Are Compliance Officers the New Enforcement Targets?
For years health care compliance officers have worried about personal liability for the misdeeds of the companies they serve. And why not? Health care is the most heavily regulated of all major industries, and the compliance officer is charged with assuring compliance with the regulatory requirements. In addition, the penalties are positively draconian: triple damages for False Claims Act violations, plus penalties up to $11,000 per false Medicare and Medicaid bill.
Concern in the industry reached fever pitch in 2007, when the Justice Department sued Tenet Healthcare’s general counsel, alleging she falsely certified Tenet’s compliance with its corporate integrity agreement. A sigh of relief followed dismissal of the case in 2010, but the concern lingered on.
Then, last September the Justice Department issued the Yates Memorandum establishing new guidelines requiring that enforcement actions for corporate misdeeds involve a primary focus on identification and prosecution of individual officers and employees bearing responsibility for the corporate wrongdoing. In a case alleging false Medicare or Medicaid billing, it’s not hard to imagine an argument that the compliance knew or should have known of the false billing.
Meanwhile, on the financial industry front, the Minnesota District Court held last month that a chief compliance officer can be held personally responsible for the bank’s failure to comply with the Bank Secrecy Act. The bank had already admitted violating the act and agreed to pay a $100 million penalty.
The Treasury Department then assessed a $1 million penalty against the former compliance officer and moved to bar him from the industry. The charge was not that he had affirmatively done anything wrong, but that he had failed to ensure the bank’s compliance with the law.
The officer moved to dismiss, arguing that the statute in question applies only to financial institutions, not to individuals. The court had no trouble disposing of the argument. It denied the motion out of hand.
Compliance officers may want to check the indemnity provisions of their employment contracts.