This is the second blog in a series regarding the Deputy Attorney General Sally Yates’ memorandum (“Yates Memo”), which emphasizes the DOJ’s stepped-up efforts to hold corporate executives individually accountable for corporate misdeeds. The legal community has been speculating about the significance of the Yates Memo and its impact on the legal field. There has, however, been little discussion as to how the Yates Memo affects Compliance Officers and what Compliance Officers should do in response to the DOJ attorneys’ new direction.
Healthcare Implications of Yates Memo
The stated goal of the Yates Memo is “seeking accountability from the individuals who perpetrated the wrongdoing,” because “it deters future illegal activity, it incentivizes changes in corporate behavior, it ensures that the proper parties are held responsible for their actions, and it promotes the public’s confidence in our justice system.” In recent years, DOJ attorneys prosecuting corporations sought enhanced fines and penalties that gave a great return on relatively little investment of the attorneys’ time and effort. As a result, attorneys focused on seeking financial settlements with corporations, often leaving culpable individuals largely untouched. The Yates Memo calls to stop resolving corporate cases that release individuals from personal liability, absent extraordinary circumstances. Now, DOJ attorneys are to first resolve cases against individuals in possible misconduct for civil and criminal violations before resolving corporate cases. For that reason, healthcare executive officers’ and board members’ personal liability risks have increased greatly. They can no longer expect to avoid personal liability by hiding behind their organizations’ settlements with the DOJ and OIG. The added exposure could result not only from willful misconduct, but also from allowing the wrongful conduct to happen through willful neglect. This shift is a game changer for Compliance Officers.
Notably, the HHS OIG has followed a direction similar to the DOJ through the Responsible Corporate Officer Doctrine. The OIG has also published several papers with the American Health Lawyers Association (AHLA) that call for increased accountability of senior executives and board members to ensure compliance with applicable laws and regulations. The OIG notes its authority to impose exclusion upon individuals who fail to meet their fiduciary obligations in preventing violations of law and regulations. Taken together, the DOJ and OIG pronouncements provide a very strong message to senior management and boards about their personal liability not only for wrongful acts, but also for permitting these acts to occur through willful ignorance or neglect.
The best line of defense for senior management and board members is a robust compliance program that allows them to provide adequate oversight and support. By actively assisting in building an effective compliance program, they not only reduce the likelihood of wrongful behavior, but can also demonstrate that they were “not asleep at the switch.” The more actively they support compliance efforts, the less personal risk they face. This is a golden opportunity for many Compliance Officers who have not enjoyed strong executive and/or board support to seek it now.
Yates Memorandum: Tips and Suggestions for Compliance Officers
- Ensure that senior management and board members understand personal liability exposure.
- Clarify that the best way to prevent and mitigate personal liability and risks is to support a robust compliance program.
- Enlist active management and board involvement in compliance oversight committees.
- Establish an ongoing briefing program for the board on its duties and obligations.
- Maintain documentary evidence showing that leaders are engaged in processes aimed at compliance.
- Call for increased vigilance and corporate reinforcement of compliance programs.
- Ensure that employee compliance training addresses applicable laws and regulations.
- Encourage the reporting of suspected wrongdoing by multiple means, including a hotline.
- Review adequacy of policies/procedures for the compliance program management.
- Implement operational compliance related policies including compliance training, sanction screening, compliance communication, conducting internal investigations, protocols with legal counsel, disclosure to third parties, responding to enforcement agencies, etc.
- Promptly report any potential wrongdoing to senior management and legal counsel.
- Be prepared to promptly investigate issues of potential non-compliance.
- Train individuals on how to promptly and thoroughly investigate suspected wrongdoing.
- Evidence ongoing auditing and monitoring of high-risk compliance areas.
- Develop annual compliance work plans with due dates to evidence active compliance efforts.
- For any evidence of violation of laws, ensure active early involvement of properly qualified attorneys who are available to direct the investigation.
- Be able to show compliance program effectiveness that will reduce the likelihood of violations of laws and regulations.
- Use a validated knowledge survey to evidence employee understanding of the compliance program.
- Use qualified and respected experts to periodically conduct independent compliance program assessments to show that resources, priorities, and activities that prevent risks of enforcement action are present.