By Adam Turteltaub

There are few parts of an investigation that are more stressful than the interview with the investigation’s subject.  Done right it can close all the loops.  Done wrong, everything can unravel.

To learn how to handle things best we turn in the second of our two podcasts on investigations to Wendy Evans, Senior Corporate Ethics Investigator, Lockheed Martin and Georgina Heasman, Senior Manager, Global Investigations at Booking Holdings.  The two of them are the co-authors of our new book Fundamentals of Investigations:  A Practical Guide  and lead our Fundamentals of Compliance Investigations Workshop.

In this podcast they offer a host of great insights including:

* While it’s generally best to interview the subject last, there are times, such as in cases of alleged harassment or data theft, where you likely will need to sit down for a preliminary interview sooner
* Be sure to get a read on the subject and be respectful of the stress that they are under, including giving them psychological space before asking tough questions
* Clarify your role in the process as a collector of facts and that you have not already decided that they are guilty
* Invite them to share their perspective both in the interview and, if other things come to mind, afterwards
* Remind them of the confidentiality of the process and the need to focus on the allegation, not who made it

Listen in to learn more, and be sure to investigate their book Fundamentals of Investigations:  A Practical Guide  and the Fundamentals of Compliance Investigations Workshop.

By Adam Turteltaub

Few people know more about conducting a compliance investigation than Georgina Heasman, Senior Manager, Global Investigations at Booking Holdings and Wendy Evans, Senior Corporate Ethics Investigator, Lockheed Martin.  The two of them are the co-authors of our new book Fundamentals of Investigations:  A Practical Guide  and lead our Fundamentals of Compliance Investigations Workshop.

Not wanting to miss out on their expertise, we scheduled two podcasts with them.

In this, the first of the two, they share a broad overview of best practices for conducting investigations.  Those include ensuring that even compliance team members not responsible for investigations have at least a fundamental understanding of them.

As for the investigation itself, they explain, to go well it begins with the first report.  There has to be a clear line of communication and a culture that encourages employees to come forward.

Once you receive that initial contact, it’s important to remember that it tells the story only from one side. You need to ask questions to clarify what was seen and heard and start thinking about what other information you will also need to gather.  To keep the information flowing, they recommend telling the reporter and everyone else you interview to reach out to you again if additional information comes to mind.

While testimonial evidence is invaluable, don’t stop there.  As you gather the who, what, when and where, be sure to look for the documentary evidence that you need, which requires having strong relationships with departments that have it, such as HR and security.

And, throughout the process, stay focused to avoid going down rabbit holes or getting inundated with more information than you need.

Listen in to learn more, and be sure to check out Fundamentals of Investigations:  A Practical Guide  and the Fundamentals of Compliance Investigations Workshop.

By Adam Turteltaub

Uh oh.  The Feds are in the front lobby with a search warrant.  Things are bad, and you don’t want anyone on site to make it worse.

The secret is preparation, shares Veronica Xu, SCCE & HCCA Board Member and Chief Compliance Officer, HIPAA Privacy Officer, ADA Administrator at Saber Healthcare Group.  That begins with establishing a cross-functional team that likely includes compliance, the general counsel, CEO, CTO and, depending on your industry, the chief medical officer and others.

Each should play a part in shaping the plan and be ready to play their part if a raid occurs.

In addition, onsite staff, right down to the receptionist, needs to understand their responsibilities, including whom to call for help.  Not only will that avoid very costly mistakes, it will help reduce errors, fear and stress at what will likely be an extremely difficult time.

What an individual gets trained on will vary by role.  Yet, there is one commonality to the training.  Everyone needs to know the importance of staying calm, being polite and respectful.

Be sure to also outline the do’s and don’ts.

There’s one other thing she strongly advises: remember to communicate with your workforce.  Be as transparent as possible and avoid conflicting messages.  That will keep the lines of communication open and help avoid the speculation that can make the disruption even worse.

Listen in to learn more, and then take a fresh look at your current plans for responding to a government raid.

