560 likes | 842 Views
Proactively Managing International and Foreign Corrupt Practices Act Compliance Risks - The Third Annual FDA Regulatory and Compliance Symposium. Gary F. Giampetruzzi, Pfizer Inc Assistant General Counsel and Deputy Compliance Officer Keith M. Korenchuk Covington & Burling LLP
E N D
Proactively Managing International and Foreign Corrupt Practices Act Compliance Risks - The Third Annual FDA Regulatory and Compliance Symposium Gary F. Giampetruzzi, Pfizer Inc Assistant General Counsel and Deputy Compliance Officer Keith M. Korenchuk Covington & Burling LLP Cambridge, Massachusetts, August 23, 2007
Anti-Bribery/Anti-Corruption (ABAC) • Real Life Lessons • What are the ABAC rules? • The Compliance Framework
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #1 • Senior non-U.S. government regulator sought a charitable contribution from a U.S. company’s European subsidiary • The charity – the regulator’s favorite – is legitimate • The regulator has a lot of influence over the subsidiary’s business • He makes clear that it would be in the subsidiary’s interest if the contribution is made • Total contribution exceeds the manager’s authorization • So the contribution was made in several smaller payments • Not described properly in the accounting records
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #1 Consequences: • Anti-bribery/Anti-corruption VIOLATION: inaccurate accounting records • Anti-bribery/Anti-corruption VIOLATION: inadequate internal controls • FINE: $500,000 (Schering-Plough, 2004)
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #1 Lesson: Companies must have standard due diligence procedures and controls governing charitable contributions
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #2 • Several subsidiaries of a U.S. healthcare company gave commissions and “gifts” to non-U.S. doctors • Cash, Computers, Digital cameras, Wine, Wristwatches • Leisure travel and sponsoring lavish social events • Officers of the U.S. parent company knew about the gifts • The gifts were not properly recorded • Recorded as capital or business expenses • On the books of a foreign subsidiary (enforcement was less strict)
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #2 Consequences: • Anti-bribery/Anti-corruption VIOLATION: anti-bribery provisions • Anti-bribery/Anti-corruption VIOLATION: accounting and internal controls provisions • FINES & PENALTIES: $2.5 million • EXTERNAL Anti-bribery/Anti-corruption MONITOR (Syncor, 2002)
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #2 Lesson: Companies must have clear policies and procedures governing gifts and entertainment provided to non-U.S. healthcare providers and other government officials
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #3 • An U.S. manufacturer had a global distribution network of independent dealers • One dealer paid bribes to government officials to avoid penalties for late delivery • Executives of the manufacturer knew there was a high probability of bribery were paid, and took no action • In one case, they even authorized payments that helped subsidize the dealer’s cost for paying the bribes • They also knew there was a high probability that similar payments were made in other markets
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #3 Consequences: • Anti-bribery/Anti-corruption VIOLATION: anti-bribery provision • Anti-bribery/Anti-corruption VIOLATION: inaccurate accounting records, inadequate internal controls • DISGORGEMENT OF PROFITS: $618,000 • CIVIL PENALTY: $500,000 • MONITORING: External compliance monitor imposed on company for two years • ENFORCEMENT ACTION: Sales Manager charged with Anti-bribery/Anti-corruption violation; $65,000 fine (Invision, 2005)
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #3 Lesson: Companies must have standard due diligence procedures and controls for selecting, retaining and overseeing distributors, consultants, and other key third parties
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #4 • A company was tendering in a developing country • Company sponsored “training” programs and travel for several government employees who were responsible for evaluating the company’s offer • Company paid all expenses and “per diem” payments to the government employees of $120-$200 per day • The average income in the government employees’ country was under $800 per year • The “per diem” payments were distributed in cash from a paper bag and were disguised using false invoices
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #4 Consequences: • Anti-bribery/Anti-corruption VIOLATION: anti-bribery provisions • Anti-bribery/Anti-corruption VIOLATION: accounting provisions • FINE: $13 million • DISGORGEMENT: $15.5 million (Titan, 2005)
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #4 Lesson: Companies must have clear procedures that are designed to prevent and detect potentially improper sponsorship and travel expenditures
Anti-Bribery/Anti-Corruption (ABAC) What are the ABAC rules?
