Is Your Compliance Program Real?

The GSK attitude towards corruption in all its forms is simple: it is one of zero tolerance, whether committed by GSK employees, officers, complementary workforce or third parties acting for or on behalf of the company.

Source: GlaxoSmithKline – Code of Conduct

At the recent Corruption and Compliance Congress, Asia 2013, Seth Berman, Executive Managing Director, Stroz Friedberg LLC, said that ‘Is Your Compliance Program Real?’ is the question that would be asked of a company’s counsel who came in to discuss a potential violation of the Foreign Corrupt Practices Act (FCPA) with the Department of Justice. This question would seem to be apt, in light of the events now transpiring in China with GlaxoSmithKline (GSK) and the ongoing allegations of bribery and corruption that the company now finds itself in the middle of in China.

For those who may not know the story, GSK finds itself in serious bribery and corruption hot water in China over allegations that it funded a bribery scheme to get doctors to prescribe its drugs. According to a story in the Financial Times (FT), entitled “China steps up GSK bribery probe”, Andrew Jack and Leslie Hook reported that “The Chinese authorities have stepped up their investigation into GlaxoSmithKline accusing it of being the ringleader of a half-a-billion-dollar bribery scandal involving 700 companies.” They reported on a briefing given by “Gao Feng, the lead Chinese investigator on a probe into the UK drugs group, said police were examining Rmb3bn ($488m) in deals from as far back as 2007. Chinese police believe that GSK used travel agencies and consultancies as a conduit to bribe doctors and lawyers in order to boost sales and profits.”

In an article in the Wall Street Journal (WSJ), entitled “China Drops Hammer on Glaxo”, Laurie Burkitt and Chris Matthews reported on a televised interview of Liang Hong, the GSK China Vice President and Operations Manager, where he “described for viewers of China Central Television how staffers would allegedly organize conferences that never happened and divert the money to bribe government officials, hospitals and medical personnel to get them to use Glaxo’s products.” He was quoted as saying, “Dealing with some government departments requires some money that couldn’t be claimed normally under company expenses.” Burkitt and Matthews said that “The broadcast follows detailed allegations by China’s Ministry of Public Security on Monday accusing Glaxo of using travel agencies as vehicles to bribe hospitals, officials and medical personnel to sell more drugs at inflated prices. Officials also alleged the travel agencies offered what the officials called sexual bribes to Glaxo executives to keep company business.”

How strong do you think the GSK commitment to anti-corruption is? They certainly seem to say the correct things when confronted with such public allegations. In the FT article, it was reported that GSK said in a company released statement that “These allegations are shameful and we regret this has occurred. We are deeply concerned and disappointed by these serious allegations of fraudulent behaviour and ethical misconduct by certain individuals at the company and third-party agencies.”

But what about their actions? In another article in the FT, by Hook and Jack entitled “GSK is test case in China’s rules laboratory”, they listed a timeline in this matter. They noted that GSK had investigated claims of bribery and corruption and publicly announced that the company had found no such evidence of “bribery or corruption in relation to our sales and marketing…in China”. Further, the company claimed it was unaware of any allegations of bribery of doctors to prescribe its drugs until there was a public announcement by China’s Public Security Ministry on July 11.

We started with Seth Berman’s question and adapting it to GSK, just how real is the company’s compliance program? While I am sure they GSK management, much like Captain Renault in Casablanca is SHOCKED, SHOCKED, to discover that anyone in the company is engaged in corruption, the question remains just how real is the company’s compliance program. One of my FCPA mantras is the following: Document, Document and, Document. The reason being is that if you do not document what you have done, it never existed. So if you have performed the steps necessary to qualify third parties as sales or supply chain partners, it really only counts if you have documented each step in the process.

If your company has Chinese operations, what should you do about now? In another WSJ article by Chris Matthews, entitled “Western Companies Sweat as Glaxo Probe Unfolds”, he warns that “The rapidly unfolding bribery probe by Chinese authorities into the U.K. drug maker has alarmed Western companies with business there that are accustomed to highly-publicized corruption crackdowns on Chinese officials, but who see the Glaxo matter as new territory, China watchers said. The push against Glaxo could signal that a new anticorruption push in China could now also include foreign companies.” I would suggest that a review of your sales operations is in order, as in immediately. Matthews quoted Joe Warin, a partner at Gibson Dunn & Crutcher LLP, who said, “In particular, companies should examine relationships with travel agencies and event-planning companies, which have long been an “Achilles heel” in China”. The first thing that you should check on is to see the spend that you have with any Chinese travel agencies. You should then match up all receipts and other documentation with all costs to see if there is anything out of line.

