Skip to main content

Compliance Program Requirements for Agencies

As a Spark downline agency, you operate as a First-Tier, Downstream, or Related Entity (FDR) you must meet certain compliance requirements.

As a Spark downline agency, you operate as a First-Tier, Downstream, or Related Entity (FDR) under the Medicare Advantage and Part D programs. This page outlines what that means and what you're responsible for to stay in good standing with CMS requirements — and with Spark.

What is an FDR?

CMS defines three types of entities that fall under FDR oversight requirements. Understanding which category applies to your organization helps clarify your compliance obligations.

  • First-Tier Entity

    An organization that enters into a written arrangement with a Medicare Advantage or Part D plan sponsor to provide administrative or health care services to Medicare-eligible individuals.

  • Downstream Entity

    Any party that enters into a written arrangement with a first-tier entity — or others involved in the MA or Part D benefit — below the level of the plan sponsor relationship. This extends down to the level of the ultimate service provider.

  • Related Entity

    An entity related to an MA organization or Part D sponsor by common ownership or control that performs management functions under contract, furnishes services to Medicare enrollees, or leases property or materials valued at more than $2,500 during a contract period.

Your core compliance responsibilities

CMS requires that all FDRs maintain active compliance programs. As a Spark agency, you are responsible for each of the following:

  • General compliance and FWA training. All employees, contractors, and downstream entities must complete General Compliance and Fraud, Waste, and Abuse (FWA) training within 90 days of hire and annually thereafter. You are responsible for conducting and documenting your own training program. If you do not have training in place, CMS offers free resources — see the training section below.

  • Code of Conduct distribution. Your organization must have a Code of Conduct and ensure it is distributed to all staff and relevant downstream entities.

  • Exclusion and preclusion list screenings. You must screen all employees, contractors, governing body members, and downstream entities before hire or contracting, and monthly thereafter. See the full screening requirements below.

  • Annual FDR Attestation. Spark may require agencies to complete an annual FDR Attestation confirming your organization is meeting all CMS compliance program requirements. Watch for communication from Spark Compliance each year.

  • Reporting non-compliance and FWA. Any potential non-compliance, fraud, waste, or abuse must be reported promptly to Spark Compliance. Do not wait — early reporting protects you, your clients, and the program.

  • Oversight and monitoring. You are responsible for monitoring the activity of your own downstream entities and taking corrective action when issues are identified.

  • Offshore activities are not permitted. Spark agencies may not perform delegated Medicare functions offshore or subcontract those functions to offshore resources. If you believe an offshore arrangement exists anywhere in your hierarchy, contact Spark Compliance immediately before taking any action.

  • Record retention. All compliance documentation — including training records, screening logs, and Code of Conduct distribution records — must be maintained for a minimum of 10 years.

Offshore activities are not permitted. Spark agencies may not perform delegated Medicare functions offshore or subcontract those functions to offshore resources. If you have questions about this, contact Spark Compliance before taking any action.

Exclusion, preclusion, and opt-out screening

Federal law prohibits Medicare, Medicaid, and other federal health care programs from paying for services provided by individuals or entities that are excluded, precluded, or opted out.

Who does Spark screen?

Spark screens agencies and the agency principal that contracts directly with Spark Advisors. It is the responsibility of each agency principal to ensure that all agents and individuals within their hierarchy are screened monthly.

Who must be screened

The following individuals and entities must be screened before hire or contracting, and then monthly thereafter:

  • Employees (full-time, part-time, and temporary)

  • Volunteers

  • Consultants

  • Members of your governing body

  • Your own downstream entities and subcontractors

Required screening lists

You must check all of the following lists. Checking one is not sufficient:

Documentation requirements

Your organization must maintain evidence that screenings were completed. This includes:

  • Screenshots or output from each list at the time of screening

  • Input lists showing which individuals or entities were screened

  • Date-stamped logs tracking screening dates for all employees and downstream entities

If Spark, Insurance Carrier, or CMS requests documentation of your screening activity, you must be able to provide it.

If Someone is on an Exclusion List

If any employee or downstream entity appears on an exclusion list, you must immediately remove them from any direct or indirect work on Medicare plans and notify Spark Compliance at [email protected].

Compliance training

Agencies are responsible for ensuring that all employees and downstream entities complete General Compliance and FWA training on an annual basis. You may use your own training program or leverage CMS-published resources.


If your organization does not have training in place, the following free CMS resources are a good starting point:

Spark compliance policies

The following Spark compliance policies are available as reference as you develop or update your own compliance program. Your agency should have equivalent policies in place.

CMS regulatory resources

All FDR requirements are grounded in CMS guidance. The following manuals are the primary source of truth:

Questions or concerns?

If you have questions about your FDR compliance obligations, need to report a potential compliance issue, or want to confirm whether a specific activity is permitted, contact the Spark Compliance team.


Spark Compliance team: [email protected]

Regulatory references

  • CMS Medicare Managed Care Manual, Chapter 21 § 50.6.8

  • CMS Medicare Prescription Drug Benefit Manual, Chapter 9

  • 42 CFR § 422.503(b)(4)(vi)(F)

  • 42 CFR § 422.752(a)(8)

  • 42 CFR § 423.504(b)(4)(vi)(F)

  • 42 CFR § 423.752(a)(6)

  • 42 CFR § 455.405

  • 42 CFR § 1001.1901

  • Social Security Act § 1862(e)(1)(B)

  • Social Security Act § 1902(kk)

Did this answer your question?