Michael Volkov has an excellent article comparing the
requirements of Corporate Integrity Agreements (CIAs) and Deferred or Non
Prosecution Agreements (DPAs). Essentially, he
notes that CIAs are generally more prescriptive in enumerating compliance
obligations than DPAs.
The reasons for this difference primarily lie in the
difference between the OIG-HHS and the DOJ.
The OIG-HHS has a long history of industry participation in compliance
program guidance and oversight. As such, they have significant opinions about
what works and what doesn’t. This translates
into more detail. The DOJ with DPAs
takes a more “hands off” approach.
Essentially, they rely on the company and the monitor to propose and
evaluate the remedial compliance infrastructure.
For what it is worth, I think the OIG-HHS approach is more
business friendly. As a former
compliance officer who had to live under an agreement, I preferred that my
responsibilities be clearly delineated—not subject to the whims of a
monitor. The monitor may or may not have
a complete understanding of my industry or what actually works in a
company. The monitor might be trying to
sell more consulting work. Often, the
cure is worse than the disease in these matters. The controls recommended by a monitor or an
IRO may not only prevent bribery, they might prevent business!
I have seen this in action.
A large multinational engaged a firm to design their anti-bribery
program. My job was to tailor the
program to the largest North American division.
The program was a nightmare. It
was a hodge podge of redundant and unnecessary controls no doubt authored by
inexperienced staff who had never seen the inside of a company. Belts hold your pants up just as well as
suspenders, but both are not required to avoid embarrassment.
On the other hand, the more time that passes from the
signing of the CIA, the less relevant that prescriptive document becomes. Business models change, processes change, products
change, and people change. Some CIAs are
7 or more years. They can become
irrelevant quickly. I must say, however,
that I have always found the OIG-HHS to be very reasonable in amending the
agreement when a requirement no longer makes sense. The consistent oversight function within the
OIG-HHS makes this a workable framework.
Attorneys often like vague language around obligations. It
makes it easier to defend the allegation of a breach. For my money, however, I like to know what
the requirements are. That makes it
easier to budget the cost and less disruptive to the ongoing business.
No comments:
Post a Comment