Former US Attorney Michael Volkov is one of the most prominent voices in the United States when it comes to adopting compliance policies in large organizations. After 17 years in court dealing with unethical companies, Volkov decided to be a consultant to companies interested in knowing the intricacies to become examples of obedience to the law. The culture of ethics must be transversal to any type of company. And the healthcare industry is no exception, advocates Volkov Law’s CEO. He says companies and healthcare professionals are increasingly under the crosshairs of the DOJ’s new policies, with more aggressive surveillance and heavier penalties.
Passionate for travel, arts and philanthropic activities and an avid tennis player, Volkov agreed to answer the following questions in July 2015.
You started your law career in 1982 and since then a lot changed in politics, law, ethics and compliance. What would you say were the main changes?
Michael Volkov – Over the course of my 30 year career, I have seen significant changes in politics, law, ethics and compliance. First, there has been a huge increase the volume and nature of criminal prosecutions of companies and individuals for white collar offenses, including bribery, fraud, AML, and antitrust violations. Criminal prosecution has replaced civil prosecutions as the primary engine of enforcement, deterrence and prevention. Second, in response to this significant trend, the last ten years has seen the risk of the compliance professional and the increasing importance of compliance as an established corporate governance function. With increasing criminal liability for individual executives and managers, companies have turned to internal ethics and compliance programs. Compliance professionals are the most sought after professionals for many industries right now, including pharmaceutical, medical device, service providers (e.g. hospitals), financial institutions, and oil and gas companies.
How does your past experience as federal prosecutor help you nowadays?
MV – My prior experience as a federal prosecutor has put me in a unique position — I am able to work with companies to institute proactive documentation and operational systems to prevent criminal liability for the company and individuals who work at the company. I know what types of evidence a prosecutor looks for and needs to build a criminal case, and I help companies to create systems that generate information to “negate criminal intent.” In other words, I make sure that there is record evidence to show that the company took great efforts to not act like a criminal organization.
You said “ethical companies are more profitable for numerous reasons”. Could you elaborate on that?
MV – I regularly advocate that companies committed to compliance should start with creating an ethical culture first — the best compliance control that a company can create and implement is a culture of ethics and compliance. No compliance system is perfect, and the most effective constraint on possible code and legal violations is a culture of ethics. Companies that have an ethical culture have lower incidents of misconduct and are more likely to report misconduct internally.
On the overall profitability, I have found research studies that show ethical companies are more profitable. This conclusion is fairly obvious — employees are happier at ethical companies because they believe in the organization and its leadership; employees are more productive and less likely to leave an ethical company — with lower turnover rates and higher productivity, companies are more likely to increase financial performance and profitability.
Some companies are repeat offenders, others create their own compliance codes but still they don’t practice what they preach and just use them as “window dressing”. Will that ever change? How?
MV – You have identified two of the biggest compliance problems across many industries — repeat offenders suffer from serious cultural deficiencies which usually reflect a disregard of compliance by the board, the CEO and senior management; and “paper compliance programs” which are those that are on paper but not implemented in practice. Both problems continue to plague companies — I see more paper programs than recidivists. Collateral consequences to companies that violate the law are increasing — shareholder lawsuits are rapidly increasing in number and demands. As a result, companies are realizing that spending money on compliance is a good investment over suffering serious consequence from criminal enforcement by the government and collateral consequences in private litigation.
From a corporate risk perspective, the greatest legal and compliance risk has to be the False Claims Act. Could you explain why?
MV – Companies in the healthcare sector, along with pharmaceutical and medical device companies face serious risks from the False Claims Act. First, the FCA enforcement program has been around for over 150 years; there are huge risks that relators/whistleblowers have in terms of financial rewards to report on companies that are earning revenues from fraud against the government. Second, the penalties are severe for FCA violations — each false claim is trebled (tripled) for damages calculations and can quickly add up. Third, and most significantly, a company cannot challenge the government’s enforcement action because if it loses they can be “excluded” from participating in federal healthcare programs. For most companies, they cannot survive without government reimbursement programs for healthcare services, and they have to settle the case rather than go to trial against the government.
The FCA risk has grown over the last five years as the Justice Department and the Inspector General for Health and Human Services have collected multi-billion dollar recoveries each year against healthcare providers (e.g. hospitals and doctors), and pharmaceutical and medical device companies.
In Brazil we have someting called “delator” which is similar to whistleblower. However, I believe there are some differences. Could you tell us a bit more about the role of the whistleblower? Is it an important role from an ethical point of view?
MV – Whistleblowers/Relators play a critical role in bringing False Claims Act cases. A relator will file a case under seal (meaning non-public) and inform the government of the filing and allegations. The government will review the case, and if they decide to join the whistleblower’s lawsuit, the government wins 99 percent of all of its FCA cases. This mechanism and procedure is the fuel for FCA enforcement and has been increasing each year. Whistleblowers have a financial incentive and are protected legally from retaliation. Companies have to be very careful when interacting with whistleblowers to ensure proper treatment.
You say that “CCOs in the healthcare industry need to be elevated and empowered. They have the title, they lack the resources, and they need to have a message of support sent.” What do board rooms need to do about this?
