This post is from guest author Seth Whitelaw with the Whitelaw Compliance Group. You may follow Seth on LinkedIn here.
Recently, the Justice Department targeted three companies in the pharmaceutical and medical device industry (Rochester Drug Co-Operative, Indivior, and Life Spine) as it aims to stamp out health care fraud. They are a clear signal that the DOJ is serious when it comes to effective compliance.
For CEOs and company leaders, it is a wake-up call. Not taking compliance seriously will cost both the company and themselves dearly. They need to make compliance a fundamental part of the business plan.
Learning the Lessons
Here are the lessons all three cases teach:
- Company size does not matter. All three companies were smaller or mid-sized.
- Company product lines or services do not matter. The companies were a distributor, a pharma manufacturer, and device company.
- Having a program on paper is not enough. The program must work. It must be effective.
- The “buck stops” with the CEO. The CEOs in two cases are named as defendants.
- The CEO is not alone. Compliance is a “team sport.” All three cases include the person responsible for heading up compliance.
- The Compliance Head must be qualified for the job. All three cases question the Compliance Head’s ability to do the job.
- The Compliance Head cannot sit on the sidelines while the CEO does what he or she wants. The Compliance Head must be active, engaged, and independent. The Compliance Head in all three cases is viewed as an enabler.
Counting the Costs
Final outcomes in these cases remain to be seen. All three cases are at least partially active. However, the scorecard to date is:
- One Compliance Head pled guilty and awaits sentencing.
- Two companies have settled for millions of dollars.
- Two companies have agreed to enhanced compliance and oversight for a period of years.
- One CEO is awaiting a criminal trial.
- Two companies are facing possible bankruptcy.
Today’s To-Do List
So what should companies do today?
- Establish a compliance program if there is none.
- Get an independent assessment of the program if it exists.
- Take compliance seriously.
- Make sure the program works.
Note: this blog post was originally posted to the Whitelaw Compliance Group blog on August 2, 2019. It is shared with permission of the author.
Topics: Key Risk Indicators in Compliance Monitoring