Compliance Officer and Legal Counsel Roles – Should GC Be Compliance Officer?

Compliance Officer and Legal Counsel Relationships

I am often asked for my opinion on whether a general counsel can also serve in the role of compliance officer. At first blush, it seems like the general counsel would be a perfect fit for the role because of general knowledge of regulations that are applicable to the organization. Clients are often surprised when I tell them that it is not appropriate to assign the compliance role to general counsel. In fact, there is a lot of support for the proposition that assigning these responsibilities to legal counsel makes a compliance program less effective. It also runs the risk of making the general counsel less effective in the legal counsel role.
The reason why legal counsel should generally not fill the compliance role arises from differences in the roles that each of these professionals play within an organization. Legal counsel is an advocate for the organization. When compliance issues come up, legal counsel advocates the position of the client. The compliance officer on the other hand, is responsible for proactively looking for compliance problems and designing appropriate ways to correct the discovered problem. The roles go hand in hand in many ways. But what happens when it is legal counsel who structured a deal in a manner that it does not comply with applicable regulations? In cases like this, legal counsel is in an inherent conflict of interest.
In all but the very smallest organizations that clearly cannot absorb the cost of two separate functions, it presents increased compliance risk to the organization for the legal counsel to also be the prime individual responsible for compliance within the organization. Dividing the compliance and legal counsel functions is clearly the “best practice” when it comes to organizational compliance.
This conclusion is supported by comments from the Office of Inspector General (OIG), a consistent reading the Federal Sentencing Guidelines (FSG), the position taken by the government in Corporate Integrity Agreement fraud and abuse settlements, and by the general ethical standards that apply to the general counsel.
The case for dividing the functions of legal counsel and compliance officer and creating a separate Compliance Office with direct line of authority to the Board or a Committee of the Board is quite compelling. In fact, many organizations who had previously run the compliance role through the office of general counsel are now reviewing that practice and are making changes to their organizational structure and compliance plans.
A study done by the American Health Lawyers Associations and the Office of Inspector General in 2004 found that at that time, only 20% of the health care organizations that were polled had their compliance function under the authority of the Legal Counsel’s office. It is safe to say that in view of more recent pronouncements by the OIG and by comments made in the Supplemental Compliance Guidance for Hospitals that was released in 2005, the percentage of “dual role” organizations is now less than that figure.
The first source to be examined when defining the role of the compliance officer within an organization is the Federal Sentencing Guidelines. The FSG do not specifically mention a compliance officer per se, but require that the compliance and ethics program be assigned to “high-level” personnel. When organizations first began creating compliance programs in response to the Federal Sentencing Guidelines, oftentimes the responsibility was assigned to the legal counsel. This seemed to be a natural outgrowth of the function of the office of legal counsel. In that regard, it made organizational sense because the office of legal counsel had resources and personnel in place to implement the compliance program without creating an entire new organizational division.
Over time, the assignment of compliance functions to the legal counsel began to raise questions. Concerns were raised as to whether the legal counsel was in fact a “high level” personnel. Additionally, questions were raised as to the degree that giving the legal counsel the dual role of compliance officer and legal counsel sufficiently conveyed the appearance of the importance that the organization placed on compliance. As a result, some lawyers and compliance experts began to question whether creating a “dual role” compliance officer put the organization at risk of not receiving the benefits afforded under the Federal Sentencing Guidelines if the organization was ever in a position to need these benefits.
The Office of Inspector General has made its position clear that legal counsel should not exercise a dual role. An examination of many of the recent Corporate Integrity Agreements that have been entered between providers and the OIG clearly demonstrate the OIG’s position on this matter. Most CIAs outline the role and position of the compliance officer in the organization. The standard language being used by the OIG is as follows:
“The Compliance Officer shall be a member of senior management of [Provider], shall make periodic (at least quarterly) reports regarding compliance matters directly to the Board of Directors of [Provider], and shall be authorized to report on such matters to the Board of Directors at any time. The Compliance Officer shall not be or be subordinate to the General Counsel or Chief Financial Officer. [Emphasis Added]
Although the Sentencing Guidelines do not affirmatively address dual role situations, Commentary to the Sentencing Guidelines state that “applicable industry practice or the standards called for by any applicable governmental regulations” are factors to be considered. Failure to follow these standards “weighs against a finding of an effective compliance and ethics program.”
At the same time, both the Sentencing Guidelines and the OIG Compliance Guidance recognize that the size of the organization is a factor in judging the level of compliance. This recognizes that in cases where the organization is small and fewer resources are available, the organization can meet its obligations without necessarily creating a structure that separates the roles between the legal counsel and the compliance office. However, there is no precise definition as to whether an organization is a “small organization” that can fulfill its compliance functions in less formal ways or a “large organization” which will be expected to devote suitable resources to create a completely separate compliance function.
This uncertainty leave an organization’s board of directors without precise guidance concerning an appropriate structure given the size and nature of its organization. At the same time, best practices, given available resources, is to separate the compliance and legal counsel functions. The potential consequences of failing to use an appropriate structure for the size of the organization is increased penalties in the event of an event of organizational criminal misconduct; so the consequences can be quite serious.

