Last week I began an exploration of the Pfizer Deferred Prosecution Agreement (DPA) which was announced last week by the Department of Justice (DOJ) in connection with its settlement of Foreign Corrupt Practices Act (FCPA) violations. In Part I, I reviewed the Corporate Compliance Obligations, Attachment C.1. Today we review the Enhanced Compliance Obligations, Attachment C.2 and Corporate Reporting Obligation, Attachment C.3, which Pfizer agreed to implement and operate under. In Part III, I will discuss some of the implications raised by the Pfizer DPA for the compliance practitioner.
I. Attachment C.2 – Pfizer’s Enhanced Compliance Obligations
In addition to the minimum best practices,as set out in Attachment C.1 – Corporate Compliance Obligations, Pfizer agreed to the following additional compliance obligations:
A. In General. Pfizer will maintain the appointment of a senior corporate executive with significant experience with compliance with the FCPA, including its anti-bribery, books and records, and internal controls provisions, as well as other applicable anticorruption laws and regulations (hereinafter “anti-corruption laws and regulations”) to serve as Chief Compliance and Risk Officer, who will have reporting obligations directly to the Chief Executive Officer. The company will maintain the appointment of heads of compliance with responsibility for each of its business units (“BU Compliance Leads”) who have reporting obligations through the Chief Compliance and Risk Officer or General Counsel. There will be an Executive Compliance Committee to oversee Pfizer’s compliance program.
The company will maintain gifts, hospitality, and travel policies and procedures in each jurisdiction that are appropriately designed to prevent violations of the anti-corruption laws and regulations. Further and at a minimum, these policies and procedures shall contain the following restrictions regarding foreign government officials, including but not limited to public health care providers, administrators, and regulators: (i) Gifts must be modest in value, appropriate under the circumstances, and given in accordance with anti-corruption laws and regulations, including those of the government official’s home country; (ii) Hospitality shall be limited to reasonably priced meals, accommodations,
and incidental expenses that are part of product education and gaining programs, professional training, and conferences or business meetings; (iii) Travel shall be limited to product education and training programs, professional training and education, and conferences or business meetings; and (iv) Gifts, hospitality, and travel shall not include expenses for anyone other than the relevant officials, unless different standards are required by local law or regulation.
B. Complaints, Reports and Compliance Issues. The company will maintain “significant” resources for the compliance function. It shall have (a)An international investigations group charged with responding to and investigating anti-corruption compliance issues reported on a global basis acid ensuring that appropriate remedial measures are undertaken after the completion of an investigation; (b) An anti-corruption program office providing centralized assistance and guidance regarding the implementation, updating and revising of the FCPA Procedure, the establishment of systems to enhance compliance with the FCPA Procedure, and the administration of corporate-level training and annual anti-corruption certifications; and (c) A mergers and acquisitions compliance function designed to support early identification of compliance risks associated with complex business transactions and to ensure the integration of Pfizer’s compliance procedures into newly acquired entities.
Lastly the company must maintain its mechanisms for making and handling reports and complaints related to potential violations of anti-corruption laws and regulations, including, when appropriate, referral for review and response by internal audit, finance, legal, compliance and other personnel as appropriate, and will ensure that reasonable access is provided to an anonymous, toll-free hotline as well as to an anonymous electronic complaint form, where anonymous reporting is legally permissible.
C. Risk Assessments and Proactive Reviews. Pfizer will continue to conduct a risk-based program of annual proactive anti-corruption reviews of high-risk markets. These FCPA proactive reviews are designed to identify anti-corruption con7pliance issues, examine compliance procedures and controls as implemented in the field and identify best practices to be implemented in additional markets. In doing so, Pfizer will identify markets which are at high risk for corruption because of the business and location. Five of these will be identified and reviewed annually. Each review shall contain the minimum: (a) On-site visits by an FCPA review team comprised of qualified personnel from the Compliance and, when appropriate, Legal Divisions who have received FCPA and anti-corruption training; (b) Where appropriate, participation in the on-site visits by qualified auditors; (c) Review of a representative sample, appropriately adjusted for the risks of the market, of contracts with and payments to individual foreign government officials or health care providers, as well as other high-risk transactions in the market; (d) Creation of action plans resulting from issues identified during FCPA proactive reviews; these action plans will be shared with appropriate senior management, including when appropriate the Chief Compliance and Risk Officer, and will contain mandatory remedial steps designed to enhance anti-corruption compliance, repair process weaknesses, and deter violations; and € Where appropriate, feasible, and permissible under local law, review of the books and records of a sample of distributors which, in the view of the FCPA proactive review team, may present corruption risk.
