Bradley attorney Jason Mehta was quoted in Healthcare Risk Management on the new U.S. Department of Justice (DOJ) guidelines for white-collar prosecutors on the evaluation of corporate compliance programs, which should become a valuable tool for risk managers. According to the DOJ, the new guidelines “seek to better harmonize the guidance with other department guidance and standards while providing additional context to the multifactor analysis of a company’s compliance program.”
The guidance signals the DOJ’s commitment to corporate compliance programs, said Mehta.
“While many would have thought that the government would be more lax in corporate enforcement under the Trump administration, this policy in some ways is more robust and more vibrant than in past administrations,” he added. “Enforcement is here to stay for the long haul, and the more companies recognize that, the more they can see corporate compliance as a chance to improve rather than as yet another hurdle to overcome.”
Any time the government lays out its thinking and its metrics on how it evaluates compliance programs, risk managers should really be paying attention, Mehta said.
“This is the playbook of how the government is going to evaluate corporate compliance programs, the roadmap, and the things it cares about. Healthcare companies would be well-served by scrutinizing this guidance and making sure their own programs comport with it,” he explained.
The guidance explains that companies need to tailor their corporate compliance programs to the risks facing the organization, Mehta said. Companies should identify their areas of high risk and low risk, apportioning their resources and efforts accordingly.
“Understanding that baseline expectation is really critical. It should force healthcare companies to think critically about their own companies, where they have vulnerabilities, and devote the corresponding resources there,” Mehta said.
The guidance also suggests that DOJ expects companies to police third parties they work with. “This really puts a burden on companies to understand who their partners, agents, and consultants are, and then to think about whether they are doing enough due diligence on these parties,” he added. “That means understanding things like who the top referrers are, the top prescribers, and making sure that not just your own company is compliant but those third parties are, too.”
The government also is focusing on how a compliance program is implemented and maintained — not just how it is initially formed, Mehta noted.
The original article, “DOJ’s New Guidance on Corporate Compliance Provides Valuable Tool for Risk Managers,” first appeared in Healthcare Risk Management on July 1, 2019.