U.S. prosecutors are bearing down on generic pharmaceutical companies in a sweeping criminal investigation into suspected price collusion, a fresh challenge for an industry that’s already reeling from public outrage over the spiraling costs of some medicines, reports Bloomberg.

David McLaughlin and Caroline Chen write that the antitrust investigation by the Justice Department spans more than a dozen companies and about two dozen drugs. A grand jury is examining whether some executives agreed with one another to raise prices, and the first charges could emerge by the end of the year, sources told the reporters.

“Among the drugmakers to have received subpoenas are industry giants Mylan NV and Teva Pharmaceutical Industries Ltd. Other companies include Actavis, which Teva bought from Allergan Plc in August, Lannett Co., Impax Laboratories Inc., Covis Pharma Holdings Sarl, Sun Pharmaceutical Industries Ltd., Mayne Pharma Group Ltd., Endo International Plc’s subsidiary Par Pharmaceutical Holdings and Taro Pharmaceutical Industries Ltd.,” according to the report.

Read the article.

China has become the second largest economy in the world due to its manufacturing expertise, superior logistics, lower labor costs, strong government support of business, including tax incentives, and lax oversight of environmentally risky practices. However, writes Jeffrey Klink, a former U.S. Department of Justice prosecutor and CEO of Klink & Co., organizations also are increasingly facing bigger and more complex risks in China.

“Vendor kickback schemes are endemic throughout China and only increasing. Theft of intellectual property remains a major issue for global businesses in China. Theft, embezzlement and fraud continue on as if no one is watching,” Klink says.

He discusses a case study about an American company that purchased a profitable Chinese manufacturing operation. Soon, however, the company began seeing increasing compliance issues regarding irregularities involving vendors and senior employees.

Klink & Co.’s investigation revealed, “Vendors, reportedly producing large quantities of goods for our client’s manufacturing needs, were located in alleyways, deserted buildings and residential apartments.” And many vendors were actually shell corporations based in off-shore banking locations.

He concludes his article with a seven-point list of takeaways of what the American company could have done differently.

Read the article.

The Society of Corporate Compliance and Ethics and the Health Care Compliance Association recently conducted a survey to gauge the effectiveness of compliance programs at preventing incidents from occurring.

The SCCE has made the survey results available for free downloading.

For any compliance program, a critical measure of success is its ability to prevent incidents from occurring. Determining how many events are avoided is difficult, though, the SCCE says on its website. Employees rarely come forward to report, “I was about to commit a felony and then remembered that compliance training I received.”

Yet, near misses do occur and can provide proof of a compliance program’s effectiveness. To gain a better understanding of the effectiveness of compliance programs at preventing problems, in the third quarter of 2016 the Society of Corporate Compliance and Ethics and the Health Care Compliance Association jointly fielded the survey of compliance and ethics professionals.

Download the survey results.

Navex Global will present the sixth annual Ethics & Compliance Virtual Conference on Nov. 15 — a free, one-day, online event.

The conference will be Tuesday, Nov. 15, from 8:30 a.m. until 2:30 p.m. Pacific time.

A goal of the event is to discuss how to deliver quantifiable value to an  organization, while meeting constantly changing legal and regulatory requirements.

The agenda consists of 11 educational sessions focused on harnessing the business value of an ethical culture, including three sessions specifically on the driving forces behind regulatory change and compliance challenges.

Howard Putnam, former CEO of Southwest Airlines, will headline the event, discussing how the culture of  Southwest Airlines benefit employees, reputation and profits—and the critical role compliance professionals played.

Register for the event.

By Jose Tabuena, JD, CFE, CHC

Effectiveness is a cornerstone of modern corporate compliance. The U.S. Sentencing Guidelines expect it, and compliance officers spend substantial time and resources trying to create an effective program. And as reflected in recent studies and surveys, assessing compliance program effectiveness continues to be top-of-mind for senior compliance officers. On its face, the regular monitoring and measuring of the program can prove beneficial to company success.