By Adam Turteltaub

Employees may trust an AI chatbot more than they trust you, and that’s not necessarily a bad thing, if it leads to more reporting.

In this podcast, Debbie Sabatini Hennelly, Founder & President of Resiliti shares that  a recent survey conducted by Case IQ reveals that nearly 70% of respondents expressed no concerns about AI being involved in the helpline process. This openness is driven by several key factors: increased anonymity, ease of use, and a perception that AI offers a fairer, more impartial experience than speaking directly with a human.

These findings underscore a broader theme that continues to emerge in conversations about helplines: trust. Employees are more likely to report concerns or misconduct when they trust the system—when they believe their information will be handled confidentially, their identity protected, and their report taken seriously.

Not surprisingly, they also want to understand how their information is being used and how their anonymity is being safeguarded. This is especially important when helplines are outsourced to third-party vendors. Communicating clearly that the helpline is external—and therefore more secure and impartial—can go a long way in building trust.

But transparency doesn’t stop there. Employees also want to know what happens after they make a report. What’s the process? What can they expect next? Setting clear expectations and following through with updates helps reinforce that the organization is responsive and serious about addressing concerns.

It’s not enough to share this information only once a year during compliance training, she warns. Employees are constantly bombarded with messages and unless helpline communication is consistent and visible, it risks being forgotten or ignored.

Still, even with those reminders, barriers remain, especially fear of retaliation.

Organizations must address this head-on. First, there must be a clear, well-communicated prohibition against retaliation. But more importantly, leaders need to understand that retaliation isn’t always overt. It can be subtle—being passed over for key assignments, being excluded from team activities, or receiving the cold shoulder from colleagues.

Creating a culture where employees feel safe to speak up starts with leadership. Managers and executives must model the right behaviors, reinforce anti-retaliation policies, and foster an environment where concerns are welcomed, not punished.

One of the most critical—and often overlooked—elements of a successful helpline program is training leaders on how to respond when a report is made. Too often, well-meaning managers try to “get to the bottom of it” themselves. But when they start asking who reported what or conducting their own informal investigations, they can unintentionally obstruct the formal process and make employees feel unsafe.

A favorite tactic of hers for addressing this is to ask persistent leaders: “Do you want to be a witness and be deposed?” It’s a powerful reminder that involvement in an investigation has consequences—and that the best way to support the process is to let it unfold professionally and confidentially.

Listen in to learn more, and, hopefully, get employees to trust and speak-up more.

By Adam Turteltaub

If all you’re worrying about is tone at the top, you’re missing a key portion of the choir.  With most people reporting to middle managers, they play in integral role in ensuring a culture of compliance and ethics truly permeates the organization.

Evie Wentink, Senior Compliance Consultant at Ethical Edge Experts observes that while many organizations invest in crafting comprehensive codes of conduct and articulate expectations for ethical leadership, they often fall short in equipping managers with the tools, training, and support necessary to fulfill those expectations. This gap can undermine the effectiveness of compliance efforts and leave companies vulnerable to ethical lapses.

At the heart of the issue is a lack of intentional communication. Middle managers are frequently expected to embody and promote ethical leadership, yet they are rarely given a clear understanding of what that entails. To bridge this gap, organizations must develop structured plans that define ethical leadership in practical terms. These plans should include specific deliverables, resources, and expectations tailored to the manager’s role. By doing so, companies can ensure that managers are not only aware of their responsibilities but also empowered to carry them out effectively.

Authentic, ongoing conversations led by these managers are a cornerstone of a successful compliance culture. These discussions should not be limited to formal training sessions or annual reviews. Instead, they must be woven into the fabric of everyday operations. Managers should be encouraged—and required—to initiate “ethics or integrity minutes” at the start of team meetings. These brief segments provide a consistent opportunity to address ethical topics, reinforce values, and normalize open dialogue about compliance issues.

To support these conversations, organizations should provide managers with practical tools. These might include:

* Ethics spotlight cards that highlight key compliance themes.
* News articles that can be used to spark discussion around real-world ethical dilemmas.
* Access to updated policies and codes of conduct, with notifications when changes occur.

