proactively managing international and foreign corrupt ... · 0 proactively managing international...
TRANSCRIPT
0
Proactively Managing International and Foreign Corrupt Practices Act Compliance Risks - The Third Annual FDA Regulatory
and Compliance Symposium
Gary F. Giampetruzzi, Pfizer IncAssistant General Counsel and Deputy
Compliance Officer
Keith M. KorenchukCovington & Burling LLP
Cambridge, Massachusetts, August 23, 2007
1
Anti-Bribery/Anti-Corruption
(ABAC)
1. Real Life Lessons 2. What are the ABAC rules?3. The Compliance Framework
2
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #1
• Senior non-U.S. government regulator sought a charitable contribution from a U.S. company’s European subsidiary- The charity – the regulator’s favorite – is legitimate- The regulator has a lot of influence over the subsidiary’s business- He makes clear that it would be in the subsidiary’s interest if the
contribution is made
• Total contribution exceeds the manager’s authorization - So the contribution was made in several smaller payments- Not described properly in the accounting records
3
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #1
Consequences:
• Anti-bribery/Anti-corruption VIOLATION: inaccurate accounting records
• Anti-bribery/Anti-corruption VIOLATION: inadequate internal controls
• FINE: $500,000
(Schering-Plough, 2004)
4
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #1
Lesson:
Companies must have standard due diligence procedures and controls governing charitable contributions
5
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #2
• Several subsidiaries of a U.S. healthcare company gave commissions and “gifts” to non-U.S. doctors– Cash, Computers, Digital cameras, Wine, Wristwatches– Leisure travel and sponsoring lavish social events
• Officers of the U.S. parent company knew about the gifts
• The gifts were not properly recorded– Recorded as capital or business expenses– On the books of a foreign subsidiary (enforcement was less strict)
6
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #2
Consequences:• Anti-bribery/Anti-corruption VIOLATION: anti-bribery
provisions
• Anti-bribery/Anti-corruption VIOLATION: accounting and internal controls provisions
• FINES & PENALTIES: $2.5 million
• EXTERNAL Anti-bribery/Anti-corruption MONITOR
(Syncor, 2002)
7
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #2
Lesson:
Companies must have clear policies and procedures governing gifts and entertainment provided to non-U.S. healthcare providers and other government officials
8
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #3
• An U.S. manufacturer had a global distribution network of independent dealers
• One dealer paid bribes to government officials to avoid penalties for late delivery
• Executives of the manufacturer knew there was a high probability of bribery were paid, and took no action
– In one case, they even authorized payments that helped subsidize the dealer’s cost for paying the bribes
– They also knew there was a high probability that similar payments were made in other markets
9
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #3
Consequences:• Anti-bribery/Anti-corruption VIOLATION: anti-bribery provision• Anti-bribery/Anti-corruption VIOLATION: inaccurate accounting
records, inadequate internal controls• DISGORGEMENT OF PROFITS: $618,000• CIVIL PENALTY: $500,000• MONITORING: External compliance monitor imposed on company
for two years• ENFORCEMENT ACTION: Sales Manager charged with Anti-
bribery/Anti-corruption violation; $65,000 fine(Invision, 2005)
10
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #3
Lesson:
Companies must have standard due diligence procedures and controls for selecting, retaining and overseeing distributors, consultants, and other key third parties
11
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #4
• A company was tendering in a developing country• Company sponsored “training” programs and travel for
several government employees who were responsible for evaluating the company’s offer
• Company paid all expenses and “per diem” payments to the government employees of $120-$200 per day– The average income in the government employees’ country was
under $800 per year– The “per diem” payments were distributed in cash from a paper
bag and were disguised using false invoices
12
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #4
Consequences:• Anti-bribery/Anti-corruption VIOLATION: anti-bribery
provisions
• Anti-bribery/Anti-corruption VIOLATION: accounting provisions
• FINE: $13 million
• DISGORGEMENT: $15.5 million (Titan, 2005)
13
How Companies Get in Anti-bribery/Anti-corruption Trouble: Real World Lesson #4
Lesson:
Companies must have clear procedures that are designed to prevent and detect potentially improper sponsorship and travel expenditures
14
Anti-Bribery/Anti-Corruption (ABAC)
What are the ABAC rules?
