Compliance Perspectives

By Adam Turteltaub Melanie Fontes Rainer recently marked the completion of her second year leading the Office for Civil Rights at HHS. In this podcast she shared some of the accomplishments over this time as well as what the health care community can expect next. She recounts the six rules that have been issued, ranging from reproductive rights to Section 1557 of the Affordable Care Act, which covers nondiscrimination and is inclusive of sex, race, disability, national origin, religion and color. Also of note have been activities designed to ensure access to documents in languages other than English. She also shares what OCR has been doing to engage with the provider community through in-person meetings, webinars, YouTube videos and resources on their site. Looking to the future, the Director warns that health care providers are likely to continue to be attractive targets for data breaches and ransomware attacks. She advises covered entities to do what they can to make themselves less attractive by having a risk plan and implementing it. Listen in to learn more about what OCR has been and will be doing.

By Adam Turteltaub There isn't one way to handle conflicts of interest. Much depends on the research the organization is doing, its history and other systems. Hilary Kitson, Research Compliance Business Partner at Saint Luke's Health System, reports that typically the starting point is Title 42 PART 50 Subpart F in the Code of Federal Regulations. It lays out time points when disclosures are necessary: Annually When discovering or acquiring a new financial conflict of interest (COI) At the time of application for PHS-Funded research Disclosures aren't enough, though. There needs to be investigators and a review committee who are competent to examine potential conflicts and are sensitive to the confidentiality of the information involved. And what if there is a conflict? She advises involving regulatory and other professionals who can help develop a management plan, if one is necessary. Listen in to learn more about the very complex issue of conflicts of interest in research.

By Adam Turteltaub Here's a terrifying thing I just learned: the average ecommerce website has 66 third-party tags on the page. That's according to our podcast guest, Rui Ribeiro, CEO of Jscrambler. The tags, pixels and scripts control everything from the video to payment processing to the consent wall to the chat function. And, guess what: they may all be collecting user data, and, quite possibly, more data than they should. So what's a compliance officer to do, other than lose sleep over the issue? First, make sure there's an inventory on all those tags, pixels and pieces of JavaScript running on your site and what data they are collecting. While you're doing it, don't just ask what's being run at HQ. There may be regional variations. Next, spend time with all the departments that touch the site to see what they truly need and that data isn't being accessed without good reason. Then change your thinking around GDPR. It's not about just getting consent to collect data, it's time to use it as a warning to focus on knowing who the data is being collected from and why. Once you have that squarely in mind, you can find the right tools to control the data flow and ensure your organization and its third parties are only collecting essential data, not everything you can.

By Adam Turteltaub What have you done? What have you achieved? Have you forgotten? Did you succeed? What were your goals? Were they ever reached? What about your firewall? Was it ever breached? Jisha Dymond took inspiration from Dr. Seuss An annual tradition to give kids a boost. Take the time to note what you have done. It will be illuminating, and may even be fun. This is a podcast you truly must hear. It may change your outlook for many a year.  

By Adam Turteltaub In April 2024 the US Equal Employment Opportunity Commission released an update to the Enforcement Guidance on Harassment in the Workplace. This was the first update since 1999. Stephen Paskoff, the President and CEO of ELI, explains that the guidance now treats LGBTQIA+ harassment similar to other forms of harassment. The document now also addresses behavior outside of the workplace, making it clear that employers need to train and be more sensitive to behavior beyond the factory gates. Listen in to learn more about what is new in the EEOC Enforcement Guidance on Harassment in the Workplace.

By Adam Turteltaub Document retention is one of those persistent issues that comes with a great deal of complexity. As Michael Kearney (LinkedIn), Head Solution Architect, Redgrave Data explains in this podcast, organizations have to deal with a dizzying array of rules. HIPAA has one set of requirements, state laws for medical records another, financial documents have a third, employment records a fourth and on and on it goes. In addition, there are business needs for retaining and disposing of records. So, what's a compliance team to do? He recommends working with the business unit and other affected teams to write policies that meet the needs of all involved and work out any conflicts internally or among the regulations. Work, too, with employees who may want to hold on to documents longer than policy dictates. You may find that what they want to keep is the data, not the document itself. And, if there is a litigation hold, be prepared to work quickly with legal, IT and others to ensure that the relevant documents are preserved while your ongoing document retention processes continue.

By Adam Turteltaub Data analytics is a pretty darn big deal in compliance and ethics these days, with rising expectations for compliance programs to be able to demonstrate their effectiveness using hard data. The word “data” even appears a dozen times is the US Department of Justice Criminal Division's Evaluation of Corporate Compliance Programs document. Walter Appleby, formerly VP, Compliance & Ethics at Georgia-Pacific and Rosie Williams, Director, Compliance & Ethics there will be addressing “Harnessing the Power of Data:  Unleashing Compliance Excellence” at the SCCE 23rd Annual Compliance & Ethics Institute, which will be held September 22-25 in Grapevine, TX. In this podcast they explain that better use of data carries a number of benefits including a stronger risk assessment and management program, better informed decision making, and more effective use of compliance resources. Data analytics begins with collecting together the data you have and determining its quality. As the old adage says: bad data in, bad data out. Sources of data can include your helpline, training statistics, HR and even legal. You will also need to determine which metrics best reflect the performance of the compliance program. Here, the risk assessment is helpful, but so too is taking the time to listen to and think through the needs of your customers in the business unit. Next, determine the proper recipe for integrating the various data resources so you and leadership can gain insights into gaps and deficiencies. This likely includes taking the time to think graphically to determine how best to visualize the data in ways management finds useful. Listen in to learn more about how to use data to pinpoint issues, identify opportunities and assess the effectiveness of your program. And, don't forget to catch their session at the 23rd Annual Compliance & Ethics Institute.

By Adam Turteltaub Mobile devices are terrible if you need to retrieve information from them. Employees hate handing them over and there are a ton of apps in which data disappears automatically. All in all, it's just a nightmare. But, the government still wants you to track what employees are saying, and you may have to produce that data. Matt Rasmussen (LinkedIn), CEO, and Ryan Frye (LinkedIn), Chief Innovation Officer of ModeOne want to discourage you from falling into despair over the prospect. Employee resistance can be overcome by taking a targeted approach and using electronic tools that only seek business-related data. Even before you get to that point, though, they recommend taking the time to train the workforce about what rights the company has to the data so this doesn't come as an intrusive surprise. Listen in to learn more about how to make retrieving mobile device data a bit less painful.

