of-directors-oversight","tag-compliance-effectiveness","tag-compliance-oversight","tag-ethics","tag-federal-sentencing-guidelines","tag-navex","tag-oig","tag-oversight"],"_links":{"self":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/posts\/1709","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1709"}],"version-history":[{"count":0,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/posts\/1709\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1709"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1709"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1709"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}