Update 2009, Issue 5
With Permission from FDLI, www.fdli.org
Reducing FCPA Risks
for Pharmaceutical and
Medical Device Companies
Through Cost-Effective
Compliance Strategies
by Matt T. Morley and Suzan Onel
I
n recent years, the fastest growing
markets for pharmaceutical products and medical devices have been
in developing countries and the former
Soviet-bloc states. As sales in these nations
increase, so too do the odds of encountering situations in which local government
officials may welcome or even solicit improper payments in exchange for approvals needed to conduct business. Although
increased law enforcement efforts demonstrate that these situations pose significant
risks under the Foreign Corrupt Practices
Act (FCPA) and other anticorruption
laws, by taking some relatively simple
steps, companies can substantially lessen
their chances of running afoul of the law.
By identifying their risks in this regard,
and developing policies and procedures
to mitigate them, companies can reduce
both the likelihood of a violation and the
potential consequences of any violation
Mr. Morley
is a Partner in
the law firm of
K&L Gates LLP,
Washington, DC.
FDLI
that may occur in spite of the company’s
best efforts.
Pharmaceutical and medical device
companies generally have a relatively
large number of contact points with
foreign government officials compared to
many other industries. Most companies
need to seek government approvals in
order to open offices, to obtain permits
and licenses or to import goods. While
pharmaceutical and medical device companies have these same needs, they also
market products that generally require
regulatory approvals before they can be
sold, sometimes after intensive testing
that may be redundant of tests already
conducted in other countries. In many
cases, additional approvals are required
regarding product pricing and medical
insurance reimbursements.
Like most businesses, pharmaceutical
and medical device companies are likely
Ms. Onel
is a Partner in
the law firm of
K&L Gates LLP,
Washington, DC.
to already be sensitive to the legal issues
involved in payments made in exchange
for favorable outcomes on these types
of matters. What is less intuitive—and
what has resulted in FCPA violations
by a number of pharmaceutical and
medical device companies—is that
incentives for product sales to hospitals
pose these same risks where these institutions are owned or controlled by a
local or national government, including
by a government-owned or -controlled
company. Under the FCPA, the term
“government official” includes not only
regulatory, judicial and law enforcement
officials, but also officers and employees
of government-owned enterprises, even
those engaged in ordinary commercial
activities. The extent of government
ownership of commercial businesses
varies around the world, but in most
nations it is common for a significant
proportion of medical facilities to be
government operated.
Over the past five years, more than
half a dozen pharmaceutical and medical device companies have settled civil
charges with the Securities and Exchange
Commission (SEC) or criminal charges
September/October 2009
UPDATE
31
with the U.S. Department of Justice
(DOJ) in connection with alleged
improper payments abroad. The ways
in which payments were alleged to be
made differed in each case—including
briefcases filled with cash, purported
“charitable donations,” and lavish “study
trips” to Las Vegas and Miami. But the
context was essentially the same in every
case: payments were made to doctors or
purchasing officials of state-owned hospitals to induce the hospitals to purchase
the company’s products.
Notably, in many of these cases, senior
corporate executives appear to have been
unaware of the improper payments,
which were often made at the direction of
lower-level personnel, in remote foreign
operations, who may have viewed the
payments as customary or otherwise
necessary to the performance of their
responsibilities. In many instances, the
payments were made through foreign
subsidiaries, sales agents or other intermediaries. The FCPA and federal criminal law principles, however, contain very
broad provisions for vicarious liability,
holding companies responsible for the
actions of such lower-level employees,
even if those actions were unauthorized.
The FCPA also makes both companies
and individuals responsible for actions
taken by third parties on the company’s
behalf, whether or not authorized, if
someone in the company knew of the
violation or if the circumstances suggested a high likelihood that a violation
would occur.
The targeting of the pharmaceutical and device industries has been well
publicized by U.S. law enforcement
officials for several years, and is part of
a broader FCPA enforcement effort by
both the SEC and the DOJ. Indeed, both
agencies describe FCPA enforcement as
a priority, and recent statistics confirm
32
UPDATE
September/October 2009
that this is not idle talk. These agencies brought 38 actions in 2007, and 33
more in 2008. These efforts were capped
in recent months by a settlement with
Siemens, A.G., which paid over $1.6
billion in fines, penalties and disgorgement to U.S. and German authorities in
December 2008, and another settlement
with both KBR, Inc. and Halliburton
Co., which paid a combined total of $579
million in fines and penalties in February
2009. Beyond this, companies charged
with FCPA violations may also suffer
considerable reputational damage, along
with restrictions on their ability to export
goods or to participate in U.S. government programs. FCPA enforcement
appears to remain a priority under the
Obama Administration.
Moreover, it is not only the United
States taking action against international
bribery. Over the past decade, most other
developed nations have adopted statutes
similar to the FCPA or promulgated even
broader antibribery laws. These laws are
being more vigorously enforced around
the world and, in some cases, expanded.