By Adam Turteltaub “What else should the board be asking?” It's a good question in general and the tile of a session at the SCCE Compliance & Ethics Institute, which will be held September 22-25, 2024 in Grapevine, TX. In this podcast, the leaders of that session, Deborah Spanic, Chief Ethics & Compliance Officer of Clarios, and David Gebler (LinkedIn), Principal of Leading with Ethics, share that there are three fundamental questions the board should be asking about the compliance program: Is the compliance program well designed and aligned with risk? Is the program being applied earnestly and in good faith with adequate resources? Does the compliance program work in practice? From there a host of other questions fall out including those focused on culture and on the connection between the compliance program and the enterprise's overarching strategy. Making sure the board is asking the right questions, and getting the answers it needs, requires a strong relationship with the compliance team. In Deborah's case that includes being a standing agenda item for the audit committee each quarter and having a one-on-one conversation each mid-cycle with the audit committee chair. Listen in to learn more, and then be sure to join their session in Grapevine at the  Compliance & Ethics Institute.

By Adam Turteltaub How do you get employees working remotely, who may have less of a connection to the company, to make the effort and take the risk of reporting potential wrongdoing? For Evie Wentink, it starts with recognizing the need to encourage a culture of reporting for these workers. It also includes recognizing that, even though they are remote, it doesn't mean that they aren't victims of or witnesses to a range of bad behaviors including harassment and bullying. Compliance teams should also recognize that remote workers lack many of the casual opportunities to discuss with peers what they are seeing and what to do about it. To help overcome these challenges, she recommends training and creating multiple reporting avenues. She also recommends training managers in active listening so that they know what do when an employee walks through the virtual door with a concern.

By Adam Turteltaub It's not for nothing that there's a year in the title of this blog post and podcast. Social media risks change frequently, explains Kortney Nordrum, VP, Regulatory Counsel & Chief Compliance Officer at Deluxe. She is the author of the chapter “Social Media Compliance” in The Complete Compliance and Ethics Manual and will be leading the session Social Media:  Old News and New Risks at the 23rd Annual Compliance & Ethics Institute. These days the range of those risks is substantial. TikTok poses a notable challenge, since it accesses most everything on the user's phone, which means work email and files may be exposed. At the same time the FTC and NLRB have been very aggressive in their enforcement. The FTC has been scrutinizing endorsements – and a “like” may count as one – by employees of their employer's products and services. Meantime, the NLRB has made it clear that it believes employees have wide, although not complete, latitude about what they say about their workplace online. And, if that wasn't enough, the marketing and social media teams need to be trained (and monitored) for what they are saying and doing in the company's name. What should you do? She recommends training with concrete examples, teaching people some common sense, and keeping lines of communication open. To learn more, listen in and then don't miss her session at the 23rd Annual Compliance & Ethics Institute.

By Adam Turteltaub Everyone wants a mentor. Not everyone gets one, and not every mentor-mentee relationship works out. Sarah Couture, Principal at Couture Compliance wants to change that. She's the author of the chapter, “Mentoring for Compliance Professionals” in the Complete Healthcare Compliance Manual. In this podcast, she offers advice for mentors and mentees both. Here's a sample: Mentors and Mentees Level setting is essential for ensuring expectations are aligned Think about your objective, what frequency of meetings makes sense and for how long the relationship should last Be humble and transparent Mentees Look for someone you respect Don't only look for people who know exactly what you do; be open to outside expertise Let your goals help drive your mentor selection Mentors Consider if you truly have the time Ask: “Can I provide what this person is looking for?” Only select mentees you respect and click with Ask if the mentee is curious, willing to learn and to grow Listen in to learn more about how to make the mentor-mentee relationship work, and, if you subscribe to the Complete Healthcare Compliance Manual, be sure to read Sarah's chapter.

By Adam Turteltaub Michelle Nichols (LinkedIn) from the compliance team at Farmer Mac definitely wins the prize for the most unexpected title for a session at the 2024 SCCE Compliance & Ethics Institute: “How Dating in My 50s Made Me a Better Compliance Officer.” As she explains in this podcast, the realization that people bring their past relationship experiences to potential new relationships shed light on a challenge compliance teams need to address starting with the onboarding process. While HR typically handles that process, laying out what the company's policies and expectations are, that doesn't fully address things. Simply stating that an employee gets x days of vacation may mean one thing to a person who came from a company where people took their vacations and another to someone coming from an organization where not taking vacation was a badge of honor. Likewise, the new employee may bring unwanted baggage with him or her when assessing their new employer's culture and commitment to compliance. Listen in to learn more and learn what this means for both compliance teams and managers, and be sure to attend her session at the 2024 SCCE Compliance & Ethics Institute.

By Adam Turteltaub As the risk of human trafficking and modern slavery rises on the radar, compliance teams need to start their risk assessment by looking at the map, says Sam Logan, CEO and founder of Evidencity. The number of jurisdictions with laws in this area are increasing. In addition, some countries have far greater risk than others, with long histories of exploitation. Remember, though, that there is no such thing as a safe geography. A janitorial service in the US was found to be using child labor, and an Italian luxury goods maker's contractor is alleged to have subcontracted with a business using Chinese laborers illegally in Italy. The key lesson from these cases: look closely at your suppliers to better understand where and how they do business. Be sure to review them not just when beginning a relationship but on an ongoing basis. Take a risk-based approach, focusing your efforts where the likelihood of modern slavery and human trafficking is greater. Finally, don't forget about your customers. No organization wants to see its products used by forced or child labor.

By Adam Turteltaub The annual Navex Whistleblowing, Incident Management and Benchmarking Report provides valuable insights into what's going on across the corporate compliance landscape. To get the highlights we spoke with Carrie Penman (LinkedIn), Chief Risk & Compliance Officer for Navex. The 2023 data showed that reporting reached an all-time high, with 1.57 reports for every 100 employees, up from 1.47 the previous year. Substantiation reached an 11 year high at 45%, which indicates that compliance teams are getting both more and better reports out of the workforce. Anonymity remained dominant, with 56% of reports arriving that way. Substantiation rates for anonymous reports held steady at 33%, which is lower than the 50% for reports given by an identified individual. Accounting-related incidents accounted for 4.3% of reports, a relatively small number. However, they were notable because they had the longest period between the observation of suspected wrongdoing and reporting. They also were the least likely to be reported anonymously. Third party reporters were likelier to report on business integrity issues, such as human rights, bribery and conflicts of interest. Substantiation rates were similar to those of anonymous reports. So what should compliance teams be doing as a result of this data? First, she recommends continuing to build trust in reporting systems. Second, prepare for an increased number of reports. Listen in to learn more about what is going on in incidents and whistleblowing.