Tracking and analyzing these conversations is equally important. Compliance teams should maintain records of who is engaging in discussions, what topics are being covered, and which issues are generating the most questions. This data can be invaluable in identifying risk areas, refining training programs, and tailoring future communications. Often, the most common questions arise immediately after a training session, indicating that such moments are prime opportunities for deeper engagement.

Moreover, it’s essential to recognize the broader impact of middle management on organizational integrity. Prosecutors and regulators increasingly view middle managers as pivotal figures in corporate misconduct cases. Their actions—or inactions—can significantly influence whether a company succeeds or fails in maintaining ethical standards. Consequently, fostering a culture of accountability and proactive communication at this level is not just beneficial—it’s critical.

Ultimately, the goal is to create an environment where ethical conversations are natural, frequent, and valued. When managers consistently lead by example and facilitate open dialogue, employees become more comfortable raising concerns and asking questions. This cultural shift enhances transparency, reduces risk, and strengthens the overall integrity of the organization.

In summary, bridging the compliance gap at the middle management level requires a multifaceted approach: clear expectations, practical tools, authentic conversations, and ongoing tracking. By investing in these areas,

By Adam Turteltaub

Why did the AI do that?

It’s a simple and common question, but the answer is often opaque, with people referring to black boxes, algorithms and other words that only those in the know tend to understand.

Allesia Falsone, a non-executive director of Innovate UK, says that’s a problem.  In cases where AI has run amok, the fallout is often worse because the company is unable to explain why the AI made the decision it made and what data it was relying on.

AI, she argues, needs to be explainable to regulators and the public.  That way all sides can understand what the AI is doing (or has done) and why.

To create more explainable AI, she recommends the creation of a dashboard showing the factors that influence the decisions made.  In addition, teams need to track changes made to the model over time.

By doing so, when the regulator or public asks why something happened, the organization can respond quickly and clearly.

In addition, by embracing a more transparent process, and involving compliance early, organizations can head off potential AI issues early in the process.

Listen is to hear her explain the virtues of explainability.

By Adam Turteltaub

Despite being a Civil War era statute, the False Claims Act (FCA) always has something new going on.  To find out what’s hot these days, we spoke with Joshua Drew (LinkedIn), a former federal prosecutor and chief compliance officer and currently a Member at Miller & Chevalier.

Lately, he explains, there has been a steady stream of activity.

* May:  The Civil Rights Fraud Initiative was announced by the administration and proposes to use the FCA against any federal funding recipient that it believes are operating DEI initiatives that violate antidiscrimination laws.
* July:  A new working group was created between the DOJ and HHS to focus on healthcare and life sciences.  It encouraged whistleblowers to file action in areas such as Medicare Advantage, drug device and biologics pricing and barriers to patient access, amongst others.
* A trade task force was created to encourage whistleblowing against tariff violators.

All of this occurs against a backdrop of activity by the Administration to identify and fight waste, fraud and abuse.

Listen in to learn more about where the Administration is focusing and what compliance teams can learn from recent actions.

By Adam Turteltaub

The possibilities of AI don’t stop with generative AI such as ChatGPT.  Agentic AI may have more potential for compliance teams, Zahra Timsah, co-founder and CEO of i-GENTIC AI tells us.

Unlike generative AI, which is well known for its ability to create content, agentic AI can be used an internal enforcement agent.  Trained properly, she tells us, it can look for a potential violation and stop it.  For example, it can spot personal health information that is about to be transferred and redact the sensitive data automatically.

This ability to step in and take action will, she believes, free compliance teams from many routine tasks and allow them to shift their focus to matters that are more complex and fall within the grey area.  It will also help teams speed up the rate in which new laws and regulations turn into effective internal policies.

In addition, agentic AI will be able to produce measurable value by demonstrating what it can do to manage risk, improve trust and increase efficiency.

