Compliance Perspectives

By Adam Turteltaub Sevda Huseynova is the Ethics and Compliance Officer for SOCAR Midstream, a state-owned enterprise (SOE) in Azerbaijan. The company manages the oil and gas export pipelines of the country. If you think working for an SOE means you don’t have to worry about compliance, she warns you to think again. SOEs still faces risk in a wide range of areas including anticorruption, sanctions, third parties and more. Investors want to ensure that the company operates up to global standards, which isn’t always easy since compliance is relatively new in Azerbaijan. SOCAR midstream is up to the task, though, she reports. The company seeks to comply with local laws as well as international standards such as those of the OECD and the UN Convention on Corruption. To meet its goals, the compliance program is based on the seven elements approach found in most compliance programs and has three tiers addressing prevention, detection and corrective actions. She advises others working in SOEs to embrace five k

By Adam Turteltaub KISS takes on a new meaning in this podcast: Keep it Streamlined & Strategic. Keeping it streamlined and strategic is also the topic of a session at the 2025 HCCA Compliance Institute that will be led by Krista Muszak, Senior Manager, Process Optimization at Pfizer and Angela Smart, Senior Compliance and Ethics Partner, Intermountain Healthcare. Specifically. they’ll be applying this new take on KISS to the topic of program effectiveness. So how does it work? How do we keep our programs streamlined and strategic?  First, we avoid scope creep and remain focused. That, they explain, begins with having and continuously referring back to a program charter that keeps you and everyone else involved from pursuing all the tangential issues that could derail your efforts. Second, they advise following the PDCA formula: Plan, Do, Check and Act. Third is conducting a root cause analysis that helps you understand not what happened but why. It will keep  you thinking strategically and not just abou

By Adam Turteltaub Business people are given all kinds of goals for revenues, profitability, efficiency and more. For compliance, though, not so often. Many organizations struggle with how to set compliance goals, or even if they should set them. Madrid-based, Juan Ignacio Paillás, Head of Global Compliance Business Sectors for Merck KGaA, Darmstadt, Germany, explains how it should be done. First, he advises, understand the context in which you are working, particularly about how your organizations manages objectives. For example, some organizations embrace very rigid goals, while others take a more flexible approach. When approaching management and the business unit about setting objectives, he cautions that you should expect pushback. To counter it, remind them this is about taking the company’s values and turning them into concrete, measurable behaviors. It is also an exercise in setting priorities within compliance efforts to have the greatest impact on the organization and its performance. As you go

By Adam Turteltaub Healthcare is often rife with fraud, and organizations struggle to prevent it. To gain a different perspective on how to prevent wrongdoing, we spoke with Alec Burlakoff, a convicted fraudster from Insys Pharmaceuticals who now leads Limitless! Consulting. To prevent fraud, he recommends seriously looking at the incentives program in your organization, especially if there are individuals whose commissions may make up  more than half of their compensation. Such high rates of reward, he warns, provide serious temptation to skirt, or outright disregard, the rules. Look also at the messages that lucrative incentive programs send to others in the organization. Individuals who are inclined to do the right thing may find themselves envying those they see breaking the rules and getting rewarded. It can cause them to emulate the bad behavior that they see. Better, he advises, is to seek ways to reward people who do things the right way and build sales for the long term. When it comes to discipl

By Adam Turteltaub Are your helpline calls being responded to properly? Are the investigations proceeding expeditiously and properly? To find out, it’s good to do an audit periodically. Before you can begin, though, you need to determine if there is enough available data for an audit, cautions Juliette Gust, President of Ethics Suite, and author of the chapter “Auditing the Confidential Reporting Hotline and Case Management Program Effectives” in the new edition of The Complete Compliance and Ethics Manual. Many compliance programs still do not have formal processes in place, and for them, it’s best to start with a gap analysis. If you do have data, look at how you are tracking both the allegations and the work being doing as a result. How quickly are allegations being reviewed? Is someone letting the reporter know that their allegation has been received and is being acted on? How are you safeguarding the data, including being sensitive to the potential need for attorney-client privilege? Spend time, too,

