The Board of Directors' Role in Compliance & Ethics

July-August 2008

BY: DANIEL R. ROACH, JD

Mr. Roach is vice president, compliance and audit, Catholic Healthcare West, San Francisco.

Editor's Note: This article originally appeared in the Journal of Health Care Compliance, vol. 9, no. 6 (November-December 2007): 53-56. © 2007, CCH and Aspen Publishers. Reprinted with permission.

The corporate scandals that have dominated the headlines frequently during the past several years have raised many questions about who was or should have been responsible. Although it has generally been senior executives doing the "perp walk," many have questioned the role that boards have played in the ethical collapse.

Was the board "minding the store"? Did it ask the right questions? Were appropriate standards adopted? Did the board set the right tone? Did the board clearly and unequivocally let management know that unethical or illegal conduct would be a quick ticket out the door?

These questions lead to a fundamental question when it comes to organizational compliance and ethics: What exactly is the board's role? This article offers some answers for compliance and ethics officers as well as board members, focusing on the growing body of external standards and benchmarks and practical actions that are a necessary adjunct to meeting the standards.

The Organizational Sentencing Guidelines (OSG) form the basis for punishing organizations guilty of criminal violations of federal law. The OSG make it clear that the board plays a pivotal role in compliance. Among other things, the OSG require that "the organization's governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program."1 The failure to meet these standards is likely a breach of the board member's fiduciary obligations.

Delaware is the legal home to many of the largest corporations in the United States. As a result, the decisions of its courts related to corporations are closely watched. In a 1996 case, a Delaware court issued a decision that has helped set the standard for the board's role in compliance.

In that case, the court concluded that a director's obligations included both a good faith effort to assure that an adequate compliance program exists and that information regarding organizational compliance with applicable laws will be brought to the board's attention in a regular and timely manner.2 This decision has been cited subsequently in other cases addressing the board's role in overseeing organizational compliance and ethics programs.

In addition to the growing body of case law, the action of enforcement authorities has made clear they believe that boards play a vital role in the compliance and ethics programs of an organization. The corporate integrity agreement (CIA) between Tenet Healthcare and the Department of Justice requires Tenet's Quality, Compliance and Ethics Committee of the Board of Directors to "retain an independent individual or entity with expertise in compliance with federal healthcare program requirements."3 Several deferred prosecution agreements contain similar requirements.4

The presence and pressure of federal law enforcement activities have fallen particularly heavily on health care. In this context, the compliance program guidance issued by the Department of Health and Human Services, Office of Inspector General (OIG) as well as statements by the OIG suggest that the board must be knowledgeable and involved in an organization's compliance program. In fact, the Tenet CIA, deferred prosecution agreements, and comments from the OIG suggest that a board of directors should ensure that it has independent compliance expertise to assist the board in its role. Independent expertise can be achieved by adding someone with compliance expertise to the board — or board committee (audit, compliance, ethics, etc.) — or by hiring independent experts to help the board evaluate the organization's compliance efforts.

Board members without compliance expertise are also seeking to enhance their knowledge and improve their skills by seeking educational opportunities that focus on the board's role in compliance and ethics programs. A growing number of programs are available to board members that focus on helping the board understand its compliance and ethics oversight responsibilities.5

Once the board of an organization has been equipped with appropriate expertise, the board must actually execute its responsibilities. The board plays at least four important roles in the oversight of an effective compliance and ethics program. The board:

  • helps set the scope of the compliance and ethics program.
  • approves key policies and procedures.
  • aligns incentives.
  • requires meaningful, substantive reporting on the organization's compliance and ethics activities.

Program Scope
Few organizations have an unlimited compliance budget. Consequently, it is incumbent on the board to help set the compliance agenda by having enough knowledge and asking pertinent questions to ensure that the program appropriately targets the organization's significant risks. One effective strategy for the board is to request information about the organization's risk assessment process, to obtain a list of identified risks, and to examine how the organization's compliance plan addresses the most significant risks.

Another approach is simply to read the newspaper and ask questions. If an article appears in the newspaper raising questions about a compliance problem in another company, a logical question for a board member (particularly in the same type of business) is to ask management what steps/processes are in place to prevent a similar occurrence. If the board member is not satisfied with the plan or process, he or she can and should ask management to do more.

Policies and Procedures
The board also should be involved in approving key compliance policies and procedures in the organization including the code of conduct, conflicts of interest policies, hot line or other reporting policies, and policies that address the organization's highest risk areas. Board approval is important for a number of reasons.

First, board policies frequently carry more weight in an organization than other types of policies and are less likely to be subject to exceptions or modifications. Second, board approval of such policies serves an educational role for the board, helping it understand the key issues and risks. Finally, the board's involvement in this process helps to set the tone for compliance and ethics activities within the organization, a role required of the board in the OSG.

