Compliance and Accountability Program

Purpose and Scope

The purpose of the University of Miami (“University”) Compliance and Accountability Program (“Compliance Program” or “Program”) is to promote and support a working environment which reflects the University’s commitment to operating with the highest level of integrity while maintaining compliance with applicable laws, regulations and policies. The Compliance Program applies to all University campuses, facilities and operations, and to all members of the University community, including trustees, officers, management, physicians, faculty and staff, students, employees - and where appropriate, vendors and contractors (collectively, “Community Members”). The Program includes structural components, systems and practices designed to nurture and preserve a culture of fairness, respect, compassion, honesty and individual accountability while building compliance and ethics consciousness into the daily activities of Community Members.

Program Design Philosophy

The Program is designed to help Community Members fulfill their organizational responsibilities as efficiently as possible in an increasingly complex ethical and regulatory environment while providing reasonable assurances to University leadership that the University’s significant compliance and ethics risks have been mitigated to acceptable levels. The Program is also designed to prevent, detect and correct misconduct within the University in reasonable satisfaction of the requirements of the U.S. Sentencing Commission’s Guidelines for Organizations for an effective compliance and ethics program. In particular, the Compliance Program includes elements intended to achieve the following objectives:

  1. establishment and maintenance of an organizational culture that encourages all Community Members to conduct University business ethically and with a commitment to compliance with applicable laws, regulations and policies;
  2. assurance that the Board of Trustees and executive level personnel of the University are knowledgeable about the Program’s content and operation and exercise reasonable oversight with respect to its implementation and effectiveness;
  3. execution of consistent and effective strategies to build awareness of the Program throughout the University and beyond;
  4. creation of efficient channels of communications to provide appropriate messaging regarding the Program to all Community Members;
  5. establishment of clear compliance and ethics standards for all Community Members and consistent enforcement of these standards;
  6. maintenance of training programs appropriate for the education of Community Members with respect to compliance and ethics issues related to their organizational responsibilities;
  7. development and maintenance of a compliance and ethics risk assessment and management process that provides for designation of the compliance and ethics risk areas of the University;
  8. conduct of risk assessments in each designated risk area to inventory associated compliance and ethics risks and to evaluate the vulnerability of the University with respect to each inventoried risk;
  9. based on these risk assessments, identification of the critical institutional compliance and ethics risks;
  10. designation of an individual to be held accountable for the implementation of an appropriate action plan to effectively manage the compliance and ethics risk identified in the risk assessments; and
  11. establishment of a risk management process that is fully responsive to the identified objectives for each critical risk (this risk management process evaluates current activities and identifies changes, if necessary, that will improve assurance of compliance, follows up to ensure that agreed upon changes are implemented, and then evaluates the results after implementation);
  • maintenance of a process for continuously monitoring the compliance and ethics environment of the University to identify new or changing compliance and ethics risks;
  • maintenance of a mechanism for good faith reporting of suspected compliance and ethics violations that provides for anonymity and confidentiality to the extent allowed by applicable law;
  • maintenance of a process for investigating reports of suspected compliance and ethics violations, and effecting appropriate corrective, restorative and/or disciplinary actions; and
  • maintenance of a process for the continued enhancement and improvement of the Compliance Program.

Program Structure

The major structural components of the Program include the administrative office directed by the Vice President and Chief Compliance Officer (“Chief Compliance Officer”) known as University Compliance Services (“UCS”), the Executive Compliance Committee (“Executive Committee”), the Compliance and Risk Managers Council (“Compliance Council”), the ‘'CaneWatch Oversight Group (“'CaneWatch Group”) and the risk area designated responsible party (“DRP”). The major documentary components of the Compliance Program include this Program charter, the Executive Committee Charter, the Compliance Council Charter, any documents formally adopted to guide the operations of the 'CaneWatch Group, and the formally adopted policies and practices of the University set out in the Policies and Procedures, the Employee Handbook, the University of Miami Faculty Manual (2013-2014) or generally described in the Business Conduct and Ethical Standards Handbook for Faculty and Staff (collectively, the “Policies”).