The Global Regulatory Maze • Foreign Corrupt Practices Act • OECD • The WHO Criteria • EU Directive 2001/83/EC • Association Codes (The IFPMA Code and EFPIA Code • Specific Country Laws/Guidelines
1. The FCPA: What is it? • US Foreign Corrupt Practices Act applies WORLDWIDE • Prohibits bribery of foreign government officials • Requires that public companies • Maintain accurate books and records in all controlled entities • Maintain an adequate system of accounting controls in all controlled entities
1. The FCPA – prohibition on bribing of foreign government officials • An offer, payment or gift of any money or thing of valueis made • To any foreign official or other person while knowing that some or all of the payment will be passed on to a foreign official • For the purpose of obtaining or retaining business or obtaining any improper advantage Payment To foreign official To obtain improper advantage
1. The FCPA – prohibition on bribing of foreign government officials A “Foreign Official” is anyone employed by a government agency, or by a government-owned commercial enterprise, including physicians or other healthcare providers The “knowing”requirement will be satisfied if there is failure to make reasonable inquiry concerning the intentions or activities of an agent or other third-party payee Foreign Official “While Knowing”
1. The FCPA – prohibition on bribing of foreign government officials A payment is for the purpose of obtaining or retaining business if it is made to reward a foreign official for using or endorsing the company’s products A payment is for the purpose of obtaining an improper advantage if it is made to obtain a favorable regulatory decision Obtain or retain business Improper advantage
1. The FCPA – books, records and appropriate control A company and its subsidiariesmust maintain accurate books and records A company and its subsidiariesmust maintain appropriate controls • Showing a bribe on the books as a payment for a consulting arrangement is a violation • Supporting payment of bribe with an invoice for a consulting arrangement is maintaining a false record Accurate books and records Maintain appropriate control
1. The FCPA – Permitted Payments • Payments legal under local country law • Bona fide expenses of government officials for product promotion • "Grease" or facilitating payments to expedite routine governmental action • Permits, licenses, Visas, work papers • Police protection, mail pickup • Phone, power or water service • Loading cargo, protecting perishables
2. OECD Convention • OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions (adopted 1997, entered into force 1999) • 37 countries ratified as of June 2007 • Monitoring Phase I: Implementation -evaluates adequacy of a country’s legislation to implement the Convention • Monitoring Phase II: Enforcement -assesses whether a country is applying its legislation effectively
3. WHO Criteria for Medicinal Drug Promotion • The World Health Organization guidance is endorsed by the World Health Assembly and may be voluntarily adopted by individual countries. • The Guidance applies to prescription and non-prescription medicinal drugs as well as any other product promoted as a medicine. The Guidance offers ethical guidance on promotion; advertising; free samples; medical representatives; symposia; post-marketing studies; packaging and labeling; information for patients; and promoting exported drugs.
4. Directive 2001/83/EC of the European Parliament and of the Council, as Amended • The European Union has adopted its own mandatory guidelines which apply to all Member States. These guidelines are found in Directive 2001/83/EC on The Community Code Relating to Medicinal Products for Human Use. It provides in part: • “Where medicinal products are being promoted to persons qualified to prescribe or supply them, no gifts, pecuniary advantages or benefits in kind may be supplied, offered or promised to such persons unless they are inexpensive and relevant to the practice of medicine or pharmacy.”
5. Industry Codes Many industry codes prohibit inducements to prescribe, supply, sell or administer a medicinal product, for example: • International Federation of Pharmaceutical Manufacturers & Associations (IFPMA) Code of Pharmaceutical Marketing Practices (2007), Article 7 • European Federation of Pharmaceutical Industries and Associations (EFPIA) Code of Practice of the Promotion of Medicines, Article 10 • Association of the British Pharmaceutical Industry (ABPI) Code of Practice (2006), Clause 18.1 • Swedish Association of the Pharmaceutical Industry (Läkemedelsindustriföreningen) (LIF), Rules Governing Drug Information
General Program Guidance From The Cases • Focus on maintenance of controls by companies (and individuals?) • Development of clear FCPA policies and program elements • Communication, regular training, and annual certifications • Reporting systems, and appropriate discipline when violations occur • Development of FCPA procedures reasonably capable of preventing violations • Should be a risk-based approach to controls / procedures • Due diligence and post-retention oversight of third-party relationships • Appropriate contractual language with third-party agreements setting forth anti-corruption reps and warranties, compliance with anti-corruption laws, etc. • Controls to ensure that books, records and accounts are maintained accurately • Senior management reporting on FCPA status to audit committee, etc. • Regular audits to ensure that program has been implemented in an effective manner
FCPA Policies? Start With Your FCPA Risk Areas • Direct Healthcare Regulators • Product approval and registration • Product pricing • Product reimbursement • Placement on hospital formularies • Government-employed doctors • Gifts and hospitality • Congresses and meetings • Consultant arrangements • Education and research grants Foreign Officials • Other public officials • Customs and importation officials • Charitable and political contributions, etc. • Third-party agreements (ex. wholesalers, distributors and other service providers)
Global Policy on Interactions with Healthcare Professionals Transparency Corporate Citizenship Primacy of PatientAndHealthcare Professional Relationship Core Global Policy Principles
Dealing With Specific Areas Of Risk Ex. Support for Third Party Medical Meetings and ConferencesThe main purpose of medical congresses, conferences, symposia and similar programs supported by Pfizer must be scientific exchange and/or medical education. . . . In no instance will Pfizer provide financial support as an inducement for a healthcare professional to use, prescribe or recommend a Pfizer product or otherwise influence the outcome of a clinical trial.
