2/12/2016
Observations of a Chief
Compliance Officer
Elaine Anderson, CPA, Former SVP and Chief Compliance Officer, Texas Health
Resources (retired January 2016)
What is the path to becoming a Chief
Compliance Officer?
There is no one path
My winding path……
1975: CPA – auditor in large firm, then worked in a small firm doing all types of public
accounting work
1980: Tax professional, work with all types of entities with a focus on nonprofit
healthcare systems
1991: Went to work for largest client- Harris Methodist Health System
1991 – 1997: Widened responsibilities to include other regulatory areas….Medicare,
regulatory compliance for health plan, Stark, etc. Willingness to take on new areas.
Self-educate…always be prepared.
1998: Designated first official compliance officer for Texas Health Resources (newly
merged healthcare system). Developed and implemented formal business ethics and
compliance program. Added Privacy after HIPAA enacted.
2016 – Retired in January
1
2/12/2016
A few words about the current State of
Compliance….and Chief Compliance
Officers
Compliance roles have evolved over the past 20 years…still rapidly evolving
Compliance programs are recognized as “must have”, but much variation in
approach and activities
Growing need for compliance officer to be a strategic partner….difficult to
determine “how” to do this efficiently and effectively
Boards want better information to identify and manage risks
Compliance risks are expanding and escalating
Enforcement is escalating
Increasing responsibilities in a complex and dynamic environment
Growing need for wider variety of compliance staff and expertise
As always……Budgets are tight
Increasing prosecution rates impact
Big Picture….what does it take?
Some who:
Isn’t intimidated by a BIG “to do” list
Continually adds to the list….constant re-prioritization is a reality.
Is comfortable with chaos, but organized
Is willing to run toward to issue, not away from it.
Has a love for reading and interpreting law and regulations
Can trust his or her gut using knowledge and judgement to make the best
decision possible based on what is known at the time
2
2/12/2016
Challenges for Chief Compliance
Officers
Role barely existed a decade ago….still evolving
Wide array of compliance risks and activities…..almost anything can become a
“compliance issue”
Boards want to know they have an “effective” compliance program....but what
does that mean?
CCOs want to give the board confidence, but also know there is no “silver
bullet” to eliminate risk
Title “chief” must mean an enterprise-wide focus with close integration to
business operations….how to do this?
Increased personal accountability/potential liability for the CCO and boards
Recruitment of qualified staff with necessary expertise and “interpersonal” skills
A few “Must Haves”
Strong support of the CEO and Board…tone from the top
Strong organizational commitment to business ethics and compliance….culture
Visibility and stature within the organization
Close relationship, trust and respect of senior leaders and middle management
Approachable and collaborative/team player
Integration into key business functions....especially “high risk” activities. Skills
must be embedded in these areas
Leverage expertise and talent wherever it resides in the organization
Understand organization’s strategy and key initiatives to identify risks that go
beyond traditional focus of compliance
Enterprise-wide approach……embed compliance/ethics culture in every
department
3
2/12/2016
More “Must Haves”
Authority to reveal issues
Empowered to disclose and cooperate with government agencies
Close relationship with general counsel….but, not subordinate to GC
Physician champions…..you need their buy-in. Listen to them.
Continuous learning……learn from other compliance officers and
programs……there is no magic recipe
Important Personal Attributes
Thirst for knowledge- inquisitive
Able to multi-task
Facilitate change
Strong proactive leadership skills and business savvy
Approachable – collegial, cooperative, but skeptical
Integrity and respect (goes both ways)
Managerial courage
Patience and critical thinking……underreact rather than overreact
Good listening skills…put yourself in the shoes of the employees
Collaborative……looking for “win-win” solutions when possible
Fair and consistent approach….no double standards
Sound judgement
Fact based, sound decision-making. Always do homework.
Quest for excellence and continuous improvement philosophy
Strong work ethic and willingness to “jump in”
4
2/12/2016
Build Credibility
Be patient……..it takes time to gain trust and build credibility
Be prepared. Always do your homework before a meeting
Be obsessed with failure…..i.e. adopt a philosophy that failure is not an option
Be “high reliability”….all the time. People will notice.
Be prompt
Be perceptive
Be professional at all times
Be positive
Be concise and articulate complex topics in an understandable way. Know
your audience
Be Genuine…even though it may be
risky
Know your strengths, limitations and emotions
Demonstrate consistent behavior on a daily basis
Add value
Don’t hide mistakes or weaknesses
Don’t be afraid to say “I don’t know”…..but go find the answer
Don’t pretend
Express thoughts in a manner that is focused and controlled
Remedy situations professionally
Others will follow a “genuine” person
5
2/12/2016
Compliance is a team sport
Open door policies and approach….every employee should be encouraged to
feel they are a part of the compliance team
Encourage employees to discuss concerns or problems with management, but
know that some will be more comfortable talking to the CCO….or remaining
anonymous
A well publicized non-retaliation policy is crucial…..but do employees believe it?