By Adam Turteltaub Risk assessment and management is at the core of compliance and front and center on the agenda at the SCCE 23rd Annual Compliance & Ethics Institute, which takes place September 22-25 in Grapevine, TX (and virtually, too).  Elizabeth Simon, Vice President of Compliance & Risk at Progress Residential will be contributing to the discussion with her session, “Enter at Your Own Risk: Optimizing Your Enterprise Risk Assessment”. In this podcast she provides a preview of her session and shares that compliance plays a unique role in enterprise risk management since it touches so many risk areas, from culture to operations to finance. This, in turn, requires that the compliance team become a part of the broader risk assessment process to know where the potential challenges are. It also requires that the compliance team bring its experience and solutions to the table and to the board to demonstrate it's value to the enterprise and its risk assessment. Listen in to learn more, and then join us in Texas for the 23rd Annual Compliance & Ethics Institute.

By Adam Turteltaub In some ways it's still the Wild West when it comes to AI, with developments happening faster than most can fathom and the law can respond. At the same time, though, the sheriff has begun to arrive. Gwen Hassan (LinkedIn), Deputy Chief Compliance Officer at Unisys and Adjust Professor at Loyola University Chicago School of Law explains that the EU already has a law in place with a particular focus on ranking the risks of AI, including those that must not be taken, and an emphasis on the privacy implications. In the US, there is legislation proposed that would require clear notification when content is created using generative AI. It has yet to pass. Thus far the strongest direction in the US comes out of the White House, where President Biden issued the Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.  The order urges ethical generative AI guidelines, sets key goals for what good uses of AI are and calls upon various departments of the government to provide further analysis and direction. So what should compliance teams do now, despite the legislative holes? She recommends looking at how to extend the existing compliance program to AI and, as AI evolves, develop more specific programs that maps to its risks. Listen in to learn more about the emerging regulatory climate for AI.

By Adam Turteltaub If you're thinking about attending an HCCA Research Compliance Academy, take a few minutes to l to this podcast featuring Kelly Willenberg (LinkedIn), one of the faculty members and founder of Kelly Willenberg & Associates. Listen in as she explains: Who the Academy is for. Basically anyone working in or with oversight of research compliance The teaching structure. All of the faculty members have deep research compliance expertise.  They will teach both compliance infrastructure and many of the complexities of the numerous legal risk areas. The attendee experience. Small class sizes lead to opportunities to learn from your peers and build an extensive and deep network. She also gives an overview of the Certified in Healthcare Research Compliance (CHRC) exam. To read more about the exam and see the detailed content outline click here. So spend ten minutes listening to the podcast, and then plan on attending an HCCA Research Compliance Academy.

By Adam Turteltaub Corruption is a well-known risk in Latin America, but how great the risk is on a country-by-country basis is less well understood. To fill in those blanks and many more, the law firm Miller & Chevalier just released its 2024 Latin America Corruption Survey. The firm has been fielding this survey every four years since 2008, reports Matt Ellis, Latin America Practice Lead. It provides comprehensive, country-by-country data as well as, more granular information on the risks of dealing with various governmental entities. This year's report, he shares on the podcast, had interesting news for the compliance community. It found that, although corruption remains a pervasive problem, corporate compliance programs, more so than enforcement, are perceived as being the key driver for change. The survey also revealed significant nuances in the anticorruption risk picture: Chile, Uruguay and Costa Rica are generally perceived as the lowest risk countries Venezuela, Bolivia, Honduras and Argentina are on the riskier side In general, political parties are perceived as being corrupt as well as municipal governments Brazil's customs authority, Peru's judicial branch, Argentina's executive branch and Mexico's police and local governments were all singled out as areas of concern Listen in to learn more about what the survey revealed, including corporate trends in investing in anti-corruption efforts.

By Adam Turteltaub How do you tell someone something that they don't want to hear in a way that they will listen? How do you overcome your own desire to avoid the conversation? To better understand why people hesitate to have difficult talks and how to communicate more effectively, especially when the conversation is going to be a tough one, we spoke with Jason Rosoff, CEO of Radical Candor (podcasts). People hesitate to speak candidly, he explains, for a number of reasons. For one, they may fear that the conversation will harm their relationship with the other person. They may also be nervous about facing a negative reaction, or even retaliation, for speaking out. To help challenging conversations go better, he advocates for radical candor, which he explains means challenging directly but also caring personally at the same time. Be clear about the problem, he advises, and what the potential negative consequences are. At the same time, though, show you care personally. That includes giving the other person the benefit of the doubt, avoiding sounding judgmental, and focusing on helping them. It also means being willing to listen to the other person's side. Listen in to learn more about how to have better conversations and how to avoid the more common traps that we all can fall into.

By Adam Turteltaub ISO 27001 is the leading standard for information security management systems. As Mel Blackmore, CEO of UK-based Blackmores explains, it is a framework that applies and is of value regardless of an organization's size, sector or country. Organizations seek ISO 27001 certification to ensure that their IT security reflects best practices. It also brings to organizations a systematic approach to work in this area. In addition, potential business partners will have greater confidence that your organization has robust data defenses. Most organizations have a head start when it comes to becoming ISO 27001 certified. Many existing IT security practices are likely to be consistent standards. To get the rest of the way to certification, she outlines several steps including: Determine where your organization is already compliant Conduct a gap analysis Performing a risk assessment Creating policies and procedures Listen in to learn more about meeting this important ISO standard and what it will take to maintain certification.

By Adam Turteltaub What do we do with ESG? Is it a part of compliance? Something different? How do we handle it? Renee Murphy, Distinguished Evangelist at Diligent argues in this podcast that while there are compliance aspects to ESG, it is best to quickly make it a part of operations and under the general risk management structure. Of the three elements of ESG, it is the environmental sustainability side, she believes, that will be the most challenging. With new requirements for organizations to report on their fossil footprint, companies are being forced to march into unexplored territory. As a result, they will need to evolve their process, which, she believes, will become easier as management comes to understand the balance sheet implications. Listen in to learn more about what is happening with ESG, and what compliance teams need to know.

By Adam Turteltaub Healthcare enforcement is never quiet. There's always something, or many things, going on, and compliance teams need to stay on top of the trends to ensure that their programs are staying ahead of the risks. To find out where things are today, we spoke with Ronald Chapman II, author of the book Unraveling Federal Investigations, defense attorney with Chapman Law Group and president of Chapman Consulting Group. In this podcast he identifies several areas of intense enforcement activity: Drug testing labs are under scrutiny, particularly around the number of panels and reflex testing Telemedicine continues to be a hot area as well Venture capital firms are entering healthcare and/or deepening their investment, often with complex payment arrangements and without sufficient antikickback review Aggressive telemarking in the durable medical equipment space persists Credentialing issues, especially for smaller entities, are resulting in non-payments and fraud allegations On the criminal side, he notes that controlled substance prescribing is in prosecutors' eyes, often coupling these cases with fraud charges, leading to a one-two punch. Listen in to learn more about what healthcare enforcement authorities are doing and how to strengthen your compliance efforts.