Controls? A Global FCPA Procedure • A comprehensive, corporate-developed global procedure • Real controls; not merely another statement of policy (ex. GPIHP) • Implementation by local markets to enforce and implement corporate procedure • Local market identification of public officials • Detailed written procedures govern gifts and hospitality, congresses, consultant arrangements, research and other grants, third-party relationships, etc. with officials • Local implementation reviewed by Legal, with annual certifications • Essentially becomes gap analysis with existing implementing SOPs • Local systems, processes and controls subject to periodic auditing • Local trend analysis on interactions in consultation with Corporate Compliance • Appropriate record retention and training, training and more training • Owned and operated by the business
Fundamental Point: Policies Are Not Procedures • Directional guidance • No specification of process Policy Procedure • Detailed guidance • Process steps and controls outlined
Healthcare professionals may be hired as consultants to provide bona fide services, such as assisting in the development of medicines, participating in clinical trials, etc. In no instance will Pfizer retain any healthcare professional, regardless of qualification, as an inducement for such healthcare professional to use, prescribe, or recommend products. In some countries, many healthcare professionals are employed by government or regulatory authorities. Pfizer will ensure that all such relationships are appropriately reviewed to ensure compliance with Pfizer policies and applicable laws. Consider the subject market / territory Identify relationships with gov’t officials Determine the competence / integrity of the third party (questionnaires, interviews, etc.) Reasonableness of compensation (vs. work to be performed, fair market value) Ensure compliance with local laws Integrate standard FCPA language and safeguards into the third-party agreement Maintain continuing oversight of third-party Maintain accurate books and records, including the due diligence file Example: Dealing With Third-Party Consultants FCPA Procedure GPIHP (Policy) VS.
Deep Dive: International Meeting Procedure (online tool) • Covers Pfizer-organized meetings and support for 3rd party-organized meetings • Ensures that all international meetings attended by HCPs or GOs that Pfizer invites or supports, comply with the laws of both the Meeting Jurisdiction (country in which the meeting takes place) and Home Jurisdiction = (country of the invited HCP or GO)
FCPA Training (Along With More Communications) • Prior training approach - The first 150 years • Mostly non-web based (ex. Compliance and Values Workshops) • New employee orientations, various corporate and divisional programs • Since 2003 – Addition of web-based training • More than 100,000 colleagues trained in the U.S. and international markets • More than 80 countries worldwide, and approximately 30 languages • Pfizer Code of Conduct module, FCPA substantive and procedural modules • 92% liked the courses; 91% better understand rules; 94% intend to use • Proactive collaborative market education and review • Business and compliance collaboration on risk assessments • Concentrated in-person compliance training in the markets
Auditing and Assessing An FCPA Program • Legal Division survey • Global Colleague and Values survey • Global compliance survey • Employee exit interviews • Corporate Compliance website • PCEC feedback and statistics • Feedback and statistics from the Open Door and Compliance Hotline • Auditing and Monitoring functions (Healthcare, Manufacturing, R&D, etc.) • Global Compliance Liaisons(eyes and ears on the ground)
High commissions Payments into offshore accounts Inadequate, generic or otherwise questionable descriptions Missing or incomplete support Repetitive payments of same amount Homemade or self generated invoices Consecutive numbered invoices Duplicate invoices (payees?) Round dollar transactions Substantial activity for new vendor Invoices paid unusually quickly Large individual or aggregate payments/benefits to one payee Repetitive entertainment/dinner/travel Increased payments at period end Employee (or unknown third parties) bonuses or loans without explanation In The Weeds: Red Flags During FCPA Auditing
Referable Compliance Issues (RCIs) • Definition • Significant violations of applicable law or company policy or procedure • “Significance” determined by severity of action or consequence and nature of law (i.e. intentional, criminal, or repeated behavior; participation of a manager; serious financial, operational, investor relations, health, or safety consequences) • Points of process • Handled exclusively at the direction of Corporate Compliance and GI • Reported to the Corporate Compliance Officer; Audit and Compliance Committees • Response to changed environment • Need to ensure corporate awareness of significant compliance issues (ex. Sarbanes) • Provides ability to investigate and decide whether to disclose
