Compliance Today

Based On An Interview With Campbell Clark, Vice President, Legal And Compliance, Asia Pacific, Medtronic

Based On An Interview With Campbell Clark, Vice President, Legal And Compliance, Asia Pacific, Medtronic

Establishing a compliance culture

Critical to the success of a compliance program is the culture. No amount of expenditure on building out compliance teams and technology will compensate for a poor compliance culture in an organization. Frequently we hear about “tone from the top,” and whilst it is certainly true that if senior leadership does not set the compliance tone, it will be difficult, if not impossible, for those at lower levels of the business to create the “right” culture. Equally, however, all employees at all levels have responsibility for compliance.

“Walk the talk”

We are now hearing more about compliance risks than ever before. Businesses are promoting their culture of ethics and integrity as a selling point to employees, potential employees, and external stakeholders. It is, therefore, of utmost importance that business does what it says it will do when it promotes its culture of ethics and integrity.

Employees and stakeholders will quickly call out hypocrisy when they see it and will hold leadership accountable if senior leaders are not living up to the compliance expectations that they espouse. Moreover, regulators tend to look more at what business does that what it says it does.

Technology in managing compliance risks

With the advent of machine learning, there are more tools than ever to enable compliance teams to monitor and manage unusual transactions.

These technologies enable compliance teams to identify and diagnose outlier transactions more effectively and efficiently than ever. Deployment of these technologies is not, however, a substitute for experienced compliance professionals who, after all, must interpret the data, understand the context, and take steps to address issues identified. It follows that business counseling will form a bigger part of the compliance teams’ work; with technology, less time needs to be devoted to the more routine and time-consuming monitoring work.

Responding to compliance infractions

Compliance breaches occur, either through inadvertence, negligence, or intentionally wrongful conduct. And people talk. They are more connected than ever. How business investigates and then responds to a problem will be closely followed by employees, stakeholders, and regulators. This necessitates an independent and accountable investigations team that can be relied on to find the facts and to not embark on an investigation with a pre-determined outcome. Once the facts are found, it is for leadership to evaluate those, guided by their legal and compliance advisers. Leadership is then responsible for arriving at decisions that fairly attribute responsibility where it is warranted and to impose disciplinary actions on wrongdoers.

Business needs to take on board “lessons learnt” and to implement strategies to avoid a recurrence. It can only do so if there are opportunities for open discussion about the problem, how it arose, and what leadership is doing to fix the problem. It follows that leadership is also responsible for implementing necessary remedial actions and ensure that the agreed actions are indeed carried out.

What is the impact of social media on the compliance landscape?

With an ever-increasing awareness of compliance, and the willingness of employees and stakeholders to call out concerns when they see them, the business faces a new challenge. Whilst a decade ago, concerns voiced by employees and stakeholders would likely only reach a limited audience, that has all changed with social media. Now, everyone can be an investigative reporter, and to share their concerns far and wide. This obviously poses risks for business, including a negative reputational impact. The business, therefore, needs to be clear about its compliance expectations and be ready to respond quickly and sincerely to concerns that are voiced on social media. That necessitates closely monitoring social media channels. Better still, business needs to be “out front” of potential compliance risks and be seen to be actively managing those.

Is the fear of retaliation real?

Employees and stakeholders need to be empowered to raise concerns without fear of adverse consequences for doing so. Good corporate culture necessitates that everyone should be free to voice out their genuine concerns, and in doing so, they should have a reasonable expectation that those concerns will be investigated, and appropriate action will be taken if wrongdoing is established. Not all concerns will be substantiated. Even in those circumstances, if the concern was genuinely held, the reporter should never be in fear of retaliatory action against them.

To that end, the business must establish anti-retaliation policies and communicate those to employees and stakeholders.

Transparency in healthcare

Working for a healthcare company, I can say that nothing is as important to patients than their trust and confidence in the healthcare professionals treating them. It follows that patients should not be concerned that undisclosed conflicts of interest might be influencing their care and treatment. It is for this reason that in many jurisdictions transparency or “sunshine” laws have been enacted, under which healthcare companies are required to track and disclose “transfers of value” to healthcare professionals, including honoraria paid to healthcare professionals for provision of services to companies, training and education benefits, and incidental travel and hospitality. Many healthcare companies indeed advocated for these laws in recognition of the need to put the interests of patients first.

Compliance codes of ethics and conduct in healthcare

The healthcare industry has been diligent in shaping voluntary codes of ethics and conduct around the world. Oftentimes, adherence to a code of ethics and conduct is a prerequisite to membership of an industry association. The value of companies signing up for a code of ethics and conduct is that it is a signal to their employees and external stakeholders of that company’s commitment to doing things in the right way. Typically, the codes seek to lay out the acceptable behaviors from an industry perspective and to provide guidance as to why those standards are being put in place. It also means that companies in the industry are “playing by the same rules,” and to reduce instances where one company secures an unfair advantage over its competitors by engaging in unethical and/or illegal conduct.

What are some of the challenges that a business faces to understand the compliance dimensions of new technology?

Healthcare companies invest significant sums in the development of new technologies with the clear objective of improving the health and welfare of patients. Traditional technology companies are also focusing more on healthcare. Innovation is the cornerstone of the industry. There is increasing deployment of technologies to monitor the medical conditions of large population groups with devices that can interrogate a patient’s physical condition, anytime anywhere. Whilst the benefits of that may be clear, oftentimes, the legal and policy framework lags the innovation. It is, therefore, more important than ever that legal and compliance teams can identify the risks in advance and be able to advise the business on the existing legislative framework on a jurisdiction by jurisdiction basis. It is of paramount importance that business stays in compliance with the existing legal constraints. It cannot be forgotten that there is also an opportunity for industry associations to advocate for legislative change on behalf of their members where that is called for.

What role does the Compliance function play a role in helping businesses steer ahead of the competition?

Compliance can be a competitive advantage. The healthcare industry is highly regulated across all markets, and the trend globally is towards more and not less regulation. Companies need to rethink their business models and strategies, given the increased focus and attention on the healthcare industry.

These changes are rapid and unpredictable, indicating a future that is more restrictive than permissive. Missteps can result in significant reputational risk for business and their employees. For those businesses that get it right, and having a reputation for doing the right thing, they will enjoy favored employer and supplier status.

What is your advice to and entrepreneurs in this landscape?

Entrepreneurs need to act within the existing legal frameworks. As their ideas gain traction, they will face increased attention, and with that comes regulatory oversight. Entrepreneurs need to have a clear ethical compass, they must want to do the right thing, and they must not let the ends justify the means. Entrepreneurs need to figure out what their key markets are, who they need to engage in those markets and to learn and understand the regulatory constraints to which they are subject. Rules are different in every jurisdiction, and business needs to be respectful of local laws and regulatory regimes.

Concluding remarks

In our highly regulated environment, with the increasing expectations of regulators around the world for business to manage their compliance risks, there is increasing pressure on compliance teams. Technology can play a big part – in that it frees up compliance teams to focus on more “value-added” business counseling – but technology alone is not the answer to managing risk. Helping develop the culture of ethics and integrity is the fundamental role of the compliance team. That involves engaging with leadership and others throughout the business and encouraging them to look at the work they do through the lens of compliance. This is vitally important in those industries where innovation may be out-pacing legal frameworks that were designed for a different time.