By Adam Turteltaub Creating the right corporate culture is an idea that's sacrosanct in the field of compliance and ethics. The folks at Gartner, though, are challenging that belief. In this podcast Chris Audet, Vice President and Chief of Research for General Counsels and Chief Compliance Officers, tells us that their newly released report finds that focusing on key quality measures in the compliance program may be more important. The firm reached the conclusion after surveying over 1000 employees about the situations that lead to employee noncompliance. To quote from the press release, “In the survey, 87% of respondents said they faced situations where they didn't know how to comply in the last 12 months, followed by 77% of respondents who experienced situations of rationalization and 40% experiencing situations of malice.” Improved quality standards – the design and accessibility of policies, training and so forth – had much more of an effect on reducing uncertainty than culture did. As he notes, when employees are faced with uncertainty, the key thing is to have easily accessible policies and a workforce that knows where to find them. Most troubling, of course, is the reportedly high temptation, not always acted on, to be noncompliant for malicious reasons. Listen in to learn more about the challenges of malice and rationalization and how quality standards may help there as well.

By Adam Turteltaub There's no General Data Protection Regulation (GDPR) in the US. Absent a comprehensive, national privacy law, states have stepped in to fill the gap. As Adam Greene (LinkedIn), Partner at Davis Wright Tremaine explains in this podcast, that's creating some complications. The California Consumer Privacy Act (CCPA) already differs from subsequent laws in several states which use language reminiscent of the GDPR. And while there are many similarities, some differences are substantial. For example, some state laws are targeted at businesses, not non-profits. That's an important distinction for healthcare with so many non-profit institutions. Perhaps the greatest challenge for organizations is figuring out which standard to follow, if any. Do they take a state-by-state approach, or one national approach based on the toughest state laws? Whatever the choice, it's important to determine what data you have since there may be limits on collection and a requirement to share that data with consumers who want to see it. Listen in to learn more about what the states are requiring and what you need to do to meet their expectations.

By Adam Turteltaub For as much as there is talk about the force of the US Foreign Corrupt Practices Act (FCPA), the impact of the OECD's anticorruption efforts deserves a great deal of credit. By encouraging laws against foreign bribery, anticorruption compliance efforts, and grading the work of the countries who are parties to their Antibribery Convention, the OECD continue to raise the bar. In Australia, the OECD's push for more resources for small and medium enterprises (SMEs) seeking to avoid corruption led to the creation of the Bribery Prevention Network, explains Dan Wilcock (contact), Head of Sustainability Governance for the UN Global Compact Network Australia and Manager of the Bribery Prevention Network. This public-private partnership was born out of the work of more than thirty organizations working collaboratively. The end product is a robust online hub filled with practical resources on topics such as anticorruption programs and conducting risk assessments. The Network also facilitates sharing of expertise from larger organizations to the SMEs in their supply chain. Listen in to learn more about what they are doing and lessons for others seeking to start similar endeavors.  

By Adam Turteltaub Best known as The FCPA Professor, Mike Koehler argues that that many people have it all wrong when it comes to enforcement of the Foreign Corrupt Practices Act (FCPA). Citing historical data he argues that there is not, contrary to popular opinion, a slow down in enforcement of the FCPA. The pace of roughly 12-13 resolutions per year has continued. In fact, the three resolutions in the first quarter of 2024, he notes, puts it on track to continue the trend. How do compliance teams get management attention to FCPA enforcement? He recommends against just focusing on the likely price of the settlement. Instead, outline all the costs. Those start with the multiple years before the resolution when the costs of legal, accounting and other fees may be as much as twice the resolution. Then, point to the eighteen months or so after the settlement when the organization will be under ongoing scrutiny, likely at a substantial cost. All of this, of course, is in addition to the diminished productivity and potential business losses. Listen in to learn more about how he sees anticorruption enforcement shaping out both by US and international prosecutors.  

By Adam Turteltaub Jessica Zeff (LinkedIn) loves government audits. I know, it's hard to believe, given the dread they inspire. But, the founder and lead consultant of Simply Compliance makes a very good case in this podcast that audits can be much better than people expect and actually helpful for the compliance program. How is this possible?  She argues strongly that, given the inevitability of an eventual audit, compliance teams should prepare for them on an ongoing basis rather than just when the audit notification arrives in the mail. By assessing what data an auditor might need, what gaps they may find, and what concerns they may have, compliance teams can complement their risk assessment process and have a better handle on where they should be focusing their efforts. As importantly, having this information handy can be helpful during the audit. Not only does it reduce last minute rushing to prepare, it enables the team to tell auditors their story in a way that shows the organization is doing the right thing and that compliance is on the ball. When the auditors arrive, she advises being prepared logistically as well. This includes having relevant (and not irrelevant) data ready for the auditors. In addition, she recommends thinking through what they will need -- from space to meals -- and ensuring that the staff they need to interview is available. Listen in to learn more about how a government audit may not just be better than you think but also a positive experience.

By Adam Turteltaub Integrity is like peace, love and brotherhood.  We're all for it, but when it comes to practicing it, that's when the challenges start. Paul Fiorelli hopes to change that. The Director, Cintas Institute for Business Ethics at Xavier University has just written a new book: Establishing Workplace Integrity. In it, Paul addresses six lessons in values-based leadership. To benefit from some of his long-established and well-recognized expertise we asked him to join us for this podcast. He discusses the importance, of values-based leadership. He also cites six factors that lead people into unethical or non-compliant behavior: Pressure to perform Going down a slippery slope Rationalization Groupthink Altruism (violating the law to help the company) Greed One or several of them are at play when wrongdoing occurs. So what makes for success and helps to prevent wrongdoing? He makes an argument for SMART goals: specific, measurable, attainable, relevant and time-based. Listen in to learn more about values-based leadership and promoting a workplace of integrity.

By Adam Turteltaub What makes for an effective compliance program, not just from a legal perspective but from a practical one? Getting that answer, and sharing it is the focus of the LRN 2024 Ethics & Compliance Program Effectiveness Report To learn what it contains we sat down with Meredith Hunt (LinkedIn), Ethics and Compliance Specialist at LRN. In this podcast she shared that more effective programs are focused on values rather than rules, and underscore the importance of ethical culture. They are also taking a risk-based approach. Their research also revealed the importance of adapting to the current business environment. With employees working remotely has come a change in how they gather information. The code of conduct, policies and procedures have to be accessible wherever workers are. Within the compliance program's internal operations, effective programs, they report, are focusing more on data and metrics, looking for the data that show where the program is and isn't working, and enabling continuous improvement. Listen in to learn more about how to create a more effective compliance program in your organization.