However, you should also look at your own employee base. Regarding a company’s own employees, Matthew quoted Jerome Cohen, co-director of New York University School of Law’s U.S.-Asia Law Institute, for the following, “This is a fairly obvious warning that companies need to conscientiously scrutinize the activities of their employees there”. Remember the Eli Lilly FCPA enforcement action brought by the Securities and Exchange Commission (SEC) late last year? The bribery scheme which got Lilly into trouble in China involved its own employees, who inflated their expense accounts and used the extra money to pay bribes to secure sales.

It is clear that companies should follow Matthews’ advice that “multinationals need to scour their operations in China to limit their vulnerability to future investigations.” Now is the time to begin your own investigations because you certainly do not want to be like GSK and find out about allegations that your employees engaged in a multi-year, multi-million dollar bribery and corruption scheme through a public pronouncement from the Chinese Public Security Ministry.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Distributors under the FCPA

If there was ever a question that distributors were covered under the Foreign Corrupt Practices Act (FCPA), in 2012, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) made it emphatically clear that this class of entities in a company’s sales chain would be treated that same as any other sales agent, reseller or any other entity which sells a US company’s products outside the United States. While the terms agent, reseller and distributor have distinct definitions in the legal world, they no longer do for FCPA purposes.

The three enforcement actions which made clear that there were no distinctions between agents and distributors in 2012 were the Smith & Nephew, Inc., (S&N) Deferred Prosecution Agreement (DPA) for criminal FCPA violations, the Oracle SEC Complaint for books and records violations and the Eli Lilly and Company (Lilly) SEC Compliant for books and records violations. Each of these enforcement actions had different FCPA violations and they each revealed separate steps which a company should take to both prevent and detect FCPA violations in their company.

Smith & Nephew

On February 1, 2012, the DOJ announced that it entered into a DPA with Smith & Nephew, Inc., a medical equipment manufacturer, for violations of the FCPA. The violations revolved around Greek distributors of S&N who paid bribes to Greek doctors so that they would purchase and use S&N products. According to the Criminal Information, “S&N, certain of its executives, employees, and affiliates agreed to sell to [the] Greek Distributor at full list price, then pay the amount of the distributor discount – between 25 and 40 percent of the sales made by [the] Greek Distributor – to an off-shore shell company controlled by [the] Greek Distributor, in order to provide off-the-books funds for [the] Greek Distributor to pay cash incentives and other things of value to publicly-employed Greek HCPs to induce the purchase of S&N products, while concealing the payments.” Additionally, S&N “falsely recorded or otherwise accounted for the payments to the shell companies on its books and records as ‘marketing services’ in order to conceal the true nature of the payments in the consolidated books and records of S&N and GmbH.”

Oracle

Oracle got into FCPA hot water because its Indian subsidiary directed its distributor to set up a separate slush fund of monies which could be, and were, used to pay monies to persons unknown. As specified in the SEC Compliant, “certain Oracle India employees created extra margins between the end user and distributor price and directed the distributors to hold the extra margin in side funds. Oracle India’s employees made these margins large enough to ensure a side fund existed to pay third parties. “At the direction of the Oracle India employees, the distributor then made payments out of the side funds to third parties, purportedly for marketing and development expenses.” The SEC Compliant noted that “about $2.2 million in funds were improperly “parked” with the Company’s distributors.” To compound this problem, employees of Oracle India concealed the existence of this side fund from Oracle in the US and hence there was an incorrect accounting in Oracle’s books and records.

Lilly

In Brazil, Lilly used the distributor model to market its drugs through third-party distributors who then resold these products to public and private entities. As noted by Matt Ellis, in his post entitled “Eli Lilly’s Distributor in Brazil: The Non-Obvious FCPA Risk”, the discounts that distributors typically receive from manufacturers such as Lilly can be problematic under the FCPA because “enforcement officials can see these discounts as potential “loose money” that can be used for bribe payments. This is especially the case when the distributor is engaging in other activities on behalf of the producer, like marketing, licensing, and customs clearance.”

This was the situation that Lilly found itself in in Brazil, where Lilly sold drugs to distributors who then resold the products to both public and private entities. It was the classic distributor model where Lilly sold the drugs to the distributors at a discount and then the distributors would resell the products “at a higher price and then took their discount as compensation.” There was a fairly standard discount given to the distributors which generally ranged “between 6.5% and 15%, with the majority of distributors in Brazil receiving a 10% discount.”

