What Your Life Science Company Needs To Know About Common FCPA Violations
Earlier this month, SEC Director of Enforcement Andrew Ceresney discussed current priorities of the Commission’s enforcement efforts, highlighting common FCPA violations and risks facing pharmaceutical and life sciences companies. As these businesses continue to expand their global footprint, the risk of FCPA violations increases. It is important that pharmaceutical and life sciences companies understand the risks associated with corruption and how to successfully navigate today’s complex and highly regulated environment.
Common Practices that Create Potential FCPA Liability in Life Sciences
- Pay-to-Prescribe: Doctors and hospitals are paid bribes in exchange for prescribing certain medication or other products, such as medical devices.
- Formulary Drugs: Companies pay bribes to get their products on formularies.
- Charitable Contributions: Companies disguise bribes as charitable contributions to obtain or retain business.
- Interaction with State-Owned Enterprises: Companies that interact with medical industry professionals and hospitals. Medical professionals are government employees under FCPA and thus medical institutions, such as hospitals, are considered state-owned enterprises.
- Use of Third-Party Sales Representatives: Third-party representatives, such as sales agents, distributors and resellers, who sell medical products in developing and high-risk countries and do not comply with the company’s anti-corruption policies.
Implement COSO 2013 Framework.
How Your Company Can Mitigate Risks
The COSO framework is recognized as the leading guidance for designing, implementing and monitoring internal controls and assessing their effectiveness. The framework includes fundamental elements, such as: control environment, risk assessment, control activities, information and communication, and monitoring. The 2013 Framework specifically includes the consideration of the potential for fraud (e.g., illegal acts) as a key principle within the risk assessment component. Risk assessments should consider schemes and scenarios common to the industry and geographic regions in which the entity operates. By establishing control evaluations under the COSO framework, organizations have the ability to ensure that all parties are aligned on the objectives and the specific risks related to the objectives.
As part of the COSO framework and a best practice in anti-corruption compliance, companies should perform a detailed risk assessment that incorporates the following guidelines:
Know Your Customer.
- Brainstorm potential risks related to FCPA
- Rank those risks
- Map existing controls to risks
- Contemplate collusion and over-ride of controls
- Identify your company’s residual exposures
- Determine how to best mitigate the residual exposures, including cost benefit analysis
- Implement any additional controls required
- Monitor the success of the plan
Companies should conduct due diligence to understand the status of their international business partners or clients and determine if they are interacting with state-owned entities, as it could impact the assessment of their FCPA risk and influence the types of controls they implement to mitigate that risk.
Know Your Third-Party Representatives.
Because the use of third-party representatives substantially increases a company’s FCPA risk, it is vital that robust controls in relation to the engagement of those representatives and their management are implemented. This should include, at minimum, pre-engagement due diligence, contractual representations by the representative that it will adhere to the company’s anti-corruption policies and procedures and not violate anti-corruption laws or regulations, and anti-corruption testing and monitoring of the representative.
Apply Other Guidance Materials.
There are many resources available to companies around anti-corruption controls. In addition to COSO 2013, A Resource Guide to the U.S. Foreign Corrupt Practices Act
released in 2012 by the DOJ and SEC, offers comprehensive details about the FCPA, its provisions and enforcement. The guidance is useful for companies of all shapes and sizes—from small businesses to multi-national corporations. Companies should also refer to the Guidance
issued by the UK Ministry of Justice on what actions would constitute “Adequate Procedures” to prevent bribery under the UK Bribery Act 2010 as it provides companies clear, practical advice on anti-bribery best practices.
The FCPA is just one of the many anti-corruption regulations life sciences companies should be aware of when conducting business outside the U.S. FCPA violations, specifically, can have far-reaching implications, including significant fines and penalties, prison terms for implicated management and staff-level employees, the imposition of a court-appointed monitor, and loss of public trust. It is important that pharmaceutical and life sciences companies understand these potential risks, conduct the necessary due diligence, and implement the proper internal controls to prevent and detect FCPA violations before they occur.