Global Compliance Liaisons / Regional Compliance Directors • Liaison Partnership between Corporate Compliance and leadership of local markets • Designated Compliance Liaisons in every market around the world • Liaise between market and Corporate Compliance • Ensures that Corporate Compliance Officer (CEO, CFO, Board and Audit Committee of Board) up-to-date on compliance issues at every Pfizer location around the world • Report Referable Compliance Issues to Corporate Compliance Group • Act as chief point of contact between business and Compliance Group • Be an on-site source of compliance information for colleagues • Spreads compliance knowledge and empowers colleagues • Drives compliance into the business • Regional Compliance Directors • Newest addition to corporate compliance structure
Conduct an Investigation? Is There Really Any Choice? • It’s a small market, located far, far away – “Nobody will ever find out” • Revised U.S. Sentencing Guidelines • Once criminal conduct has been detected, the company shall take certain “reasonable steps” to respond appropriately to such criminal conduct • Dep’t of HHS, Office of the Inspector General Model Guidance • Upon receipt of indications of suspected noncompliance, company must “immediately investigate” the issues to determine whether a material violation of law has occurred • Other practical consequences from failing to conduct an internal investigation • Bad actors remain with company • No ability to control public relations issues • Company remains in legally defensive position • Raise government concerns regarding commitment to compliance
Determining the Scope of an FCPA Investigation • The typical FCPA investigation: “the more you look, the more you find” • Most FCPA investigations go beyond the initial market at issue • A comprehensive plan should be developed at the outset of the investigation • Are there other concerns in the market at issue? • Are there other markets that present similar issues? • What are the riskier markets? Prior audit findings? Prior compliance issues? • DOJ and SEC will look at scope to determine whether investigation effective • Strength of company’s FCPA compliance program bears on scope • If FCPA controls are more robust, more limited investigation may be ok • If FCPA controls are weak (or even non existent), more broad review will be required
Who Should Conduct The Investigation? In-House? • Pros of in-house counsel • May be familiar with the employees to be interviewed • Less likely to cause disruption • Greater latitude with employees • Less expensive • Cons of in-house counsel • May not be adequate time and resource • May be influenced by management • Possibly not viewed as independent by the government • Conclusion • With smaller scope and less significant exposures, inside counsel might be best • Will still need to collaborate with local and U.S. counsel
Who Should Conduct The Investigation? Outside Counsel? • Pros of outside counsel • Appearance of independence • Greater resources available, and quicker investigation • Likely more collective experience with investigations • Greater ability to protect legal privileges • Cons of outside counsel • Certainly much more expensive • Depending on other cases, may not have adequate resources • Not likely to have familiarity with business operations, employees, etc. • Conclusion • With broader scope or more significant exposures, outside counsel likely best • Will still need to collaborate with inside and local counsel
Securing Documents and Electronic Evidence • Once a party has been placed on notice of actual or anticipated litigation, a duty to preserve evidence arises, and a timely document hold must be initiated • Existence of government investigation requires hold • In the context of a voluntary disclosure, must consider the integrity of the internal review, and extent to which an issue appears to be problematic and will be disclosed • A document hold means (1) suspension of routine document retention and destruction; and (2) implementation of measures to preserve potentially relevant documents • An effective litigation hold protocol should do the following: (1) describe the circumstances that trigger the hold; (2) identify key players and responsibilities; (3) set forth the coverage and terms of the holds; (4) describe the procedures to implement the holds; and (5) have a methodology for documenting the activities undertaken • Tension between “anticipation” for document holds and work product protection