'Compliance does not exist on its own and cannot be justified in isolation'

André Chidichimo de França is the director of the legal & compliance Department at Odontoprev. In this exclusive interview, he explains the company’s initiatives to build bridges between the compliance department and others such as human resources and internal audit

Posted vendredi, février 9 2024
'Compliance does not exist on its own and cannot be justified in isolation'

Leaders League: What is the role of compliance within Odontoprev’s strategy?


At Odontoprev, the compliance program is not treated as something separate from the company's strategy and organizational processes, but rather as part of our culture and is, thus, embedded in our values.

The program is integrated into the company’s processes, aiming to act preventively to mitigate risks and promptly remedy potential issues.

As a means of awareness, there is a strong pillar in the program focused on communication (internal and external), updating and monitoring of training, and the development of documents that strengthen the company’s stance on integrity. In this regard, we have ethical conduct booklets for audiences within our ecosystem, including our employees (internal audience), the network of accredited clinics/dentists, brokers and suppliers, as well as materials focused on dealing with public officials.

The information generated by Compliance aims to support the decision-making of top management, ensure compliance, and safeguard the company’s reputation with our shareholders, customers, suppliers, partners, employees and other stakeholders.

How are compliance policies specifically developed for the healthcare sector?


It’s a complex process that is not limited solely to issuing internal policies or norms. The process of developing compliance policies for the healthcare sector, as in any other regulated sector, involves mapping processes and regulatory obligations, understanding their impacts, ramifications and associated risks. Through continuous monitoring of healthcare sector regulations, the compliance risk matrix, and recurring assessment processes, new compliance policies may emerge, while others may be reviewed as needed. This occurs in parallel with the regular and periodic review of the entire internal regulatory framework of Odontoprev.

To achieve this, the compliance and risk management and internal controls divisions support the development of internal norms and policies to ensure they align with sector requirements and overall regulations. This guarantees compliance and encompasses the needs of stakeholders (such as the network of accredited dentists, brokers, suppliers, among others) involved in our operation.

In this regard, how would you describe the monitoring and auditing practices to ensure continuous compliance?


Odontoprev has robust and established practices related to monitoring and auditing. The efficiency of internal controls is assessed by the risk management and internal controls and internal audit and independent auditing divisions. The results of these assessments are presented to the board, the statutory audit committee, and the board of directors.

The risk management and internal Controls area, internal audit, and independent audit assess and audit the effectiveness and efficiency of internal controls defined in corporate policies and procedures across various areas of the company.

Internal audit, a department linked to the board of directors and supervised by the audit committee, is responsible for evaluating risk management processes, internal control systems, mechanisms, and internal procedures for compliance with laws, resolutions, bylaws, and company regulations. The internal audit unit has the necessary conditions for the independent, autonomous and impartial evaluation of the quality and effectiveness of the company’s internal control systems, processes and risk management.

The statutory audit committee is a statutory body that supports the board of directors, primarily responsible for (i) evaluating the corporate governance policy, risk management, internal controls, and compliance, and (ii) monitoring and periodically reassessing legal, underwriting, credit, market, liquidity, and operational risks, with the support of the internal audit and independent audit divisions.

Therefore, in my view, what ensures continuous compliance are processes and activities developed by control areas with autonomy, without conflicts with operational areas (or the first line of defense) and reporting to senior management.

And how does the compliance department at Odontoprev interact with other departments, such as human resources, legal, and regulatory?


The compliance department is responsible for coordinating, monitoring, and managing legal risk activities. Its objective is to promote a culture of compliance.

As part of the acculturation and alignment strategy with other areas, Odontoprev has a training program and communication planning related to compliance risks. These initiatives aim to foster the subject and develop administrators and employees, enabling them to identify and deal with ethical dilemmas and operationalize the application of laws and regulations. All Odontoprev administrators and employees must undergo mandatory compliance and ethical conduct training.

The compliance, risk management and internal controls, and information security and data privacy departments are part of the company's second line of defense. They support managers and administrators in defining action plans and regularly monitor the implementation of these measures. Every identified, categorized, and measured risk is reported to the risk matrix through a computerized risk management system.

We believe in raising awareness and training managers and administrators about the compliance culture through educational actions of various formats and complexities. We also understand that we need to create bridges and establish connections, without which compliance and the program become hollow, losing their meaning completely. There is no talk of a compliance culture without connections and joint constructions with departments such as human resources, legal, regulatory and many others, as compliance does not exist on its own and cannot be justified in isolation. It is a construction where the input and raw material lie with other partner areas.

Thus, the dialogue needs to be fluid, with active listening, providing the compliance professional with an increasingly broad view and making them multiskilled, a skill increasingly recognized by organizations.