Avoiding an enforcement action through an effective compliance program

Nov 12, 2020
Financial investigations Risk governance

Settlement agreements (or consent orders) have been widely used to settle civil and criminal complaints targeting banks and auto lenders, as well as violators of sanctions, data security laws, the False Claims Act and the Foreign Corrupt Practices Act.  Settlement agreements continue to be used to resolve enforcement actions because of their efficacy in avoiding prolonged litigation and expediting the desired resolution.

Just recently, a string of enforcement actions were taken targeting predatory lending and false statements related to health care matters. Below are a few examples of these cases and the outcomes.

In May 2020, 34 state attorneys general reached a $550 million agreement with one of the nation’s largest subprime auto lenders to settle charges that it engaged in predatory lending and allegedly violated state consumer protection laws. Under the settlement, the lender is required to pay $65 million in restitution, waive loan balances ($45 million) and waive deficiency balances (approximately $433 million). Additionally, it agreed to implement changes to its lending practices to prevent the abusive and illegal practices outlined in the complaint.

Under the settlement agreement, a monitoring committee will be created to oversee this subprime auto lender’s compliance with the terms of the settlement.  The lender must be able to demonstrate compliance with the terms of the settlement agreement to the monitoring committee for a period of at least three years.  The monitoring committee is comprised of several of the 34 state attorneys general.

In July 2020, a pharmaceutical company pleaded guilty to a one-count felony for false statements relating to health care matters and agreed to pay a total of $600 million to resolve criminal and civil liability associated with the marketing of an opioid addiction treatment drug.  In connection with its guilty plea, the company admitted to making false statements to promote a version of a drug to a state Medicaid program relating to its safety around children. The resolution includes a criminal fine, forfeiture and restitution totaling $289 million.

Under the civil settlement, the company agreed to pay a total of $300 million to resolve claims that the marketing of the drug caused false claims to be submitted to government health care programs. In addition to the criminal and civil resolutions, the company’s compliance with the terms of the settlement agreement will be monitored for a five-year period under the oversight of the Department of Health and Human Services Office of Inspector General (HHS-OIG).

In the example of the subprime auto lender, its pitfalls are equally applicable to any subprime consumer lender, and other auto and consumer finance companies should take notice.  Regulators take action when abusive practices that violate laws result in harm to consumers, and such practices are pervasive in the industry. Regulators will usually target the companies with the most egregious practices in the industry and move to the next competitor, getting the industry participants’ attention. Through this ripple effect, regulators effect changes in industry practices.

The second example of an enforcement action is for violating a federal law against knowingly making a false record or filing a false claim regarding any federal health care program, which includes any plan or program that provides health benefits directly through insurance funded by the United States government or any state health care system. These enforcement actions have resulted in settlement agreements that require companies to develop or improve their compliance programs to prevent the illegal acts or bad practices that resulted in the investigation and complaints filed against the companies.

Key compliance considerations to avoid enforcement actions

In both instances, direct competitors or companies in similar businesses face the same regulatory risks—significant fines and multiyear compliance monitoring.What can an organization, particularly ones that serve the same industries as the examples above, do to ensure the proper compliance is in place to avoid the same fate?

From our experience in working with clients as their compliance monitor, we recommend performing a self-checkup. This can be done in a series of steps:

  • Determine the effects of the enforcement action. If this regulatory risk was properly identified and addressed, then there should be minimal action to be taken.
  • Evaluate your compliance program to ascertain whether the safeguards are adequate to prevent the illegal acts and bad practices noted in the enforcement action.
  • Assess potential weaknesses in your compliance program as a result of instances identified during monitoring of compliance, by either the business units or compliance function.  For example, weaknesses may include internal control failures, or excessive customer or employee complaints.
  • Determine whether your organization has sufficient knowledge and expertise to make the necessary corrections to your compliance program after weaknesses in the compliance program have been identified.

Establishing a sound compliance program is key

The design and operating effectiveness of a compliance program is dependent on components of a compliance management system, which are governance and culture of compliance, enterprise risk management and information technology. The program should be appropriate for the size of an organization, and complexity of its business and industry. A governance structure is necessary to oversee its business operation and compliance with applicable laws and regulations, as well as promote a culture of compliance.

An organization that understands the risks of its business, such as legal and regulatory, industry, environmental, etc., is better equipped to mitigate risks through adjustments in its compliance program or business model.  Its information technology should be sufficiently robust for managing its business, including collecting data, disseminating information and helping demonstrate compliance with laws and regulations. The legal and compliance function should be more than adequate to monitor compliance and make the necessary adjustments to policies, procedures and controls to meet the ever-changing regulatory and business environment.

Should you find yourself the target of an enforcement action, a trusted advisor can assist you through the life cycle of that enforcement action from investigation and settlement negotiation, to compliance monitoring.  This advisor can be a key asset to evaluate the effectiveness of a compliance program that will withstand the scrutiny of a regulatory or enforcement agency and rigors of monitoring compliance, while meeting the requirements of a settlement agreement.