However, in early 2007, at the request of a Lilly sales manager, the company awarded an unusually high discount of between 17% and 19% to a distributor for the sale of a Lilly drug to the government of one of the states of Brazil. The distributor used approximately 6% of this additional discount to create a fund to pay Brazilian government representatives to purchase the Lilly drugs from him. Further, the Lilly sales manager who requested this unusual discount was aware of the bribery scheme. Moreover, this increase in the discount was approved by the company with no further inquiry as to the reason for the request or to substantiate the basis for such an unusually high discount. If there were any internal controls they were not followed.

Prevention and Detection

These three separate bribery schemes call for three different but overlapping responses. In the case with Lilly, the SEC Complaint noted the following “Lilly-Brazil’s pricing committee approved the discounts without further inquiry. The policies and procedures in place to flag unusual distributor discounts were deficient.” Lastly, as stated by Ellis, “It noted that the company relied on representations of the sales and marketing manager without adequate verification and analysis of the surrounding circumstances of the transactions.”

The Lilly enforcement action also makes clear the need for internal audit to follow up with ongoing monitoring and auditing. Internal audit can be used to help determine the reasonableness of a commission rate outside the accepted corporate norm. As noted by Jon Rydberg, of Orchid Advisors, in an article entitled “Eli Lilly’s Remedial Efforts for FCPA Compliance – After the Fact”, the company should be “implementing compliance monitoring and corporate auditing specifically tailored to anti-corruption” for the distributor sales model.

The Oracle enforcement action demonstrates that Oracle needed to institute the proper controls to prevent its employees at Oracle India from creating and misusing the parked funds in the distributor’s account. The Company needed to audit and compare the distributor’s margin against the end user price to ensure excess margins were not being built into the pricing structure. Oracle should have sought to either (1) seek transparency in its dealing with the distributor or (2) audit third party payments made by the distributors on Oracle’s behalf, both of which would have enabled the Company to check that payments were made to appropriate recipients.

What are some of the factors that demonstrate the distributors used by S&N were fraudulent and did not have a legitimate business purpose? It was clear that S&N did not perform sufficient due diligence on these distributors nor did they document any. I would note that the distributor was domiciled in a location separate and apart, the UK, from the sole location it was designed to deliver products or services into, Greece. This clearly demonstrated that the entities were used for a purpose that the company wished to hide from Greek authorities. While it is true that a distributor might sell products into a country different than its domicile, if the products are going into a single country, this should have raised several Red Flags.

However, the biggest indicium of corruption was the amount of the commission paid. The traditional sales model for a distributor has been to purchase a product, take the title, and therefore the risk, and then sell it to an end user. Based upon this sales model, there has been a commission structure more generous than those usually accorded a reseller or sales agent, who is usually only a negotiator between the Original Equipment Manufacturer (OEM) and the end user. This difference in taking title, and risk of loss, have led to a cost structure which has provided a deeper discount of pricing for distributors than commission rates paid to resellers or sales agents. The sales structure used by S&N had pricing discounts of between 26-40% off the list price. Further, this money was used precisely to pay bribes to Greek Doctors to use S&N products.

These three enforcement actions make clear that distributors will be treated like any other representative in the sales chain. This means that distributors need to go through the same rigorous due diligence and review, contracts and management going forward as agents or resellers.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Internal Audit Review of Charitable Donations Under the FCPA

When is a rose not a rose? When it is a charitable donation not made for philanthropic purposes and it violates the Foreign Corrupt Practices Act (FCPA). I thought about that concept when reviewing the Eli Lilly and Company (Lilly) FCPA enforcement action brought by the Securities and Exchange Commission (SEC) late last month. The Lilly enforcement action discussed a bribery scheme utilized by Lilly in Poland. The scheme and FCPA violations mirrored an earlier FCPA enforcement action, also brought by the SEC as a civil matter, rather than by the Department of Justice (DOJ) as a criminal matter, against another US entity Schering-Plough, for making charitable donations in Poland which violated the FCPA. One of the remarkable things about both of these enforcement actions, brought almost eight years apart, was that they involved improper payments to the same Polish charitable foundation to wrongfully influence the same Polish government official to purchase products from both of these companies.

