Compliance Reporting to Legal Counsel is Not Prohibited, but is Problematic
Key Points:
- Not prohibited, but frowned upon by the DOJ and OIG
- Creates a potential conflict of interest
- Concerned Legal Counsel may not be forthcoming in making disclosures
- Legal Counsel must give Upjohn Warnings that chills employee trust
Without question, both the Compliance Officer and Legal Counsel perform crucial, related, but distinctive functions that sometimes raise issues, particularly in organizations where both are under a single authority. The 2024 Healthcare Compliance Benchmark Survey Report found that seventeen percent of respondents reported this reporting structure as the case for their organization. There are compelling reasons why Legal Counsel should avoid filling the compliance role. For instance, there are significant differences in the roles for each function that should be clearly defined. Legal counsel is an advocate for the organization. Legal Counsel concentrates on the legal framework defined by a set of rules established and regulated by the government on behalf of the organization and works to mitigate the exposure and impact of areas of potential liability. Compliance Officers are responsible for the day-to-day operation of the compliance program that includes the creation and maintenance of the code of conduct and compliance-related policies; maintaining compliance communication channels for reporting suspected and potential wrongdoing; acting upon information received; ensuring ongoing compliance risk monitoring and auditing etc.
Enforcement Agencies Troubled by Dual Authority
Legal Counsel having responsibility for the compliance program is viewed by many as logical in that they possess knowledge of laws and regulations applicable to the organization. However, enforcement authorities believe assigning these responsibilities to Legal Counsel makes a compliance program less effective and potentially undermines the effectiveness of meeting the legal counsel role. The separation of compliance from legal, with the Compliance Officer having co-equal status with Legal Counsel, is a structure called for by both the Department of Justice (DOJ) and the Department of Health and Human Services, Office of Inspector General (OIG) as the best model. The OIG’s stated position is that Legal Counsel should not exercise a dual role that includes compliance. In their General Compliance Program Guidance and guidance for the various healthcare sectors, the OIG makes clear that the Compliance Officer should report directly to the CEO and not be subordinate to Legal Counsel. Their Corporate Integrity Agreements with providers further underscore this position and have standard language that states: “The Compliance Officer shall be a member of senior management, shall make periodic (at least quarterly) reports regarding compliance matters directly to the Board of Directors, and shall be authorized to report on such matters to the Board of Directors at any time. The Compliance Officer shall not be or be subordinate to the General Counsel or Chief Financial Officer.” The DOJ is also troubled by organizations with the Compliance Officer subordinate to the Legal Counsel. There is the concern that Legal Counsel may use their authority to hide rather than freely disclose potential violations of law or regulation. Both the DOJ and OIG are of the opinion that combining the two roles creates a conflict of interest and that separating the compliance function from key management positions, including Legal Counsel, reinforces the independence of the function.
Upjohn Warnings
The cornerstone of any effective compliance program is robust compliance communication, whereby employees are encouraged and supported in reporting to and cooperating with management and the Compliance Officer in addressing potential wrongdoing. This is actively promoted by the US Sentencing Commission Guidelines, the OIG Compliance Program Guidance, and the DOJ Compliance Program Effectiveness Evaluation Guidelines. Anything that inhibits this communication undercuts the compliance program. This can present an added challenge when compliance is under Legal Counsel. The canon of ethics of the American Bar Association calls for Legal Counsel to give what is referred to as the “Upjohn Warning” (also referred to as a corporate Miranda Warning) prior to interviewing employees. It takes its name from the Supreme Court case, Upjohn Co. v. United States. It requires legal counsel to disclose that the information the attorney collected is for the purpose of providing legal advice to the company and that they represent the company, not the employee. Also, the employee is told that communication is protected by the attorney-client privilege, which is controlled exclusively by the company, and that the employee must keep the communication confidential, meaning that it cannot be disclosed to any third party other than the employee’s own attorney. Additionally, the delivery of the warning is documented. This can spook employees and inhibit them from reporting or volunteering useful information, especially where this issue involves members of management or the practices of the organization. Compliance Officers, whether they are attorneys themselves, are not required to provide this warning.
Conclusion
The best practice is to separate the Compliance Officer and Legal Counsel functions. Although there is no legal prohibition for Legal Counsel to also manage or control the compliance function, it creates added challenges should regulatory authorities confront the organization. As both the DOJ and OIG have investigating potential, corporate violation of law would question the manner by which the program was managed. The potential consequences of failing to use an appropriate structure is increased penalties in the event of organizational misconduct, so the consequences can be quite serious. The burden would be upon the organization to evidence that having Legal Counsel manage the Compliance Program was the best model for ensuring an effective program. However, because their presence was the result of investigating potential fraud or other violations of law, it is reasonable that they would be skeptical of any unsupportable representations concerning the effectiveness of the compliance program. In addition, Legal Counsel would be placed in a difficult position, bearing considerable responsibility for what would be seen as a compliance failure.
You can keep up-to-date with Strategic Management Services by following us on LinkedIn
