Evaluation of Corporate Compliance Programs: Third Party Management

Dear friends,

The following article is about new guidance from the Department of Justice
regarding the evaluation of compliance plans, specifically with regard to
Third Party Management. Feel free to share this information. If you decide
to use this material, please include our copyright designation that is shown
at the end of the article and send us a copy of any publication in which the
material appears.

Please do not hesitate to contact us with comments, questions, or requests
for additional information.


Elizabeth E. Hogue, Esq.

Office: (877) 871-4062

Fax: (877) 871-9739

Twitter: @HogueHomecare


Part 8 - Evaluation of Corporate Compliance Programs: Third Party Management

Fraud enforcers recently declared that their expectation is that every
provider has a Compliance Program. Consequently, enforcers will now focus
on implementation of quality Compliance Programs. As part of this new
focus, the U. S. Department of Justice (DOJ) issued additional guidance on
February 8, 2017, entitled "Evaluation of Corporate Compliance Programs."
This new guidance provides a "road map" for providers to use to evaluate
their Compliance Programs, including the factors that regulators are likely
to take into account when misconduct occurs.

Specifically, the U.S. DOJ provided sample topics and questions it is likely
to use to evaluate providers' Compliance Programs. These factors include
Third Party Management.

In terms of Third Party Management, the OIG says that the following areas
will be evaluated:

- Risk-Based and Integrated Processes - How have providers'
third-party management processes corresponded to the nature and level of
enterprise risks identified by providers? How have these processes been
integrated into relevant procurement and vendor management processes?

- Appropriate Controls - What was the business rationale for the use
of third parties in question? What mechanisms exist to ensure that:

1. Contract terms specifically describe the services to be performed

2. Payment terms are appropriate

3. Work contracted for is actually performed

4. Compensation is commensurate with services rendered?

- Management of Relationships - How have providers considered and
analyzed third parties' incentive models against compliance risks? How have
providers monitored third parties in question? How have providers trained
relationship managers about what compliance risks are and how to manage
them? How have providers incentivized compliance and ethical behavior by
third parties?

- Real Actions and Consequences - Were red flags identified from due
diligence of third parties involved in the misconduct and how are they
resolved? Have similar third parties been suspended, terminated or audited
as a result of compliance issues? How have providers monitored these
actions by, for example, ensuring that vendors are not used again in the
event of termination?

The OIG has been very up-front about the fact that the world of fraud and
abuse compliance has changed dramatically. The OIG has also provided a
"road map" for providers to follow. Despite the directness and specificity
of communications from the OIG, however, it seems that not all providers
have gotten the message that this is serious stuff and nothing to play
around with! Now is surely the time to step up compliance efforts.

C2017 Elizabeth E. Hogue, Esq. All rights reserved.

No portion of this material may be reproduced in any form without the
advance written permission of the author.
Sign In or Register to comment.