Accountability for Compliance Program Failures

Who Is Responsible for Compliance Program Failures

Accountability for Compliance Program Failures – When a compliance program is not functioning as intended, various parties within and outside the organization may face significant risk and consequences. The following section details who may be exposed and the nature of their accountability in the event of compliance program failures.

Who Is at Risk If the Compliance Program Is Ineffective?

Several individuals and entities may be “in the line of fire” if a compliance program fails. The potential exposure and implications for each are described below.

The Organization

The organization bears direct responsibility for any overpayments and the penalties that arise from non-compliance. In situations involving investigations, the organization may seek to cooperate with government authorities to earn cooperation credit, which requires demonstrating genuine efforts to cooperate with investigations and remediate issues. Current regulations also mandate that organizations identify any individual wrongdoing as part of their cooperation. Additionally, organizations will often negotiate with authorities to reduce penalties imposed due to non-compliance. In some cases, they may enter into a Corporate Integrity Agreement, which formalizes their commitment to corrective actions and ongoing compliance improvements.

The Individual Employee

The exposure faced by individual employees depends largely on their knowledge of improper billings. Consideration is also given to whether employees received adequate training in compliance requirements. Ultimately, the determination of liability for employees is fact-specific and hinges on the details of each case.

The CEO

The CEO can be held accountable for compliance failures even if they were not directly involved or aware of the issue. Under the Responsible Corporate Officer Doctrine, responsibility may be assigned to the CEO based solely on their position within the organization. If the CEO fails to fulfill duties related to oversight of compliance, they may face personal liability. Furthermore, any interference by the CEO with the compliance process increases their risk of exposure.

The Board of Directors

Board members’ liability is determined by the specific circumstances and facts of each case. They may be held accountable if they fail to properly oversee compliance activities. Insufficient allocation of resources or budget for compliance can further expose the board. If the board is found to have established or had imputed knowledge of non-compliance, their liability may increase. However, reasonable reliance on compliance experts can sometimes mitigate the board’s exposure.

The Compliance Officer

If the compliance program is deemed inadequate, the compliance officer may be held responsible. A lack of risk assessment or other essential compliance activities increases the compliance officer’s exposure. The Responsible Corporate Officer Doctrine can also apply to compliance officers, further increasing their personal accountability.