2012 Recent FCPA Enforcement Efforts in the Pharmaceutical/Medical Device Industry and the Importance
I meant what I said and I said what I meant.DR. SEUSS, Horton Hears a Who!
Our focus and resolve in the FCPA area will not abate, and we will be intensely focused on rooting out foreign bribery in your industry.LANNY A. BREUER, Assistant Attorney General, Dept. of Justice, Address to the Tenth Annual Pharmaceutical Regulatory and Compliance Congress, November 2009
Two and half years ago, the U.S. Department of Justice (DOJ) warned the healthcare industry that federal law enforcement would be increasing efforts to monitor pharmaceutical and medical device entities for compliance with the Foreign Corrupt Practices Act (FCPA). Several high-risk factors make the industry an attractive target for FCPA investigations, including the significant amount of sales generated outside the United States where healthcare systems are routinely operated by the government.1 Additionally, the industry has seen an increasing number of clinical trials and product development activity conducted overseas where interactions with government-employed physicians and healthcare providers are routine and, arguably, significantly less regulated.
The DOJ is as good as its word. The industry has been hit hard by the FCPA in the last two years. In the last twelve months alone, the DOJ announced two significant settlements with major medical device companies reaching combined payments over $90 million. There are at least 78 known ongoing corporate investigations, including at least eighteen healthcare industry players.2 Many perceive the active enforcement of the FCPA as a natural expansion of the Anti-Kickback laws to the international arena. In fact, the DOJ has noted that “the types of corrupt payments that violate the FCPA because they are given to obtain or retain business in other countries are not any different than the items of value that would violate the Anti-Kickback Statute if given within the United States — cash, gifts, charitable donations, travel, meals, entertainment, grants, speaking fees, honoraria, and consultant arrangements, to name a few.”3 As explained more fully below, failure by any pharmaceutical or medical device entity that has any relation to the United States to heed the express and explicit warnings provided by the DOJ regarding FCPA enforcement would be reckless and the consequences likely to be dire.
FCPA BASICS: PRIVATELY HELD ENTITIES BEWARE
Enforcement of the FCPA against publicly held corporations attracts significant attention which may lull smaller, privately held entities into a false sense of safety. Yet, both public and private entities are subject to the reach of the FCPA. There are two principal parts to the FCPA: the Anti-bribery Provisions4 and the Books and Records Provisions.5 The Anti-bribery Provisions prohibit payments of any “thing of value” to an individual knowing that it will be paid to a foreign official in order to corruptly influence the official or secure an improper advantage in an attempt to obtain or retain business. The Books and Records Provision requires that “issuers” “make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer.”6 While the Books and Records Provisions apply only to companies that are SEC-registered or reporting “issuers,” the Anti-bribery Provisions have a more extensive reach. The Anti-bribery Provisions apply to “domestic concerns” (United States companies, citizens, or residents); any officer, director, employee, or agent of a domestic concern; issuers who have a class of securities registered with the SEC; and, any person who does not fit within the categories listed but violated the FCPA within the territory of the United States. Clearly, the last, catch-all provision is expansive and could apply not only to a publicly held U.S. company, but also to any privately held company that finances a foreign activity with any component occurring in the U.S. Similarly, if a foreign affiliate is acting as an “agent” of a U.S. (domestic) concern in facilitating illegal conduct, then it too will be covered.
The DOJ has consistently taken the position that minimum jurisdictional contacts include de minimus activities such as emails, telephone calls, and transfers through correspondent bank accounts that occur in the U.S. Due to the expansive interpretation given the jurisdictional provisions by the DOJ, any company with a nexus to the United States is potentially subject to FCPA enforcement, even if the company and the illegal activity are located outside of the U.S.
