Although the need to stiffen corporate defenses against data breaches seems a less urgent compliance concern than complying with the ACA, data security appears to be the more widely felt issue. While 25% of the survey respondents characterized it as a matter of high concern, 44% felt that it was at least a moderate anxiety.
Trailing health reform and data security as compliance concerns are tax rules (with 52% of the respondents expressing high or moderate concern) and accounting standards (42%). About 10% had at least moderate worries about complying with the SEC’s conflict minerals rules.
While data security, health care reform and similarly much-debated issues inevitability rise to the surface when large groups of senior finance executives are asked about their biggest compliance anxieties, unique challenges facing their particular companies are the most pressing ones for individual finance chiefs.
Typical is this comment from one survey respondent about the choices he was presented with: “We’re in a specialized industry niche that has its own particular compliance requirements, which are of more concern than any of the above to us.” (Respondents were asked to rank the following according to their chief compliance concerns for 2014: conflict minerals, antibribery laws, health care reform, accounting standards, tax rules and data security.)
Depending on the industry, even the most widely known matters can have arcane, specialized compliance requirements. For example, the biggest compliance challenge that Mike Carruthers, CFO of Boulder, Colo.-based Array BioPharma, is facing in 2014 actually stems from a little-known section of the Affordable Care Act: The Physician Payments Sunshine Act.
Under the law, as of Aug. 1, 2013, drug makers, medical-device manufacturers and biopharmacology firms like Array that take part in U.S. federal health care programs are required to track and annually report payments made to doctors. Even though Array doesn’t actually yet have a product on the market, the company, which is developing cancer-treatment drugs, got pulled into compliance with the law “because of at least one collaboration we have with a much larger company that does have drugs on the market,” says Carruthers.
“It sounds simple on the surface, but it isn’t,” he continues. “You end up paying the entity that a physician may work for, and you don’t have any idea how much the physician might get as a piece of that payment.” Trying to overcome that is “a big information-systems effort” for Array involving indirect payments to at least 100 different doctors, says Carruthers.
He acknowledges that the Sunshine Act “may be a good idea because of all the things big pharma companies lavish on doctors to get them to prescribe their drug. That’s a really bad thing, and we should know how much they’re getting paid.”
Nonetheless, Congress should have considered the difficulties that much smaller companies could encounter under the act, says Carruthers. “The point is that there are unintended consequences,” he says.