By Adam Turteltaub The 340B Drug Pricing Program was created to protect safety net hospitals from rising drug prices. It allows them to purchase outpatient drugs, and pharma companies to sell those drugs, at a discount. In this podcast, Jason Reddish (LinkedIn), Principal and Mark Ogunsusi (LinkedIn), Associate, at Powers Pyles Sutter & Verville provide an overview of the program and the compliance requirements. They are also two of the authors of the chapter “Pharmacy:  340B Drug Pricing Program” in the Complete Healthcare Compliance Manual. The 340B program helps hospitals that are the last line of defense for underserved communities, including those with a large percentage of Medicaid patients. Often, they are the only hospital around in rural areas. Also helped by the program are federal grantees such as Ryan White clinics and those providing treatment for STDs. The program dictates which entities can buy discounted drugs and have very specific requirements including two very important ones. First, the drugs cannot be resold or transferred to anyone who is not a patient of the covered entity. Second, double billing of Medicaid is prohibited and must be monitored for. There are a number of typical compliance problem areas, but the good news is that there has been a decline in non-compliance. Listen in to learn more about what covered entities are doing right, and what you should be on the lookout for.

By Adam Turteltaub Currently on hold due to pending court challenges, the SEC's rules to standardize climate-related disclosures created a fire storm of controversy and comments when first proposed. The final rules (assuming the courts sides with the SEC), explains Laura Ann Smith and Judy Mayo of the communications firm Labrador (LinkedIn), reflected strong industry pushback, easing the burden on some 4000 filers. Nonetheless, there are serious demands on industry. To quote from the SEC press release, registrants will be required to disclose: Climate-related risks that have had or are reasonably likely to have a material impact on the registrant's business strategy, results of operations, or financial condition; The actual and potential material impacts of any identified climate-related risks on the registrant's strategy, business model, and outlook; If, as part of its strategy, a registrant has undertaken activities to mitigate or adapt to a material climate-related risk, a quantitative and qualitative description of material expenditures incurred and material impacts on financial estimates and assumptions that directly result from such mitigation or adaptation activities; Specified disclosures regarding a registrant's activities, if any, to mitigate or adapt to a material climate-related risk including the use, if any, of transition plans, scenario analysis, or internal carbon prices; Any oversight by the board of directors of climate-related risks and any role by management in assessing and managing the registrant's material climate-related risks; Any processes the registrant has for identifying, assessing, and managing material climate-related risks and, if the registrant is managing those risks, whether and how any such processes are integrated into the registrant's overall risk management system or processes; Information about a registrant's climate-related targets or goals, if any, that have materially affected or are reasonably likely to materially affect the registrant's business, results of operations, or financial condition. Disclosures would include material expenditures and material impacts on financial estimates and assumptions as a direct result of the target or goal or actions taken to make progress toward meeting such target or goal; For large accelerated filers (LAFs) and accelerated filers (AFs) that are not otherwise exempted, information about material Scope 1 emissions and/or Scope 2 emissions; For those required to disclose Scope 1 and/or Scope 2 emissions, an assurance report at the limited assurance level, which, for an LAF, following an additional transition period, will be at the reasonable assurance level; The capitalized costs, expenditures expensed, charges, and losses incurred as a result of severe weather events and other natural conditions, such as hurricanes, tornadoes, flooding, drought, wildfires, extreme temperatures, and sea level rise, subject to applicable one percent and de minimis disclosure thresholds, disclosed in a note to the financial statements; The capitalized costs, expenditures expensed, and losses related to carbon offsets and renewable energy credits or certificates (RECs) if used as a material component of a registrant's plans to achieve its disclosed climate-related targets or goals, disclosed in a note to the financial statements; and If the estimates and assumptions a registrant uses to produce the financial statements were materially impacted by risks and uncertainties associated with severe weather events and other natural conditions or any disclosed climate-related targets or transition plans, a qualitative description of how the development of such estimates and assumptions was impacted, disclosed in a note to the financial statements. Even with all these requirements, Smith and Mayo recommend that companies realize that this is just a baseline. For those with operations in Europe there are requirements to meet as...

By Adam Turteltaub It used to be that tracking email usage was considered tough. These days the workforce is also communicating via text, WeChat, Slack and countless other channels both internally and externally. That can be a total nightmare since prosecutors want access to all those conversations. What makes things harder is that employees may be resistant, feeling that the communications they have on their phone, especially in organizations with a Bring Your Own Device (BYOD) policy, is private. The employee owns the phone, not the company. Eddie Green (LinkedIn), CEO of SnippetSentry advises companies get their heads around this problem. Digital compliance is broadening out from the investment community to pharma and elsewhere. To manage the issue, some companies are now scrapping BYOD policies and making it clear that all work communications need to go on work-owned devices. They are also looking for solutions which enable employees to communicate in familiar ways, but with the tracking that logs all those communications. Listen in to understand the challenge and how to approach it more effectively.

By Adam Turteltaub In January 2024 the US Attorney's Office for the Southern District of New York (SDNY) set a shockwave through the business world by announcing a new whistleblower pilot program. To understand what the policy says and what it likely means for compliance programs, we spoke with Todd Haugh (LinkedIn), Associate Professor of Business Law and Ethics, Arthur M. Weimer Faculty Fellow in Business Law at the Kelley School of Business at Indiana University. Under the policy, he explains, individuals who have participated in a fraud may be eligible for a non-prosecution agreement, if the individual meets three key criteria: They provide information that is not previously known to prosecutors and is produced voluntarily, not subsequent, say, to an arrest. The information is full, substantial and truthful. The individual is not otherwise disqualified, such as serving as a government official or the CEO or CFO of the company. Given the incentives already in place for companies to self-report wrongdoing, this is in many ways an extension of what already exists. However, it's impact should not be underplayed. The SDNY is a leader in white collar prosecutions and other US Attorney's offices are likely to follow suit. At least one already has. Second, while the SEC has encouraged whistleblowing at publicly traded policies, the SDNY policy is open to public, private and even non-profit organizations. The new policy also may create situations in which employees and their employers find themselves in a race to disclose first. This, in turn, means that organizations need to significantly increase their efforts to create a culture that encourages internal whistleblowing. That includes creating easy paths to follow for potential whistleblowers and prompt investigations. Listen in to learn more about the policy and how your compliance program may need to evolve as a result of it.