15
The Global Regulatory Maze
• Foreign Corrupt Practices Act • OECD • The WHO Criteria• EU Directive 2001/83/EC• Association Codes (The IFPMA Code and
EFPIA Code• Specific Country Laws/Guidelines
16
1. The FCPA: What is it?• US Foreign Corrupt Practices Act applies
WORLDWIDE • Prohibits bribery of foreign government
officials• Requires that public companies
– Maintain accurate books and records in all controlled entities
– Maintain an adequate system of accounting controls in all controlled entities
17
1. The FCPA – prohibition on bribing of foreign government officials
• An offer, payment or gift of any money or thing of value is made
• To any foreign official or other person while knowing that some or all of the payment will be passed on to a foreign official
• For the purpose of obtaining or retaining business or obtaining any improper advantage
Payment
To foreignofficial
To obtain improper advantage
18
1. The FCPA – prohibition on bribing of foreign government officials
A “Foreign Official” is anyone employed by a government agency, or by a government- owned commercial enterprise, including physicians or other healthcare providers
The “knowing”requirement will be satisfied if there is failure to make reasonable inquiry concerning the intentions or activities of an agent or other third-party payee
Foreign Official
“WhileKnowing”
19
1. The FCPA – prohibition on bribing of foreign government officials
A payment is for the purpose of obtaining or retaining business if it is made to reward a foreign official for using or endorsing the company’s products
A payment is for the purpose of obtaining an improper advantage if it is made to obtain a favorable regulatory decision
Obtain orretain
business
Improper advantage
20
1. The FCPA – books, records and appropriate control
A company and its subsidiaries must maintain accurate books and records
A company and its subsidiaries must maintain appropriate controls• Showing a bribe on the books as a payment for a
consulting arrangement is a violation• Supporting payment of bribe with an invoice for a
consulting arrangement is maintaining a false record
Accurate books and
records
Maintainappropriate
control
21
1. The FCPA – Permitted Payments
• Payments legal under local country law
• Bona fide expenses of government officials for product promotion
• "Grease" or facilitating payments to expedite routine governmental action
– Permits, licenses, Visas, work papers– Police protection, mail pickup– Phone, power or water service– Loading cargo, protecting perishables
22
2. OECD Convention
• OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions (adopted 1997, entered into force 1999)
• 37 countries ratified as of June 2007
• Monitoring Phase I: Implementation -evaluates adequacy of a country’s legislation to implement the Convention
• Monitoring Phase II: Enforcement -assesses whether a country is applying its legislation effectively
23
3. WHO Criteria for Medicinal Drug Promotion
• The World Health Organization guidance is endorsed by the World Health Assembly and may be voluntarily adopted by individual countries.
• The Guidance applies to prescription and non- prescription medicinal drugs as well as any other product promoted as a medicine. The Guidance offers ethical guidance on promotion; advertising; free samples; medical representatives; symposia; post-marketing studies; packaging and labeling; information for patients; and promoting exported drugs.
24
4. Directive 2001/83/EC of the European Parliament and of the Council, as
Amended
• The European Union has adopted its own mandatory guidelines which apply to all Member States. These guidelines are found in Directive 2001/83/EC on The Community Code Relating to Medicinal Products for Human Use. It provides in part:– “Where medicinal products are being promoted to
persons qualified to prescribe or supply them, no gifts, pecuniary advantages or benefits in kind may be supplied, offered or promised to such persons unless they are inexpensive and relevant to the practice of medicine or pharmacy.”
25
5. Industry Codes
• International Federation of Pharmaceutical Manufacturers & Associations (IFPMA) Code of Pharmaceutical Marketing Practices (2007), Article 7
• European Federation of Pharmaceutical Industries and Associations (EFPIA) Code of Practice of the Promotion of Medicines, Article 10
• Association of the British Pharmaceutical Industry (ABPI) Code of Practice (2006), Clause 18.1
• Swedish Association of the Pharmaceutical Industry (Läkemedelsindustriföreningen) (LIF), Rules Governing Drug Information
Many industry codes prohibit inducements to prescribe, supply, sell or administer a medicinal product, for example:
26
General Program Guidance From The Cases
• Focus on maintenance of controls by companies (and individuals?)• Development of clear FCPA policies and program elements
– Communication, regular training, and annual certifications– Reporting systems, and appropriate discipline when violations occur
• Development of FCPA procedures reasonably capable of preventing violations
– Should be a risk-based approach to controls / procedures– Due diligence and post-retention oversight of third-party relationships– Appropriate contractual language with third-party agreements setting forth anti-
corruption reps and warranties, compliance with anti-corruption laws, etc.– Controls to ensure that books, records and accounts are maintained accurately
• Senior management reporting on FCPA status to audit committee, etc.