Align Incentives
Perhaps the board of directors' most important role is to align incentives. The failure to appropriately align or balance incentives has triggered many corporate scandals. Traditionally, the performance evaluation and incentive compensation process was dominated by financial metrics, occasionally combined with additional metrics such as quality, safety, or customer/patient satisfaction.

Increasingly, however, organizations are looking to develop compliance/ethics-related objectives that buttress the other metrics used in the performance evaluation/incentive compensation process. A personal story may serve to emphasize this point. Two years ago, I was contacted by a recruiter who was looking for a chief compliance officer for a Fortune 50 company. While I was not thinking about leaving my current job, the recruiter described an interesting opportunity, and I agreed to consider it. I queried the company's website and reviewed the most recent quarterly Securities and Exchange Commission filings, which disclosed some interesting information. First, the company had recently established a $400 million reserve, which I subsequently confirmed was in response to a government investigation into allegations of inappropriate conduct. It is probable that the organization's decision to look for a compliance officer was triggered by this investigation.

At nearly the same time, the board had adopted a new management incentive plan, including more than 20 factors that the board could consider in awarding incentive compensation. None of these factors related in any way to compliance or ethics. Despite the $400 million reserve, it was clear that the board had failed to align incentives.

Other organizations have taken a different approach to compliance and ethics, one that more appropriately aligns incentives and is more consistent with OSG requirements that a compliance and ethics program be "promoted and enforced . . . through appropriate incentives to perform in accordance with the compliance and ethics program."6

Catholic Healthcare West adopted such an approach six years ago. While our key business unit executives (hospital presidents) all had financial, quality and patient satisfaction metrics that determined the amount of incentive compensation, these incentives were balanced by 25 to 30 compliance/ethics metrics. Taken together, these specific, objectively measurable compliance and ethics metrics served as a gate (threshold) for earning an incentive compensation award.

In short, an executive who did not achieve a passing score on his or her compliance objectives was not eligible for an incentive compensation award, regardless of how he or she performed on the financial, quality or other metrics. It should be noted that few of the compliance metrics required the direct action of the business unit executive, but he or she did make sure that the hospital had processes in place to ensure the metrics were achieved.

Transparency
Another tool for aligning incentives is transparency. Simply reporting to senior management and the board about executives' progress in meeting their compliance and ethics objectives (as well as how they compare to their peers) is a valuable tool in aligning incentives. Most business unit leaders are competitive and do not want to be out of step with their peers. Moreover, in most organizations, management would not want either more senior executives or board members to think the executive was indifferent to compliance or ethics.

Finally, the board can promote compliance by insisting on relevant, regular and substantive reporting to the board about the organization's compliance and ethics activities. The OSG, case law, corporate integrity agreements and deferred prosecution agreements all suggest that regular, substantive reporting to the board is essential. Reports should include key organization compliance and ethics metrics, including metrics that are part of the compliance scorecard or dashboard.

The law may be complex, confusing and even counterintuitive, but compliance and ethics programs should be straightforward. An engaged board fulfills its obligations by setting the right tone and aligning incentives, which will greatly increase the odds the compliance and ethics program is effective and makes the job of the compliance and ethics professional much easier.

NOTES

  1. 2005 Organizational Sentencing Guidelines Section 8B2.1 (b)(2)(A), www.ussc.gov/2005guid/8b2_1.htm.
  2. In re: Caremark International Inc. Derivative Litigation. 698 A2d 959 (Del Ch 1996), www.corporatecompliance.org/Content/NavigationMenu/
    Resources/ComplianceBasics/caremarkDecision.pdf.
  3. A corporate integrity agreement or CIA is a government imposed compliance program, typically arising out of the settlement of civil and/or criminal investigations of health care fraud.
  4. A deferred prosecution agreement is an agreement not to prosecute a company for alleged criminal wrongdoing provided the company stays clean and otherwise fulfills the obligations (which can be very onerous) under the agreement.
  5. One such program is the Audit & Compliance Committee Conference sponsored by the Health Care Compliance Association. This program was developed for board members of health care organizations and is designed to give board members the tools to provide effective oversight of compliance and audit activities within health care organizations, addressing both Organizational Sentencing Guidelines requirements as well as significant areas of legal risk.
  6. 2005 Organizational Sentencing Guidelines Section 8B2.1(b)(6), www.ussc.gov/2005guid/8b2_1.htm.

 

Copyright © 2008 by the Catholic Health Association of the United States.
For reprint permission, contact Betty Crosby or call (314) 253-3477.