Legal requirements are of concern to compliance personnel. But “compliance” as a mantra does not end there. Instead, fraud prevention only begins with legal prohibitions.

Stated differently, “compliance” is not a destination. Rather, it is a goal that will evolve as business necessities and circumstances change. Simply put, compliance is a mindset consisting of a holistic and thoughtful approach, created to include methods to pressure-test the design, in order to ultimately eliminate fraud.

The Laws that Regulate Corporate Compliance

There are a number of laws that seek to improve the culture of corporate compliance. These include the False Claims Act (FCA) and the anti-kickback law. The False Claims Act[i] makes it illegal to knowingly presenting a false or fraudulent claim for payment; liability can result in a civil penalty calculated on a per-claim basis plus three times the damages sustained by the government.

“Knowing” is broadly defined and a knowing violation includes illegal acts for products that are reimbursed by a federal health care program. The FCA also allows “relators” – basically private whistleblowing citizens – to sue on behalf of the government and keep a portion of the monies recovered.

Under the anti-kickback law,[ii] it is illegal to offer to pay to induce a person to purchase or order any item or service for which payment may be made under a federal health care program, or recommend purchasing or ordering such an item or service. Importantly, a person need not have actual knowledge of the statute or a specific intent to violate it. Violations are considered to be “federal healthcare fraud offenses” and are punishable by prison terms, fines, civil penalties – and exclusion from participation in federal health care programs.

Other statutes are more specific concerning the conduct they seek to outlaw, or regarding the industries at which they are directed. With respect to the former, the Foreign Corrupt Practices Act,[iii] for example, criminalizes bribery directed at foreign officials in order to gain a business advantage. As an example of the latter, the federal Food Drug and Cosmetic Act[iv] provides that it is illegal to introduce a misbranded drug into interstate commerce; false or misleading labels, or inadequate warnings or directions, constitute misbranding.

There also exist a variety of other federal and state laws, regulations and guidance documents; these can be specific to various industries but, in any case, they are too voluminous to list in their entirety.

The Consequences of Inadequate Corporate Compliance

The failure to maintain an adequate compliance program is significant. Companies and their responsible corporate officers – i.e., owners, officers and managers – face liability for engaging in fraud. That liability can be criminal, civil or both. In the criminal sense, the consequences can involve substantial fines as well as individual jail time. Civil liability includes penalties and debarment (or exclusion) from participation in government programs – a personal “career killer” that can also make it difficult for businesses to survive.

By way of example, a major corporation recently announced a settlement requiring it to pay over $3 billion to resolve civil and criminal for illegal marketing techniques. Another recent example is a company that paid more than $2 million to resolve allegations concerning kickbacks to physicians, to ensure that they used certain medical devices, in violation of the FCA.

In addition to prison and penalties, settlements are fraught with other concerns. In some cases, criminal prosecution is deferred so that the government can assess compliance efforts and revisit its decision not to prosecute. Additionally, the government often uses a “corporate integrity agreement,” which exponentially increases the requisite corporate compliance efforts – such as firing officials and answering to an independent compliance board.

If these issues were not concern enough, the government has itself been criticized from within for not utilizing its powers of suspension and debarment. Although the funds recovered have markedly increased – e.g., the Department of Health and Human Services reported that its recoveries doubled between 2006 and 2010 – the budget pressures facing federal and state governments promise more scrutiny.

Creating a Corporate Compliance Program

The overarching goal in creating a compliance program is to improve the internal enforcement of compliance measures and, ultimately, the results. In some respects, good corporate compliance starts with a program that can include the following:

• Creation a business code of conduct with written policies or standard operating procedures.

• Appointment of a compliance officer/committee.

• Institution of mandatory training.

• Enforcement of compliance accountability via performance evaluations.

• Maintenance of constant interaction between compliance staff and sales and marketing personnel.

• Beginning of a process of random internal audits; studies show that the audit threat keeps employees in compliance.

• Establishment of an internal disclosure program that, for publicly traded companies, has an even greater significance given the Securities and Exchange Commission’s “whistleblower rewards” program.

A compliance program is not, however, a matter of simply instituting policies or circulating a “plan.” Everyone in the organization should have an incentive to comply, and any financial incentives to the contrary should be thoroughly reviewed.

Moreover, a comprehensive compliance program must address particular problem areas confronting an industry. These can include proper oversight of grant proposals, product labeling, conference presentations, promotional materials and those items that can, or cannot, be circulated in the sales and promotion context.

Every compliance program requires testing and auditing to ensure its continued viability. Data should be generated to allow compliance personnel to set priorities and identify problem areas. Perhaps more importantly, the compliance team needs to seek out information and immediately deal with adverse results. Finally, no review of compliance would be complete without mentioning the consideration that should be given to occasionally auditing the auditors.

The Benefits of a Robust Corporate Compliance Program

Fraud exists in many shapes and sizes and, as a result, compliance is not a one-size-fits-all proposition. With the enormous potential for penalties, prison and debarment, only those savvy compliance personnel will reap the benefits of their efforts. Stated differently, the only pertinent question is whether corporations can afford not to focus on compliance.