Health Care Enforcement and Compliance Matters Prevention, Compliance, Advocacy

How to Fail as a Compliance Officer

By Frank Sheeder on Posted in Culture

Previous posts cover an organization’s “integrity DNA.” Simply put, integrity DNA:

Is the foundation of all that an organization does;
  • Is visceral and not measurable;
  • Implies that an organization lives out its stated principles; and
  • Obliges board members and senior leaders to promote the proper spirit into the organization and its people.

We have also discussed how compliance professionals can measure their organization’s integrity DNA and act as change agents. Now comes the fun part: addressing the ways in which compliance professionals can fail. Such failures fall into two categories:

  1. Not establishing compliance buy-in before it is needed; and
  2. Losing credibility.

In my view, compliance professionals must establish themselves as leaders, whether formal or informal, in their organizations. If they don’t, they are destined to fail. Here are some ways to botch the effort to become a leader:

  1.  Not establishing relationships in non-crisis situations. Successful compliance professionals don’t sit at their desks all day waiting for the compliance hotline to ring. Instead, they are on their feet and out and about in their organizations. They get to know the key stakeholders well before an issue arises. Ask yourself: Would the key people who could identify a potential compliance issue feel comfortable coming to me with a concern? Or are you so insulated, isolated, or preoccupied with other tasks that you have not built relationships with them? Many compliance issues are brought forward because the person raising the concern already has a trusting relationship with the compliance professional. Are you accessible? Do you eat lunch at your desk or do you make an effort to eat in the company cafeteria with the billing clerks or other key associates who would be in the best position to know about potential non-compliance?
  2. Acting like the sheriff instead of the mayor. Most successful compliance officers who I know try not to act like “compliance police.” Instead, they use powers of persuasion, backed up by accepted corporate culture, core values, mission and vision statements, and (most importantly) facts to accomplish their goals. Compliance officers who simply see it as their job to constantly police the businesspeople are commonly viewed as obstacles, and not valued members of the organization’s leadership team. The ability to build consensus and to be diplomatic is what separates effective compliance professionals from the rest. Leave the policing to the government agencies.
  3.  Failing to recognize trends in your industry segment. Compliance programs only work if they have detailed auditing and monitoring workplans that are developed in advance. If the compliance professional’s activities are not intentional, but rather episodic, outdated, or reactionary, the compliance officer will be accused of bringing little value to the table or engaging in irrelevant inquiries. The way to avoid this criticism is to assess the organization’s most challenging risk areas and to develop auditing and monitoring plans targeted directly at them.
  4. Not planning investigations. One of the most common reactions to potential non-compliance is to call an immediate meeting of a “cast of thousands” of associates who each might know a tiny bit of information that is useful to validate the issue. The better course is for the compliance officer to take a deep breath, and to develop an investigative work plan before taking any investigative steps. This includes such things as: (a) the exact issue to be investigated; (b) who should and should not be on the core investigative team; and (c) whether it is necessary to establish attorney-client privilege. The usual results of not considering and planning in this way are: (a) conducting an investigation that has no direction or endpoint; (b) having the grapevine get ahead of the investigation; and (c) creating unfortunate, partially developed evidence that your counsel will have to defend later. The stakeholders will know a shoddy, ill-planned investigation when they see it and they will hold the compliance professional accountable for it.
  5. Being the “Revenue Prevention Department.” I know of at least one healthcare organization that refers to its compliance professionals as the “Revenue Prevention Department.” That is because they were perceived as being programmed simply to say “no” to every potential activity that raised compliance concerns. Compliance professionals prove their value by saying “no” when appropriate – but simultaneously offering alternatives, or at least the pursuit of solutions through outside resources. If compliance professionals expect to be valued members of the management team, then it is incumbent on them to offer creative (but nonetheless still compliant) approaches when proposals don’t pass muster from a compliance perspective.
  6. Not recognizing stakeholder needs and perspectives. There are many stakeholders involved in most compliance issues: CEOs, CFOs, physicians, other clinicians, the person who brought up the compliance concern, directors, middle managers, etc. Each of them will have different goals and perspectives. Wise compliance professionals take an inventory of the various stakeholders when each new compliance issue arises. They then try to discover the outcome that each stakeholder is seeking. This can often be accomplished simply by asking.
  7. Not accommodating stakeholders. Once compliance professionals identify the stakeholders and their needs, the next step is to try to accommodate them. This does not mean that compliance professionals will cut corners, bend rules, or be fully successful in accommodating all interests. What it does mean is that they will do their best to arrive at outcomes that best take stakeholder needs into account, instead of simply ignoring them.