Listen in to learn more about agentic AI’s ability to improve your compliance program.

By Adam Turteltaub

Lewis Eisen (LinkedIn) is the author of the book RULES: Powerful Policy Wording to Maximize Engagement, and he wants to change the way people think about and write  policies.

Too often, he observes, policies contain parent-child language, with a scolding tone that turns people off and keeps them from wanting to read the policy, or even follow it.  It also contains a great deal of complexity, laying out all the many processes and procedures.

Instead, he recommends that companies adopt policy statements that are simpler and can tie values that people can identify with.  All the other stuff – complex procedures, examples, backgrounds and so forth – belongs elsewhere he argues, for employees to see after they have had the opportunity to see the policy and buy into it.

It’s an intriguing approach.  Listen in to learn more about how to reimagine your policy-making process.

By Adam Turteltaub

Andrew McBride, Founder & Chief Executive Officer at Integrity Bridge, recently wrote an article entitled Generative Artificial Intelligence Use Cases for Ethics & Compliance Programs.  Intrigued by the topic, I sat down with him for this podcast.

He shared that many compliance teams are charged with using AI but may not have the  desire or know how to create and implement a use case.

He shares that AI is very good at doing a specific role and a specific activity.  Consequently, compliance teams should consider not just the use of AI as a whole but specific needs that they have for it.  He gives five specific use cases:

* Interpreter. AI can translate documents and training in seconds.  It can also help you distill long documents into pithy, usable summaries both for you and management.
* Drafter.  It can draft from scratch or improve what you have already put together, even creating interactive scenarios that can be useful in training.
* Researcher.  You do have to be mindful of hallucinations, but if you set up the AI to only use your own data or a trusted set of ources, it is more reliable.  Do, though, always check its work.
* Data Analyst. As compliance teams are called to amass and analyze more data, AI can help you do it, identifying, for example, relationships between training and calls to the helpline.
* Monitor, Investigator, Auditor. AI can review both structured and unstructured data, helping you identify red flags.

Listen in to learn more, and then, start building your own use case for generative AI.

By Adam Turteltaub

Why?

Why are you asking that?

Do you really need to know it?

Is it going to tell you something you need to know?

Is it a question that anyone could even answer?

All of these are questions to ask yourselves and colleagues when they propose adding an item to your due diligence questionnaire.

As Kristy Grant-Hart (LinkedIn), author, speaker and Head of Advisory at Spark Compliance, which is now owned by Diligent, explains, too often due diligence questionnaires are filled with questions that are unnecessary at best and counterproductive at worst.  They are born out a desire to cover all the bases not necessarily get you just the information you need.

Instead of throwing in everything including the kitchen sink, it’s far better to take, as elsewhere, a risk-based approach.  Work directly with those who own the risk review.  And, if the response doesn’t matter, don’t ask the question.

Listen in to learn more about how to create a due diligence questionnaire that gets the answers you need, and not the ones you don’t.

By Adam Turteltaub

With ever more attention paid to the role of boards in overseeing compliance, the question naturally comes up:  Do boards even understand what makes for an effective compliance program?  To help answer that question we spoke with Vera Cherepanova (LinkedIn), Executive Director of the non-profit Boards of the Future.

She shares the unfortunate news that many boards are not where they should be.  They are not fully seeing culture as a risk factor and driver of misconduct.  Nor do many understand their own duty to manage it.

That’s dangerous in these times, especially now that governments are paying closer attention to culture.

Forces, though, are starting to change the equation and force boards to understand the role they and compliance play together in ensuring both integrity within the company and business success.  Supply chain issues and ESG, for example, have brough compliance in closer contact with the governing authority.  So, too, is regionalization.  As countries take divergent paths into more and more issues, the compliance team will be essential in helping the board understand the risks that they face.

More, though, will need to be done.  Boards need to start addressing issues such as values conflicts like they do other risks.  And, more people with compliance experience should be added to boards.

Listen in to learn more about what boards are and are not doing.

