The effective operation of an executive or management compliance committee is expected by the regulators and is viewed as critical for an effective compliance program. It is a committee consisting of members of leadership and, in concert with the board-level compliance committee, charged with oversight and support for the compliance program. Organizations under a corporate integrity agreement are likely required to have one, and the U.S. Department of Health and Human Services Office of Inspector General (OIG) Compliance Program Policy and Guidance calls for having one. For example, OIG asks in its 2005 supplement guidance, “Is there an active compliance committee, comprised of trained representatives of each of the relevant functional departments, as well as senior management?”[1] The U.S. Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs asks many questions on how senior management exercises their oversight of the compliance program.[2] Clearly, no compliance program could be considered as fully effective without having organized oversight and support by the organization’s leadership. So yes, a committee consisting of leaders is needed; however, it should be viewed as a significant process to broaden the impact of your compliance program and create a “culture of compliance” that DOJ cites 40 times in its guidelines.
After working in healthcare compliance for over 30 years, it has become clear to me that compliance really is a relationship business. As the compliance officer, you ask people to report on problems and information that could potentially impact not only their workplace status and position but also their career. You seek their support in the compliance program to be actively involved in identifying and resolving compliance risks and issues that have been identified. To make this work, employees need to trust and believe that their reported complaints and concerns will be addressed constructively, appropriately, and fairly.
It is also important for compliance officers to recognize that as a member of senior management, they are, in turn, dependent on others to address and resolve issues and problems. And this dependence is not limited to the compliance office staff. In a Harvard Business Review article titled “Power, Dependence, and Effective Management,” John P. Kotter wrote:
One of the distinguishing characteristics of typical managers is how dependent they are on the activities of a variety of other people to perform their jobs effectively. Unlike doctors and mathematicians, whose performance is more directly dependent on their own talents and efforts, a manager can be dependent in varying degrees on superiors, subordinates, peers in other parts of the organization, the subordinates of peers, outside suppliers, customers, competitors, unions, regulating agencies, and many others.[3]
To that end, the compliance committee can present a perfect means by which compliance officers are able to enhance their standing and influence in their organizations.
Committee role
It is imperative that each member knows and understands the committee’s role, responsibilities, and mission on behalf of the organization. One of the principal reasons the committee should have a written charter is to make all that abundantly clear. The charter should be periodically (annually) reviewed by its members and updated to enable it to continue to address a dynamic regulatory and business environment. The compliance officer should also lead the committee in evaluating its performance against the charter. Any deficiencies or weaknesses identified should result in a plan of correction that is tracked to verify that actions taken resolve the issues. Results should also be reported to the CEO and the board’s compliance committee. This will help assure them that the committee is operating effectively and providing value to the organization. Results should also be considered as the committee reviews and revises its goals and objectives for the upcoming operating period. It is suggested that the review include input from each member that can be facilitated by circulating a review form provided to them. In addition, while an annual formal review is considered a best practice, it is also advisable that the compliance officer have periodic “offline” discussions with individual committee members to get their feedback on how well the committee is operating and potential areas for improvement.
Committee members must be engaged because the compliance officer needs them to be part of not only identifying what needs to be done for improvement but also providing solutions to detected deficiencies, problems, or issues. The committee should be presented with meeting materials in advance to allow members to adequately prepare for the meeting. It is vital for the compliance officer to keep in mind that members are busy carrying out their assigned work responsibilities, and their time should not be wasted with a lot of data and information not essential for their duties on the committee. The meetings should not just be a “show and tell” presentation by the compliance officer delivering a host of reports, charts, and other deliverables detailing process activities concerning the compliance program. This limits meaningful discussion, analysis, or resulting action, and impact. As such, the information delivered should be on a need-to-know basis for meeting their obligations. Senior managers’ time is precious, and they need to feel that the meetings are productive, worthwhile, and in their best interests.
Committee structure
At the highest level, the compliance committee comprises executives who can help the business navigate its regulatory compliance obligations. The includes executive suite members (including legal counsel) and members from different departments or functions. Since the compliance officer needs to be a driving force for the program, it makes sense that the compliance officer plays a leading role in the committee, often serving as the chair who sets the meeting schedule, creates the agenda, and facilitates the discussion.
