People who consistently miss the point are frustrating. Focus is an important discipline. Whatever you do in life, the ability to focus is critical.
In the compliance arena, the same principle rings true. It is easy to get “distracted” into a number of areas. CCOs are bombarded each day with risks and threats. Meetings, internal journals, conferences, and other information sources cite all the risks, the downsides and difficulties facing a company and its CCO.
CCOs have to develop analytical discipline. They have to ask themselves – what are my most significant risks? Everything CCOs do each day is in response to this question and a formal or informal ranking of risks. For the CCO, it is an intuitive process, and guides their activities.
CCOs have to prioritize their job or they will sink into a morass of risks, meetings, policies, practices, and an inability to address any issues with a sustained commitment. A risk-ranking system is a guidance system for CCOs and his/her resources.
The CCO’s mission is more than just risk-ranking. The cutting edge issue in the compliance field is managing and monitoring “risky interactions.”
What do I mean by “risky interactions”?
In the FCPA context, a risky interaction is contact between a company sales person or sales representative and a foreign official to discuss the company’s interest in a foreign government contract.
Similarly, a risky interaction could involve a company sales person taking a foreign official to lunch to discuss business opportunities.
The concept of “risky interactions” extends into other areas as well. In the anti-kickback context, a pharmaceutical sales person who meets a hospital representative or physician group creates a “risky interaction.”
Once defined, a CCO has to influence that interaction to the best of his/her ability. How does the CCO do that?
CCOs are focusing on these interactions and building appropriate controls. CCOs are requiring prior approvals for such interactions, requiring post-meeting reports, and maintaining a database of risky interactions.
New technologies are being developed to focus attention on this area. Real-time sales reports using I-Pads and other technologies can be drafted and filed to confirm the absence of improper interactions. CCOs are driving demand for these new technologies and the compliance industry will respond.
Technology can easily stretch into new areas where monitoring and mitigating risk can include real-time recording (assuming recording is authorized under applicable law).
Even without technologies and databases to focus on risky interactions, CCOs need to use existing tools to reduce the risk. From a proactive perspective, training and other instruction on proper and improper interactions is important.
After the fact documentation also can be used to build a record of compliance. After the meeting, a sales person could be required to fill out a form and sign it to confirm that nothing improper was discussed or occurred during the risky interaction.
All of this takes time, resources and money. Depending upon the risk and the need to develop a record of compliance to mitigate risk and defend against charges of impropriety, existing tools can be used.
Whatever tools are available, a CCO has to keep his/her eye on the ball. Risky interactions are where the rubber meets the road, and CCOs have to attend to reduce the surrounding risk to these interactions.