By Adam Turteltaub

With a rising focus on value-based care, and a new program seeking to make the approach mandatory, we spoke with Ed White (LinkedIn), Partner at Nelson Mullins.

Previous efforts to move toward value-based models, such as Accountable Care Organizations (ACOs), faced significant barriers due to regulatory frameworks like the Stark Law and Anti-Kickback Statute. These laws were designed to prevent financial incentives from influencing medical decisions, but they also limited the ability of hospitals and physicians to collaborate in ways necessary for effective value-based care implementation.

Recognizing these constraints, CMS and the Office of Inspector General (OIG) collaborated in 2020 to issue new regulations aimed at facilitating the transition to value-based care.

The next step in the transition is the new Transforming Episode Accountability Model or TEAM program, which will become mandatory in 2026. This program includes 740 hospitals across the country and targets five specific surgical procedures. Participating hospitals must coordinate care with a range of providers—including specialists, primary care physicians, labs, durable medical equipment (DME) providers, hospice agencies, and others.

The TEAM program is designed to last for five years, during which time hospitals are responsible for ensuring that patients are connected to appropriate post-discharge care, including follow-up with primary care providers. The goal is to reduce complications, avoid emergency room readmissions, and promote better health outcomes—all while keeping costs below a CMS-established target price.

To drive efficiency, the TEAM program introduces three financial risk “tracks”:

* Upside-only track – Hospitals can earn shared savings if costs come in below the target price.
* Moderate risk (upside/downside) track – Hospitals can either earn savings or incur penalties depending on performance.
* Full-risk track – This track will offer both greater risks and rewards.

According to industry consultants, two-thirds of participating hospitals are expected to lose money in the early phases of the TEAM program.

Hospitals must rethink their compliance, care coordination, and partnership strategies in the wake of these changes. Listen in to learn more about what this all means for your compliance program both today and in the future.

By Adam Turteltaub

Imagine that it’s time to move on from compliance to another role, either by choice or being voluntold.  Does what you learned in compliance help?

Absolutely, according to Kortney Nordrum, Vice President and Senior Corporate Counsel at Deluxe.  Amongst other benefits, it taught her how to break down large issues into more manageable pieces, better identify and manage risks and help deals close.

That isn’t to say the transition has come without challenges.  She has had to learn to trust others to run compliance and also to be less risk averse.

Listen in to learn more about how your compliance skills can help if your career ever takes you to another profession.

By Adam Turteltaub

When Garth Jordan learned about the opportunity to lead the SCCE & HCCA, he was excited about the idea of helping to build trustworthy organizations.  And, the more he spoke with the board and talked to his peers, the more convinced he was that this was the role for him.

Unlike our previous CEOs he came to the association not from compliance, but from the field of association management.  He has served in leadership roles for the American Animal Hospital Association, Healthcare Financial Management Association and Medical Group Management Association.  As he looked at SCCE & HCCA he saw a great opportunity for growth and greater impact.

He tell us in this podcast that he will be focusing on the complete range of things that we do, from publishing to creating events to providing certifications to facilitating networking.

Listen in to learn more about him and how he plans on using design thinking to help create a robust future for the SCCE & HCCA.

By Adam Turteltaub

What do cupcakes, cookies and compliance training have in common?  More than you might think, reports Barbara-Ann Boehler, Senior Director of the Program on Corporate Compliance and Ethics at Fordham University  School of Law.  She successfully used the act of frosting the treats a part of a compliance learning exercise.

It’s a great, if unusual, example of experiential learning, which seeks to teach people by getting the learner to do the thing that they are learning rather than just sitting and listening.

A more common example of experiential learning is to create a case study in which the participants play different roles and see how the situation plays out.

This interactive approach to learning can be much stickier, figuratively and literally (if you use frosting) with lessons sinking in deeper and discussions lasting long after the session is over.

Listen in to learn more but, maybe, eat something healthy first.

By Adam Turteltaub

Being a leader is hard.  Being a compliance leader is harder.  Being a compliance leader in fast-changing times takes it up yet another level, but it’s not impossible.

