Compliance Perspectives SCCE

By Adam Turteltaub



Tired of being last to the party and then perceived as a party pooper?



There’s a solution to that problem embraced by Dana McMahon, Global Chief Compliance Officer, Head, Privacy & Enterprise Risk at Stryker. She works to have her team embedded in the business unit.



It’s a process that begins with getting a seat at the table and being intentional about conversations. From there the relationship evolves into being a consultant on sticky issues and then on to being integrated into decision making and proving yourselves indispensable.



The key to the process, she explains, is to show up with a problem-solving mindset. Throughout, the compliance team has to be aware of the needs of the business and its challenges.



To solidify compliance’s place takes three things:



* Adopt a problem-solving approach

* Tailor your efforts to the most pressing issues

* Timing: anticipate what the business needs to move forward



Listen in to learn more and gain other tips for fully embedding compliance into the business process.

By Adam Turteltaub



At the center of managing cyber risk in healthcare sits the Health Sector Coordinating Council Cybersecurity Working Group (LinkedIn). In this podcast, Executive Director Greg Garcia explains that healthcare has been designated as a part of the critical infrastructure, and the council has as its mission to: “identify systemic cybersecurity threats to critical healthcare infrastructure; collaborate on guidance and policies for mitigating those risks; and promote threat preparedness and incident response awareness and activities.”



It’s a needed mission. The number of data breaches have soared, and ransomware has emerged as a top threat, crippling the ability of healthcare providers to care for patients.



The Council recently released its Health Industry Cybersecurity – Strategic Plan. A five-year plan, it identifies trends, goals and objectives for securing healthcare technology infrastructure.



One key goal, in the words of the plan, recognizes that, “A trusted healthcare delivery ecosystem is sustained with active partnership and representation between critical and significant technology partners and suppliers, including non-traditional health and life science entities”  It sets four objectives under that goal:



* Simplify access to resources and implementation approaches related to the adoption of controls and practices aligned with regulatory and sector standards for securing devices, services, and data

* Increase new partnerships with public/private entities on the front edge of evaluating and responding to emerging technology issues to enable safe, secure, and faster adoption of emerging technologies

* Enhance health sector senior leadership and board knowledge of cybersecurity and their accountability to create a culture of security within their organizations

* Develop meaningful cross-sector third-party risk management strategies for evaluating, monitoring, and responding to supply chain and third-party provider cybersecurity risks



Listen in to learn more about the document, the council and how the healthcare sector is working together to stem cyberthreats.

By Adam Turteltaub



The FCPA sure isn’t what it used to be, or is it?



While the headline grabbing Foreign Corrupt Practices Act cases are much less frequent than they once were, there is still substantial risk both for individuals and companies, as recent dispositions have shown.



To understand where things are we sat down with Markus Funk, partner at Perkins Coie and author of the chapter “Anti-Bribery and Corruption Compliance Programs” in The Complete Compliance and Ethics Manual 2024.



He explains that just because there aren’t cases in the news, doesn’t mean all is quiet. There may remain a steady stream of companies self-reporting violations and reaching less-formal agreements with the DOJ.



Whatever the trend may be, third parties remain the greatest risk, and the prescription stays the same. You need to know who the third party is and hire them for the right reason: their expertise and track record for success in the right way. Hiring a government official’s cousin to help get the deal remains a very bad idea.



Another bad idea:  assuming your people are not a risk area. They are. Be sure to be sensitive to internal risks. Train the workforce and work with the finance team to help them serve as an extra sets of eyes when it comes to spotting misconduct.



Above all, stay alert and be prepared to investigate possible incidents. Prosecutors still expect companies to bear the brunt of the investigative burden.



 

By Adam Turteltaub



Krista Muszak is organized. More importantly, the longtime compliance professional and Senior Manager, Regional Process & Optimization Lead for Pfizer knows how to keep others organized as well.



She will be sharing some of this wisdom in Nashville at the 2024 HCCA Compliance Institute in the session “Muda, Mura, Muri to Veni Vidi Vici: Applying Project Management and Process Improvement to Your Compliance Program.”  She also shares a bit of it here in the latest Compliance Perspectives podcast.



First, she explains that the title comes from terms used by Toyota to improve the process flow at their plants and eliminate waste.



Muda is about eliminating waste and activities that don’t add value.



Mura speaks to addressing variability in operations to increase stability and reduce unnecessary variations.



Mudi addresses not overloading people and the business with too many asks, such as releasing a round of training at the same time as year-end activities.



Embracing these concepts can increase efficiency and effectiveness. At the same time adopting a project management approach helps build guardrails around your efforts. Use it to identify who is responsible, who is accountable, who needs to be informed and who needs to consulted. This brings clarity into who the key players are and their responsibilities.



With the right people on board, a project charter can be extremely effective, identifying what the project goals are, and what they aren’t. From there it is time, she explains, to move on to measure, analyze, improve and establish controls for your initiative.



Listen in to learn more about how to bring greater effectiveness and efficiency for your compliance efforts.

By Adam Turteltaub



When it comes to compliance technology, there are two challenges. First is finding the right solutions to increase your programs effectiveness. Second is securing the resources to acquire and deploy the technology.



Parth Chanda, Founder and CEO of Lextegrity, covers both topics in this podcast.



When it comes to tech, he explains, you want tools that give you the confidence that your program is effective in practice and not just on paper. You also need to prioritize based on risk, and your organization’s own experience with technology. If the history is short or non-existent, start with something relatively simple such as training or policy management.  Tools that can make it easier for employees to report wrongdoing are also invaluable.



To secure the resources you need, he advises making the business case by focusing on the ROI, for example, by showing that investigations can be completed in less time and with less staff.



But, as you look at technology, be realistic and recognize that technology will not remove human judgement. It can expose gaps and gray areas, but then the compliance team will need to step in to understand the nuances and the appropriate solution.

By Adam Turteltaub



Imagine you are at a large company with thousands of suppliers. As a part of the compliance team you need to understand the risk of working with each and every one of them. To do that you may need to understand the ownership structure, where they source materials, where and how they manufacture, and a host of other data about each and every one of them.



That’s a daunting task. It’s also one that Jenna Wells, Chief Customer and Product Officer at Supply Wisdom believes is ideally suited for AI. With human supervision it can help with such a large, seemingly impossible undertaking.



AI, she argues, can be an effective tool for enabling compliance programs to better understand the risks they face and then focus on the most important ones.



To get there, compliance teams need to get a handle on the data that they have that is normally siloed. Look to external sources for regulatory data and emerging legislation, she suggests.



At the same time, though, it’s important to understand the limitations of AI. While it can handle the brute force exercises, such as combing through all the data on all those vendors, there is still a need for the human element.



Listen in to learn more about putting the power of AI to work for your compliance efforts.