James G. Sheehan (james.sheehan@ag.ny.gov) is Chief, Charities Bureau, New York State Department of Law (Attorney General) in New York City.
I look at a lot of IRS 990s, since about 50,000 get filed with my office (the New York Attorney General Charities Bureau) each year. When we receive complaints or allegations of improper conduct, we look closely at the 990[1] ,[2] and the organization’s audit.
Form 990 review
For most organizations, the initial message from an initial review of Part VI, Section B, of the Governance, Management, and Disclosure Section of the 990 is “Nothing to see here.”
“Did the organization have a written conflict of interest policy (12a). If no, go to line 13.”
The Line 13 express is a very lonely place; no one ever takes it.
So we move to the next. 12b: “Were officers, directors, or trustees, and key employees required to disclose annually interests that could give rise to conflicts?” That “no” box also has few visitors, as does the next box, under 12c: “Did the organization regularly and consistently monitor and enforce compliance with the policy?” “If yes, describe in Schedule O how this is done.”
The description in Schedule O often appears to come from a menu in the outside accountant’s 990 processing program; it usually sounds something like this:
“The organization has a conflict of interest (COI) policy that addresses the consideration of potential conflicts of interest by the board of directors, committee members, key employees, and their relatives. As per the policy, such persons must make disclosure of any potential conflicts of interest and must abstain from voting on any action in which they have an interest. On an annual basis, all members are required to sign an annual conflict of interest form...”
Note that this statement does not, notwithstanding the requirements in 12(c), represent that the organization “regularly and consistently monitors and enforces compliance with the policy...” nor does it represent how monitoring and enforcement are done.
IRS Form 990 12(c) and Schedule O. False statements?
In my experience as a regulator, the “yes” box in 12c and the description in Schedule O are the most consistently false statements in healthcare organizations’ 990 filings. From my conversations with compliance officers, relatively few manage the COI process at the director/key employee level or prepare the responses to the 990 governance questions. And in many organizations, the compliance officer is not even given the chance to review the governance statements in the IRS 990 before it is filed. It is prepared by the auditor shortly before the due date, and dated and signed by a senior executive and by an outside accountant.
As a compliance officer, you may be grateful for the fact that obtaining and reviewing COI forms from the VIPs on the board and C-suite managers is not part of your responsibility. In many organizations, it is the job of the secretary to the board or the general counsel. And we know that everyone hates filling out disclosure forms. (I know I get grumpy about finding my records, asking my spouse for her documents, pulling the information together, and updating the report to reflect what has changed since the previous year).
Monitor and enforce conflict-of-interest policy
The task of regular and consistent monitoring of compliance by senior leaders with the reporting requirements of a COI policy can be time-consuming and tedious, and managing the information reported to assure compliance by those senior leaders can be difficult in any organization.
Three cases demonstrate the importance of a COI policy that is regularly and constantly monitored and enforced.
The University of Maryland Medical System
UMMS spent $500,000 to purchase 100,000 copies of “Healthy Holly” (a book series self-published by Baltimore’s now ex-Mayor Catherine Pugh) to donate to Baltimore school children, while she was a trustee of UMMS, a private, not-for-profit health system with 11 hospitals and $2 billion in annual revenues.[3]
I began by looking at UMMS’s 2015 IRS 990—the usual yeses on line 12; the usual lonely line 13. This Schedule O actually has a monitoring and enforcement policy: the general counsel “reviews the responses...” to determine whether a conflict exists and consults with the audit committee in appropriate cases. In addition, there is a requirement that in all invitations for bids, proposals, or solicitations for offers, the vendor, supplier, or contractor must disclose any “actual or potential transaction with any organization officer, director, or employee.”
The Baltimore Sun reported on March 13, 2019 that a third of the UMMS’s board received payments from the system “through contracts with their businesses.”[4] The CEO, COO, chief compliance officer, and general counsel left their positions in June, and UMMS announced a new conflict of interest policy on May 31, as required by a new Maryland state law passed after the Baltimore Sun stories. The policy lays out specific responsibilities for the new chief compliance officer.[5]
Hacienda HealthCare, of Arizona
Hacienda HealthCare came to public attention this year when an incapacitated patient, whom no one at the facility knew was pregnant, delivered a baby in late December. As local media investigated the story, they began reporting on conflicts of interest. The Arizona Republic reported on February 19 that “board members…have a long record of self-dealing and nepotism.”[6] “Hacienda’s board chairman, for example, brokered health insurance for roughly 800 Hacienda employees through his private company for decades...” Three board members had children who worked at Hacienda. Ten members of the management team have since resigned.[7]
The answers to Question 12 on the 2016 Hacienda IRS 990 are all yes. (The language quoted in the beginning of this article is from Hacienda HealthCare’s 990 Schedule O for 2016.)