Kim Jablonski, Chief Compliance & Ethics Officer at Bristol Myers Squibb shares that with these challenges it’s important for leaders not to think in static terms but to recognize that the landscape is constantly changing.  The transformations include not just new laws and regulations but also new expectations for compliance programs, such as when it comes to taking a more data-driven approach.

At the same time, though, some things don’t change.  For example, you need to communicate with the workforce the importance of acting with integrity, even when there is business pressure to deliver.  That same message should come from leadership as well so that employees see integrity as a part of the culture and behavioral expectations.

For their part, compliance leaders, and their teams, need to have a deep understanding of the business and how it works.  They must also be flexible with more than one solution to a problem.

She also advocates for a collaborative approach.  Working together with a wide range of internal teams leads to better outcomes, both from a compliance and business perspective.

Most notably of all, she shares an insight that is relatable and very eye opening:  We all have obstructed view seats.  As she explains, we all only see a part of the picture and need to be mindful that we benefit from the views of others and that bad decisions are often the product of not being able to see the whole panorama before us.

Listen in for more eye-opening insights.

By Adam Turteltaub

There’s a car pulling up to your facility loaded up with a patient and a trunk full of risk.

Non-emergency medical transportation (NEMT) plays an important role in getting elderly and poor patients to their medical appointments and pharmacies.  But, explains Colin May, Professor of Forensic Studies and Criminal Justice at Stevenson University, the amount of fraud is exploding.  There are cases of billing when service was not provided, trips to facilities that are closed, overbilling, upcoding, overcharging for tolls, and more.

Enforcement authorities have been doing more to crackdown on this fraud, but providers need to be on the lookout for a host of schemes, including kickbacks.

Frontline employees, he argues, should be trained to look out for questionable, unusual situations that may be the sign that something improper is happening.  Technology can also be deployed in areas such as pre-trip screening.

Listen in to learn more about this growing problem and what your organization could and should be doing about it.

By Adam Turteltaub

Things are a bit out of balance when it comes to Business Associates (BAs) in healthcare.  Organizations invest a great deal of time and resources in vetting these third parties to make sure that they will safely handle data from the covered entity.  But, when the relationship ends, those same organizations may overlook the risks to their data post-separation.

The problem is complex because different BAs will fall under different regulations and use data differently.  Some may process but not retain data.  Others may have terabytes of your data to return or destroy immediately.  For others, there may be a law or regulation requiring them to hold onto that data for several years.

The compliance team, explains Marti Arvin (LinkedIn), Vice President, Chief Compliance and privacy Officer at Erlanger Health System, needs to ensure it is part of the process whenever a BA relationship is coming to an end.    At that point, it’s time to reach out to the BA to ensure there is a plan in place for how data will be handled, and to begin documenting the process.  This helps in case there is an incident later.

Listen in to learn more about what you can and should be doing to ensure that the close-out process is as healthy as it should be.

By Adam Turteltaub

Ahmed Salim wants you to change how you approach change.  An active consultant to the compliance community and Healthcare Compliance & Regulations Adjunct Professor at DePaul University, he is passionate about following a disciplined approach to change management.  Not surprisingly then, he’s the author of a new book from the SCCE & HCCA:  Mastering Compliance Through Change Management.

In this podcast he explains that the concepts behind change management are simple.  It contains 8 critical steps:

* Vision and strategy
* Building leadership and sponsorship
* Communications and awareness
* Training and acceptability building
* Implementation and reinforcement.
* Continuous monitoring and improvement
* Sustaining the change
* Feedback and adaptation.

So what are the keys to success along the way?  First, have a vision and strategy you want.  Second, get leadership and senior management buy in.  Third, effective communication because if people don’t know about the change, what’s the point.  Fourth, continuous monitoring to ensure that you are making the progress you want, and if you aren’t why.

To all that I would add two more keys:  listen in to learn more about how to make change management a part of your compliance program.  Then, get your copy of Mastering Compliance Through Change Management.