Legal requirements are of concern to compliance personnel. But “compliance” as a mantra does not end there. Instead, fraud prevention only begins with legal prohibitions.
Stated differently, “compliance” is not a destination. Rather, it is a goal that will evolve as business necessities and circumstances change. Simply put, compliance is a mindset consisting of a holistic and thoughtful approach, created to include methods to pressure-test the design, in order to ultimately eliminate fraud.
There are a number of laws that seek to improve the culture of corporate compliance. These include the False Claims Act (FCA) and the anti-kickback law. The False Claims Act[i] makes it illegal to knowingly presenting a false or fraudulent claim for payment; liability can result in a civil penalty calculated on a per-claim basis plus three times the damages sustained by the government.
“Knowing” is broadly defined and a knowing violation includes illegal acts for products that are reimbursed by a federal health care program. The FCA also allows “relators” – basically private whistleblowing citizens – to sue on behalf of the government and keep a portion of the monies recovered.
Under the anti-kickback law,[ii] it is illegal to offer to pay to induce a person to purchase or order any item or service for which payment may be made under a federal health care program, or recommend purchasing or ordering such an item or service. Importantly, a person need not have actual knowledge of the statute or a specific intent to violate it. Violations are considered to be “federal healthcare fraud offenses” and are punishable by prison terms, fines, civil penalties – and exclusion from participation in federal health care programs.
Other statutes are more specific concerning the conduct they seek to outlaw, or regarding the industries at which they are directed. With respect to the former, the Foreign Corrupt Practices Act,[iii] for example, criminalizes bribery directed at foreign officials in order to gain a business advantage. As an example of the latter, the federal Food Drug and Cosmetic Act[iv] provides that it is illegal to introduce a misbranded drug into interstate commerce; false or misleading labels, or inadequate warnings or directions, constitute misbranding.
There also exist a variety of other federal and state laws, regulations and guidance documents; these can be specific to various industries but, in any case, they are too voluminous to list in their entirety.
The failure to maintain an adequate compliance program is significant. Companies and their responsible corporate officers – i.e., owners, officers and managers – face liability for engaging in fraud. That liability can be criminal, civil or both. In the criminal sense, the consequences can involve substantial fines as well as individual jail time. Civil liability includes penalties and debarment (or exclusion) from participation in government programs – a personal “career killer” that can also make it difficult for businesses to survive.
By way of example, a major corporation recently announced a settlement requiring it to pay over $3 billion to resolve civil and criminal for illegal marketing techniques. Another recent example is a company that paid more than $2 million to resolve allegations concerning kickbacks to physicians, to ensure that they used certain medical devices, in violation of the FCA.
In addition to prison and penalties, settlements are fraught with other concerns. In some cases, criminal prosecution is deferred so that the government can assess compliance efforts and revisit its decision not to prosecute. Additionally, the government often uses a “corporate integrity agreement,” which exponentially increases the requisite corporate compliance efforts – such as firing officials and answering to an independent compliance board.
If these issues were not concern enough, the government has itself been criticized from within for not utilizing its powers of suspension and debarment. Although the funds recovered have markedly increased – e.g., the Department of Health and Human Services reported that its recoveries doubled between 2006 and 2010 – the budget pressures facing federal and state governments promise more scrutiny.
The overarching goal in creating a compliance program is to improve the internal enforcement of compliance measures and, ultimately, the results. In some respects, good corporate compliance starts with a program that can include the following:
A compliance program is not, however, a matter of simply instituting policies or circulating a “plan.” Everyone in the organization should have an incentive to comply, and any financial incentives to the contrary should be thoroughly reviewed.
Moreover, a comprehensive compliance program must address particular problem areas confronting an industry. These can include proper oversight of grant proposals, product labeling, conference presentations, promotional materials and those items that can, or cannot, be circulated in the sales and promotion context.
Every compliance program requires testing and auditing to ensure its continued viability. Data should be generated to allow compliance personnel to set priorities and identify problem areas. Perhaps more importantly, the compliance team needs to seek out information and immediately deal with adverse results. Finally, no review of compliance would be complete without mentioning the consideration that should be given to occasionally auditing the auditors.
Fraud exists in many shapes and sizes and, as a result, compliance is not a one-size-fits-all proposition. With the enormous potential for penalties, prison and debarment, only those savvy compliance personnel will reap the benefits of their efforts. Stated differently, the only pertinent question is whether corporations can afford not to focus on compliance.
[i] 31 U.S.C. §§ 3729 to 3733.
[ii] 42 U.S.C. § 1320a-7b.
[iii] 15 U.S.C. § 78dd-1 et seq.
[iv] 21 U.S.C. § 301 et seq., as amended by the Prescription Drug Marketing Act (21 U.S.C. § 331 et seq.).
About the Author
David Restaino is a partner in the Princeton, New Jersey, office of Fox Rothschild LLP, where he provides compliance and risk management counsel in many subject matter areas. He may be contacted 609-895-6701 or email@example.com.