Yet in spite of the Sentencing Guidelines for Organizations being in existence for over 20 years, and the recent focus on developing metrics, it remains challenging to demonstrate the effectiveness of the compliance function.

In recent columns I’ve raised the limitations on government pronouncements and socalled metrics, with the current lack of rigor in measuring effectiveness. Enforcers and regulators (typically lawyers) are not scientists, and the field of compliance can benefit from more empirical research. Surveys of compliance professions reveal that many are not confident that the metrics they use to assess compliance program effectiveness give them a true picture of program success.

Still, a company will want to be able to demonstrate that it is creditworthy under the sentencing guidelines to benefit from penalty reductions, and more importantly to avoid indictment altogether. The company’s other constituents, including shareholders, the board, and management, will also seek some level of assurance that the compliance program is effective and worthy of investments that have been made. Program “efficiency” is another consideration for evaluating performance. Without an agreed-upon methodology, and needing more than a qualitative description of “I know effectiveness when I see it,” how can a company approach this measurement challenge?

Regular reporting and meeting with the board

One way companies can respond to this concern is to compile regular (at least annual) compliance program reports that detail all key aspects of their respective programs at a particular time. The report can be a compilation of quarterly reporting with a summary of highlights for the fiscal year. If sufficiently comprehensive and persuasive, such reports may help a company surmount the evidentiary challenge of proving the effectiveness of its program at a given point of time in the relatively distant past.

Of course this begs the question of what goes into a program report. At a minimum you want to make sure your board is up to speed with your compliance program by summarizing the key changes and developments. The compliance framework essentially boils down to three basic questions which form the basis of an effectiveness evaluation and program audit methodology: 1) Is the compliance program well-designed? 2) Is it being applied in good faith? and 3) Does it work?

The science and mostly art of effectiveness assessments is still evolving. You need to carefully identify types of data available, apply insight to the data, and design metrics to create the story around effectiveness.

Compliance programs, particularly in highly regulated industries, have matured to the point where data for the first two questions are periodically collected and reviewed. This is at least a good start with building the case for effectiveness. To evaluate effectiveness, compliance departments now analyze internal audit findings, track hotline calls, monitor training completion rates, review the disposition of internal investigations, perform self-assessments, survey employees, compare themselves against peer companies, retain outside professionals to review the compliance function, and track performance on regulatory reviews. When meeting with the board you can talk through progress, results, and challenges as they stand today, in relation to previous years, and benchmarked against other companies:

• Implementation Process – Status of important compliance initiatives, any major program operational updates, and what work remains.
• Risk Profile Changes – Any new, emerging risks or noteworthy changes to the likelihood or severity of your organizational profile, either due to business changes or environmental developments.
• Policy Attestation and Training Certification – What percentage of employees have successfully completed training and policy requirements, including the results of any post-training tests and policy attestation rates? Are there consequences for those who have not completed?
• Employee Feedback – Highlights of feedback received through employee focus groups, culture surveys, suggestion box, and how you are using this feedback to drive improvements.
• Compliance Audit Findings – Results of internal or external audits, and what these findings mean for the organization and the compliance program.
• Hotline/Internal Reporting Data – How many tips your hotline or other reporting channels have received, trends by type of incidents being reported, and any hotspots that have emerged in particular locations, departments, or business units.
• Incidents and Investigations – The number and type of investigations that took place, the disposition of cases, and what ongoing investigations the board should be aware of.

Risk focus

A feature of an effective program is the regular performance of a compliance risk assessment. Regulators and enforcement agencies will be looking for correlation between the risk assessment measures and performance indicators that are being used to monitor those risks and compliance performance. These measures should consider the high-risk areas and what has been put in place to address those special risks; internal audit will undertake an annualized range of audits as part to identify compliance issues that provides a good source of measures and also indicate to the regulator that the company is operating cohesively.

The COSO Enterprise Risk Management and Risk Framework identifies the core elements of well-designed KRIs (Key Risk Indicators) to link business objectives to strategies to risk. The KRIs, if robust, should give you visibility into your riskiest areas. Periodic risk assessment results should be used to determine whether compliance risks are increasing or decreasing.