• Regular audits to ensure that program has been implemented in an effective manner
27
FCPA Policies? Start With Your FCPA Risk Areas
Direct Healthcare Regulators
•Product approval and registration•Product pricing•Product reimbursement•Placement on hospital formularies
Government-employed doctors
•Gifts and hospitality•Congresses and meetings•Consultant arrangements•Education and research grants
Other public officials
•Customs and importation officials•Charitable and political contributions, etc.•Third-party agreements (ex. wholesalers, distributors and other service providers)
Foreign Officials
28
Global Policy on Interactions with Healthcare Professionals
Primacy of Patient And Healthcare Professional Relationship
Corporate Citizenship
Transparency
Core Global Policy Principles
29
Dealing With Specific Areas Of RiskEx. Support for Third Party
Medical Meetings and Conferences
The main purpose of medical congresses, conferences, symposia and similar programs supported by Pfizer must be scientific exchange
and/or medical education. . . . In no instance will Pfizer provide financial
support as an inducement for a healthcare professional to
use, prescribe or recommend a Pfizer product or otherwise influence
the outcome of a clinical trial.
30
Controls? A Global FCPA Procedure
• A comprehensive, corporate-developed global procedure– Real controls; not merely another statement of policy (ex. GPIHP)
• Implementation by local markets to enforce and implement corporate procedure
– Local market identification of public officials– Detailed written procedures govern gifts and hospitality, congresses, consultant
arrangements, research and other grants, third-party relationships, etc. with officials
– Local implementation reviewed by Legal, with annual certifications– Essentially becomes gap analysis with existing implementing SOPs
• Local systems, processes and controls subject to periodic auditing– Local trend analysis on interactions in consultation with Corporate Compliance
• Appropriate record retention and training, training and more training• Owned and operated by the business
31
Fundamental Point: Policies Are Not Procedures
PolicyProcedure
• Directional guidance
• No specification of process
• Detailed guidance• Process steps and
controls outlined
32
Example: Dealing With Third-Party Consultants
• Healthcare professionals may be hired as consultants to provide bona fide services, such as assisting in the development of medicines, participating in clinical trials, etc.
• In no instance will Pfizer retain any healthcare professional, regardless of qualification, as an inducement for such healthcare professional to use, prescribe, or recommend products.
• In some countries, many healthcare professionals are employed by government or regulatory authorities. Pfizer will ensure that all such relationships are appropriately reviewed to ensure compliance with Pfizer policies and applicable laws.
• Consider the subject market / territory• Identify relationships with gov’t officials• Determine the competence / integrity of
the third party (questionnaires, interviews, etc.)
• Reasonableness of compensation (vs. work to be performed, fair market value)
• Ensure compliance with local laws• Integrate standard FCPA language and
safeguards into the third-party agreement
• Maintain continuing oversight of third- party
• Maintain accurate books and records, including the due diligence file
GPIHP (Policy) FCPA Procedure
33
Deep Dive: International Meeting Procedure (online tool)
• Covers Pfizer-organized meetings and support for 3rd party-organized meetings• Ensures that all international meetings attended by HCPs or GOs that Pfizer invites or supports,
comply with the laws of both the Meeting Jurisdiction (country in which the meeting takes place) and Home Jurisdiction = (country of the invited HCP or GO)
34
FCPA Training (Along With More Communications)
• Prior training approach - The first 150 years– Mostly non-web based (ex. Compliance and Values Workshops)– New employee orientations, various corporate and divisional programs
• Since 2003 – Addition of web-based training– More than 100,000 colleagues trained in the U.S. and international markets– More than 80 countries worldwide, and approximately 30 languages– Pfizer Code of Conduct module, FCPA substantive and procedural modules– 92% liked the courses; 91% better understand rules; 94% intend to use
• Proactive collaborative market education and review– Business and compliance collaboration on risk assessments– Concentrated in-person compliance training in the markets
35
Pfizer Compliance Education Center (PCEC)
36
PCEC Global Training – Languages, Languages, Languages
37
Utilizing the Resource - PCEC Online FCPA Certifications
38
Auditing and Assessing An FCPA Program
• Legal Division survey• Global Colleague and
Values survey• Global compliance survey• Employee exit interviews• Corporate Compliance
website
PCEC feedback and statistics
Feedback and statistics from the Open Door and Compliance Hotline
Auditing and Monitoring functions (Healthcare, Manufacturing, R&D, etc.)