The size and composition of the committee is a big question and depends on what works given the organization’s culture, nuances, and idiosyncrasies. In part, the compliance officer needs to consider with whom to have regular contact, easy access to, and whom they depend on most in supporting the program. Larger committees will get more people engaged, but it can be costly in terms of time commitments and increase problems with scheduling meetings. In addition, meaningful discussions become difficult if too many participants are at meetings. Many organizations will create subcommittees with chairs to focus on specific issues. Some have subcommittees established along the lines of the seven compliance program elements (i.e., code and policies, training, sanction screening, auditing, monitoring, etc.). Each subcommittee should have a charter defining their role and responsibilities and meet between compliance committee meetings to be able to report results timely.
Committee environment
Active participation on the committee by all those involved is essential, and the CEO and board need to make it clear to those chosen that their involvement is a priority and their active involvement is expected. Attendance should be maintained. If a member cannot attend (emergencies arise), then they need to notify the compliance officer and send someone who can act and speak on their behalf. In one case, a CEO facing some resistance to participation in the committee told his senior management team directly at a compliance committee meeting that they would need to look for employment elsewhere if they did not participate regularly and actively on the compliance committee. Subsequently, neither attendance nor participation was a problem.
Meetings need to be scheduled in advance—especially given the inherent difficulties with senior management calendars. The frequency of meetings varies according to the needs of an organization, but bimonthly or quarterly are most common. They should be scheduled with the thought of being able to report on their activities to the board-level compliance committee that most often meets quarterly. It is advisable that the compliance officer meets in advance with committee members whose function or operation may be the subject of discussion at an upcoming meeting to prevent them from being “blindsided” on issues affecting their areas of responsibility. No one likes being surprised at the meeting. It would not only undercut trust in the process and compliance program but also likely be difficult from which to recover.
Meetings should start and end on time, as much as possible, and each meeting should have an agenda. In setting agendas, the compliance officer needs to ensure that all elements of the compliance program are reviewed during the annual cycle. While getting a periodic outside review of the compliance program is recommended, as well as considered a best practice, the committee members should still have a good understanding of the program’s status and whether it is meeting established guidance based on information provided at the meetings.
While all aspects of the compliance program need to be addressed, it is best that each meeting at least focus on updating the status of compliance risks and results from ongoing monitoring and auditing, as well as reporting on the status of plans of correction. Specific attention should be given to whether the plans of correction are being completed on time, effective in mitigating risks, and corrective actions have been sustained.
Another area of importance is compliance-related training. The focus should be not only on whether training was completed per plan but also on whether it was effective and employees understood the lessons. Organizations devote significant hours to training their employees, and it should be worthwhile to determine if their investment is worth the cost. This includes whether those trained retained knowledge and understanding of the lessons and how they were applied in day-to-day work. As such, seeking data that measures these results would help make assessments about the program.
Committee discussions need to be open and candid, with participants being comfortable providing their analyses, observations, and opinions. Dissenting opinions are fine and should be expected, but it is important everyone listen objectively and constructively. The fact that someone disagrees does not make them an enemy, and they may be right. Remember, the objective here is to affect a solution or institute improvement. To the extent possible, you want the committee to be synergetic, and to obtain it, you need to foster trust and collaboration. In that same vein, while everyone should have an opportunity to participate actively in the discussion, including dissenting opinions, once a decision is made, it needs to be supported by everyone.
Indicators of success
The success indicators for the operation of the committee include:
-
Having well-defined goals and responsibilities so that it knows what it is and is not allowed to do.
-
Meeting on a regular basis with set agendas and needed actions.
-
Identifying compliance issues and resolving them in a timely manner, and verifying plans of correction are sustained.
-
Continued evolution and improvement of the risk assessment process.
-
Extending the reach of the compliance program down to all levels of the organization as a result of demonstrated commitment and efforts of the compliance committee members.
-
Having evidence that middle- and first-line managers understand their roles and actively support the compliance program.
-
Keeping abreast of and responding to the ever-changing legal, regulatory, and business environment.
-
Proactively create, assess, maintain, and support the compliance program.
-
Ensuring effective ongoing compliance monitoring as well as an active and dynamic audit plan.
-
Periodically reevaluating committee work and modifying it accordingly to verify it stays on track and is working towards its goals.
-
Having a clear understanding of how each of the elements of the compliance program is performing, whether they comply with established guidelines, and if there are deficiencies, the status of actions to fix them.
Takeaways
-
Compliance is a relationship business; the compliance officer depends on many others for an effective compliance program.
-
While the management committee may be mandated or at least expected, it does present significant opportunities for the compliance officer that must not be overlooked.
-
Committee members must know and understand their role and the committee’s importance in the compliance program.
-
Their time is precious, so members must be meaningfully engaged.
-
Use the committee to drive the compliance program to middle- and first-line management.