By Adam Turteltaub In late 2023, The Office of Inspector General (OIG) at the Department of Health and Human Services issued its new General Compliance Program Guidance. In this podcast, David Schumacher, Partner and Co-Chair of the Fraud & Abuse Practice at Hooper Lundy & Bookman explains that this document is both evolutionary and revolutionary. For years the OIG's office had been offering guidance through the Federal Register. To make that information more accessible it moved it online, consolidated the information, added interactive features and created a much richer resource which makes it both easier for compliance teams to understand the OIG's expectations and more difficult for some to claim that they were unaware of the rules. The changes, though, are more than just the media used to communicate OIG expectations. The document demonstrates both the ongoing expectations by OIG for robust compliance programs and communicates changes in focus. For one, it reveals an enhanced emphasis on quality issues in healthcare and patient safety. It also reflects the OIG's efforts to ensure effective compliance program in new entrants into healthcare, such as private equity and technology firms. Both may well discover that practices that are permissible elsewhere are not in healthcare. The guidance also encourages incentivizing compliance. Another gem in the guidance is the clear message to carefully scrutinize arrangements with third parties. Due diligence at the outset is important, but it is also necessary on an ongoing basis to determine if the relationship is necessary and the price tag is fair market value. Listen in to learn more, and be sure to check out the General Compliance Program Guidance.

By Adam Turteltaub Tired of being last to the party and then perceived as a party pooper? There's a solution to that problem embraced by Dana McMahon, Global Chief Compliance Officer, Head, Privacy & Enterprise Risk at Stryker. She works to have her team embedded in the business unit. It's a process that begins with getting a seat at the table and being intentional about conversations. From there the relationship evolves into being a consultant on sticky issues and then on to being integrated into decision making and proving yourselves indispensable. The key to the process, she explains, is to show up with a problem-solving mindset. Throughout, the compliance team has to be aware of the needs of the business and its challenges. To solidify compliance's place takes three things: Adopt a problem-solving approach Tailor your efforts to the most pressing issues Timing: anticipate what the business needs to move forward Listen in to learn more and gain other tips for fully embedding compliance into the business process.

By Adam Turteltaub At the center of managing cyber risk in healthcare sits the Health Sector Coordinating Council Cybersecurity Working Group (LinkedIn). In this podcast, Executive Director Greg Garcia explains that healthcare has been designated as a part of the critical infrastructure, and the council has as its mission to: “identify systemic cybersecurity threats to critical healthcare infrastructure; collaborate on guidance and policies for mitigating those risks; and promote threat preparedness and incident response awareness and activities.” It's a needed mission. The number of data breaches have soared, and ransomware has emerged as a top threat, crippling the ability of healthcare providers to care for patients. The Council recently released its Health Industry Cybersecurity – Strategic Plan. A five-year plan, it identifies trends, goals and objectives for securing healthcare technology infrastructure. One key goal, in the words of the plan, recognizes that, “A trusted healthcare delivery ecosystem is sustained with active partnership and representation between critical and significant technology partners and suppliers, including non-traditional health and life science entities”  It sets four objectives under that goal: Simplify access to resources and implementation approaches related to the adoption of controls and practices aligned with regulatory and sector standards for securing devices, services, and data Increase new partnerships with public/private entities on the front edge of evaluating and responding to emerging technology issues to enable safe, secure, and faster adoption of emerging technologies Enhance health sector senior leadership and board knowledge of cybersecurity and their accountability to create a culture of security within their organizations Develop meaningful cross-sector third-party risk management strategies for evaluating, monitoring, and responding to supply chain and third-party provider cybersecurity risks Listen in to learn more about the document, the council and how the healthcare sector is working together to stem cyberthreats.

By Adam Turteltaub The FCPA sure isn't what it used to be, or is it? While the headline grabbing Foreign Corrupt Practices Act cases are much less frequent than they once were, there is still substantial risk both for individuals and companies, as recent dispositions have shown. To understand where things are we sat down with Markus Funk, partner at Perkins Coie and author of the chapter “Anti-Bribery and Corruption Compliance Programs” in The Complete Compliance and Ethics Manual 2024. He explains that just because there aren't cases in the news, doesn't mean all is quiet. There may remain a steady stream of companies self-reporting violations and reaching less-formal agreements with the DOJ. Whatever the trend may be, third parties remain the greatest risk, and the prescription stays the same. You need to know who the third party is and hire them for the right reason: their expertise and track record for success in the right way. Hiring a government official's cousin to help get the deal remains a very bad idea. Another bad idea:  assuming your people are not a risk area. They are. Be sure to be sensitive to internal risks. Train the workforce and work with the finance team to help them serve as an extra sets of eyes when it comes to spotting misconduct. Above all, stay alert and be prepared to investigate possible incidents. Prosecutors still expect companies to bear the brunt of the investigative burden.  

By Adam Turteltaub Krista Muszak is organized. More importantly, the longtime compliance professional and Senior Manager, Regional Process & Optimization Lead for Pfizer knows how to keep others organized as well. She will be sharing some of this wisdom in Nashville at the 2024 HCCA Compliance Institute in the session “Muda, Mura, Muri to Veni Vidi Vici: Applying Project Management and Process Improvement to Your Compliance Program.”  She also shares a bit of it here in the latest Compliance Perspectives podcast. First, she explains that the title comes from terms used by Toyota to improve the process flow at their plants and eliminate waste. Muda is about eliminating waste and activities that don't add value. Mura speaks to addressing variability in operations to increase stability and reduce unnecessary variations. Mudi addresses not overloading people and the business with too many asks, such as releasing a round of training at the same time as year-end activities. Embracing these concepts can increase efficiency and effectiveness. At the same time adopting a project management approach helps build guardrails around your efforts. Use it to identify who is responsible, who is accountable, who needs to be informed and who needs to consulted. This brings clarity into who the key players are and their responsibilities. With the right people on board, a project charter can be extremely effective, identifying what the project goals are, and what they aren't. From there it is time, she explains, to move on to measure, analyze, improve and establish controls for your initiative. Listen in to learn more about how to bring greater effectiveness and efficiency for your compliance efforts.

By Adam Turteltaub When it comes to compliance technology, there are two challenges. First is finding the right solutions to increase your programs effectiveness. Second is securing the resources to acquire and deploy the technology. Parth Chanda, Founder and CEO of Lextegrity, covers both topics in this podcast. When it comes to tech, he explains, you want tools that give you the confidence that your program is effective in practice and not just on paper. You also need to prioritize based on risk, and your organization's own experience with technology. If the history is short or non-existent, start with something relatively simple such as training or policy management.  Tools that can make it easier for employees to report wrongdoing are also invaluable. To secure the resources you need, he advises making the business case by focusing on the ROI, for example, by showing that investigations can be completed in less time and with less staff. But, as you look at technology, be realistic and recognize that technology will not remove human judgement. It can expose gaps and gray areas, but then the compliance team will need to step in to understand the nuances and the appropriate solution.