Global Compliance Liaisons(eyes and ears on the ground)
39
In The Weeds: Red Flags During FCPA Auditing
• High commissions• Payments into offshore
accounts• Inadequate, generic or
otherwise questionable descriptions
• Missing or incomplete support• Repetitive payments of same
amount• Homemade or self generated
invoices• Consecutive numbered
invoices• Duplicate invoices (payees?)
• Round dollar transactions• Substantial activity for new
vendor• Invoices paid unusually quickly• Large individual or aggregate
payments/benefits to one payee
• Repetitive entertainment/dinner/travel
• Increased payments at period end
• Employee (or unknown third parties) bonuses or loans without explanation
40
Identifying Issues: A Viable Open Door Policy
41
Referable Compliance Issues (RCIs)
• Definition– Significant violations of applicable law or company policy or procedure– “Significance” determined by severity of action or consequence and nature of law
(i.e. intentional, criminal, or repeated behavior; participation of a manager; serious financial, operational, investor relations, health, or safety consequences)
• Points of process1. Handled exclusively at the direction of Corporate Compliance and GI
2. Reported to the Corporate Compliance Officer; Audit and Compliance Committees
• Response to changed environment– Need to ensure corporate awareness of significant compliance issues (ex.
Sarbanes)– Provides ability to investigate and decide whether to disclose
42
Identifying Issues: Hotlines in Every Country and Region
43
Global Compliance Liaisons / Regional Compliance Directors
• Liaison Partnership between Corporate Compliance and leadership of local markets
– Designated Compliance Liaisons in every market around the world– Liaise between market and Corporate Compliance– Ensures that Corporate Compliance Officer (CEO, CFO, Board and Audit
Committee of Board) up-to-date on compliance issues at every Pfizer location around the world
• Report Referable Compliance Issues to Corporate Compliance Group
– Act as chief point of contact between business and Compliance Group
• Be an on-site source of compliance information for colleagues– Spreads compliance knowledge and empowers colleagues– Drives compliance into the business
• Regional Compliance Directors– Newest addition to corporate compliance structure
44
Don’t Be Afraid To Ask: A Global Compliance Survey
45
Conduct an Investigation? Is There Really Any Choice?
• It’s a small market, located far, far away – “Nobody will ever find out”• Revised U.S. Sentencing Guidelines
– Once criminal conduct has been detected, the company shall take certain “reasonable steps” to respond appropriately to such criminal conduct
• Dep’t of HHS, Office of the Inspector General Model Guidance– Upon receipt of indications of suspected noncompliance, company must
“immediately investigate” the issues to determine whether a material violation of law has occurred
• Other practical consequences from failing to conduct an internal investigation
– Bad actors remain with company– No ability to control public relations issues– Company remains in legally defensive position– Raise government concerns regarding commitment to compliance
46
Determining the Scope of an FCPA Investigation
• The typical FCPA investigation: “the more you look, the more you find”
– Most FCPA investigations go beyond the initial market at issue
• A comprehensive plan should be developed at the outset of the investigation
– Are there other concerns in the market at issue?– Are there other markets that present similar issues?– What are the riskier markets? Prior audit findings? Prior compliance issues?
• DOJ and SEC will look at scope to determine whether investigation effective
• Strength of company’s FCPA compliance program bears on scope– If FCPA controls are more robust, more limited investigation may be ok– If FCPA controls are weak (or even non existent), more broad review will be
required
47
Who Should Conduct The Investigation? In- House?
• Pros of in-house counsel– May be familiar with the employees to be interviewed– Less likely to cause disruption– Greater latitude with employees– Less expensive
• Cons of in-house counsel– May not be adequate time and resource– May be influenced by management– Possibly not viewed as independent by the government
• Conclusion– With smaller scope and less significant exposures, inside counsel might be best– Will still need to collaborate with local and U.S. counsel
48
Who Should Conduct The Investigation? Outside Counsel?
• Pros of outside counsel– Appearance of independence– Greater resources available, and quicker investigation– Likely more collective experience with investigations– Greater ability to protect legal privileges
• Cons of outside counsel– Certainly much more expensive– Depending on other cases, may not have adequate resources– Not likely to have familiarity with business operations, employees, etc.