The data and results from a compliance risk assessment provide an opportunity to support program effectiveness. An approach to consider is to incorporate risk ratings that are generated from the risk assessment into routine monitoring reports. The status of mitigation efforts can be tracked and the impact on the risk rating reported as part of regular compliance program updates to senior management and the board. Such reports can be trended to (hopefully) depict the impact of mitigation activities with risk ratings adjusting over time.

Dashboards

Some organizations use dashboards (or scorecards) as a shortcut to giving executives and board members information about what is being accomplished by the compliance program and where the organization is at risk. The challenge is figuring out what metrics will go on the dashboard. Your metrics need to be specific and unique to your company and what business it conducts along with what goals you’re trying to achieve as a whole and as a compliance program—there is no one-size list of these metrics. Best practice and regulatory standards call for risk-based program reviews to specifically account for an organization’s unique risk profile.

Given the lack of standard measurement techniques, how else can dashboard metrics be identified? A rigorous audit to evaluate a compliance program will analyze specific program elements. The auditor can start with tools utilized when conducting a review of the compliance environment under COSO. This includes techniques for evaluating entitylevel controls, the control environment, and fraud-control activities. There are metrics around surveillance and testing but, in the end, do we know if we have an effective program? It’s still difficult to say. For purposes of the sentencing guidelines a company can stand-up a program that ticks all the boxes. One can engage independent consultants to come in and validate the existence and good faith effort being made. From benchmarking we know how our company compares to others. While metrics do not yet fully answer the crucial question of program efficacy, it can help build the case for effectiveness.

The science and mostly art of effectiveness assessments is still evolving. You need to carefully identify types of data available, apply insight to the data, and design metrics to create the story around effectiveness. Ultimately you want to create a report that tells the story of the compliance program to leadership, and if ever needed—to enforcement authorities and industry regulators.

Originally published in Compliance Week

Global companies have been embracing socially responsible spending projects to build stronger relationships with local communities, writes Michael Volkov in his firm’s Corruption, Crime & Compliance blog. He writes that the idea makes a lot of sense and real projects can result in real benefits.

“As with any significant source of money, there are risks. Major global companies have been caught in some embarrassing situations, some of which can have real legal and reputational consequences,” he explains.

In an attempt to promote the goodwill of the company in emerging markets, companies sometimes spend large amounts of money, only to find out later that foreign leaders have lined their pockets with the funds to the detriment of the locally intended beneficiaries, he adds.

Read the article.

Masuda Funai will host a legal symposium titled “Issues Facing U.S. Subsidiaries of Japanese Multinationals” on Thursday, June 9, 2016, in Glenview, Ill., at the Glen Club, 2901 W. Lake Avenue. Glenview is a suburb of Chicago.

The event will begin at 8 a.m. with registration, networking and breakfast.

The program beings with a session called  “Compliance Concerns; Business Ethics,” starting at 8:30 a.m. Next will be “Governance and Parent-Subsidiary Matters” at 9:30 a.m. The morning program will include “Protection of Intellectual Property” at 10:45 a.m.

“Update on Professional Responsibility Issues” will be presented at 12:30 p.m., after lunch.

Anyone wanting more information may contact Carrie Buell, Senior Marketing Coordinator, at events@masudafunai.com or 312.245.7444.

Register for the symposium.

The National Association of Corporate Directors (NACD) has published for download “How to Ensure Organizational Resiliency,” a featured article in the latest issue of NACD Directorship magazine.

The article explores what directors think boards can do to ensure a company’s survival — despite high rates of business failure.

NACD Directorship magazine, a leading source of boardroom intelligence and corporate governance information for board directors, is an exclusive benefit of NACD membership, but General Counsel News readers are invited to download a complimentary copy.

Download the article.

The National Association of Corporate Directors (NACD) has recently released its annual report on director compensation – a valuable guide NACD members use to benchmark their board’s compensation practices.