Shed the “Big Brother” viewpoint
Learn the business
Expand and leverage knowledge
Be a joiner
Show your sense of humor
Take on big projects that involve multi-disciplinary approach
A few “Don’ts”
Don’t jump to conclusions
Don’t panic…..take a deep breath and get the facts
Don’t talk too much. Listen even if you think you know the facts
Don’t assume anything……..it’s dangerous
Don’t procrastinate in addressing an unpleasant situation…it won’t go away
Don’t trust that something is fixed just because you talked about the problem
Don’t get emotional….stay calm and professional even if you are frustrated
Don’t ignore something you know needs attention. It will come back to haunt you
Don’t waffle based on “who” is involved. Always do the right thing.
Don’t accept mediocre work….and don’t do mediocre work. Your staff is watching
Don’t hesitate to “roll your sleeves up” and help staff when they need you
6
2/12/2016
Avoid “Back End” Compliance
It is not enough to focus compliance on auditing to find compliance issues
Traditional focus and reports on training statistics, hotline, investigations, list
of risks, etc. won’t cut it
Promulgation of policies is necessary but usually not necessarily proactive
Don’t save the “hard stuff” for later
Don’t waiting to see what “everyone else does”
Policeman approach won’t work
Looking for someone to “blame” erodes trust
Move to a Front End Focus
Pay attention to culture surveys…….emphasize culture always.
Prioritize. You can’t do everything. Don’t be afraid to change the program and revise the
focus from year-to-year
Ask to be included in meetings that focus on new initiatives…don’t be shy about this.
But……time is precious.
Ask for access to materials and presentations provided to executive leaders regarding
strategies and new initiatives if you can’t be there in person.
Look ahead for emerging issues….don’t be afraid to tackle new areas even if the industry
hasn’t gone there yet.
Ask for standing meetings with leaders of “high risk areas” to stay updated and involved.
Reach out….don’t wait for leaders to come to you. Ask a ton of questions every chance
you get.
Don’t jump to a “no” conclusion without facts, thorough and thoughtful research
Use data analysis, insights from past problems
7
2/12/2016
Boost Efficiency and Effectiveness
Budget are tight…..must leverage resources and boost efficiency
Focus on three core compliance areas
Risk identification and assessment – some organizations have multiple risk
assessments. Try to integrate and eliminate redundancy.
Compliance monitoring and testing – improved monitoring can improve the
focus of the organization to those areas with most risk.
Technology solutions – data analysis will help focus on areas with most risk
Leverage resources – look for opportunities to embed expertise in the
highest risk areas.
DOJ’s view of Compliance Programs
Criminal division of DOJ will be more active in False Claim Act investigations in the future
All new FCA qui tam complaints will be shared by the Civil Division with the Criminal Division
Asst. AG appealed to relator’s counsel to reach out to criminal prosecutors when shopping a
case
A financial resolution may not be the only consequence of future cases
Characteristics DOJ will look for
Tone and commitment from the top – how top leaders behave and react to compliance
issues. How they reinforce compliance with employees. What incentives are in place.
Written policies, visible code of conduct
Proper oversight and independence- authority to report directly to the board, sufficient
resources and stature
Training and guidance – senior leaders should help communicate key messages
Periodic risk-based reviews and auditing
Effective internal reporting – multiple mechanisms
Oversight of third-party relationships
Internal investigation and disclosure – timely, quality, documented
Enforcement and discipline – equal for all staff levels….no matter what level
8
2/12/2016
CCO – Year 2025
(PWC 2014 “State of Compliance Survey)
Survey suggests Chief Compliance Officers have a bright future
Hyper-regulation is a top threat to business growth
Business ethics and compliance will be front and center
Public intolerance
Past corporate scandals
Enabled technology such as big data analytics and social media
Corporate reputation is at stake
Pace of change requires taking smarter “risk”…more complex
CCO will be a permanent member of leadership team…sought out
Closer to the front end of strategy setting….more focused on strategic risks
Roles of CCO – 2025
(PWC “State of Compliance 2014 Survey)
Strategic enabler – help make strategic planning as foolproof as possible
Business partner – Enterprise-wide focus integrated into operations. Leaders will
know the CCO enables the durability of their projects.
Efficient operator – Enables synergies across functional areas. Compliance
team members work closely with functional areas.
Information source – Leverage innovative tools to analyze risk data.
Conscience – Keenly aware of responsibility to prevent the organization’s
people from getting on the wrong side of stakeholders. Proactively
communicate strategic importance of good business ethics.
Do today’s CCOs have the right blend of strategic thinking and risk management
skills to fill these roles?
9
2/12/2016
Exciting times are ahead!!
No better time for a career in compliance
If you are an inquisitive “techy” with the needed personal attributes and
ambition…there is much opportunity
Success will require a strong work ethic…..a compliance career is not an 8-5
job
Healthcare is going through dynamic change…. be willing and able to
manage change.
Be perceptive of future needs. Always look ahead……embrace
change….lead…..recalibrate.
What you did last year will not suffice next year.
I wish I was a cat with multiple lives…….I would love to do it all over again!!
10