By Adam Turteltaub Imagine you are at a large company with thousands of suppliers. As a part of the compliance team you need to understand the risk of working with each and every one of them. To do that you may need to understand the ownership structure, where they source materials, where and how they manufacture, and a host of other data about each and every one of them. That's a daunting task. It's also one that Jenna Wells, Chief Customer and Product Officer at Supply Wisdom believes is ideally suited for AI. With human supervision it can help with such a large, seemingly impossible undertaking. AI, she argues, can be an effective tool for enabling compliance programs to better understand the risks they face and then focus on the most important ones. To get there, compliance teams need to get a handle on the data that they have that is normally siloed. Look to external sources for regulatory data and emerging legislation, she suggests. At the same time, though, it's important to understand the limitations of AI. While it can handle the brute force exercises, such as combing through all the data on all those vendors, there is still a need for the human element. Listen in to learn more about putting the power of AI to work for your compliance efforts.

By Adam Turteltaub Traditionally, explains, Tanya Ganguli (LinkedIn), Principal Associate, Law Offices of Panag & Babu, India's criminal law framework revolved around the Indian Penal Code, The Code of Criminal Procedure and the Indian Evidence Act, two of which dated back to the 19th century. That changed with the passage of three new laws: the Bharatiya Nyaya (Second) Sanhita, 2023, the Bharatiya Nagarik Suraksha (Second) Sanhita, 2023 and the Bharatiya Sakshya (Second) Bill, 2023. Together they seek to bring criminal law into the 21st century and build off of long-established precedents. They are designed, she reports, to address loopholes, enhance efficiency and ensure justice. The laws are now more victim centric, but may not be too transformative, according to Tanya, for most compliance and ethics programs. Nonetheless, there are changes. New rules for searches and seizures will likely require updated training on dawn raids. Summons can now be delivered electronically. There is much greater need to digitize and consolidate records. Having the right tone at the top will be more important than ever. However, the change is likely to come relatively slowly with many aspects of the law expected to be implemented in stages. So keep your eye on the horizon in India, and be sure to listen to this discussion. Also, don't miss the first ever SCCE Basic Compliance & Ethics Academy in India.

By Adam Turteltaub As of January 2024, there's a new Code of Conduct of the Volkswagen Group, replacing one developed in 2017. To understand what led to the latest iteration of the code and the vision behind it we spoke with Silke Becker and Sarah Specht (LinkedIn) of Volkswagen Group Integrity & Compliance. They are part of a team lead by Tina Landsmann, Head of Volkswagen Group Center of Competence Integrity & Compliance Awareness & Qualification and Dr. Kurt Michels, Volkswagen Group Chief Integrity & Compliance Officer. The code was updated to reflect changing times, including the draft European Supply Chain Act. This required a change in content, but the team also chose to update the tone and feel. The language of the document now focuses on “we” and “us”, and it is very proactive, making the document less about what the board or management calls for and is instead about what we as a group are committing to. Each section of the code has a headline that reinforces this message: “We take responsibility for human rights,” “We lead based on our values,” “We like diversity.” The document embraces a magazine style to increase readability, and there is the opportunity to digitally drill down on individual topics, make it a one-stop shop for employees. As the team developed the document, in partnership with individuals around the company from multiple departments, they had several goals in mind. First, it had to be relevant for everyone, whether working in conventional auto manufacturing or battery development. Second, it had to work all around the globe given Volkswagen's global footprint. It also had to be more human. Take some time to see all of these elements and more when you explore the code. Then listen to the podcast to hear the story behind it and, maybe, get some ideas for updating your code of conduct.

By Adam Turteltaub On January 5, 2023 the EU Corporate Sustainability Reporting Directive went into force. The directive broadens the scope of companies report on sustainability issues, adds to the amount of information that needs to be reported, and even requires external assurance, reports Elena Sychenko (LinkedIn), Adjunct Professor at the Department of Management at the University of Bologna and currently a Fulbright Scholar at the Wharton School of Business. The directive now covers all listed companies with the exception of micro enterprises. Also falling under it are non-EU companies that have a significant presence in the EU. The reporting requirements, which are still being fully developed, closely follow the Global Reporting Initiative (GRI) standards and focus on ESG explicitly, with several areas of reporting under E, S, and G. These include: E: climate change, pollution, water, biodiversity S: the organization's own workforce, the workforce in the value chain, affected communities, consumers and end users G: business conduct in general Compliance teams will need to ensure that the reporting is accurate. One area to watch out for, she notes, is vagueness. A company may choose to provide overly vague information that could be misleading. Listen in to learn more about the directive and the risks involved.

By Adam Turteltaub The No Surprises Act is a significant change to how healthcare coverage is handled and billed. In general, it eliminates balance billing in three typical areas: A patient is brought to an emergency room in an out of network hospital A patient is transported by air ambulance A patient is being cared for at an in-network hospital but, unbeknownst to him or her, a physician or service that is out of network provides care. To understand the Act more fully, we spoke with Brian Stimson, Partner, Arnall Golden Gregory, who will be leading the session The All Surprises Act:  Avoiding Compliance Pitfalls and Responding to Administrative Enforcement Actions under the Surprise Billing Laws at the 2024 HCCA Compliance Institute. As he explains, there is a two-tiered enforcement structure to the law, with both individual states and the federal government involved. Compliance teams looking to ensure their organizations are complying need to pay close attention to patient complaints. These can be a tip off to improper balance billing and a red flag of systemic issues. Be extra alert if a patient comes to them, and it can even be good to check social media for reports of wrongful billing. Listen in to learn more, and then join us in Nashville, April 14-17, for the HCCA Compliance Institute.

By Adam Turteltaub When it comes to risk assessments, the word “annual” comes up a lot. But, Kelly Alwin, Regional Compliance Officer North America for SAP America, believes that once a year may be more than a bit too long. To her, a risk assessment is more than a periodic assessment and an annual chore. It is critical to the program's success and lends credibility and substance to the compliance program. She points out that from the Delaware Chancery Court to the US Department of Justice, the importance of a strong risk assessment is underscored. In this podcast she argues that, for the risk assessment to play the role it should, it can't afford to sit on the shelf. It needs to be a dynamic document that both informs all the other elements of the program and evolves as risks evolve, whether due to a new go to market strategy, a merger or an entry into a new market. Bottom line: look at your risk assessment, she advises, not as a discrete activity but as a continuous analysis. Incorporate micro assessments, embrace continuous improvement, and, hopefully, enjoy a more effective compliance and ethics program as a result.