Determining what constitutes fair director pay is no easy task, the association says in a release. It’s important to periodically review your board’s compensation practices and to understand how they compare to those of your industry peers.

Compiled in partnership with Pearl Meyer, the report provides a comprehensive overview of non-employee-director pay practices across a wide range of industries and company sizes. The report also includes six leading practices for director compensation from the Report of the NACD Blue Ribbon Commission on Director Compensation.

Download the report’s summary.

By  Jose Tabuena, JD, CFE, CHC

As the compliance field evolves, auditors should take heed of the power of data analytics and predictive models. The area of program evaluation is one that is ripe for opportunity to apply such techniques for both assessing compliance effectiveness and for nudging employee behavior toward supporting an ethical workplace. But keep in mind predictive models yield benefits only if appropriately acted upon.

Behavioral science provides a powerful set of tools for acting on data analytic indications when behavior change is the order of the day. Specifically, “behavioral economics” combines elements from economics and psychology to understand human behavior— even when it’s irrational.

The U.S. Department of Justice (DoJ) has signaled strong messages on the importance of having an “effective” compliance program finally bringing the conundrum of program measurement to the forefront. Although the Federal Sentencing Guidelines and its “elements” of compliance have existed for over twenty years, the formal standards and processes by which compliance programs are currently measured for effectiveness remain notoriously sketchy. This trend of the government to provide more guidance has continued with the DoJ stating it plans to release a set of sample questions to give companies an idea what investigators and prosecutors are concerned with. Apart from the ability of “effective” compliance programs to reduce the risks of high fines and liability, management has a financial stake in measuring the effectiveness of a compliance program. Operating a compliance program requires a significant investment in time and resources. Poorly functioning compliance programs are likely to waste money, divert scarce resources and operate sub-optimally with respect to mitigating serious, business-threatening risks.

Moreover, the positive effects of a compliance program may include better financial performance. Studies have started to show that in the long-run, a truly ethical and lawabiding corporation is more likely to foster on several measures—customer loyalty, increased employee retention, and strengthened public reputation.

The new DoJ compliance counsel in assisting federal prosecutors develop appropriate benchmarks for evaluating compliance programs, is to provide expert guidance to help prosecutors evaluate whether the implementation of such measures has been effective and has had a remediation effect. Naturally there is acute interest by compliance professionals in the work and impact of the DoJ compliance counsel. This position will be a focus for determining the benchmarks for effective compliance programs, and there is legitimate concern whether sufficient input from the industry compliance community will be considered in connection with future developments. Compliance professionals have had more than 20 years’ of practical experience in direct observation of what effectiveness means for organizational compliance programs, and the DoJ is only now embarking on zeroing in on this in a focused and systemic manner. The hope is that the DoJ will allow for constructive input from the compliance community on the meaningful measures of an effective compliance program.

Applying the “law” is not enough

The legal system is replete with examples where assumptions on how the world works as the basis for establishing laws and regulations has proven dreadfully wrong. Take the value of eyewitness testimony as one example. For a long history, prosecutors could argue for convictions based on the strength of a single eyewitness—the more confident the witness, the more seemingly infallible the testimony. That is, until psychologists conducted controlled studies on the reliability of eyewitness perceptions and the ability to accurately recall from memory.

An auditor evaluating an established compliance program could start with evidence that the organization has consistently implemented the elements of a program as defined by the Federal Sentencing Guidelines. But that is just the beginning. The experienced program evaluator recognizes that measuring implementation is different from the more difficult task of evaluating effectiveness.

After initial resistance, there was eventual recognition by the criminal justice system that eyewitness testimony can be extremely unreliable depending on the circumstances of the event and how potential suspects are presented to the witness. As a result, strict procedures for showing photographs and lineups for suspect identification have evolved. The use of psychologists to provide expert testimony during trials on eyewitness reliability is allowed by many judges. The emergence of DNA testing and the release of wrongly convicted individuals further demonstrate the danger of untested assumptions.

