Skip to main content Skip to secondary navigation

Compliance Initiative Background

Main content start


A comprehensive institutional compliance program is one which integrates and coordinates all significant requirements with which the institution must comply by law, regulation, or other binding rule or agreement. Comprehensive organizational compliance programs are common in highly regulated industries, and have become less rare recently in higher education as a result of highly publicized instances of alleged non-compliance in such areas as Medicare billing (e.g., Corporate Integrity Agreement between the University of Pennsylvania and the U. S. Department of Justice).

In 1987, the Federal Sentencing Guidelines (FSG) provided one of the first "models" for organizational compliance programs. They recommended that federal judges give "credit" for reduced penalties to organizations found guilty of violations if they had previously developed "an effective program to prevent and detect violations of law."  In 2010, the Federal Sentencing Guidelines were amended to emphasize promoting an ethical business culture, beyond simply compliance with laws. While these criteria have their origin in U.S. criminal law, they are recognized as the appropriate standard for evaluating the effectiveness of a compliance and ethics program.

In 1998, in response to the Physicians At Teaching Hospitals (PATH) investigations at university teaching hospitals, corporate integrity models based on the FSG were developed by the Department of Health & Human Services (DHHS) Office of Inspector General (OIG) (See Federal Register, Vol 63, No 35). A December 2000 survey of 17 university Chief Financial Officers indicated that formal compliance programs had been or were being established at 10 of the universities; many of these programs were initiated as a result of adoption of one or more elements of the DHHS/OIG model within their medical centers. 

Stanford's model for implementing a compliance program is summarized in this article, An Approach to Compliance in a Decentralized Environment

All these models contain various components aimed at enhancing and ensuring institutional compliance, including:

  • Establishing institutional expectations and codes of conduct
  • Developing and effectively communicating policies and procedures
  • Designating a formal compliance office with suitable administrative powers
  • Implementing a program to monitor compliance
  • Identifying and applying sanctions for intentional non-compliance

Currently at Stanford, programs containing components such as those bulleted above have evolved in a number of specific compliance areas (e.g., Environmental Health and Safety, sexual harassment, NCAA rules, research administration). Stanford has developed a "matrix" compliance program which connects these individual components, coordinates their operations, and represents the University's institutional perspective, but at the same time avoids the creation of a new bureaucracy which could be perceived by the faculty as unhelpful. We call this a "matrix" framework, because its goal is to enhance compliance primarily through the actions of a decentralized matrix of University offices and officers, coordinated and assisted by a small central compliance function with a reporting relationship to the Stanford University Board of Trustees. 

Stanford's Compliance Matrix