Tag: Audits

5 Keys to SEC Compliance Success

The best way to avoid the scrutiny from the Securities and Exchange Commission (SEC) that can lead to significant legal liability is to strictly comply with all of the agency’s rules and regulations. Unfortunately, given the complexity of these regulations and the constantly changing legal landscape of securities laws, such as the Securities Act of 1933 and Securities Exchange Act of 1934, this is much easier said than done.

Here are five keys to SEC compliance.

1. Identify Your Particular Needs

It should be an obvious first step, but many compliance attorneys treat all clients the same and offer a one-size-fits-all approach to complying with the regulations promulgated by the Securities and Exchange Commission (SEC). While this might not be a terrible approach – so long as it is all-encompassing, it will keep your company in line with the SEC across the board – it can saddle your firm with concerns and extraneous internal rules that have no bearing on how you conduct business.

A great example is a cryptocurrency. The SEC is, belatedly, beginning to issue rules and regulations for financial firms that focus on and trade in Bitcoin and other cryptocurrencies. If your brokerage firm is not buying or selling securities in crypto-assets and has no plans to do so soon, then implementing compliance measures for cryptocurrency regulations has no benefit to your company. Those measures will, however, make the regulated securities professionals who work for your firm jump through pointless hoops in the ordinary course of their business.

Adopting a compliance strategy that more precisely meets your company’s needs will let your workers perform to their full capacity while still insulating your firm from legal liability or SEC scrutiny. It will just have to be updated if you choose to expand into new forms of securities trading.

2. Craft an All-Encompassing Compliance Strategy

Based on your firm’s precise regulatory needs, the next key to success is to come up with a compliance strategy that takes into account all of the SEC’s rules that could impact your company. Given the breadth of the SEC’s jurisdiction and the sheer number of regulations that it has put forth, this can take a while.

Once your firm’s legal requirements have been ascertained, the next step is to come up with ways that you can satisfy them during the day-to-day business activities at your firm. This is another reason why every compliance strategy should be tailored to your business – a compliance technique that works well and is easy for one firm may be onerous and inconvenient for another one.

As Dr. Nick Oberheiden, founding partner of the SEC compliance law firm Oberheiden P.C., often tells clients, “All SEC compliance measures should protect the securities firm from SEC liability. However, those measures should also be judged by how burdensome they are on the firm that is employing them. The least inconvenient method to adequately insulate your firm from liability is the best. Learning about a brokerage firm and understanding its strengths and weaknesses and its capabilities help compliance lawyers craft the best solutions for their clients. Unfortunately, one of the most common complaints that securities professionals have about attorneys is that they do not listen to their particular concerns. We strive to do better.”

3. Train, Train, and Retrain Your Workers

No compliance strategy is effective if it is not implemented. Training your employees and workers in the intricacies of the compliance strategy, explaining why it is important for them to follow it strictly, and describing the penalties for noncompliance is the next key to success.

Even here, though, it is not a matter of simply giving your employees a handbook of rules, policies, and procedures to memorize. Just like how the compliance strategy should be tailored to your firm, so too should the instruction materials be tailored to each type of worker at your company. While it can help to train non-regulated administrative staff how to detect the signs of financial misconduct or fraud, there is no reason to bog them down in the details of SEC regulations that only pertain to traders – doing so can overload them with irrelevant information and make them lose sight of what they need to know.

It is also important to remember that training is not a one-time ordeal. New hires must be onboarded and taught the rules of internal compliance. Existing workers should be retrained to keep them apprised of any updates and to ensure that they remember their roles in the compliance protocol.

4. Keep Your Compliance Strategy Updated

Keeping your compliance strategy updated is also essential when it comes to compliance inspections. An out-of-date compliance protocol may still cover many of the bases for SEC compliance. However, there will be gaps in the compliance requirements that you will be unaware of, giving you a false sense of security.

The compliance strategy should not just be updated to account for new SEC regulations, though: It should also get updated whenever your brokerage firm branches out into new types of trading or adds a new kind of financial service to its portfolio. With that new line of business will likely come new SEC regulations to abide by.