The modern American law school started with the belief that law can be understood and taught as a science. This belief was based on ideology that what mattered was understanding and rationalizing the law applied in courtrooms by judges. The search for the underlying principles provided the basis for the science of law. The body of cases, correctly analyzed, would reveal a set of internally consistent principles inherent in either human nature or culture and expressed case by case through the judges.

This approach of the law as a science has since fallen by the wayside. One only has to look at the divided opinions of the U.S. Supreme Court to recognize the fallacy of the law as a robust science. However, the myth that legal principles result in rational truth still persists. One example is the definition of an effective compliance program under the Federal Sentencing Guidelines. The elements of an effective program seem conceptually sound, but how do we know that applying them actually promotes a culture of compliance and prevents violations of law?

The fallacy is that while legal principles may seem rigorous in theory, they may not reflect actual reality. The idea of a classic mathematical proof is to begin with a series of statements that can be assumed to be true or that are self-evidently true. Then by arguing logically, it is possible to arrive at a conclusion. If the statements are correct and the logic is flawless, then the conclusion will be undeniable.

Scientific theory, on the other hand, can never be proved to the same level of a mathematical theorem. It is only considered highly likely based on the evidence available. Scientific proof relies on perception and observations both of which are fallible and provide only approximations to the truth. This is why experiments are performed to test the predictive power of a scientific hypothesis.

Legal principles often make assumptions about human behavior—such as the accuracy of eyewitness perceptions or the view that investors act rationally in financial markets. But science has started to reveal the weaknesses and subtleties underlying those assumptions.

Applying behavioral science

Principles, such as compliance program components, shouldn’t be taken on faith. When practical, the underlying elements should be field-tested using randomized controlled trials to measure their validity.

For instance, simply having a code of conduct and related compliance policies is obviously not enough to influence employee behavior. So what is it about a code of conduct, how it is written, communicated, and trained to the workforce, that can make a real difference?

In the field of behavioral economics, priming has proven to be an effective tool to subtly encourage honest behavior. Priming occurs when an individual is exposed to a specific stimulus that influences his or her ensuing actions. In studies by behavioral economist, Dan Ariely, experiments were designed to influence honest behavior when researchers “primed” people with a stimulus that involved morality and then observed how often cheating occurred when solving small math problems. When the participants were asked to recall the Ten Commandments, cheating significantly decreased compared with those who were instead asked to recall the names of Shakespeare’s sonnets.

Similar studies provide additional behavioral insights. It is easier to be just a little dishonest. Experiments show that we are more likely to cheat over a small amount of money than a large amount. People also tend to find it harder to be dishonest when interacting with another person than with an impersonal mechanism. The belief that we make rational decisions is a myth that belies the complexity of human behavior.

How do you know a program is working?

How can the auditor tasked with evaluating a compliance program take into account the findings of behavioral scientists? In the short history of the compliance profession, a variety of distinct approaches have been attempted. Yet any approach taken in isolation may yield unreliable information.

An auditor evaluating an established compliance program could start with evidence that the organization has consistently implemented the elements of a program as defined by the Federal Sentencing Guidelines. But that is just the beginning. The experienced program evaluator recognizes that measuring implementation is different from the more difficult task of evaluating effectiveness.

One might look to see if the compliance program incorporates “best practice” features adopted by leading companies. As to the code of conduct, one could inquire whether it was written with simple, understandable text and distributed to all employees. However, experience shows that just because employees received a reasonably well designed code of conduct does not necessarily mean that they understood it, found it useful or took it seriously.

Academic research indicates that the highest indicator of workplace misconduct is fear of retaliation and the confidence employees feel when raising issues. So data on employee willingness to address matters with their immediate supervisor or to use the compliance hotline, as well as their views on what would happen if they reported misconduct, can prove meaningful as a measure of effectiveness.

The current obstacle is the lack of an accepted methodology for consistent measurement along with the absence of a comprehensive set of metrics in which to benchmark your compliance program. The means by which organizations measure the effectiveness of their programs still vary, and in some cases organizations can be lulled into a false sense of security by evaluations that may not be empirically based or reliable.