As applied within the healthcare industry, the DOJ has emphasized that the “depth of government involvement in foreign health systems, combined with fierce industry competition and the closed nature of many public formularies, creates a significant risk that corrupt payments will infect the process.”7 For instance, the FCPA criminalizes making payments to “foreign officials” for the purpose of obtaining or retaining business or securing any improper business advantage. In his remarks to the pharmaceutical industry, Assistant Attorney General Breuer commented on the potential complexities involved in interpreting the term, which could encompass health ministry and customs officials, doctors, pharmacists, lab technicians, and health professionals at state-owned facilities. As he further explained, “nearly every aspect of the approval, manufacture, import, export, pricing, sale, and marketing of a drug product in a foreign country will involve a ‘foreign official’ within the meaning of the FCPA.”8
Because of this expansive approach, industry personnel face a substantially higher likelihood than professionals in other industries that they may interact with “foreign officials” as defined by the FCPA. Accordingly, pharmaceutical and medical device companies must be aware that the seemingly routine engagement of healthcare providers, reimbursements for program participation, travel, gifts, entertainment, charitable contributions, sponsorships, political contributions, clinical trials arrangements, and regulatory approvals abroad all pose significant FCPA risks.
RECENT FCPA MEDICAL DEVICE-RELATED DPAS
I warn you dear child, if Ilose my temper, you lose your head. Understand?THE QUEEN OF HEARTS, Alice in Wonderland
In late 2009, the DOJ began assembling teams to support its FCPA focus on the healthcare industry by combining the expertise of the healthcare fraud unit with the international bribery expertise of the FCPA unit.9 Consequently, FCPA enforcement has gained significant momentum and now trails only terrorism as a DOJ enforcement priority.10 The industry has felt the impact.
Currently known investigations in the pharmaceutical and medical device industry are extensive: AstraZeneca, Baxter International Inc., Biomet, Bio-Rad Laboratories, Bristol-Meyers Squibb, Covidien, Eli Lilly, GlaxoSmithKline, Grifols SA (Talecris Biotherapeutics Holdings Corp.), Ingersoll-Rand, Medtronic Inc., Merck & Co. Inc., Orthofix International NV, Pfizer Inc., Sciclone Pharmaceuticals Inc., Smith & Nephew, Stryker Corporation, Zimmer Holdings Inc. Because this list is based on SEC filings, it likely represents only a fraction of ongoing FCPA enforcement actions. A review of two of the most recent settlements provides valuable insight into the breadth of the investigations and generous elasticity with which the government applies the FCPA provisions.
United States v. Johnson & Johnson (DePuy Inc.): In April 2011, the DOJ announced that it had entered into a three-year Deferred Prosecution Agreement (DPA) with Johnson & Johnson, a U.S.-based healthcare company that manufactures and sells pharmaceuticals, medical devices, and consumer healthcare products, to resolve allegations that Johnson & Johnson and its subsidiaries had committed violations of the FCPA. According to the government’s allegations, foreign subsidiaries of Johnson & Johnson paid kickbacks to healthcare providers employed at government-owned hospitals in Greece to use its surgical implants, Poland to award contracts to the company, and Romania to prescribe pharmaceuticals. The DOJ also alleged foreign subsidiaries of Johnson & Johnson paid kickbacks to officials of the former government of Iraq in order to receive contracts to provide humanitarian supplies under the United Nations Oil for Food Program. To resolve these charges, Johnson & Johnson agreed to pay more than $48.6 million in disgorgement and prejudgment interest, as well as a $21.4 million criminal fine.
As mitigating factors supporting the DPA settlement, the DOJ noted that Johnson & Johnson had accepted responsibility for the offending conduct of its subsidiaries. The DOJ recognized Johnson & Johnson’s prompt voluntary disclosure and extensive self-investigation of the underlying conduct, the cooperation provided by the company to the government investigators, and the extensive remedial efforts and compliance improvements undertaken by Johnson & Johnson. The DOJ also reported that Johnson & Johnson received a reduction in its criminal fine as a result of its cooperation in the ongoing investigation of other companies.