One recent case, which included alleged
payments in connection with the sale of
medical equipment, involved not only
U.S. authorities but vigorous efforts by
German prosecutors, as well. In the
United Kingdom, reform of existing
bribery laws is underway, and lawmakers
are expected to create a new offense for
the failure to prevent bribery by a company, which would address a company’s
negligence in failing to do enough to
stop people working on its behalf from
paying or promising or offering a bribe
in connection with its business. Under
the proposed law, adequate compliance
procedures would provide a defense for
the company, except in the case of misconduct by senior management.
Although U.S. law does not require
companies to have an FCPA compli-
ance program, in practice, U.S. law
enforcement policy creates powerful
incentives for every company involved in
international commerce will have taken
meaningful steps to prevent improper
payments, and for those that have done
so, the consequences of a violation, if
one occurs, are likely to be less severe. By
contrast, the failure to have a program
will exacerbate the consequences of any
violation that comes to the attention of
the authorities.
How then should companies address
these risks? Even though no firm can
prevent every unauthorized action by
its personnel or by third parties acting
on the company’s behalf, a firm can
significantly reduce the risk of legal liability through efforts to assure compliance with the law. There are several steps,
which are relatively simple and inexpensive, that every company operating
internationally should consider.
• Identify the points of contact between
your company and foreign government officials. Each company has a unique set of
circumstances in which it deals with government officials. Understanding when
and where these interactions occur—and
precisely who is a government official—is
the starting point for assessing the company’s corruption risks.
In addition to employees of stateowned hospitals, as noted previously,
persons involved in the conduct or evaluation of clinical trials and research may
pose similar risks.
• Consider whether your existing policies and procedures are sufficient to mitigate the risks identified. Effective, written
compliance programs often include:
a prohibition of improper payments;
controls over gifts and entertainment;
due diligence procedures to evaluate
the legitimacy and reputation of third
parties that may act on the company’s
www.fdli.org
behalf (such as agents, consultants and
other intermediaries) and joint venture
partners; and due diligence requirements
in the merger and acquisition context
to ensure that potential anticorruption
problems are identified and evaluated
prior to consummating any transaction
and assuming successor liability for corrupt payment problems.
• Provide training to relevant company
personnel. A written policy alone is unlikely to be effective unless it is effectively
communicated to employees and reinforced with periodic training that assures
their understanding.
• Convey the proper tone from the top.
As with any other corporate directive, an
FCPA policy will be taken seriously if supervisory personnel show, by words and
actions, that the policy is important and
must be followed. That message should
begin with the chief executive and be
conveyed throughout the organization.
• Monitor and audit compliance with
policies and procedures. This often
includes mechanisms for reporting
certain types of payments and expenditures, such as gifts, entertainment
expenses and payments to consultants;
annual certifications of compliance
by relevant personnel; and internal
auditing of selected accounts, such as
employee reimbursements, and promotional and marketing expenses.
• Follow up on “red flags” and take
remedial steps as needed. If potential
corrupt payment issues arise, companies
must be prepared to take prompt action
and make appropriate inquiries into the
situation. If a problem is found to exist,
companies are expected to take steps
both to correct it and to prevent a similar
recurrence. Indeed, in many law enforcement actions, the severity of sanctions
appears to have been greatly increased by
a pattern of failing to respond to repeated
indications that improper payments were
being made.
With the intensified focus on FCPA
issues, and continued targeting of the
pharmaceutical and medical device
industries, there is an opportunity to stay
ahead of the curve by reassessing those
programs now in order to assure that
corruption risks are being appropriately
mitigated and that third parties inquiring about those programs do not find
them to be deficient.
le
ab ay!
l
i
a
Av e Tod
w
s
No rcha
Pu
Pricing
Subscription Pricing
(6 Issues)
Members $495
Non-Members $695
Individual Purchases
Members $195
Non-Members $295
The Food and Drug Law Institute
1155 15th Street NW, Suite 800
Washington, DC 20005
www.fdli.org
FDLI
Volume 1, Number 2
GRAS ROOTS: How to Advocate for and Defend “General Recognition”
of Safety for Food Ingredients and Drugs
Prof. James T. O’Reilly
“New” status leads to massive costs and extensive time delays. You may be familiar with breakthrough, exciting,
and novel inventions in the prescription drug and food additive fields. But this monograph is about “everything
else”—the old, familiar, non-new products that are recognized and regarded as less controversial—not
requiring as tight of regulation, and consequently less detailed in the approval process, or not requiring
approval at all. Millions of dollars in potential costs are at stake. So how does this monograph help you?
After reading this monograph, you’ll be better able to:
Decide if the product you’re dealing with is “new” or “not new” and qualifies for generally
recognized as safe (GRAS) status.
Shape the product labeling claims to avoid being dragged into costly testing and licensing.
Complete FDA paperwork for new drugs and new food additives with a better understanding
of the exceptions to GRAS status.
•
•
•
To purchase or learn more about the entire Monograph Series (6 Issues),
please visit www.fdli.org or call (800) 956-6293 | (202) 371-1420
September/October 2009
UPDATE
33