Recently pharmaceutical giant Pfizer paid a $2.3 billion fine — one of the largest settlements in the history of planet Earth. Why such a big fine? In part, it’s because they did not respond to repeated requests by the government to do things correctly. They also aggravated the government by not setting up a compliance and ethics program properly. The Office of Inspector General (OIG) told Pfizer that as a part of their latest settlement, they could not have the compliance officer (CO) report to the general counsel (GC.) The CO now has to report to the chief executive officer (CEO). The following is an excerpt from a major legal website that describes the OIG’s reasons for forcing Pfizer to have the CO report to the CEO and not to the GC.
On September 10, 2009 www.Law.com reported “The change is intended to eliminate conflicts of interest, and prevent Pfizer's in-house lawyers from reviewing or editing reports required by the agreement, says Lewis Morris, Chief Counsel for the Inspector General's office. Officials at Pfizer did not respond to requests for comment.
"The lawyers tell you whether you can do something, and compliance tells you whether you should," [Lewis] Morris says. "We think upper management should hear both arguments.”
Although I agree with Lew’s premise that the CO should not report to the GC, I would have made the point a little differently. If the lawyers were telling the CEO whether he/she “can do something” they obviously got it horribly wrong. If the Pfizer lawyers were telling their leadership that they “can do,” is what they did do....... they were off by $2.3 billion. For COs, it’s not a matter of can vs. should. CO’s tell you what is legally appropriate and legally inappropriate, not necessarily whether or not you should or shouldn’t do something. My guess is that the lawyers were telling the Pfizer leadership what they wanted to hear, as opposed to what the CO would tell them—what you need to hear. COs don’t do things like calculate the risk of getting caught. They don’t discuss whether or not the regulation is fair. They don’t break the law because everyone else is doing it. They ignore peer pressure. They are not responsible for the net profit or conflicted in any other way. They cut out the emotion. They don’t promulgate excuses or rationalize behavior. They are not telling people what they want to hear because they want to be the next CEO.
Most of all, and the main point of this article, is that COs should avoid conflicts of interest. They are not responsible for the profit ratios, product sales, or the public relations of the organization. They are not responsible for defending the organization. They state the facts and they stand their ground. That is why we have this new profession of Compliance in business today. It’s not a matter of can or should. It’s a matter of follow the law, end of story.
It’s not just the OIG’s perspective. Here is a Congressmen’s viewpoint on the CO reporting to the GC. Actually, in this case, the company in question took this ill-fated reporting relationship to a whole new level. The GC and the CO were one in the same person. Senator Grassley once sent a letter to Tenet stating, “It doesn’t take a pig farmer from Iowa to smell the stench of this conflict.” He was referring to the GC managing the compliance program. The government eventually went after Tenet’s GC personally, and Tenet paid multiple multi-million dollar fines.
Judges have weighed in on this issue through the US Sentencing Guidelines (USSG.) The USSG are a guide for judges to use when sentencing individuals and corporations. The USSG say that if you have a compliance and ethics program, you should get a break. If you don’t have a compliance and ethics program you should pay double or treble fines. Another provision in the USSG could make the fine a terminal experience for the offending company. The USSG say that the CO should be free of conflicts and be able to operate independently. In the November 2004 amendment to Chapter 8 of the USSG, they emphasized that the person responsible for the compliance and ethics program should have certain responsibilities.
USSG Chapter 8, November 2004 amendment
In order to carry out such responsibility, the new guideline mandates that such individual or individuals, no matter the level, must "be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.
Pfizer is one of few health care organizations in the country to have the CO report to the GC. It’s been beat into health care by the enforcement community for 13 years. The fact that Pfizer didn’t get the message before the $2.3 billion settlement is a matter for the record books. The question you have to ask yourself is: Is this applicable to health care or business in general?
Certainly the USSG apply to all industries. You could pull out the name Pfizer and replace it with any company’s name, say your own, and the logic still holds up. The idea that the CO should be free of conflict has nothing to do with health care. If the government finds this to be a conflict of interest for Pfizer, they could find it a conflict of interest for you. Senator Grassley’s comments are also not health care specific. All these arguments made by all these people apply to all organizations. Independence of the CO is a universal concept.
If you defy this logic and continue to have the CO reporting to the GC, then you will have to explain a few things. Why did you ignore the USSG? How can your CO be responsible for defending others from your organization and report to someone who defends your organization from others? Lew Morris makes a great point. The leaders of the organization need to hear from both sides and the CO needs to be independent.
The University of California decided that their CO would be hired by and report to the Regents. Many organizations from many industries are moving the CO from reporting to the GC to the CEO with a dotted line to the Board. In fact, some of the most experienced COs are refusing to accept job offers, because the company has the CO reporting the GC. I get about three or four of these calls a year from COs. They are not just concerned about the reporting relationship, but rather the implication that if the organization would do this, there may be more problems. They don’t think it works, and they don’t want to be there when the company finds out it doesn’t work. Keeping this reporting relationship could hurt your recruitment of an effective CO.
I recently returned from a meeting of 470 compliance professionals from around the country. I would guess that there were COs from 30 to 40 different industries. In fact, there were probably people from about a dozen countries in attendance. Because of the recent Pfizer settlement, the GC/CO reporting relationship issue was discussed in many sessions. Many were asked if they reported to the GC, and many did. They were asked if they thought it was appropriate, and few thought it was appropriate. In fact, much of the discussion centered on their frustration over their lack of independence and how they could correct the problem. Many felt they could not approach the subject without angering people. The point is that the profession thinks it’s a bad idea, and those expecting compliance professionals to do their job will be taking this into consideration.
And don’t forget the cynics. The cynics believe that the reason that many GCs insist that Compliance report to them is so they can keep them under their thumb. Some cynics believe that CEOs want the CO to report to the GC to keep a lid on the CO. In my 13 years in this business, almost all investigators I have met believe that it is done to keep a lid on things. One technique I have seen investigators use is to interview employees until they find one who will say “I think they have the CO reporting to the GC to prevent the CO from doing his job.” They seem to always find one, and it makes them feel as though there is an attempt to cover up wrongdoing. This may be the best possible way to raise the aggravation level of the enforcement agent prior to an investigation.
What I don’t understand is why the GCs want to expose themselves to this. It is rare for a GC to be prosecuted by an investigator when they are doing their job defending the company. But if the GC is managing the compliance and ethics program and can be proven to have blocked remedial action of a known problem, they become part of the problem. That is what happened to the GC at Tenet. If I were the American Bar Association or any other thought-leadership group for GCs, I would be recommending that the CO should not report to the GC.
The greatest line I have ever heard related to this issue was used by more than one investigator I know. They start the initial investigation with two questions. Usually present are a table full of the key leaders from the company. The investigator asks, “Who here is responsible for defending the company.” The GC raises their hand. Then they ask, “Who here is responsible for defending others from this organization?” The GC raises their hand again. It is at that moment that the investigators mind is made up. Right or wrong, it has happened before and it will happen again.
The bottom line is: Why do you have the CO report to the GC? What is the advantage? Is that reason/advantage worth the potential negative consequences? Actually, the real bottom line is: Do you want to have an effective compliance and ethics program? If you do, you would not have the CO report to the GC, regardless what the government, Congress, or the investigators may tell you. Independence for the CO is a key to the success of any compliance and ethics program. A CO without independence is like an auditor who is unable to audit, or a risk manage who can’t perform a risk assessment, or a lawyer who doesn’t know the law. It just makes no sense.