A Comprehensive Compliance Program: Protecting and Validating Your Business

Published in Member Communities on March 25, 2021

Wayne Van Halem

By: Wayne van Halem, President, The van Halem Group

Back in 2018, we discussed the cost-benefit analysis of being proactive vs. reactive when it comes to compliance and risk. We talked about how government entities like the Department of Justice (DOJ) and the Office of Inspector General (OIG) were now assessing companies' compliance programs in the event there is a compliance issue in order to determine the most appropriate course of action to take against the company. Companies that did what reasonably could have been done to avoid the compliance issue would be subject to less severe actions, including entering into a corporate integrity agreement. Meanwhile, companies whose efforts were minimal or negligible would be subject to more severe actions, including civil monetary penalties.

A lot has changed since 2018. Consolidation in the DMEPOS industry remains an ongoing trend. One thing is certain though, the entities looking to acquire DME suppliers, particularly larger entities or private-equity firms, are not interested in bringing on unnecessary risk, or if they do, they are making sure they are protected. We perform a large number of due diligence audits for a variety of entities, and our compliance assessment and claim reports have quickly become one of the first and most important aspects of the due diligence process.

Our compliance assessment and claim reports have quickly become one of the important aspects of the due diligence process.

If our team begins digging into a supplier's claims on behalf of our client and undercover significant issues, there are two things that could potentially happen. The first is that the buyer loses interest and walks away from the deal. Depending on the severity of the issues identified, it is not completely uncommon for this to happen. The second is that the company is devalued significantly because of the risk now associated with the transaction, and the buyer implements protective measures, including a requalification process for patients or escrow accounts to use against future audits or recoupments. Neither of these are positive for the DME supplier, whether they are looking to sell or seeking funding for growth.

Supplier didn't have a comprehensive compliance program

In instances where we uncover these issues, we often also find that the supplier did not have a comprehensive compliance program, had not previously been performing risk assessments or internal audits of any significance, and generally were taken off guard by the results of the review. So, while the purpose of having a comprehensive compliance program remains to protect the business as well the government, it is becoming increasingly clear that it is also an integral part of the valuation of your business.

The government says having a compliance program is a condition of participation. In June 2020, the DOJ updated their 2017 published report, "Evaluation of Corporate Compliance Programs," by identifying three main areas of focus when evaluating a company's compliance program:

Three Areas to Consider When Evaluating a Compliance Program

  1. Is the corporation’s compliance program well-designed?

  2. Is the program being applied earnestly and in good faith? (Is it adequately resourced and empowered to function effectively?)

  3. Does the corporation’s compliance program work in practice?

There should be no surprises

It is an important exercise, even if you have no intentions to sell your business, to perform a due diligence review on your organization. In the event there is an audit by an external agency or you do go through a due diligence audit, there should be no surprises. Spending the time and effort upfront on these activities makes sure that your business will be valued fairly and positively. Doing so earlier on allows you the opportunity to make adjustments and improvements so you are better prepared when and if you are ready to consider other options. Not to mention it makes your business more attractive to customers, business partners, and helps secure future business and investors.

Compliance plays a significant role in the reputation of your brand and business, but also provides certainty and confidence to shareholders and leadership. You want to do what you can to protect the value of your business, regardless of your intentions with it down the road, and having an appropriate compliance program with risk management is key. Contact us for more information on our compliance and claim due diligence services.

VGM Playbook: Forecasting 2021This article was originally featured in the VGM Playbook: 2021  Forecasting. Download your copy of the playbook.

From Our Experts

Strengthening Cybersecurity in Business Operations: Lessons from Recent Healthcare Incidents thumbnail Strengthening Cybersecurity in Business Operations: Lessons from Recent Healthcare Incidents In today's digital age, cybersecurity is no longer just an IT concern; it is a critical aspect of business operations. Strengthening Cybersecurity in Business Operations: Lessons from Recent Healthcare Incidents thumbnail Strengthening Cybersecurity in Business Operations: Lessons from Recent Healthcare Incidents In today's digital age, cybersecurity is no longer just an IT concern; it is a critical aspect of business operations. Strengthening Cybersecurity in Business Operations: Lessons from Recent Healthcare Incidents thumbnail Strengthening Cybersecurity in Business Operations: Lessons from Recent Healthcare Incidents In today's digital age, cybersecurity is no longer just an IT concern; it is a critical aspect of business operations. Strengthening Cybersecurity in Business Operations: Lessons from Recent Healthcare Incidents thumbnail Strengthening Cybersecurity in Business Operations: Lessons from Recent Healthcare Incidents In today's digital age, cybersecurity is no longer just an IT concern; it is a critical aspect of business operations. Strengthening Cybersecurity in Business Operations: Lessons from Recent Healthcare Incidents thumbnail Strengthening Cybersecurity in Business Operations: Lessons from Recent Healthcare Incidents In today's digital age, cybersecurity is no longer just an IT concern; it is a critical aspect of business operations. Aligning Your Capital Structure with Growing Your Business thumbnail Aligning Your Capital Structure with Growing Your Business By preparing and adapting for economic changes, you will be helping maintain strong working capital and positive cash flow to facilitate stability and growth. Aligning Your Capital Structure with Growing Your Business thumbnail Aligning Your Capital Structure with Growing Your Business By preparing and adapting for economic changes, you will be helping maintain strong working capital and positive cash flow to facilitate stability and growth. Aligning Your Capital Structure with Growing Your Business thumbnail Aligning Your Capital Structure with Growing Your Business By preparing and adapting for economic changes, you will be helping maintain strong working capital and positive cash flow to facilitate stability and growth.