Building a sanctioned provider testing program
-
Upload
acl-services -
Category
Data & Analytics
-
view
31 -
download
1
Transcript of Building a sanctioned provider testing program
Building a Sanctioned Provider Testing ProgramSeptember 19th, 2016
Stephen Siano, IT Audit Manager – C.R. BardRobert Luu, Senior Solution Leader - ACL
• Background
• Why are we here?
• Common Challenges
• How can ACL help?
• Who else needs to be involved?
• Quick Demonstration / Overview
• Wrap up / Q&A
Agenda
There are a variety of regulations globally which hinge upon ensuring disbursements are made in accordance with applicable laws in the countries in which a company does business.
• FCPA (Foreign Corrupt Practices Act) - Prohibits companies from paying bribes to foreign government officials and political figures for the purpose of obtaining business.
• PPSA (Physician Payments Sunshine Act) – Part of the Affordable Care Act - payments or other transfers of value to physicians and teaching hospitals must be reported to the Secretary of HHS.
• UK Bribery Act – Passed in 2010, contains 4 general offenses - promising or giving of an advantage, and requesting, agreeing to receive or accepting of an advantage, bribery of a foreign public official, and prevent a bribe being paid to obtain or retain resources.
• Canadian Corruption of Foreign Public Officials Act (CFPOA) – “Every person commits an offence who, in order to obtain or retain an advantage in the course of business, directly or indirectly gives, offers or agrees to give or offer a loan, reward, advantage or benefit of any kind to a foreign public official or to any person for the benefit of a foreign public official” 1
Background
1 http://laws-lois.justice.gc.ca/eng/acts/c-45.2/page-1.html#h-2
Digging into the Details…
What are we really talking about here?
*Comparing your organization’s data against a globally recognized / authoritative source of “bad guys” (individuals and entities)*
Some lists we’ve come across or heard of include:• PEP (Politically Exposed Persons)• OFAC (Office of Foreign Assets Control) list - SDN (Specially Designated Nationals)• SAM (System for Award Management) - entity records from CCR/FedReg and ORCA and exclusion records
from EPLS• OIG LEIE (Office of the Inspector General; List of Excluded Individuals and Entities)
1
1 - https://www.sam.gov
Warning from SAM.gov:
Why?
Why should we perform sanctioned vendor / individual matching?
To help your company avoid fines and other penalties, which,
Saves your company money, which,
May advance your career
Also,
• Reputational Damage – your company’s name in the headlines
• Be a positive influence on the bottom line instead of a cost center
• Sense of Business Ethics (Do you want to fund criminals? (terrorists,
arms dealers, drug dealers, etc.)
Your CEO
There’s A Lot at Stake…
2
2 - http://www.nytimes.com/2010/02/06/business/global/06bribe.html?_r=0
1 - http://www.fcpablog.com/blog/2016/4/1/fcpa-enforcement-report-for-q1-2016.html
Tweetable Takeaways
@ACL_RobLuu
#ACLCONNECTIONS
Common Challenges
• Support from Management
• Gaining access to and retrieving sanctioned vendor lists from online resources
• PEP (Politically Exposed Persons)• OFAC (Office of Foreign Assets Control)
list - SDN (Specially Designated Nationals)
• SAM (System for Award Management) - entity records from CCR/FedReg and ORCA and exclusion records from EPLS
• OIG LEIE
• Multiple Vendor Management or Employee Master data sources
• Complex Name Matching
Common Challenges
SanctionedVendor List
PEP
SAM
OFAC
OIG LEIE
Name Matching - how do we know if we have a hit? How do we know we don’t?• Normalize data• Straight perfect match – higher degree of accuracy, lower # of hits• Removing “extras” (prefixes, suffixes, middle initials?, etc)• Fuzzy matching• SoundEx, Soundslike• DICE Coefficient• NYSIIS
Where do I go for additional help?
■ https://www.treasury.gov/resource-center/faqs/Sanctions/Pages/faq_compliance.aspx
Common Challenges
Tweetable Takeaways
Your analysis will only be as good as your data, so
if relying on a 3rd party source, make sure to get
the best available.
@ACL_RobLuu
#ACLCONNECTIONS
How can ACL help?
Don’t re-invent the wheel
ACL provides Inspirations on how to tackle these challenges and also
provides pre-written scripts within ScriptHub
How can ACL help?
How can ACL help?
How can ACL help?
Who else needs to be involved?
Sunshine Act & FCPA – complying with Anti-Corruption / Compliance Policies
For example, if spending with 3rd parties, need to answer questions:
• Charitable Contribution Due Diligence Checklist• Amount Requested, Who’s Requesting, Purpose of Contribution• Has the entity received contributions in the past?• Is the receiver a government entity or affiliated with a government entity?
• Request For Approval of Sponsorship of Healthcare Professional to Attend a Medical Education Event
• Who is sponsoring the event?• Provide the total budget for the event and provide an itemized cost breakdown
• Gift Giving to Healthcare Professionals or Government Officials• Is the value of the proposed gift over $25?• Does the gift elevate the annual gift to the HCP total to over $250 for the year?• Will the gift be given in the form or cash or a cash equivalent (giftcard, etc.)?
Who else needs to be involved?
Disbursement Categories – How to Mitigate Risk
Disbursements can be broken down into 3 main categories:
1) Expenses Unrelated to Government Officials, HCPs, etc.
- Subject to normal set of data analytics used for audit support (ad-hoc) or continuous controls monitoring (ACL Analytics or AX (Audit Exchange))
2) Reported through approval process of expenditures
- Data Driven Questionnaires in ACL Results Manager– customized for FCPA, Sunshine Act, UK Bribery, etc.
3) Unreported Expenses Related to Government Officials, HCPs, etc.
- Detective Process – Identify expenses “under the radar” (riskiest because they haven’t been reported)
Who needs to see the results?
Let’s take a look!
https://www.justice.gov/opa/file/838386/download
Q&A