MV – CCOs in the healthcare industry have a very unusual history. Long ago, in the 1990s, the government recognized the importance of empowering an independent and separate CCP from the legal department. They insisted in every settlement that the CCO be separated and given greater authority outside the legal department. Unfortunately, in practice, the CCO has become a “backwater” player with inadequate authority and resources. Only now are we seeing some improvement in the stature of the CCO in healthcare companies.
Corporate boards have been asleep on many of these issues and have failed to proactively address the problems. With an aggressive enforcement environment, some boards at the larger companies have begun to address this issue and demand improvements in overall compliance functions, including elevating the CCO to a new role.
Do you really think that the lack of board commitment is the missing ingredient in making the healthcare industry more ethical?
MV – Yes, I do. I see “lip service” to the importance of ethics and compliance but there is little follow through on the issue. Corporate boards need to become more active in exercising their oversight and monitoring responsibilities.
Since 2010, in response to scandals and prosecutions in the healthcare sector, companies have had to separate the chief compliance functions from the chief legal officer. With that separation of the CCO and the legal function came a decrease of importance of the CCO. How can the healthcare industry turn CCOs into CCEOs?
MV – With the leadership of corporate boards, the CEO and senior management, healthcare companies have to elevate and empower the CCO function with authority, resources, and accountability for performance.
In 2014, the DOJ and HHS-OIG announced charges against individuals in several cities for Medicare fraud schemes involving approximately $260 million in false billings. Almost a third of those individuals charged were doctors, nurses, and other medical professionals. How would the CCO or the CCEO stop this from happening?
MV- Most of these criminals operate at a level below where compliance officers operate, meaning they work for themselves or small companies without a compliance function. These targeted fraud prosecutions are nothing more than common criminals using the healthcare system to steal money and commit fraud. These cases do not involve larger companies or medical organizations where compliance functions are operating.
You defined the five steps that the DOJ is using to fight healthcare fraud: 1. Focus on Providers, 2. Following the Money, 3. Using All the Tools, 4. Charging Professionals, 5. Quality of Care. Could you explain how each one works?
MV – Right now, DOJ relies on a pay and chase model for fighting fraud. In other words, they pay the provider, then check out the provider based on patterns and amounts of payments, find out he or she is committing fraud, and then seek/chase the provider to prosecute criminally and/or civilly to recover funds. The pay and chase model, by definition, is inefficient and unsuccessful as a real deterrent to stop fraud.
DOJ is prosecuting, after the fact, doctors and other providers for fraud but still losing money in the equation; using the full complement of criminal investigatory tools (undercover recordings, informants, search warrants, etc), and now bringing criminal and civil cases for poor quality of care as a type of fraud committed against the government, meaning that they are not providing minimum quality of care to patients but charging the patient/government for such services.
A more effective strategy is a proactive approach. Before a private insurance or public government agency pays a medical bill to a provider, there needs to be proactive due diligence steps to verify who the provider is, do they have an office, do they really provide services, and are they legally entitled to the money. The more money spent on proactive, pre-payment investigations, the more often private and public payers can identify potential fraud risks and prevent loss of any money.
I don’t know if you heard about the scandal in Brazil with Orthotics & Prosthetics, in 2014. I saw that something similar happened in the US. In 2013 the CMS had failed to stop the illegal practice of paying unlicensed providers for orthotic and prosthetic services provided to Medicare beneficiaries. a) Easy money talks and ethic walks? b) That case shows that we still have no way of learning from other countries’ mistakes or do you think that information doesn’t leave US borders?
MV – Unfortunately, incentives to commit fraud and other criminal acts are not limited by borders — criminals exist in every country and there is nothing to stop them from committing crimes in the healthcare sector. I am not familiar with the Brazil scandal involving Orthotics and Prosthetics, but I am not surprised by financial wrongdoing in this area since it is a high fraud risk area (like hospice and nursing facilities).
You wrote that compliance is not just a cost center, it is an important way to enhance the organization’s financial performance and reputational integrity. Reputation costs money or attracts money?
MV – Reputation protects a company by instilling a positive view of the company in employees, customers, suppliers and vendors — in many cases, companies suffer more from repetitional damage than financial burdens of a fine. Investing in compliance is a way to promote financial profitability by creating an ethical culture, and creating an image that the company can present to external stakeholders. That is important to promote a company with its stakeholders and its community.
“Is this right?” or “Is this legal?”. You wrote this stating that an ethical culture is much more than a compliance culture. But the law is based on moral, on what is right. How did those concepts become so far apart?
MV – I do not accept the premise of your question — what is legally correct is not necessarily what is ethically correct. The law defines legal values. The law does no define ethical values. Usually ethical values are focused on different issues and principles. Compliance with the law does not mean ethical compliance with our values. a Company has to define its ethical principles, usually with specific defined principles.
From all the cases you dealt with since 1982 both with the DOJ and private practice, can you see the light at the end of the tunnel? Is there hope for the healthcare industry?
MV – There is definitely hope for the healthcare industry. For the first time in our history, compliance is an integral part of our governance framework. There is a lot of work to be done but we are on the right path. Companies and individuals want to do the right thing — it is just a matter of dedicating resources and time and attention to this mission. The government has a lot of power and tools to make sure this happens, but all the enforcement in the world cannot bring about a dramatic change without the support, commitment and engagement of corporate boards, communities, CEOs, senior executives and compliance professionals. We are on a path to greater compliance “enlightenment” — it will be an incredible journey.