Memorial Sloan Kettering
Chief Medical Officer Dr. Jose Baselga failed to disclose millions of dollars in payments from drug and healthcare companies in dozens of articles he published in medical journals. Baselga resigned a week after a New York Times story reported the disclosure failures. After an internal investigation, outside counsel stated that plans to manage executive conflicts of interest “were not implemented because it was felt to be unnecessary or because there was a failure to realize that a management plan was needed.”[8] Beginning in 2014, senior executives were no longer required to vet financial relationships with a conflict-of-interest advisory committee, because the hospital felt the committee should not be asked to make decisions about executives to whom it reported.[9]
Memorial Sloan Kettering has the familiar answers to Question 12 on its 2016 IRS 990; Schedule O recites that “The Compliance Officer and staff are responsible for administering the conflict of interest program...”
Poor oversight of conflict-of-interest policy risks
The conflict-of-interest practices of each of these institutions exposed them to substantial reputational and financial risk. In each of these cases, the public record suggests that the compliance officer had no actual role in managing the conflict-of-interest policy, nor in overseeing the policy to assure that it was consistent with compliance principles. So how could these institutions (and their compliance officers) have addressed these risks?
Some basic principles:
-
The institution needs a clear conflict-of-interest policy, not only for line employees, but for board members and senior managers;
-
The policy should address expectations of fiduciaries; periodic financial reporting in writing; abstention by the conflicted individual from voting, advocating, or participating in decisions involving the conflicted interest; and recordkeeping of reporting and abstentions; and
-
The policy should be accurately reflected in the IRS 990.
Compliance program elements and COI policy
Element 1 – Written policies/Code of conduct: The institution needs to define the role of the compliance officer and other senior officials and committees with respect to conflict of interest and oversight of compliance efforts.
Element 2 – Compliance officer: At the least, the compliance officer should, as part of their duties, review the IRS 990 prior to filing to assure that the answers to Question 12 and the text in Schedule O accurately reflect the policies and practice of the organization.
Element 3 – Training and education: The conflict-of-interest policy, and its monitoring and enforcement process, should be part of the organization’s compliance training.
Element 4 – Hotline: The reporting hotline should capture allegations of violations of the conflict-of-interest policy.
Element 5 – Auditing and monitoring: Auditing and monitoring of compliance with the conflict-of-interest policy should be the responsibility of the compliance officer or of internal audit reporting to the compliance officer. Auditing and monitoring should focus on risk assessment, the format and schedule for reporting, timely and complete reporting, follow-up for delinquent reporters, records management of the reporting system, and testing of a sample of the reports submitted against outside sources of information.
Element 6 – Investigations and remediation: The institution needs a system for investigations and remediation of conflict-of-interest issues, including root causes, system vulnerabilities, and corrective action.
Element 7 – Disciplinary policies: The institution needs to hold individuals, managers, and directors accountable for violations of conflict-of-interest policies.
Conclusion
Institutions should consider enhanced scrutiny of conflict-of-interest transactions, beyond mere abstention of the conflicted officer/director from advocacy and decision-making. New York’s approach of requiring specific findings by directors in the minutes of the board or board committee identifying the transaction, and setting forth the board’s evaluation of alternatives to the conflicted transaction, the process by which the conflicted transaction was selected, and the board’s determination that the transaction would be in the best interest of the institution, are recommended (See Section 715-A, Conflict of interest policy of the New York Not-for-Profit Corporation Law[10] and the guidance document for conflicts of interest policies[11] available at charitiesnys.com.[12]
The IRS 990 is a compliance reporting document. Even though the IRS has a very limited role in reviewing its accuracy, state charities regulators use the IRS 990 as a road map to assess compliance and the commitment of a charitable organization and its board to its mission.
Senior officials in institutions have conflict-of-interest disclosure obligations beyond the institution, as scholars, as directors of public corporations, and as principal investigators or IRB members with roles in research and new product development. The reporting and disclosure in each of these roles should be consistent.
Takeaways
-
Carefully review the organization’s IRS Form 990; the government does.
-
The organization’s audits should include a review of IRS Form 990; the government checks it.
-
Monitor and enforce the conflict-of-interest (COI) policy.
-
Understand the reputational and financial risks associated with poor COI oversight.
-
Recognize the compliance elements associated with the COI policy.