As seen in the May issue of the Cincinnati Bar Association Report.
We’ve all heard that adage, “An ounce of prevention is worth a pound of cure.” When it comes to corporate governance, compliance, and ethics programs, this could never be more true. The current government budget crisis has legislators scrambling to find dollars. Since much of the government’s budget is fixed, e.g. entitlement programs, the push is on to cut discretionary spending. Another avenue for “saving” taxpayer dollars is to ferret out “fraud, waste, and abuse”. The rationale for ratcheting up enforcement actions for fraud and regulatory violations is simple. It brings in dollars. The current climate for stricter enforcement and more severe punishment for white collar crime, especially as it affects federal programs, is made evident in recent hearings held by the Senate Judiciary Committee. The opening remarks of Chairman Leahy are an example.
“In addition to recovering billions of dollars in penalties and fines, the Department of Justice must continue to focus on holding individuals accountable for their fraud crimes. The Fraud Enforcement and Recovery Act and the other key anti-fraud provisions passed in the last Congress sought also to ensure that those who commit fraud go to prison” … “(f)ines and monetary penalties alone fall short in protecting the public. Too often, those who are willing to commit fraud view monetary penalties as just the cost of doing business. This focus on ensuring real prison sentences must continue.”1 This sentiment was echoed from the other side of the aisle by Senator Grassley. “If potential fraudsters view the lenient sentences now being handed down as merely a cost of doing business, efforts to combat criminal fraud could be undermined.”2 These comments set the stage for a more severe enforcement environment as we move forward.
In addition, the opportunity for scrutiny by enforcement and regulatory agencies has increased. Recent legislation has strengthened the incentives for whistleblowers to report allegations of misconduct while providing protections from retaliation by employers who may be adversely affected by their claims.3 The Dodd-Frank Wall Street Reform and Consumer Protection Act goes even farther, providing a handsome reward of between 10 and 30 percent of the monetary recovery in successful securities fraud lawsuits against public companies.4 Protecting and encouraging whistle-blowing is not limited to Wall Street. The FDA Food Safety Modernization Act5 is a recent example of legislation that has added whistleblower protection provisions to the food industry as well.
Not surprisingly, whistle-blower initiated lawsuits are on the rise.6 But according to Sen. Grassley, these monetary recoveries, while impressive, are not enough. “The False Claims Act's qui tam whistleblower provisions have been among the most successful elements of the Act. This year alone, the Department (of Justice) brought in $3 billion in recoveries under the False Claims Act, with $2.5 billion from health care fraud cases alone. Of the $3 billion in recoveries, nearly $2.4 billion was the result of cases filed by qui tam whistleblowers who courageously came forward and risked their livelihoods to bring fraudsters to justice. While this civil recovery is a great victory in the fight against fraud, it represents a small fraction of the actual estimated fraud in federal health care programs.” …I've been concerned that settlements under the False Claims Act are simply becoming the cost of doing business for these large corporate fraudsters.”7
This tough talk will resonate with cash strapped enforcement agencies always looking to foster their image with Congress. Corporate fraud aside, regulatory violations are also matters of concern. A business owner or executive should be mindful that failure to comply with the many regulations with which they are confronted on a daily basis is a misstep that could become costly.
How costly? In one notable example, Cignet Health Center, a Maryland company, was fined 3.4 million dollars by HHS for its violation of HIPAA regulations regarding patient access to medical files. $1.4 million dollars of the fine was based on the actual violations. The balance of the fine, $3 million, was based on Cignet’s failure to co-operate with the government’s investigation.8 In another instance, Massachusetts General Hospital reached a settlement in which it paid HHS 1 million dollars based on a work-at-home employee losing patient files on a subway while in transit to the hospital.
There is good news however, as business organizations attempt to negotiate the regulatory minefield. Compliance and Ethics plans, well designed and properly implemented, go a long way towards avoiding costly regulatory sanctions. In the Mass General case the agency found the hospital didn’t have sufficient standards in place for safeguarding patient records. In addition to the monetary penalty, the hospital was required to institute stricter compliance standards as part of a three year action plan designed to protect patient records.9 Both the Federal Sentencing Guidelines and their civil counterparts, the Sarbanes–Oxley and Dodd-Frank Legislative schemes, provide incentives for prior implementation of effective compliance plans by significantly reducing the penalties attached to business activity that runs afoul of the rules. The key word here is prior. Credit is greater for those companies with the character and foresight to foster a culture of compliance before they realized they might have regulatory issues. Now is the time to review and revise those plans so that when a dispute with the federal government arises, your corporate house is in good order. An ounce of prevention now, might not taste good. But it won’t be as bitter as the proverbial pound of cure that may have to be swallowed later.