By Adam Turteltaub Think you don’t have to worry about the SEC because you’re at a private company or a non-profit? Think again says, Kevin Muhlendorf, attorney at Wiley Rein. You may still end up in the Commission’s crosshairs. He warns that the SEC’s power of investigations expands far and wide, and just being a supplier to a publicly-traded company may lead them to focus on your business. If a private company is acquired by a public one or makes even a non-public offering, there is risk of fraud and SEC action. Lie to an accounting firm and the SEC may become involved. And don’t forget about the risk of parallel investigations involving multiple enforcement authorities. Another risk area is shadow trading. Let’s say your hospital is a part of a clinical trial, and an employee sees it is going well. If that employee decides to short the stock of the drug’s competitor, that could be an issue that falls under the SEC. So what should you do? Keep an eye out for these risks and pay attention to recent enf

By Adam Turteltaub Business transformations can be times both of risk and opportunity for compliance programs. Employees, struggling to understand the changes around them and feeling stressed, may opt to do the wrong or at least ill-advised things. By the same token, transformations provide an opportunity for compliance teams to change their roles within the organization and redefine the value that they bring. Jill Swain, Global Ethics Manager and Dawn Wood, Engagement, Training and Programme Manager at Rolls-Royce went through a major business transformation and will be sharing their insights from that experience in a session at the 2025 SCCE European Compliance & Ethics Institute. In this podcast they share an abbreviated version of the journey and lessons taken from it. Rolls-Royce, as it transformed itself, wanted employees to understand that ethics and compliance are a part of “winning right” and helping the companies achieve its goals. The compliance teams met the challenge by embarking on several i

By Adam Turteltaub Oh, Artificial Intelligence. So much promise, and so much risk. What’s a compliance and ethics professional to do? Start by listening to this podcast about the chapter “Managing the Ethics and Compliance Risks of Artificial Intelligence” in the 2025 edition of The Complete Compliance & Ethics Manual. We spoke with the article’s co-authors, Gwen Hassan (chief compliance officer at Unisys), Dr. Anthony J. Rhem (CEO and principal consultant at A.J. Rhem & Associates), and Patrick Henz (special advisor for compliance, Latin America, for Mitsubishi Heavy Industries Americas). They explain that when we speak of AI we aren’t talking about one technology but a wide range of them. Generative Ai may be getting the most attention but there is also natural language processing, neural networks, expert systems, machine learning and many more. As a result, compliance teams need to understand what form of AI is being used at their organization. When it comes to legal and regulatory frameworks to serve

By Adam Turteltaub Sometimes you make a few technical changes to a compliance program  because a law or regulation has changed. Autoliv didn’t want to do that and just meet technical requirement of the EU Whistleblower Directive. They wanted to use it as an opportunity to assess what they were doing to encourage employee reporting, whether it was working, and to improve support for people speaking up. Erica Wikman, Vice President, Corporate Compliance, Autoliv and David Barr (LinkedIn), co-founder of Campbell Barr, tells us in this podcast that they shared a vision of moving away from just whistleblowing. Research showed it can have negative connotations.  In addition, whistleblowing tended to be interpreted narrowly, with tremendous variations by region. They also found a fear of either retaliation or that nothing would be done. So, the Autoliv compliance team began to think more broadly and encourage people not just to speak up when they saw a potential compliance issue but also when they saw something p

By Adam Turteltaub So the IT folk can’t wait for your business people to delete those old documents, meantime, the business people want to hold onto them because they never know when they might need that info again. Then, all of a sudden there’s a legal issue and a hold is in place. Instantly the game changes. Chris Kruse, Executive Vice President & Advisor at CasePoint explains that when a legal hold is placed several things need to happen: Employees with relevant need to be identified They need to be placed on notice of the obligation to preserve any relevant information. They need to be instructed on how to proceed going forward The custodians of the data need to acknowledge that they have been notified and understand their obligations Individuals with the data need to be reminded that if they create new data it also needs to be retained Securing all the documents and data can be difficult for several reasons. These range from the simple, such as an employee who doesn’t read the email with th