• Conclusion– With broader scope or more significant exposures, outside counsel likely best– Will still need to collaborate with inside and local counsel
49
Securing Documents and Electronic Evidence• Once a party has been placed on notice of actual or anticipated
litigation, a duty to preserve evidence arises, and a timely document hold must be initiated
– Existence of government investigation requires hold– In the context of a voluntary disclosure, must consider the integrity of the internal
review, and extent to which an issue appears to be problematic and will be disclosed
• A document hold means (1) suspension of routine document retention and destruction; and (2) implementation of measures to preserve potentially relevant documents
• An effective litigation hold protocol should do the following: (1) describe the circumstances that trigger the hold; (2) identify key players and responsibilities; (3) set forth the coverage and terms of the holds; (4) describe the procedures to implement the holds; and (5) have a methodology for documenting the activities undertaken
• Tension between “anticipation” for document holds and work product protection
50
Collecting The Electronic Evidence
• Critical for international / FCPA investigations– Experience shows most evidence of bribery found in email and electronic
documents
• E-discovery is not paper discovery– Estimates that 93 percent of information generated today in electronic format– Estimates that 70 percent of corporate records now in electronic format
• Attributes which distinguish electronic discovery from traditional paper discovery
1. Volume and duplicability2. Persistence (ex. “delete” means “not used”)3. Metadata (ex. Authorship, creation and edit dates, etc.)4. Dispersion (ex. hard drives, laptops, network servers, floppy disks, backup tapes,
etc.) and searchability (ex. software programs mean no need to read everything)
51
Some Issues With The Collection of Electronic Data
• Where can this electronic evidence be found?– Central email servers, backup tapes for those servers, laptop hard drives, etc.– Mobile phones? Other sources?
• Evidence of “deletions” may also be very probative• Need to employ expert forensic resources (ex. Deloitte,
PriceWaterhouse, etc.)– Or bring the expertise in-house– Either way, the costs can be significant
• Data privacy issues– A minefield in the EU and possibly elsewhere– Criminal penalties may apply to violations of employee privacy rights– Work with experts, including local counsel
52
Conducting On-Site Employee Interviews
• In the FCPA context, usually preferable to conduct interviews in local market
– May even be more cost effective when planned well
• Better ability to gain sense of business and cultural environment at issue
• Employee witnesses may be more forthcoming on their home turf• Avoidance of automatic submission to jurisdiction in the United
States• Increases credibility of investigation overall, and for the DOJ and
SEC• Despite presence of U.S. counsel in the market, local counsel
should be retained– Local counsel can flag any local legal issues, investigative or substantive– Can assist with determinations of credibility, and language / translation issues
53
Some Issues With Employee Interviews
• Never (almost) conduct witness interviews alone• Creating right setting particularly important in the international
context• At the beginning of each interview
– You represent the company; not the employee (reiterate w/ business card writing)– Emphasize “two-way street” of confidentiality – Emphasize no retaliation for participation in the interview
• Employee requests for presence of attorney or representative– Specific rules differ across international markets
• Counsel for employees?• Computer Associates risks
54
Communication, Communication, Communication
• Effective internal and external communications are critical to minimizing disruptions
• Some of the necessary internal communications– The business (including human resources, finance, etc.)– Business lawyers– Compliance-related functions– Colleagues involved in the matter under investigation
• Some of the potentially necessary external communications– Outside auditors– Audit Committee– U.S. and local press and public– U.S. and local regulators, prosecutors, etc.
• What else?
55
What To Do With The Findings? Voluntary Disclosure?
• U.S. Department of Justice (Holder and Thompson Memos)– In determining whether to charge, prosecutors should consider the corporation’s:
(1) timely and voluntary disclosure of wrongdoing; and (2) willingness to cooperate (ex. identify wrongdoers; make witnesses available, and disclose results of investigation)
– With McNulty Memo, privileged materials only to be sought in “rare circumstances”
• Dep’t of HHS, Office of the Inspector General Model Guidance– Where the company believes any law has been broken, the conduct should be
“promptly” reported to state and federal authorities (and no later than 60 days later)
• SEC / 2001 Seaboard Report• When should the disclosure be made?
– Want to understand the situation (accurate and complete disclosure)– But still want to get credit for timeliness