Too often, "religion does not enter the fray until the administrative subpoena enters the building," says Tim Ayers, VP, chief
compliance officer at Dendreon, a biotech focused on oncology drugs. News of a federal investigation tends to make the church
bells audible, and if the proper compliance programs, processes and reporting structures are not in place when a federal investigation
is launched, executives could end up like Tolstoy's Ivan Ilyich, regretting nothing up until they regret everything.
But there are ways to get right with government before it comes around to scythe company profits, or individual careers. In
2003, the Department of Health and Human Services (HHS) Office of Inspector General (OIG)—which is the office responsible
for negotiating and administering pharma CIAs—released guidance on compliance programs, including seven core elements for
program effectiveness (small sidebar). Every chief compliance officer ought to be able to name these off without hesitation,
and some compliance officers, like Erik Eglite, VP, chief compliance officer and corporate counsel at Lundbeck, kick off quarterly
meetings with senior management in the United States by "reporting on all seven elements of the OIG guidelines, what we're
doing, where we are with that…to always cover [OIG's seven core elements] is a systematic approach and is also just good talking
points," says Eglite.
Number two on the list of OIG guidelines states that a compliance officer should be given the "authority to report directly
to the board of directors and/or the president or CEO" of the company. A report on compliance best practices for the pharma
industry released by Cutting Edge Information last summer states that in the area of compliance, "appearances matter a great
deal, and regulatory agencies want to see that companies are doing everything they can to ensure adherence to the rulebook."
Chief compliance officers who report to "someone other than the CEO and the board of directors," like the general counsel
or legal department, for example, are not doing "what the OIG and DOJ wants, although they never made it a mandate," says
Ayers. "Anybody who gets a CIA, the first change is to put the compliance officer at a C-suite level, reporting directly to
the CEO and board of directors."