By Adam Turteltaub You do all that work but how do you know you’re being successful? It’s not like people come running in the door and say, “Hey, guess what bad thing I almost did.” The compliance team at the National Security Agency (NSA) had that same challenge. In this podcast, Natalie Knowles, Director of Compliance, and Zack Conyne, Manager, first provide an overview of the NSA. As they explain it has two primary missions:  cybersecurity and signals intelligence. Every employee there annually takes an oath to defend the Constitution, which is, of course, a great reminder of the organization’s values. The compliance team is there to ensure that NSA activities are consistent with the law, including policies and procedures designed to protect privacy and civil liberties. The team measures the success of the program both using quantitative and qualitative metrics. Along the way they have learned a great deal, including the importance of telling a story, managing the complexity of data, and the importance

By Adam Turteltaub When we last spoke with Tyler Shultz back in 2020, he discussed his experience at Theranos as both an employee and a whistleblower. Four years later, the case is in the rearview mirror, the former CEO is in prison, he founded two startups of his own, and he now speaks to corporations about cultivating courageous work cultures With the benefit of some time and distance, he shares in this podcast his experiences and what he has learned, particularly about corporate culture. The behaviors he saw at Theranos provided for him a lesson in what not to do. There, he felt the dysfunctional culture was created intentionally. Management, he believed, wanted employees to fear them and reinforced that through locked doors, barricades and firing people who disagreed with leadership.  here were even NDAs that restricted the ability of employees to speak with each other. To create a good culture, he argues, companies need to do the opposite of what he saw at Theranos. First, start by defining what the

By Adam Turteltaub Few things hold more promise, or cause more stress for compliance professionals, than AI. What is it?  How does it work? And does anyone know how to keep it from showing so much bias? David Silva, Chief Compliance Officer at Collaborative Imaging, will be addressing the topic of “Healthcare, Artificial Intelligence, and Compliance” at the 2025 HCCA Compliance Institute, which will takes place April 28-May 1 in Las Vegas. To get some of his insights now, we sat down  for this podcast. David explains that part of the challenge is that AI is so fast changing that it’s hard to keep up. We don’t yet know what we don’t know about it. At the same time, though, the technology is showing great promise in healthcare in areas such as coding, simple reports and helping with third-party vetting. Compliance teams have an important role to play in the implementation of AI in healthcare, he explains. Ideally, they should be a part of the AI governance team, working with a broad range of departments an

By Adam Turteltaub Chart auditing may not be the sexiest part of healthcare compliance, but it plays an important role in discouraging Medicare fraud and catching problems early. Madhavi Perumpalath, Director-Physician Practice Compliance at Northeast Georgia Health System and Alka Kumar, Compliance Director and Privacy Officer at Resolve Pain Solutions, explain that CMS provides good guidance to healthcare providers, such as diagnosis and procedure codes that are appropriate to bill for. Take advantage of it. Embrace proactive auditing, they advise, to help identify issues and ensure the quality of the claim before it goes out the door.  It can also prevent both over and under billing. How frequently should you audit? It depends on several factors, including the size of your organization, regulatory requirements, resources available and the overall risk environment. And, remember, you can’t audit everything. Instead, they recommend developing an annual audit plan focusing on the high-risk areas, but also

By Adam Turteltaub With value-based care growing, what role does compliance play?  To find out we spoke with Carolyn Barton, Vice President, West Regional Compliance Officer at Kaiser Permanente. She explains that at Kaiser they define value-based care as a healthcare delivery and financing model that improves health outcome and increases access to affordable care in the community through evidence-based care, a commitment to equity and simplicity and aligned incentives. Doctors and health plans, she reports, work in an integrated system focused on the patient and delivering the right care at the right time and place. To make that work their electronic health record (EHR) system is the foundation not just for collecting patient data but also for sharing protocols for treating patients. By implementing systematic, evidence-based approaches through these protocols, they help mitigate racial and ethnic inequities. The results she shares are impressive. Kaiser patients are 20% less likely to die prematurely fr