D. Acquisitions. The Company will continue to ensure that, when practicable and appropriate on the basis of a FCPA risk assessment, new business entities are only acquired after thorough risk-based FCPA and anti-corruption due diligence was conducted by a suitable combination of legal, accounting, and compliance personnel. When such anti-corruption due diligence is appropriate but not practicable prior to acquisition of a new business for reasons beyond Pfizer’s control, or due to any applicable law, rule, or regulation, Pfizer will continue to conduct anti-corruption due diligence subsequent to the acquisition and report to the Department any corrupt payments or falsified books and records as required by company’s reporting obligations found in Attachment C.3 Pfizer will ensure that Pfizer’s policies, standards and procedures regarding anticorruption laws and regulations apply as quickly as is practicable, but in any event no more than one year post-closing, to newly-acquired businesses, and will promptly: (a) Train directors, officers, and senior managers, and those employees working in positions involving activities covered by Pfizer’s policies regarding anti-corruption and compliance with the FCPA, and, where necessary and appropriate, agents and business partners; and (b) Include all newly-acquired businesses in Pfizer’s regular anti-corruption auditing schedule.
E. Relationships with Third Parties. Based upon its internal risk assessment, the company will conduct risk-based due diligence of sales intermediaries, including agents, consultants, representatives, distributors, and joint venture partners. Such due diligence will be conducted prior to the retention of any new agent, consultant, representative, distributor, or joint venture partner and for all such sales intermediaries will be updated no less than once every three years. At a minimum, such due diligence shall include: (a) a review of the qualifications and business reputation of the sales intermediaries; (b) a rationale for the use of the sales intermediary; and (c) a review of relevant FCPA risk areas.
Where due diligence of a sales intermediary raises a serious red flag, the relevant information shall be reviewed by personnel from the compliance or legal divisions who have received FCPA and anti-corruption training. Where appropriate and where permitted by applicable law, the company will include appropriate compliance terms and conditions in each contract with such third parties.
F. Training. The company will provide biennial training on anti-corruption laws and regulations to directors, officers, executives, and employees working in positions involving activities covered by Pfizer’s policies regarding anti-corruption and compliance with the FCPA. The company will provide enhanced FCPA training for all internal audit, financial, compliance and legal personnel involved in FCPA proactive reviews or anti-corruption due diligence related to the potential acquisition of new businesses, if not already qualified and experienced. When it is appropriate on the basis of a FCPA risk assessment, the company will provide FCPA and anti-corruption training to relevant agents and business partners, at least once every three years.
The company shall maintain a system of annual certifications from senior managers in each of Pfizer’s Business Units, Divisions, and operational functions (at the market or regional level, or the reasonable equivalent) as appropriate, confirming that their standard operating procedures adequately implement Pfizer’s anti-corruption policies, procedures and controls, including training requirements, that they have reviewed and followed up on any issues identified in FCPA trend analyses, and that they are not aware of any FCFA or other corruption issues that have not already been reported to the Compliance Division or the Legal Division.
II. Attachment C.3 – Corporate Compliance Reporting
Here Pfizer agreed to conduct an initial report and two follow up reports during the pendency of the DPA. These reports would be set forth in a complete description of its FCPA and anti-corruption related remediation efforts to date, its proposals reasonably designed to improve the policies and procedures of Pfizer for ensuring compliance with the FCPA and other applicable anti-corruption laws, and the parameters of the subsequent reviews. The two follow up reports will incorporate any comments provided by the DOJ on the Initial Report, to further monitor and assess whether the policies and procedures of Pfizer are reasonably designed to detect and prevent violations of the FCPA and other applicable anti-corruption laws.
These enhanced obligations could well become the new minimum best practices in the FCPA compliance arena. You should take a look at these obligations and compare them with your program to see where you might be lacking or need to enhance your compliance coverage.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.
© Thomas R. Fox, 2012
FCPA Compliance and Ethics Blog 