1. BOARD COMMITMENT. A critical fiduciary responsibility of the Board of Directors of health care and life sciences companies is commitment to, and ongoing oversight of, the corporate compliance program. Boards must formally recognize this commitment to corporate compliance through a Board resolution and continue to allocate appropriate corporate resources to support the corporate compliance program.
  2. LEADERSHIP & TONE AT THE TOP. Great leaders understand the critical importance of corporate compliance, have the strength to do the right thing in the face of adversity, inspire others to operate in an ethical manner, and make hard decisions. Great leaders also set the tone for the organization by being models who practice what they preach, uninfluenced by personal gain. Leadership support of the corporate compliance program must be visible, strong and reiterated frequently.
  3. RESOURCES. Without the necessary resources – including staff and budget – it is a significant challenge to build, implement and maintain an effective corporate compliance program. Although the size of the corporate compliance program will vary by company based on a number of factors, including the company’s size, structure, operations and product portfolio, the level of resources available must be sufficient to support this infrastructure and adjust to address company and industry changes.
  4. COMPLIANCE INFRASTRUCTURE. It is critical for the Compliance Officer to have a prominent position in the company with direct, unfettered access to all members of the company’s leadership team and Board of Directors. The Compliance Officer also must be supported by a Compliance Committee (or similar structure) that is designed to assist the Compliance Officer in the operation of the corporate compliance program on a day-to-day basis.
  5. GLOBAL INTEGRATION. In today’s global market, global organizations must consider an integrated compliance infrastructure that includes compliance resources throughout the organization. This allows the company to maintain centralization of critical activities, while still allowing for customization to address local rules, practices and traditions.
  6. RISK ASSESSMENT. A critical component of implementing and maintaining an effective corporate compliance program is understanding business functions, product portfolio and service offerings to identify potential risk areas. Risk assessments can assist the company in prioritizing compliance activities and allocating resources efficiently and effectively.
  7. OPEN LINES OF COMMUNICATION. Employees, agents, vendors and others must know that they are able to report a compliance concern and have confidence that the company will address the report effectively. Any act of retaliation and retribution for a compliance concern reported in good faith must not be tolerated by the company.
  8. COMPLIANCE STANDARDS & CONTROLS. In addition to a corporate code of conduct that addresses health regulatory requirements, companies must develop a wide range of user-friendly compliance policies, procedures, forms and checklists. These documents must be designed to clearly establish the rules for conducting business activities and the processes that must be followed for each activity.
  9. TRAINING. Compliance training must be timely, effective and conducted regularly. It is critical to train the correct people on relevant topics in an appropriate format, test these individuals to ensure understanding, and maintain appropriate records of all training activities.
  10. INVESTIGATE & CORRECT. Conducting an efficient and effective internal investigation is a challenge for many companies. When a potential compliance concern is identified, the internal investigation must be designed and conducted in order to determine whether a compliance violation occurred and the root cause of the violation. The company also must take swift corrective action to address the current compliance violation and prevent similar future misconduct.
  11. MONITOR. An effective corporate compliance program does not simply wait for potential compliance concerns to be brought to its attention, but also uses auditing and monitoring to proactively identify potential issues and program weaknesses. Findings from auditing and monitoring must be used to update and inform other aspects of the corporate compliance program, including compliance standards and training.
  12. BUSINESS PARTNERS. Because a company may be responsible for the misconduct of its business partner, contractor, third-party intermediary or other agent, an effective corporate compliance program ensures that robust due diligence of new business partners is conducted. Additionally, effective internal controls relevant to business partners must be established and compliance training provided. Audit rights should be exercised regularly.
  13. BACKGROUND CHECKS. Background checks of employees and business partners must be conducted prior to entering into a new relationship, as well as on a regular basis thereafter. It also is critical to require employees and business partners to notify the company of a debarment, exclusion, suspension or other criminal activity that impacts the relationship.
  14. CERTIFICATIONS. Compliance officers provide external certifications related to the corporate compliance program for a variety of reasons. Compliance officers must establish robust processes to evaluate relevant information and data related to the certification and conduct follow-up prior to submitting any certification. Compliance officers also should consider whether downstream certifications from company management, employees and/or business partners are appropriate to establish compliance oversight and accountability.
  15. BRANDING. In the same way that the company and its products or services are each branded, the corporate compliance program should have its own branding that is memorable and meaningful. This branding should be used consistently and broadly to remind company employees and others about the program and its purpose.
  16. BUSINESS INTEGRATION & COLLABORATION. An effective corporate compliance program will include methods to integrate into business activities to provide compliance personnel with a deeper knowledge of business activities, processes and systems. In addition to the better design of compliance standards and controls, employees and vendors are more likely to view compliance as a routine part of the business rather than a department to fear. It also is critical to foster a collaborative working relationship with departments essential to the success of the corporate compliance program, including Legal, Human Resources and Internal Audit.
  17. CONNECT WITH FIELD EMPLOYEES. Findings ways to connect and interact with field employees is a particular challenge of corporate compliance departments. An effective corporate compliance program will include a variety of mechanisms to reach these employees specifically, such as live compliance presentations at meetings and compliance “champion” or “ambassador” programs.
  18. EXTERNAL REVIEW. Companies should consider hiring a third-party to conduct an assessment of the corporate compliance program from time to time. These third-party assessments can provide the company with a fresh perspective on the state of its corporate compliance program, including recommendations for improvement based on better industry practices and trends.
  19. BOOKS AND RECORDS. Documentation related to the corporate compliance program must be maintained in an organized, easily accessible manner that reflects the circumstances in which it was created and used. This includes processes for version control, privilege, and maintenance of historical documents.
  20. REASSESS & IMPROVE. A corporate compliance program must be dynamic to respond to regulatory changes, address new risk areas, and incorporate better industry practices. In other words, the work is never done.