Blog Post

What Compliance Officers Should Do When DOJ or OIG Enforcement Is Imminent

Richard P. Kusserow | January 2022

What Organizations Should Expect
What Steps to Take Before Settlement

When organizations become aware they are the subject of an impending enforcement action by the Department of Justice (DOJ), there is normally a long lead time before the matter is settled, including further action by the Department of Health and Human Services (HHS) Office of Inspector General (OIG) that may result in a Corporate Integrity Agreement (CIA). While legal counsel leads the effort to resolve the issues, the Compliance Officer should not just “stand and wait.” Failing to take prompt action could be a costly mistake. The question is what can be done while legal counsel negotiates the terms to resolve the pending issues. 

Often, the consequences of what could be included in the CIA may not be fully appreciated. The Compliance Officer should educate management and the board as far in advance of a settlement as possible on what to expect from an impending CIA and begin taking steps to meet the upcoming challenges. A multi-year CIA may prove to be more costly for the organization than the financial penalties imposed by the DOJ. The CIA may also include required actions by board members and senior executives.

If a CIA requires engaging an Independent Review Organization (IRO) to monitor compliance, selecting the right IRO will be very important. In addition, if the DOJ or OIG finds there was inadequate support by executive leadership, the CIA may require senior executives and board members to personally attest and certify, under penalty of law, to the effective operation of the compliance program. This trend has been part of a movement to hold governing board members more accountable for compliance program oversight. Many CIAs require the board to engage an independent Compliance Expert to create a compliance review work plan, perform the program review, and provide a Compliance Program Review Report describing the review performed, findings, recommendations for program improvement, and actions taken.

What To Do

  1. Review the DOJ’s “Evaluation of Compliance Program Effectiveness Guidelines” used by prosecutors to determine any mitigating or aggravating factors related to the identified violations. This will help understand how an organization’s compliance program would be viewed and suggest actions for the compliance officer. 
  2. Take steps to shore up the compliance program and generate independent and credible evidence of the program being robust and effective in preventing future wrongdoing. This will help legal counsel negotiate terms and conditions. It may also reduce penalties and avoid having added requirements for executive and board member attestations and engaging a Board Expert.
  3. Since the DOJ and OIG will not be open to any evidence that is not independent, high priority should be given to having an Independent Compliance Program Evaluation by a recognized and credible expert. The resulting report should provide evidence of program strengths and identify weaknesses and areas of opportunities for improvement. This will provide time to take corrective actions to address any weaknesses and present those actions to the executive leadership, Board, and legal counsel negotiating a settlement. It also keeps the whole effort under the direction of the compliance officer, who can take credit for the identified strengths in the program and address any findings.
  4. Seek candidates to be the IRO months in advance of signing a CIA to find the right party and avoid rushing into a decision based on the 90-day time frame imposed by most CIAs. The wrong IRO selection could prove to be a multi-year mistake. Potential IROs should have extensive previous experience doing this kind of work with a credible track record with the OIG. The added search time will also permit checking references about how well the IRO previously served in this capacity with other organizations.
  5. If negotiations with the government suggest that there will be certification mandates and a requirement for the board to engage an outside Compliance Expert, it is important to begin searching for parties with considerable experience doing this kind of work. Using people inexperienced in compliance is very risky. The more experience they have doing this kind of work under a CIA, the better. As such, it is advisable to find experts who have been engaged by entities under CIAs on multiple occasions. This also permits reference checking with these other organizations.

For more information on this topic, contact Richard Kusserow at [email protected]

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 3,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog