Compliance Today – January 2023. Learning from the FBI | Health Care Compliance Association (HCCA)

I recently returned from the Corporate Compliance Outreach Event—presented in late September by the Federal Bureau of Investigation (FBI)—a popular event SCCE & HCCA has sponsored with the FBI annually. I last wrote about the SCCE/FBI Corporate Compliance Outreach Event for Compliance Today magazine in 2019, shortly after that year’s event and just before the pandemic, which resulted in the cancellation of the 2020 and 2021 outreach events. The event is organized by the FBI’s Office of Integrity & Compliance, which is responsible for the Bureau’s compliance program.

The entire program was excellent and well-organized. But one of the key takeaways for me this year was how the FBI practices so much of what we suggest as “best practices” for compliance programs. There are many things the FBI does well, so I’ll focus on just a few of them in this column.

First, the FBI identifies compliance risks at multiple levels below the enterprise level. This is an important element of the risk assessment process. Some compliance risks may be unique to a single business unit, while others can affect many units or the entire organization. Accurately capturing this information makes for a much more reliable assessment of the significance of risk and helps establish risk priorities.

The FBI’s compliance program also relies heavily on collaboration with units that own the risks—as well as other units—for its success. The Office of Inspections and the Office of Internal Auditing are the two other legs of the three-office group that makes the compliance program work. The Office of Internal Auditing has established a robust data analytics program to monitor activities for signs of compliance problems.

And a final characteristic of the compliance office that impressed me is the inclusion of two special agents in the office. This is done to provide perspective to the compliance team as it works with the various units within the FBI. Including people with hands-on experience in the business units has emerged as an excellent way for organizations to strengthen their compliance programs, and it was great to see the FBI embrace this practice.

The FBI continues to impress me as a stellar example of a government agency that acknowledges and fixes its weaknesses and continues to make improvements to its compliance program on an ongoing basis. Thank you for sharing your program and experience with us.

1 Gerry Zack, “Observations from the FBI Compliance Academy,” Compliance Today October 2019, https://compliancecosmos.org/observations-fbi-compliance-academy.