There are many reasons why every organization needs to recognize the importance of compliance. Let's start with some of the perhaps more obvious ones, and then move into more subtle drivers. Even the obvious ones though were worth focusing on and remembering. First, a key reason why compliance is so important is the simple fact that the world today operates in a highly regulated environment. You can pick any industry and look at all of the regulations that it's subject to. But let's first talk about an industry that really affects everyone, money and finance. In reality there likely over 400 financial regulators across the globe. Some deal with securities, some deal with commodities, some deal with banking, some with insurance. And there sometimes duplicative regulators where not just the issues overlap, but so do their jurisdiction. In the United States alone, a financial services firm that deals with securities, insurance, banking can be regulated by more than 100 different state and federal entities. Every state, for example, has a different regulator that focuses on insurance, a different regulator that focuses on banking. And every state has a securities regulator, in addition to a separate state attorney general. Only in a few states has a securities regulator part of the attorney general's office. And if you're doing business on a more local level, there can be additional city and county regulations, and regulators. The SEC, a federal regulator specifically mandates that certain entities have compliance programs and among other things, Chief Compliance Officers. SEC Rule 206(4)- 7, states that a registered investment advisors, quote, failure to have adequate compliance policies and procedures in place will constitute a violation of their rules independent of any other securities law violation. In healthcare, while there may not be the same specifically prescribed mandates for a compliants program. There are regulated issues surrounding everything from billing, human subject protections, privacy, infection prevention and many, many more. >> Bare in mind that not all regulatory bodies will commend to a company with the same approach. For one thing their triggers may be different. Some will come in based on a particularly high profile complain or a congressional interest. Some will come in based on a high number of lesser known complaints. Some agencies will come in because they believe they see a slam dunk case. And it's a resource effective way to combat clear known wrongdoing. Some will come in to make a point, and in fact, to make law in some gray area. For example, is the failure to have adequate security practices a unfair practice under the FTC Act? This was an important theory, and one that was untested for a long time. Then the FTC brought important cases against Wyndham and other companies regarding their security practices. Maybe this was just to address clear strong indications of bad security safeguards, but maybe also to establish as a matter of law. That companies are legally on the hook to appropriately safe guard personal information. As compare to complaints-based enforcement, other regulatory agencies assess company's compliance on a very regular basis through expected annual or other periodic examinations. So for example, the FDIC and the Federal Reserve, and other financial regulators will conduct examinations of the safety and soundness of financial institutions as well as their compliance activities. In healthcare, the Joint Commission, a regulatory oversight program, will announce a general time frame they may be arriving to conduct evaluations of various compliance standards in hospitals. But the exact dates are often unannounced. Some regulatory reviews are more punitive than others. Some are more advisory. But one thing is sure, you should expect the unexpected and be as prepared as possible. What does all of this mean? It means that this large number of diverse regulatory bodies can come in to an organization and ask for information. Conduct an examination and interview people. And if the agency finds non-compliance, it can offer chance for the organization to correct what it sees. Or it can impose significant fines and remedial measures. We'll talk about that soon.
