Compliance officer independence and compliance risks

by Gabriel L. Imperato

April, 2015

The Federal Sentencing Guidelines for Organizations contemplate the independence of a chief compliance officer (CCO) for business organizations. This can mean many things, but there is general agreement on the relationship between the independence of the CCO and direct reporting to the board of directors of an organization. Promoting a compliant and ethical culture in a business organization depends on the CCO's ability to detect and prevent noncompliant activity and to work with management to take necessary remedial action based on the known risks and established principles of compliance. The CCO's independence, as well as his/her access to available resources to accomplish the necessary compliance tasks, facilitates that objective.

The CCO's independence and effectiveness can be a strong hedge against the commingling of unfiltered revenue objectives with certain compliance needs of the organization. The concept that weighing a compliance item against revenue objectives can be a "business judgment" for management and the board of the organization is not necessarily a valid one. In the event that alleged compliance failures result in a False Claims Act matter, an organization will not necessarily be able to defend allegations by asserting a revenue-influenced "business judgment." Whistleblowers and their counsel will not weigh an organization's "business judgment" or corresponding revenue considerations when contemplating allegations of non-compliant activity under the False Claims Act. There may be defenses to such allegations involving the "ambiguity of the law," but such defenses do not usually favor False Claims Act defendants and cannot usually be addressed in the courts (i.e., at trial) until long after the strategy for settlement has been determined.

A case may be made for the strategy of weighing revenue considerations in determining a particular compliance course of action, but this may be a hazardous approach, given the current fishbowl-like circumstances in the healthcare industry and the growing exposure to whistleblower/False Claims Act liability. The failure to address these risks may ultimately have an impact on an organization's revenue that could surpass the impact on revenue without consideration of known compliance risks and liabilities.