The Executive Committee is composed of the President of the University, as chair, and those members of the University’s faculty and staff serving as provided for in the Executive Committee Charter. The Executive Committee shall be responsible for the oversight of the Compliance Program and shall have the duties and responsibilities set out in the Executive Committee Charter.

UCS is responsible for the strategic design and implementation of the Program as authorized and provided for by the Executive Committee and the Board of Trustees. In fulfilling this obligation, UCS will provide advice and services in four primary areas: (1) training and general education – help faculty and staff identify and understand relevant legal, regulatory and policy constraints, emphasizing the personal responsibility of all Community Members to eliminate misconduct and other wrongdoing and to conduct University business in an ethical and legal manner, (2) operational support – help faculty and staff having management responsibilities develop and implement practical strategies to avoid compliance and ethics failures using risk-based and other appropriate methodologies, (3) effort coordination – serve as a liaison between and among employees of the various University divisions having compliance responsibilities and executive management to better associate their Program related activities, and (4) assurance – undertake those processes and actions well suited for verification and validation of the Compliance Program’s effectiveness and provide assurance to the Executive Committee and the Board of Trustees that compliance and ethics risks are being managed and mitigated to acceptable levels. UCS will conduct such other activity reasonably designed to achieve the goals and objectives of the Program.

The Chief Compliance Officer is responsible for the daily administration of UCS and shall serve as a member of the Executive Committee and as chair of the Compliance Council.

The Compliance Council is composed of the Chief Compliance Officer, as chair, and those faculty and staff having compliance related job responsibilities and duties who have been invited to join the Compliance Council by the Chief Compliance Officer. The Compliance Council shall have the duties and responsibilities set out in the Compliance Council Charter.

The 'CaneWatch Group is composed of representatives from the Office of Human Resources, Office of Internal Audit, Office of the General Counsel, and UCS. Other persons may be added on an ad hoc basis to investigate areas where special knowledge is required. Any other persons included will be added at the sole discretion of the Chief Compliance Officer. The 'CaneWatch Group is primarily responsible for preliminary evaluation of the merits and significance of reports made through ‘'CaneWatch and other designated reporting processes that are brought to the Group’s attention. Working through UCS, the 'CaneWatch Group may authorize or initiate investigations with respect to any of these reports and monitor the progress of those investigations. and shall confirm that appropriate corrective actions are taken when warranted.

The DRP is that individual designated by the Executive Committee as being responsible for management of each critical risk specified in the Executive Committee’s risk assessments of the University. Each DRP shall have the knowledge and authority necessary to manage the specified risk and shall cooperate with UCS to develop a risk management process which includes training, monitoring and reporting plans for each critical risk. Even though the DRP may have delegated the actual management duties to a subordinate, the DRP shall continue to be responsible to the Executive Committee for the performance of these obligations.

Program Standards

The Compliance Program is designed and administered recognizing that building and maintaining a culture of compliance, ethics and integrity are shared responsibilities and require individual commitment from all Community Members. The Policies provide the framework within which Community Members are expected to operate and apply to all University employees, whether administration, faculty, fellows, residents, or students. Moreover, many of the Policies are applicable to University subcontractors, independent contractors, consultants and vendors. UCS may collaborate with other offices to develop a guide (“Guide”) which summarizes and makes citation to the Policies and applicable law and regulations. The Guide shall be designed to (1) communicate to all University employees an expectation and requirement of ethical conduct and compliance with all applicable laws, policies, rules, and regulations, (2) provide specific examples of conduct and behavior that are consistent with these expectations and (3) along with the Policies, serve as a reference for measurement of the Compliance Program’s effectiveness. The Guide will not be expected to address all general compliance issues, nor will it deal with the many special compliance issues that are job specific. Instead, the Guide shall be an effort to clearly set out guiding principles for conduct within the workplace and a quick reference for other important work-related information.