The role of the Board in providing oversight of compliance programs is growing. The Department of Health and Human Services (DHHS) Office of Inspector General (OIG) has consistently emphasized that effective compliance programs should be a top-down effort beginning at the Board level. Most recently, the OIG and the American Health Lawyers Association released a joint publication titled “Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors.” The trend of increasing Board oversight was underscored for publicly traded companies in the Sarbanes-Oxley Act. Under the Affordable Care Act, CMS will develop mandatory compliance requirements. It is reasonable to expect that CMS will:
- Increase exposure/liability for boards failing to uphold fiduciary duties and obligations;
- Shift towards a more robust role for Independent Directors; and
- Expect Independent Directors assigned compliance oversight to possess knowledge and expertise with compliance matters.
Traditionally, outside directors were the primary watchdogs of any board. Outside directors, rather than directors from the management of the enterprise, were charged with control of the audit, compliance, and compensation committees. Over the last ten years, there has been a shift to make outside directors even more independent and accountable. An Independent Director should not be affiliated with the organization as an adviser, auditor or consultant; have personal services contract(s) with the organization; or be affiliated with a significant customer or supplier. Independence is also impaired if a Board member’s immediate family member has any of the previously noted affiliations.
Taking a page from the Sarbanes Oxley Act, which calls for financial literacy on Board Audit Committees, it is likely that something similar will be expected of board committees overseeing compliance programs. This would require that at least one member of the committee have intimate knowledge of compliance. In short, the board members on compliance committees should have the requisite knowledge and skills to be able to critically evaluate the information relating to these areas. Many enterprises are already revamping their board charters and enlisting members who are not only outside of current management but also meet the standards of independence.
Three Tips for Boards
- Review the Board charter and committees policies to determine whether current compliance oversight by the Board properly addresses corporate compliance. This would include reviewing the policies and procedures for the oversight committee to ensure it establishes adequately roles, responsibilities, membership and frequency of meetings.
- It is advisable to examine whether Board members with oversight responsibility for the compliance program have the prerequisites to do the job properly. Qualified persons could be compliance consultants; individuals who currently or previously serve as a compliance officer; former OIG executives who had oversight responsibility for compliance; etc.
- If not already done, it is advisable for Compliance Officers to educate and train senior management and Board oversight committees on their fiduciary obligations.