Significantly, in consideration of Johnson & Johnson’s pre-existing compliance programs, remediation efforts, and enhanced compliance commitments included in the DPA, the DOJ did not require the retention of a corporate compliance monitor. Yet, the DPA does require that in addition to adhering to the corporate compliance program commitments common to most DPAs, Johnson & Johnson must comply with some notable “enhanced compliance obligations” for the duration of the DPA. Among the more interesting “enhanced” obligations is the requirement that Johnson & Johnson establish an extensive compliance team network including separate heads of compliance within each business sector and corporate function. The global compliance leadership must include regional compliance leaders and business segment compliance leaders. Every jurisdiction in which the company operates must institute individualized gifts, hospitality, and travel policies and procedures that contain restrictions regarding interactions with government officials — which must explicitly include public healthcare providers.
On a periodic basis, Johnson & Johnson is obligated to conduct FCPA audits and risk assessments of markets where Johnson & Johnson has government customers. Among other elements, these audits must include on-site visits to high-risk locations, review of a statistically representative sample of contracts with and payments to individual healthcare providers, and a creation of action plans resulting from issues identified during audits. Comprehensive due diligence reviews of sales intermediaries must be conducted regularly. Moreover, Johnson & Johnson is directed to include in contracts (where permitted by law) standard provisions designed to prevent violations of the FCPA. Such provisions must include anticorruption representations, rights to conduct audits of the books and records, and rights to terminate as a result of any breach of anticorruption laws.11
Smith & Nephew, Inc.: On February 6, 2012, the DOJ disclosed that it had entered into a three-year DPA with Smith & Nephew Inc., a U.S. subsidiary of Smith & Nephew plc, a United Kingdom-based medical device manufacturer, to resolve allegations that certain affiliates had committed violations of the FCPA. According to the allegations, Smith & Nephew, through certain executives, employees, and affiliates, agreed to sell products at full list price to a Greek distributor and then pay the amount of the distributor discount to an off-shore shell company controlled by the distributor. These off-the-books funds were then used by the distributor to pay cash incentives and other things of value to government-employed Greek healthcare providers to induce the purchase of products. In total, from 1998 to 2008, Smith & Nephew, its affiliates, and employees authorized the payment of approximately $9.4 million to the distributor’s shell companies; some or all of this payment was passed on to physicians employed by government-owned institutions overseas to corruptly induce them to purchase Smith & Nephew medical devices.
Smith & Nephew agreed to pay a $16.8 million criminal penalty to settle the criminal charges. Additionally, Smith & Nephew was required to retain a corporate compliance monitor for 18 months. In discussing the settlement with Smith & Nephew, the DOJ noted Smith & Nephew’s cooperation with the DOJ’s investigation, thorough self-investigation of the underlying conduct, and the remedial efforts and compliance improvements undertaken by Smith & Nephew.
The parent company, Smith & Nephew plc, also entered into a settlement with the SEC to resolve a civil complaint alleging violations of the FCPA. The SEC alleged that Smith & Nephew plc and its subsidiaries made illicit payments to foreign government officials in order to obtain or retain business, failed to have an adequate internal control system in place to detect and prevent the illicit payments, and improperly recorded each of those payments in its accounting books and records. Smith & Nephew plc agreed to settle the SEC’s charges by paying more than $5.4 million in disgorgement and prejudgment interest.
Following announcement of the settlement, the SEC cryptically stated that its investigation of the medical device industry is continuing.12
COMPLIANCE PROGRAMS: PREVENTION & REDEMPTION
Be PreparedMotto, Boy Scouts of America
With the looming specter of continuing government FCPA investigations into the medical device industry, prevention and early detection of potential issues should be a priority for all healthcare entities with ties to the United States. While implementation and enforcement of corporate compliance programs focused on the anti-kickback statute and Stark laws are now the norm, active compliance efforts concentrated on the FCPA are notably less prevalent — particularly in privately held corporations that may not be subject to the Books and Records Provisions of the FCPA. Not only does this failure expose the company to liability from rogue actors whose activities go undetected, but it also represents a missed opportunity to gain leniency should the company become an FCPA target. As stated by DOJ, “[t]here are many steps that you can be taking that would put your organization in a better position for the day we do come knocking, or that could prevent us from coming at all.”13 In order to be an effective preventative tool, however, a compliance program must be active and comprehensive.
