In order for a compliance program to be deemed effective, it needs to be structured properly. This begins with the designation of an independent compliance officer and establishment of a compliance committee. A compliance program needs support, too—from the board, management, key professionals, and staff. Adequate resources are also essential, including the program’s budget, staff, and operational expenses. Once in place, the compliance department needs to establish annual goals, report on its activities, and work to continually improve. A primary objective for the program is to establish itself as an integral part of the organization. This chapter covers the important aspects of structuring and administering an effective compliance program.
Compliance Officer
Industry standards recommend designation of a compliance officer to serve as the focal point for compliance activities. In most cases, the position should be a full-time role (depending on the size, scope, and resources of the organization), and the organization’s executives will determine the feasibility and scalability of dedicating resources. Also, assigning the compliance officer appropriate authority is critical to the success of the program. On a specific level, for example, the compliance officer must have full authority to access all documents that are relevant to compliance activities. This includes documents such as financial statements and supporting documents, contracts with suppliers and agents, and other accounting records. In the big picture, however, appropriate authority comes from the unquestionable backing by the CEO and board of directors or its equivalent—the sources of ultimate authority within an organization.
To carry out such operational responsibility, the compliance officer should be a high-level person in the organization who is provided adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority. This access is appropriate as it should have been the board that supported the launch of the compliance initiative and approved the hiring of the compliance officer. Board members may even be actively involved in the interviewing of the compliance officer candidates. They also should be involved in developing the compliance officer’s job description and should remain an important part of the compliance officer’s reporting structure.
Reporting Structure
There is concern and some risk involved in having the compliance officer report to general counsel or the chief financial officer. Such a reporting arrangement creates real and potential appearance of conflict of interest due to their respective roles with management. Separation of compliance from legal and finance helps ensure that all aspects of the compliance officer’s role will be independent and objective (meaning there is no real or perceived vested interest in the outcome). There are different reporting structures for the compliance officer role, and many variables must be considered to determine what works best for the individual organization. However, the dominant reporting structure across industries has the compliance officer reporting directly to the organization’s CEO and/or internal governing body (e.g., oversight committee, supervisory board, administrative body, board of directors, or audit committee) to maintain the compliance officer’s real and perceived independence.
Most agree that the compliance officer role should be independent, yet the size and setting of your organization will influence the reporting structure. It is recommended that the board or its liaison committee have, at minimum, a dotted-line or indirect reporting relationship with the compliance officer. See Table 1. Compliance Officer Reporting Structures: 2018 Survey Results, which includes the 2018 SCCE & HCCA survey results on compliance officer reporting structures from more than 260 respondents working in non-healthcare organizations that are for-profit, publicly traded; for-profit, privately held; nonprofit; and governmental.[1]
Table 1. Compliance Officer Reporting Structures: 2018 Survey Results[2]
Reporting to the Board | |
For-Profit: Publicly Traded |
53.3% |
For-Profit: Privately Held |
61.7% |
Nonprofit |
53.2% |
Governmental |
48.1% |
Reporting to a Position within Organization | ||||||
CEO |
CFO |
General Counsel |
Human Resources |
Audit |
Other | |
For-Profit: Publicly Traded |
28.6% |
4.8% |
52.4% |
0.0% |
0.0% |
14.3% |
For-Profit: Privately Held |
47.8% |
17.4% |
17.4% |
0.0% |
4.3% |
13.0% |
Nonprofit |
47.3% |
12.2% |
17.6% |
4.1% |
2.7% |
16.2% |
Governmental |
53.8% |
7.7% |
0.0% |
0.0% |
7.7% |
30.8% |
Duties
The compliance officer’s duties will vary depending on size and scope of the program. The focus of the position should be the implementation, administration, and daily oversight of the compliance program. Primary responsibilities should include the following:
-
Designing, implementing, overseeing, and monitoring the compliance program
-
Reporting on a regular basis to the organization’s governing body, CEO, and compliance committee
-
Revising the compliance program periodically as appropriate
-
Developing, coordinating, and participating in a multifaceted educational and training program
-
Ensuring that the organization’s customers and business partners are aware of its compliance program requirements
-
Serving as a source of compliance-related information for employees, management, suppliers, and the board
-
Ensuring that appropriate background checks are conducted
-
Assisting with internal compliance review and monitoring activities
-
Ensuring management has mechanisms in place to mitigate risks
-
Independently investigating matters related to compliance
-
Ensuring management takes corrective action to resolve identified noncompliance issues
-
Ensuring the organization has provided employees a mechanism for reporting potential issues
The compliance officer is a unique position that requires an individual who understands the nature of the business or industry; is capable of understanding and questioning practices in the organization, including financial areas; is knowledgeable of applicable legal requirements that may be imposed upon the industry for wrongdoing; has strong written and verbal communication skills; and is approachable. Whatever the tenure or educational level, the compliance officer (as focal point of the program) must be a person who is respected and trusted throughout the organization. Strong interpersonal skills, good listening abilities, and discretion are mandatory. See Appendix 1, Sample Compliance Officer Job Description.
Professional Standards
As the field of compliance has grown and matured as a profession, it has, like other professions, sought to identify and distinguish those who have, with experience and education, achieved the necessary skill set to be effective compliance officers.
Moreover, compliance officers are also stewards of public trust, and therefore the services provided must be of the highest standards of professionalism, integrity, and competence. The SCCE Code of Professional Ethics for Compliance and Ethics Professionals addresses three principles, which are broad standards of an inspirational nature. They include:
Principle I: Obligations to the Public—Compliance and ethics professionals (CEPs) should abide by and promote compliance with the spirit and the letter of the law governing their employing organization’s conduct and exemplify the highest ethical standards in their professional conduct in order to contribute to the public good.
Principle II: Obligations to the Employing Organization—Compliance and ethics professionals (CEPs) should serve their employing organizations with the highest sense of integrity, exercise unprejudiced and unbiased judgment on their behalf, and promote effective compliance and ethics programs.
Principle III: Obligations to the Profession—Compliance and ethics professionals (CEPs) should strive, through their actions, to uphold the integrity and dignity of the profession, to advance the effectiveness of compliance and ethics programs and to promote professionalism in compliance and ethics.[3]
These principles and the accompanying rules of conduct should be reviewed and studied—and adhered to—by all compliance officers. See Appendix 2 for the full Code of Professional Ethics for Compliance and Ethics Professionals.
Board Oversight Committee
The compliance officer may be the focal point of a compliance program, but cannot be the only point, nor does this role ensure compliance for the organization. It is important that the compliance officer have support from the governing body through engagement and involvement in a board oversight committee. This committee’s role is to understand and provide guidance on the compliance program efforts, ask appropriate questions related to management’s ability to address and mitigate compliance risks, and ensure that the compliance officer and the compliance program are adequately addressing areas of compliance risks for the organization.