5. Audit Yourself Regularly

Even if you have a good compliance program or plan, have trained workers to follow it, and keep the protocols updated, you are still moving forward blindly if you do not regularly conduct internal audits of your company to make sure that those compliance rules are working. Many compliance programs and strategies check off all of the boxes, only to lead to an SEC investigation that finds problems because a single worker did not actually understand how to correctly perform a job task.

These situations of compliance issues are incredibly frustrating. They can also be detected, identified, and corrected through a compliance strategy that includes internal auditing by outside counsel or an SEC compliance attorney with prior experience investigating securities fraud.

Article By Dr. Nick Oberheiden of Oberheiden P.C.

For more securities and SEC legal news, click here to visit the National Law Review.

Oberheiden P.C. © 2022

Medicare CERT Audits and How to Prepare for Them

CERT audits are an unfortunate part of doing business for healthcare providers who accept Medicare. Failing the audit can mean the provider has to pay back overcharges and be subjected to increased scrutiny in the future. 

The best way to be prepared for a CERT audit is to have a compliance strategy in place and to follow it to the letter. Retaining a healthcare lawyer to craft that strategy is essential if you want to make sure that it is all-encompassing and effective. It can also help to hire independent counsel to conduct an internal review to ensure the compliance plan is doing its job.

When providers are notified of a CERT audit, hiring a Medicare lawyer is usually a good idea. Providers can fail the audit automatically if they do not comply with the document demands.

What is a CERT Audit?

The Comprehensive Error Rate Testing (CERT) program is an audit process developed by the Centers for Medicare and Medicaid Services (CMS). It is administered by private companies, called CERT Contractors, which work with the CMS. Current information about those companies is on the CMS website.

The CERT audit compares a sampling of bills for Medicare fee-for-service (FFS) payments, which were sent by the healthcare provider to its Medicare Administrative Contractor (MAC), against medical records for the patient. The audit looks at whether there is sufficient documentation to back up the claim against Medicare, whether the procedure was medically necessary, whether it was correctly coded, and whether the care was eligible for reimbursement through the Medicare program.

Every year, the CERT program audits enough of these FFS payments – generally around 50,000 per year – to create a statistically significant snapshot of inaccuracies in the Medicare program.

The results from those audits are reported to CMS. After appropriately weighing the results, CMS publishes the estimated improper payments or payment errors from the entire Medicare program in its annual report. In 2021, the CMS estimated that, based on data from the CERT audits, 6.26 percent of Medicare funding was incorrectly paid out, totaling $25.03 billion.

The vast majority of those incorrect payments, 64.1 percent, were marked as incorrect because they had insufficient documentation to support the Medicare claim. Another 13.6 percent were flagged as medically unnecessary. 10.6 percent was labeled as incorrectly paid out due to improper coding. 4.8 percent had no supporting documentation, at all. 6.9 percent was flagged as incorrectly paid for some other reason.

The CERT Audit Process

Healthcare providers who accept Medicare will receive a notice from a CERT Contractor. The notice informs the provider that it is being CERT audited and requests medical records from a random sampling of Medicare claims made by the provider to its MAC.

It is important to note that, at this point, there is no suspicion of wrongdoing. CERT audits examine Medicare claims at random.

Healthcare providers have 75 days to provide these medical records. Failing to provide the requested records is treated as an audit failure. In 2021, nearly 5 percent of failed CERT audits happened because no documentation was provided to support a Medicare claim.

Once the CERT Contractor has the documents, its team of reviewers – which consists of doctors, nurses, and certified medical coders – compares the Medicare claim against the patient’s medical records and looks for errors. According to the CMS, there are five major error categories:

  • No documentation

  • Insufficient documentation

  • Medical necessity

  • Incorrect coding

  • Other

Errors found during the CERT audit are reported to the healthcare provider’s MAC. The MAC can then make adjustments to the payments it sent to the provider.

Potential Repercussions from Errors Found in a CERT Audit

CERT audits that uncover errors in a healthcare provider’s Medicare billings lead to recoupments of overpayments, future scrutiny, and potentially even an investigation for Medicare fraud.

When the CERT audit results are brought to the MAC’s attention, the MAC will adjust the payments that it made to the provider. If the claims led to an overpayment, the MAC will demand that money back.

But Medicare Administrative Contractors (MACs) can go further than just demanding restitution for overpayments. They can also require prepayment reviews of all of the provider’s future Medicare claims, and can even suspend the provider from the program, entirely.

