The Critical Path in a Compliance Crisis

In a compliance crisis, such as a whistleblower case (e.g., qui tam), discovery of systemic non-compliance, privacy violations, or executive misconduct, for example,  it is vital to gather the facts, gain an understanding of the risk, and immediately begin addressing the crisis. 

What to do NOW:   After investigating the facts, determine the size and scope of the crisis and forecast which resources are needed to manage through it.  Assess whether confidentiality is important and whether the crisis requires the guidance of legal counsel, who can advise the attorney client privilege.  Conduct a root cause analysis to find the focal point of the problem and troubleshoot what remedial activity is needed. 

What to do NEXT WEEK:  Identify and start collecting the necessary documentation and data as well as other resources (think tech, analytics, finance, legal, coding, education/outreach, and external support, for example) needed and estimate their cost.  Create a project plan as early in the process as possible and review it with leaders such as the CEO, Legal Counsel, the CFO, and the Audit and/or Compliance Committee.  A resource chart will help to determine who should be involved and what expertise is required for investigation and correction tasks. Build a reasonable budget.

What to do NEXT:  Integrate external resources into the crisis team where needed to stretch your bandwidth.  Make sure that the project scale is appropriate, that the project stays on plan, and that the timeframe is appropriate to meet business and regulatory requirements.  Account for resource utilization. Keep interested leaders informed and engaged.  Do not “surprise” them at any phase of the project.  Initiate remedial action as soon as practicable.