If there is concern that existing compliance efforts are insufficient, a risk assessment or gap analysis led by experienced counsel is highly recommended. Any assessment should identify high-risk countries and personnel conducting high-risk activities. Similar reviews and updates should be conducted on an annual basis — a practice reflected in the recent Johnson & Johnson DPA enhanced compliance obligations. Identified deficiencies should be promptly addressed through a detailed remedial plan.
From a practical standpoint, there are certain key elements that are routinely overlooked when FCPA compliance programs are designed and implemented. At a fundamental level, any compliance initiative must be supported by the tone at the top level of the company. Similarly, no program will be broadly followed if it is not easily understood. The policies and procedures must be written in plain English: short, crisp, concise, avoiding legalese. Canned policies found on basic internet searches should be avoided in favor of tailored policies that reflect the culture of the corporation, as well as the particular realities and concerns of the business. Moreover, the procedures must provide specific directions regarding where to obtain guidance on complex issues. Once written policies are in place, proper training must be provided across all levels of the business.
Substantively, there are a number of essential elements that must be present for any FCPA compliance program to achieve its goals. Regular monitoring and auditing are critical to prevent complacency and enforcement gaps. Robust due diligence processes must be applied to distributors, agents, joint venture partners, and vendor contracts. Along those lines, and as required in the recent Johnson & Johnson DPA, contracts should incorporate audit rights, representations regarding FCPA compliance, and clear grounds for termination related to FCPA violations. Payments should be subject to an approval process involving knowledgeable personnel trained to detect at-risk payments, coupled with clear reporting procedures for suspected violations. Finally, detection will be meaningless unless there is a prompt and proper response to detected offenses.
While no compliance program can prevent all
illegal conduct, the failure to proactively deploy an effective program can
have dire consequences. Early detection is key to avoiding larger scale
offenses. Similarly, the existence of robust programs will likely mitigate any
enforcement actions that do occur.
 See, generally, Lanny A. Breuer, Assistant Attorney General, Criminal Division, “Prepared Address to the 22nd National Forum on the Foreign Corrupt Practices Act,” (Nov. 17, 2009). Available at <http://www.justice.gov>.
 See FCPA Blog at <http://www.fcpablog.com/blog/2012/1/4/the-corporate-investigations-list-january-2012.html>, identifying investigations based on SEC filing disclosures. The number of FCPA investigations focused on non-public entities is unknown.
 As quoted in Sampson & Wesoloski, “Increased Targeting of the Pharmaceutical and Medical Device Industries Under the Foreign Corrupt Practices Act,” 6 MELR 140, 02/22/2012.
 15 U.S.C. §§ 78dd-1, et seq.
 15 U.S.C. § 78m.
 15 U.S.C. § 78m(b)(2)(A).
 Lanny A. Breuer, Assistant Attorney General, Criminal Division. “Prepared Address to the 22nd National Forum on the Foreign Corrupt Practices Act.” (Nov. 17, 2009). PDF available at <http://www.justice.gov/criminal/pr/speeches-testimony/documents/11-17-09aagbreuer-remarks-fcpa.pdf>. Last accessed Apr. 27, 2012.
 Michael Li-Ming Wong and Emily Proskine, “The Foreign Corrupt Practices Act and Pharma: Is DOJ Following Through on Its Tough Talk Towards the Industry?” Bloomberg Law Reports: Risk & Compliance (2010), citing Charles McKenna, Chief, Criminal Division, U.S. Attorney’s Office for the District of New Jersey, as a panelist in the American Bar Association’s Program, “Current Issues in Medical Device and Pharmaceutical Litigation,” held at the Schering-Plough Corporation in Kenilworth, New Jersey.