Which is why the recent moves by the DoJ and particularly the hiring of a compliance counsel are such promising developments. Compliance professionals have been seeking open discussion and analysis on the measurement challenge, including consideration of possible outcome measures by which organizations could demonstrate the impact of their programs (e.g., observed misconduct, frequency and nature of reporting, fear of retaliation, direct measurement in risk areas where this is possible). Doing so could encourage companies to undertake high-quality evaluative efforts, and prompt boards of directors to review and reflect on the results of such efforts.

Subject matter expertise

When considering the compliance program as a broad control and evaluating program elements, don’t neglect the value of technical expertise. While auditors have expertise in the methodology of program evaluation (itself a valuable skill), subject matter expertise is just as essential. It does occur that auditors miss a significant problem because the evaluation approach was structurally blind to the domain and members of the review team not truly understanding the details of “how it works.” And technical folks are nudged outside their core expertise such as when audit and professional services teams strive for high utilization of its staff. Have a fraud specialist on the team for financial controls, a cyber-expert during an information security review, and definitely have a compliance specialist when evaluating a compliance program.

As the field of compliance management continues to mature, reliable means to evaluate compliance program effectiveness will increasingly become imperative. This is true not only for auditors assisting operational leaders who must effectively manage risk, but for those in enforcement who need to make informed decisions, consistent with announced policies, relating to prosecution and punishment.

Originally published in Compliance Week

While the feds have certainly put hurdles in place to prevent abuse, outsourcing IT in a highly regulated industry like banking may very well lead to higher standards and quality outcomes, writes Bruce Harpham for CIO.

“Banking has changed since the global financial crisis in 2008. The steady increase in regulations from Washington, the states and international organizations are now impacting IT leaders,” he writes in the article. “As regulators examine vendor relationships and outsourcing arrangements more closely, there is a significant risk that poorly managed IT could trigger an audit finding, a fine or negative publicity.”

The article discusses some risks to manage as IT leaders plan to review and renew IT service providers in 2016.

Read the article.

Portland, Oregon-based Compli offers an on-demand webinar designed to help companies avoid unethical conduct that can drag them into news headlines, costing the companies dearly by impacting both their reputation and their bottom line.

The webinar covers the key elements for a successful ethics and compliance program, and how to keep your company from making the same costly mistakes.

Speakers are Ambyr O’Donnell, corporate law consultant, and Rick Ruden, Complí’s resident ethics and compliance expert. The discuss:

• New and noteworthy ethics and compliance issues emerging in the media
• The 5 key elements of a successful ethics and compliance program
• How these issues impact you

Watch the on-demand webinar.

Zenefits cofounder Parker Conrad resigned as CEO and as a director of the company, according to a Forbes report, as questions are being raised about the steps Conrad took to put Zenefits into hypergrowth – including flouting laws about who is allowed to sell insurance.

“COO David Sacks, formerly of PayPal, now steps into the CEO job at Zenefits,” the report says. “In an email sent to employees, he admitted the company has taken too many wrong steps. ‘We sell insurance in a highly regulated industry. In order to do that, we must be properly licensed. For us, compliance is like oxygen. Without it, we die,’ he wrote. ‘The fact is that many of our internal processes, controls, and actions around compliance have been inadequate, and some decisions have just been plain wrong. As a result, Parker has resigned.’”

Read the article.

The announcement by the Department of Justice Fraud Section that it hired Hui Chen, a lawyer with previous experience as a federal prosecutor and international corporate compliance, as a full-time Foreign Corrupt Practices Act compliance expert shows that compliance should be high on corporate agendas for 2016., writes Sarah C. Baskin in the Corporate Compliance and White Collar Advisor, published by Jackson Lewis.