If a compliance professional manages to establish a leadership position in his or her organization, he or she can nonetheless lose credibility, and therefore become ineffective, quickly. The most common ways of doing so are:

  1. Crying wolf. This is the easiest way to lose credibility. Healthcare compliance issues are complex. When we investigate and analyze them, we often find the organization was, in fact, in compliance. Or we find the original concern was unwarranted, while uncovering two new compliance issues in the process. The best practice is not to draw and share conclusions prematurely. It is preferable to validate whether an issue exists, and to define the issue with some precision before announcing that there is a major problem.
  2. Straying from core competencies. Compliance professionals come from all sorts of backgrounds. While they may have core competencies that prepare them well for their position, they may lack some experience or knowledge necessary to tackle a given compliance issue. For example, an issue might require clinical knowledge, legal research abilities, witness interviewing experience, familiarity with complex reimbursement rules, or a variety of other specialized skills. Compliance professionals should not hesitate to bring in additional internal and external resources when they lack a competency that is necessary to handle a compliance issue professionally, credibly and completely.
  3. Shooting from the hip. Members of the healthcare industry are (usually) smart, well-educated, critical thinkers. They simply don’t take someone’s word for it when it comes to regulatory compliance matters, and they can easily see through another’s bluff. Compliance professionals should be armed with as much backup detail and authorities as possible if they are going to communicate potential non-compliance to other professionals. Communicating a conclusion about non-compliance without doing the necessary homework is a sure-fire way to lose credibility.
  4. Being inflexible. This is related to the stakeholder accommodation issues discussed above. A compliance professional who is simply a “one-trick pony” who always says, “no” will not maintain credibility for very long. Proposing creative solutions and alternatives will show that the compliance professional is not interested in being a perennial naysayer, but that he or she is also interested in the organization’s overall business objectives.
  5. Taking things personally. Compliance is a tough job. It becomes tougher if the compliance professional voluntarily takes on the added burden of being responsible for ensuring compliance across the entire organization, and then considers it to be a personal failure when there is non-compliance. We will talk more about this phenomenon later.

It might be useful for the compliance professional to assess whether he or she is engaging in any of the unsuccessful practices described above. In future posts, we will look at some of the positive things a compliance professional can do to help establish a culture of organizational integrity.

This initially appeared in my Corporate Culture column in the Journal of Health Care Compliance.

  • http://www.blogger.com/profile/05545139513123389154 Brett P Curran

    Frank, you have done a great job of pointing out many of the soft skills that are critical to a CCO being a value added business resource. As I read your post, I was evaluating myself in my former role as a CCO and could relate to each of your points in a very distinct way. Of no fault of my own, I have found myself in the position of looking for a job. I am sure there are many folks in the job market for a compliance officer position with certifications, degree's and experience but how many would have references that would describe them as having the positive traits you described? I think many of these traits come down to personality and social skills so how would a compliance officer develop these abilities if not a natural application of who they already are?

  • http://www.blogger.com/profile/13078496696959251029 Corporate Integrity

    Great article. It falls inline with much of my research in 2010 trends in compliance. I am finding that many compliance organizations are being challenged to move away from being the corporate cop (the sheriff) and take on a central role in establishing culture around integrity, ethics, and social responsibility. This role also extends to monitoring culture and integrity across supply-chain and vendor relationships. Much more strategic.

  • Timothy

    Frank,Excellent article. This could have just as easily been written about Financial Services (i.e. Banking, Capital Markets, Investment Advisory, Brokerage, Insurance, etc.) Compliance, and is certainly just as applicable in those areas.Thanks for posting it. It was "spot-on."Regards, Timothy Keeton, CRCMP

  • http://www.blogger.com/profile/13304781429025726656 Clay Stribling, JD, CHC

    Nicely done, Frank.As for the role of the CO as either Sheriff or Mayor, I think about this issue a great deal, and work with my clients constantly regarding how to position the CO. One client has always indicated to me that he wants the CO to be an investigative reporter, and nothing more. Take the story, investigate it to get the facts, and report the findings. I sincerely understand this position, because they are trying to avoid having the CO be the Sheriff. However, viewing the CO as a reporter does significant injustice to the non-investigative elements of the position. I think using the example of Mayor might be a helpful illustration for them.

  • http://www.blogger.com/profile/15929584332763180582 Jim Downing

    Great article! I think it applies to CCO's across all industries. I look forward to future posts.

  • http://www.blogger.com/profile/15876160375319855910 Sonia

    Excellent article, and the points have been brought out well. Actually, the same applies to all risk managers and not just compliance officers. Being in touch with the people is the key for business success. Having an open door policy where the employees can approach the risk manager to obtain opinion before it becomes a full blown risk, is the measurement of success.Soniahttp://soniajaspal.wordpress.com/