 For a complete discussion of the allegations and settlement terms, see Robert Tarun, The Foreign Corrupt Practices Handbook, p. 401 (2nd Ed., 2012).
 See “SEC Charges Smith & Nephew PLC with Foreign Bribery,” (Feb. 6, 2012). Available at <http://www.sec.gov/news/press/2012/2012-25.htm>. Last accessed Apr. 27, 2012.
 Lanny A. Breuer, Assistant Attorney General, Speech to the 24th National Conference on the Foreign Corrupt Practices Act, (Nov. 16, 2010). Available at <http://www.justice.gov/criminal/pr/speeches/2010/crm-speech-101116.html>. Last accessed Apr. 27, 2012.
- See, generally, Lanny A. Breuer, Assistant Attorney General, Criminal Division, “Prepared Address to the 22nd National Forum on the Foreign Corrupt Practices Act,” (Nov. 17, 2009). Available at <http://www.justice.gov>. Jump back to footnote 1 in the text
- See FCPA Blog at <http://www.fcpablog.com/blog/2012/1/4/the-corporate-investigations-list-january-2012.html>, identifying investigations based on SEC filing disclosures. The number of FCPA investigations focused on non-public entities is unknown. Jump back to footnote 2 in the text
- As quoted in Sampson & Wesoloski, “Increased Targeting of the Pharmaceutical and Medical Device Industries Under the Foreign Corrupt Practices Act,” 6 MELR 140, 02/22/2012. Jump back to footnote 3 in the text
- 15 U.S.C. §§ 78dd-1, et seq. Jump back to footnote 4 in the text
- 15 U.S.C. § 78m. Jump back to footnote 5 in the text
- 15 U.S.C. § 78m(b)(2)(A). Jump back to footnote 6 in the text
- Lanny A. Breuer, Assistant Attorney General, Criminal Division. “Prepared Address to the 22nd National Forum on the Foreign Corrupt Practices Act.” (Nov. 17, 2009). PDF available at <http://www.justice.gov/criminal/pr/speeches-testimony/documents/11-17-09aagbreuer-remarks-fcpa.pdf>. Last accessed Apr. 27, 2012. Jump back to footnote 7 in the text
- Id. Jump back to footnote 8 in the text
- Id. Jump back to footnote 9 in the text
- Michael Li-Ming Wong and Emily Proskine, “The Foreign Corrupt Practices Act and Pharma: Is DOJ Following Through on Its Tough Talk Towards the Industry?” Bloomberg Law Reports: Risk & Compliance (2010), citing Charles McKenna, Chief, Criminal Division, U.S. Attorney’s Office for the District of New Jersey, as a panelist in the American Bar Association’s Program, “Current Issues in Medical Device and Pharmaceutical Litigation,” held at the Schering-Plough Corporation in Kenilworth, New Jersey. Jump back to footnote 10 in the text
- For a complete discussion of the allegations and settlement terms, see Robert Tarun, The Foreign Corrupt Practices Handbook, p. 401 (2nd Ed., 2012). Jump back to footnote 11 in the text
- See “SEC Charges Smith & Nephew PLC with Foreign Bribery,” (Feb. 6, 2012). Available at <http://www.sec.gov/news/press/2012/2012-25.htm>. Last accessed Apr. 27, 2012. Jump back to footnote 12 in the text
- Lanny A. Breuer, Assistant Attorney General, Speech to the 24th National Conference on the Foreign Corrupt Practices Act, (Nov. 16, 2010). Available at <http://www.justice.gov/criminal/pr/speeches/2010/crm-speech-101116.html>. Last accessed Apr. 27, 2012. Jump back to footnote 13 in the text