“The DOJ’s move will likely lead to even greater and closer scrutiny of compliance programs. The first step employers should take in responding to this change is to conduct a prompt and thorough review of their compliance programs, starting with their Code of Conduct, their internal controls, monitoring, hotline, management of investigations and reporting protocols to law enforcement,” Baskin writes.

The article lists the key elements of a good compliance program.

Read the article.

No challenge is ever too big for a chief compliance officer, but such an attitude comes with a cost, warns Michael Volkov of the Volkov Law Group in his look at trends in compliance and ethics for the new year.

In his article, he discusses the elevation of the CCO in the boardroom, the consolidation of the CCO-CEO relationship, technology leveraging, the Justice Department’s hiring of Hui Chen as a Compliance Counsel, and ethical decision making.

Read the article.

Corporate Governance at UPS is not as clean as the board would like you to think, according to an article published on SeekingAlpha.com.

“UPS portrays itself as having a fair, transparent, and shareholder friendly corporate governance practices. Not all shareholders would agree, though,” the article says. “Two of its shareholders went on a campaign to publicly irritate and antagonize the board of directors, demanding the company to change a few of its disputable practices. This article tells their story.”

Read the story.

TechTarget has rounded up the top 10 governance, risk and compliance stories of the year, with timely advice about GRC strategy, 2015 compliance challenges and best practices for overcoming data security issues.

“This year proved, again, that governance, risk and compliance remains a top priority for companies,” the article reports. “But identifying these areas as a top concern and effectively addressing them are entirely different beasts. Between emerging governance concerns, the enactment of regulatory legislation, growing data challenges, mobile security issues and renewed encryption debates, GRC professionals have had their hands full in 2015.”

The article covers such topics as data currency, compliance with the SEC Regulation SCI, mobile device management, end-to-end encryption and more.

Read the article.

Michael Volkov of the Volkov Law Group writes in his blog that corporate lobbying interests are pushing a new and dangerous agenda in hoping to avoid compliance issues, one that is shortsighted and certain to create problems for chief compliance officers.

He writes that the U.S. Chamber of Commerce is proposing reliance on independent certifications of effective compliance programs and possible access to a compliance defense or safe harbor. “In support of this misguided approach, some are spending more time defining standards for such certifications and possible incentives for companies to be rewarded for such efforts,” he writes.

But that plan would give prosecutors “a license to conduct detailed and in-depth grand jury investigations into corporate compliance programs – bringing to light more potential violations and greater liabilities. Prosecutors will enjoy rummaging around corporate compliance programs.”

Read the article.

In the wake of an economic recession, many corporations have experienced greater scrutiny into their financial decisions, according to a report from Mitratech. Higher expectations, decreased budgets, and a growing workload are prevalent among every function of the organization, but legal departments have experienced the greatest shift in these dynamics over the past decade. This disruption has become the catalyst for much needed changes in the power structures of legal departments.

Mitratech is offering a free white paper that it calls a blueprint for becoming the best-run business unit in the organization.

The paper offers such advice – along with commentary and insight – as: visualize and measure what success looks like, hire a director of legal operations focused on operational excellence, create a legal technology roadmap through collaboration with it, leverage data to optimize resource selection, and train your legal staff to better understand the business.

Download the white paper.

Clearwater Compliance will present a complimentary webinar featuring industry experts discussing how to assess specific security risks and build a strong business case for enhanced security.

The webinar, titled “How to Calculate the Cost of a Data Breach and How to Get the Budget for Your HIPAA-HITECH Compliance Program,” will be Dec. 3, 2015, from 11 a.m. to 12:15 Central time.

“Even with the increased enforcement of HIPAA and HITECH requirements and the increase in penalties being levied for non-compliance, the security efforts of health care organizations responsible for safeguarding protected health information (PHI) are simply not keeping pace with the growing risks of unauthorized or impermissible disclosures of PHI,” the company says on its website. “Those risks are increasing as a result of the expansion in the number of organizations handling PHI and thus statutorily-obligated to comply with HIPAA, the increase in electronic health record (EHR) adoption and the growing rewards of PHI theft.”

Register for the webinar.