By Adam Turteltaub No one would dispute that stress and compliance go hand in hand, but Scot Eibel (LinkedIn), a former chief compliance officer and currently leading Eibel Coaching and Compliance Consulting, warns that doesn’t mean it has to get out of control. There are steps we can all take to manage our stress levels. One stressor to watch for is over vigilance.  While we all need to be vigilant, assessing risk and watching out for threats, it needs to be tempered. Resist the temptation, he warns, to engage in worst case scenario thinking, which increases stress and makes it difficult to focus on any positives. Catastrophic thinking isn’t healthy for you or for the organization. Another stressor for compliance professionals can be feelings of isolation. In some ways it is inherent to the job, but that doesn’t mean it needs to be absolute. Look to others in the compliance community for connections and build cohesiveness on your compliance team. Stress is much more manageable when you have support. Whe

By Adam Turteltaub Benjamin Christenson, Trial Attorney and Special Assistant to the Director for Criminal Enforcement at the US Department of Justice Antitrust Division, joins us for this podcast in which he sheds light on the their document, Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (ECCP). First issued in 2019, the ECCP was updated in 2024 to reflect changes in business, the law and technology, as well as what the Antitrust Division had learned over the last five years. He shares that there are three significant areas of focus in the ECCP worth particular study: AI and Emerging Technology. As companies deploy AI, it’s essential that compliance teams have visibility into what is being done, understand it and monitor antitrust issues such as using the technology to fix prices. NDAs and Whistleblowers. Like others in enforcement, the DOJ is concerned when a non-disclosure agreement may have a chilling effect on potential whistleblowers who are considering reportin

By Adam Turteltaub Want to improve your code of conduct? Don’t miss the session: Cornering the Code: A Multi-Disciplinary Approach Toward a Better Code of Ethics at the 2025 SCCE European Compliance &  Ethics Institute. In this podcast Matej Drascek, Head of Internal Audit at LON d.d. and Ursula Schmidt of Schmidt Advisory recommend starting with the right language. Research has shown, they explain, that people react more strongly to words like “we” and “our”, which can convey a stronger sense of shared responsibility  than words like “you”, “I” or “it”. Also, words like “must” or “have to” carry more weight than “may” or “should”. Of course, just using “we” and “must” won’t do it all. The code, they tell us, should have a service character that gives guidance to people and gives employees a sense of purpose. It should also be dynamic and work as a bit of a safety valve. It should provide reassurance that it protects them from making mistakes and helps them feel safer when addressing issues. For the code

By Adam Turteltaub I want to write enough about this podcast to get you to listen to it, but not too much because then you might decide that reading this was enough. I’m conflicted, and conflicts of interest are the topic of this podcast with Kasturi Venkatesh, who spoke on the topic “Ethics in Action: A Fun Guide to Tackling Personal Conflicts of Interest” at the 2024 SCCE Compliance & Ethics Institute. When it comes to managing the issue, she explains, the primary goal for compliance teams is to help the workforce identify and bring forward potential conflicts. The challenge is that they often hesitate to bring these issues to management or the compliance team out of fear and a lack of understanding. Training is helpful, but it can’t demonstrate all the potential issues, nor can it always overcome the anxiety. That takes a personal touch of reassurance. In this podcast, Kasturi makes the case for a gentle hand a nuanced eye. The compliance team needs to be aware of the sensitivities of workers and also

By Adam Turteltaub On November 6, 2024, the U.K.'s Home Office issued Economic Crime and Corporate Transparency Act 2023: Guidance to organisations on the offence of failure to prevent fraud (the Guidance). It comes out of the  Economic Crime and Corporate Transparency Act (ECCTA), which establishes that a corporation can be held criminally liable for failing to prevent fraud committed by any “associated person” for the benefit of the company. This “associated person” can be an employee or even a third party. There is a defense, explains James Tillen, member at Miller & Chevalier, for organizations that had reasonable prevention procedures at the time of the offence. What constitutes reasonable? There are six principles: Top level commitment A risk assessment Proportionate risk-based prevention procedures Due diligence Communication and training Monitoring and review Sound familiar? It is, since it builds off the guidance for the UK Bribery Act and is very similar to the US approach. It’s not