Certified Compliance Attorney Health Care Compliance Certification

Certified Compliance Attorney – CHC Compliance Lawyer

Expert Compliance Representation – Health Care Compliance

Attorney John H. Fisher leads the Health Care Compliance Practice at Ruder Ware.   John is a practicing health care attorney who has substantial expertise in the compliance area.  He is certified in both Health Care Compliance and Corporate Compliance and Ethics.

Aggressive Governmental Fraud and Abuse Investigations

Government enforcement practices and ever changing regulatory requirements require health care providers of all types and specialties to function in a highly complex environment.  Government enforcement operates under a “return on investment” mentality which leads to extremely aggressive and sometimes unfairly overbroad enforcement actions.  This leaves even the most well intentioned health care provider feeling targeted and overburdened with regulatory requirements.

Attorney Fisher Provides a Full Range of Compliance Services

Attorney Fisher has provided a broad range of compliance related legal services to a variety of health care providers including hospitals, mental health programs, skilled nursing facilities, ambulatory surgery centers, a variety of medical groups, diagnostic facilities, home health care providers, personal care agencies, clinically integrated provider groups, accountable care organizations.  Each provider has unique features and characteristics that require creative approaches to mitigate the impact of overzealous governmental enforcement and private whistleblowers.

Preparation for an Eventual External Examination of Your Compliance Process

Our compliance practice functions under the philosophy that all providers will eventually be called upon to defend their compliance programs.  This may come through a self-disclosure after an infraction that is discovered through self assessment or audit.  A challenge to the effectiveness of a compliance program can arise as a result of a whistleblower claim or at the hands of a government criminal or civil prosecutor.  Regardless of the source of challenge, at some point in the future, a compliance program will be put to the test.  When this happens, it must be effective to detect and correct potential compliance problems.  This requires a well designed plan as well as a showing that the plan is actively operating to identify risk areas, audit for anomalies in areas where risk may be present, and comes full circle to take appropriate action to correct potential problems that are identified.  If this is happening when your time comes; when your compliance program is put to the test, you will have gone a long ways toward mitigation of potential negative consequences.

Penalties Are Increasing and the Scope Activity Considered Abusive Continues to Expand

Some may wonder how the government plans to pay for changes in the health care system.  One of the primary sources of payment in the future will be through enforcement of actual or perceived fraud and abuse.  Currently, the Federal government received an 800% return on every dollar that it invests on pursuing health care fraud and abuse.  With increased penalties and more draconian enforcement systems in place, the government is poised to turn the enforcement business into an even more lucrative proposition.  The stage is set with laws that increase penalties to such an astronomical level that even a minor case will be settled rather than risk being dragged through a proceeding that could expose a provider to damage that are many times the amount of settlement.

The Danger of Whistleblower Claimants

Whistleblowers also are incentivized to file cases as they seek to benefit personally from provider activity that may not fully conform to regulatory expectations. No provider is immune, no matter how effective its corporate responsibility program. For these reasons, all providers need experienced Compliance Counsel to assist them in trying to prevent regulatory violations, to determine the scope of and assist with correcting identified compliance issues and to defend them in the event they do become a target of government investigative activities.

Whistleblowers can come from a number of different places.  Disgruntled employees are a prime candidate to bring a whistleblower complaint.  How these complaints are handled is extremely important to minimizing their potential negative impact on you operations.  Once a Whistleblower attorney becomes financially committed to a case, they tend not to let go easily.  Settlement can be very difficult to attain on reasonable terms.  It is fair to say that in many cases the government gives more latitude to settle cases if the provider cooperates.

There are some reasonable government enforcement individuals who appropriately utilize their discretion when a provider cooperates and has not intentionally bilked the system.  Whistleblowers on the other hand, have their sites set on the full maximum amount of calculated False Claims Act damages.  They are looking for a pay day.  We can help you avoid this type of situation altogether by helping establish an effective compliance program that takes appropriate action to mitigate exposure if infractions are discovered.