By Adam Turteltaub Behavioral health shares many of the same compliance challenges as the rest of healthcare, but it also has several of its own. To understand the risks, we sat down with Community Counseling Solutions' Executive Director Kimberly Lindsay and Compliance & Privacy Officer Tim Timmons. They will be leading the session “Developing an Ethics and Compliance Program in Behavioral Health” at the HCCA 28th Annual Compliance Institute, which will be in Nashville, April 14-17 and also offered in a virtual format. In this podcast they identify several typical compliance challenges in the behavioral health setting: Managers and supervisors who are well intentioned but busy, not holding staff accountable and not reporting in a timely manner. Incidents after hours when a patient is in crisis. This is a very difficult situation.  The team is eager to help the patient get better, but with lots of adrenaline flowing in a difficult situation, they may find themselves sharing more information about the patient than they should. Sharing PHI improperly when working with community partners. Mishandling of subpoenas and court ordered requests for records which may not comport with 42 CFR. Coding and dual diagnosis treatment Treatment plans that are not updated before providing services Overly verbose documentation Listen in as they outline these issues and ways to address them. Then, plan on joining us in Nashville for the 28th Annual Compliance Institute.

By Adam Turteltaub While Ericsson is best known for its mobile phones, the company's reach in wireless is far greater. It is the creator of Bluetooth technology, owns patents on much of the critical IP that wireless systems depend on, and is active in more than 180 countries providing much of the hardware, and even cellphone towers, that enables all of us to talk, text, and surf the web wherever we are in the world. Jan Sprafke, Chief Compliance Officer at Ericsson, explains in this podcast that with that global reach – including operations in approximately 100 high risk countries – also comes a large network of suppliers. To manage the potential compliance challenges that go along with it, the company uses a risk-based approach to supplier management They assess the country risk, go to market approach and whether the supplier will be using subcontractors. Then they work closely with sourcing and other assurance functions on an ongoing basis. The company's supplier code of conduct is shared with their vendors. But, it is just the start. There is also training provided, supplier days, meetings with them to discuss FCPA, AML, health and safety and other topics. All of these efforts and more help suppliers understand what Ericsson's expectations are, not just in principle but also in practice. They even work with many of their contractors as they select their subcontractors. The goal is to create an end-to-end framework for managing third party compliance risk. Download the podcast (maybe even on your mobile device) to learn more.

By Adam Turteltaub Julie Janeway (LinkedIn), General Counsel and principal owner, Principled  Healthcare Consulting will be speaking about internal and parallel investigations at the 2024 HCCA Compliance Institute. In this podcast she slices off a bit of that expertise. A thorough investigation is needed, she advises whenever there is an issue that could require arbitration, a court case, administrative hearing, contractual dispute or reputational issues, whether by an employee, contractor or the organization itself. The same is true if there is a policy breach or alleged violation of the code of conduct. So how best to do it? Have both an investigation plan and a preplan which designates who will be responsible for the investigation depending on what the issue is. For example, a privacy officer would likely play the lead role in a HIPAA breach allegation. As for the plan itself, it should be thorough. The team executing it should include individuals with a wide range of skills and, she highly recommends it include an experienced investigations attorney. What should you avoid? Several things, she cites, including retaliation, making the plan as you go along, letting supervisors or managers interview subordinates and not having insurance for when investigations happen. The rules are largely the same with parallel investigations, which are required pursuant to statues that call for entities notified of an investigation by a governmental agency to conduct their own investigation. These absolutely must be done, or the organization may face sanctions. She highly recommends doing these investigation under attorney-client privilege. Listen in to learn more about what to do and what not to do in an investigation. Then, don't miss her session at the 2024 Compliance Institute, March 18-20 in Nashville.

By Adam Turteltaub In 1984 I went to my friend Chris's wedding, and one of the other groomsmen, Drew Neisser (LinkedIn), his then boss, talked me into pursuing a career in advertising. Just a few months shy of 40 years later, I caught a video on LinkedIn of him with chief marketing officers discussing the struggles of managing remote workers. It didn't matter that these were marketing people, the problems sounded just like we in compliance face. So, I asked Drew, who is the founder of CMO Huddles and the author of the book Renegade Marketing:  12 Steps to Building Unbeatable B2B Brands, to sit down and do a podcast on the topic. Drew points out that, despite workers being required to come into the office more often, there is still a cost to remote work. Churn is higher than before. Partners at law firms complain that their associates are years behind in their development, likely due to the inability to learn by osmosis. So what do we do? He recommends that we recognize the present reality and look to hire self-starters. People who need a great deal of hand holding will not work out in a world where their managers are miles, if not hundreds of miles, away. Second, make sure the team understands what the organization's business is. Then, help them connect, intellectually and emotionally, with it. If they don't, then it's just another job to them. Incorporate virtual bonding activities, but also try to get the team together in person. That effort creates culture and connection. Looking outside your team, he recommends four tactics: Meet, ideally in person. Get to know your colleagues, and understand their business priorities. Focus on helping them solve their problems. Track all the people you want to meet and influence. Then, take active steps to connect with them and get to know them. Share something about yourself and encourage them to do the same. Get to know the person and stay in touch. For example, send them over articles you think they would find of interest based on what you learned about them. Join formal and informal work groups. If there is a team forming to tackle a problem, be a part of it. But also look to book groups and other less structured ways to connect. Throughout, he advises thinking of yourself as an impact player and a business leader. Finally, he advises understanding how people want to communicate these days, and meet them there. The era of relying solely on email are done, especially for the younger generation. Listen in for some very good insights for compliance officers from a career marketer.

By Adam Turteltaub Some people have a gift for invisibly attending a conference, and no one knows that they were even there. That's great for a conference of spies, but most people at compliance conferences like to meet at least some of the other attendees. For many, though, connecting with strangers is difficult, whether they know no one or they are shy about going beyond their usual circle of contacts. So what do you do if you are one of them? To find out we spoke with Richard Bistrong (LinkedIn), newsletter author and CEO Of Frontline Antibribery, who will be moderating a general session at the 2024 SCCE European Compliance & Ethics Institute in Amsterdam. If you spot someone standing alone and looking a bit lost, he recommends you think like a host and invite them to join you. Even if you're already talking with friends, he advises being a croissant and not a bagel: be sure there is an opening for others. Make the effort to catch them up with the conversation – “we were just discussing helplines”—and ask them to share their thoughts. If you hesitate to join conversations because you don't feel you are good at small talk, think of a few questions in advance to use as ice breakers. They don't have to be traditional compliance-related questions. You could ask people about what excited them the most in the last year. Richard often uses Vertellis cards to start or help conversations. For those at the conference with a friend or colleague, use the other person as your wingman or wingwoman. Tell them who you are interested in meeting and have them serve as a second set of eyes and ears. Also, don't forget about the SCCE & HCCA staff as a source of connection. See if they know someone it would be good for you to talk with. Listen in to learn more, including how to follow up properly after the conference is over. Then, be sure to say hello to Richard (and offer him a croissant) in Amsterdam at the 2024 SCCE European Compliance & Ethics Institute, March 18-20.