Everyone in the compliance arena is tired of the refrain: document, document, document. It is easy advice but difficult to implement on a consistent basis. It is hard to justify the time and effort needed to document compliance steps when the risk appears to be remote. Turning this equation around requires education, training and commitment.
Compliance professionals know when documentation should be required. The question should always be asked – “Will a document of a decision or action be helpful in the event of compliance concerns (either from an internal inquiry or an outside enforcement action)?
The cutting edge area of compliance and documentation is specific risky interactions. For example, in the off-label marketing area, or in the FCPA context, it is easy to identify the risk interactions: a pharmaceutical representative meets with a doctor to discuss the company’s products, or a company representative meets with a foreign official about a potential contract with a foreign government. As we say, this is where the rubber meets the road.
From a compliance perspective, this is an area where documentation would be helpful. The focus of this documentation is critical – to negate specific intent. That is the goal of documenting risky interactions – to establish that no improper interaction occurred: no attempt was made to promote an off-label use of a pharmaceutical, or no attempt was made to bribe a foreign official for a government contract (or other benefit).
The question then becomes how to document the interaction? There are limited alternatives: (1) audio or videotape, a costly and impractical alternative; or (2) contemporaneous documentation.
With advancing technology, contemporaneous documentation can now be accomplished through a variety of services requiring salespersons to use devices such as IPads and report through simple interfaces and software on a specific meeting. Calendar entries can be coordinated with recording programs and data can be captured and preserved.
The reports include a certification that no improper activity occurred. The value of this documentation is not overwhelming – it can be dismissed as self-serving statements of compliance. However, it is one piece of a compliance picture. It also helps to identify the other witness/participant – the doctor or the foreign official – in the risky interaction.
All of this effort is aimed at negating specific intent – the more instances of compliance which can be documented, the more persuasive an argument can be made that a violation was an aberration.
Risks have to be prioritized and documentation follows this inquiry. Due diligence documentation should always be on the top of the list. Specific interactions then can be ranked based on risk – interactions involving sales to foreign officials, customs clearance, visas, zoning and other regulatory interactions can be ranked for documentation. Building a compliance record, in the end, involves recording positive steps taken by a company and all of its employees.