Worse still, CERT audits that uncover indications of Medicare fraud may be reported to a law enforcement agency for further review. This can lead to a criminal investigation and potentially even criminal charges.

Appealing a CERT Audit’s Results

With penalties so significant, healthcare providers should seriously consider hiring a lawyer to appeal the results of a CERT audit.

Appeals are first made to the MAC, requesting a redetermination of the audit results. The request for redetermination has to be made within 120 days of receiving notice of the audit results. However, if the provider wants to stop the MAC from recouping an overpayment in the meantime, it has to lodge the request within 30 days.

Providers can appeal the results of the redetermination, as well. They can request a reconsideration by a Qualified Independent Contractor within 180 of the redetermination, or within 60 days to stop the MAC’s recoupment process.

Providers who are still dissatisfied can appeal the case to an administrative law judge, then to the Medicare Appeals Council, and finally to a federal district court for review.

How to Handle a CERT Audit

The best way to handle and to prepare for a CERT audit is to hire Medicare audit attorneys to guide you through the process. It would also help to start internal audits within the company.

For providers who have been notified that they are under an audit, getting a lawyer on board immediately is essential. An experienced healthcare attorney can conduct a thorough internal investigation of the claims being audited. This can uncover potential problems before the audit points them out, giving the healthcare provider the time it needs to prepare its next steps.

Providers who are not currently being audited can still benefit from an attorney’s guidance. Whether by drafting a compliance plan that will prepare the provider for an inevitable CERT audit or by conducting an internal investigation to see how well a current compliance plan is performing, a lawyer can make sure that the provider is ready for an audit at a moment’s notice.

Taking these preventative steps soon is important. CMS put the CERT audit program on halt for the coronavirus pandemic, but that temporary hold was rescinded on August 11, 2020. While the CMS has reduced the sample sizes that will be used for its 2021 and 2022 reports, it will likely go back to the original numbers after that. Healthcare providers should prepare for this increased regulatory oversight appropriately.

Article By Dr. Nick Oberheiden of Oberheiden P.C.

For more litigation legal news, click here to visit the National Law Review.

Oberheiden P.C. © 2022

ICE Raids on 7-Eleven Franchise Stores Result in 21 Arrests

On January 10, U.S. Immigration and Customs Enforcement (ICE) agents commenced employment audits at nearly 100 7-Eleven franchises across the U.S., signaling the biggest crackdown on suspected illegal workers since President Trump took office. The raids resulted in 21 administrative arrests. Following the raids, ICE Deputy Director Thomas Homan said in a statement: “Today’s actions send a strong message to U.S. businesses that hire and employ an illegal workforce: ICE will enforce the law, and if you are found to be breaking the law, you will be held accountable.”

ICE gave no reason why 7-Eleven, famous for the Slurpee, was targeted. The notices of inspection, also known as  I-9 audit notices, were served on stores in Washington, D.C., and in California, Colorado, Delaware, Florida, Illinois, Indiana, Maryland, Michigan, Missouri, Nevada, New Jersey, New York, North Carolina, Oregon, Pennsylvania, Texas, and Washington. The franchise owners have three days to provide the agency with the immigration status of their workers.

The recent raids stem from a 2013 ICE investigation that resulted in charges against nine 7-Eleven franchise owners and managers. All of those individuals have now been arrested as of November 2017, and eight out of the nine pleaded guilty and were ordered to pay more than $2.6 million in restitution for back wages.

In its own statement, 7-Eleven said it is aware of the raids and its franchisees are “independent business owners” who are “solely responsible for their employees including deciding who to hire and verifying their eligibility to work in the United States.” 7-Eleven says it has terminated the franchise agreements of franchisees convicted of violating immigration laws.

President Trump ran on a campaign promise to prevent U.S. business from employing undocumented workers. ICE’s actions against 7-Eleven are a clear indicator of keeping that promise. Expect ICE to move forward with similar enforcement actions, as one top ICE official stated the 7-Eleven raids were “a harbinger of what’s to come” for employers.

 

© 2018 Barnes & Thornburg LLP.
This post was written by Joseph D. Hess from Barnes & Thornburg LLP.
Click here for more Immigration Coverage from the National Law Review.