I.                   The Bribery Schemes

Both companies were involved in negotiations for the sale of products with the Director of the Silesian Health Fund (Health Fund). He had also established a charitable foundation, the Chudow Foundation to engage in restoration of ancient castles in Poland. Both companies made donations to the Chudow Foundation at or near the time decisions were made regarding the purchase of their respective products by the Health Fund. The FCPA books and records violations for the donations stated that they were all mischaracterized on the respective company’s books. The donations were made by each company with the description for the donations as follows:

LILLY BOX SCORE OF DONATIONS MADE TO CHUDOW FOUNDATION

	Date	Amount of Donation	Listed Reason for Donation
1	6/21/2000	$2,730	Purchase of computers
2	11/13/2000	$1,855	To support the foundation in its goal to develop activities in [Chudow Castle]. It was also noted that the ‘value of the request’ was indirect support of educational efforts of foundation settled by Silesian [Health Fund]
3	5/22/2001	$8,019	Rental of castle for conferences
4	11/05/2001	$2,438	Rental of castle for conferences
5	3/27/2002	$7,779	Rental of castle for conferences
6	6/14/2002	$7,434	Rental of castle for conferences
7	11/20/2002	$5,112	Rental of castle for conferences
8	1/29/2003	$2,622	Rental of castle for conferences
	Total	$37,989

Although all of these donations were approved by a team within Lilly, the “Medical Grant Committee [MGC]”, who reviewed the request for such donations, the MGC’s approval was “largely based on the justification and description in the submitted paperwork.” While Requests 1 & 2 may have had tangential value to the stated purpose of the Chudow Foundation to restore castles in Poland, even Request 3 was clearly a quid pro quo as an action to obtain business. Just as clearly, ‘rental of castle’ is not a charitable donation but an expenditure, even with that understanding, the SEC Complaint noted that Lilly held no conferences at any castles so it was an outright misrepresentation.

SCHERING-PLOUGH BOX SCORE OF DONATIONS MADE TO CHUDOW FOUNDATION

	Date	Amount of Donation	Listed Reason for Donation
1	2/23/1999	$777	Covering fight against viral hepatitis
2	3/17/2000	$4,909	Support of health campaign within county of Gliwice
3	7/19/2000	$8,065	Financing second stage of health prevention campaign in Gliwice
4	11/8/2000	$8,766	Financing for the Foundation
5	12/20/2000	$9,292	Financing second stage of research
6	3/19/2001	$4,340	Financing lung cancer prevention program
7	3/22/2001	$4,854	Financing screening examinations to detect skin cancer
8	4/25/2001	$4,958	Support of lung cancer prevention program
9	6/4/2001	$5,019	Support of lung cancer prevention program
10	10/29/2001	$4,878	Support of a coronary disease prevention program and promote the image of the company in the medical community
11	12/18/2001	$10,067	Support of an anti-chain smoking health program and promote the company as one that cares about the people of Silesia
12	12/19/2001	$5,067	Financing of Foundation
13	3/25/2002	$4,868	Support actions of Foundation in preventing infectious diseases of the liver
	Total	$75,860

The Schering-Plough SEC Complaint noted that the company Manager involved in the payment scheme, “provided false medical justifications for most of the payments on the documents that he submitted to the company’s finance department.” Additionally, he structured the payments so that they were at or below his approval limit so that he did not have to ask for permission to make the improper payments. The Manager in question viewed the donations as “dues that were required to be paid for assistance from the Director.”

II.                The Red Flags for Charitable Donation

 a.     Schering-Plough

What were the factors which should become red flags for the review of charitable donations under the FCPA? The Schering-Plough SEC Complaint listed several items which it deemed indicia of red flags.

1.      No due diligence. The first is that no due diligence was performed on the charity to identify the Director of the Silesian Health Fund as the founder or his role in the Chudow Foundation.

2.      Donations not related to health care. While the company permitted donations to healthcare related programs there was no follow up to determine the purposes or uses of the donated funds.

3.      Outside normal range of donation. The next red flag was that the donations made to this single charitable foundation approximately 40% of the company’s promotional budget in 2000 and 20% in 2001.

4.      Disproportionate sales. The company’s sales increased disproportionately compared with its own sales of the same products in other areas of Poland. Up to 53% of one product was sold in the region run by the Director of the Silesian Health Fund.

b.  Lilly

The Lilly SEC Complaint listed several items which it deemed indicia of red flags.

1.      No due diligence. Once again there was no due diligence performed on the charity to identify the Director of the Silesian Health Fund as the founder or his role in the Chudow Foundation.

2.      Donations not related to health care. Unlike Schering-Plough, the reasons listed for the charitable donations did not relate to health care. Moreover, they were approved by a Lilly committee specifically tasked with reviewing such requests failed to investigate beyond the submitted paperwork, which was apparently not correct.

3.      Outside normal range of donation. The SEC Complaint quoted an email from a Lilly manager who said that he had decided to commit 70-75% of the [charitable donation] budget and the Director of the Silesian Health Fund was given a “free hand to manage the Lilly investment, emphasizing the fact we only doing this for him…”

4.      Suspicious Timing. The donations were made at or near the time that decisions on the purchase of Lilly products were made by the Director of the Silesian Health Fund. One donation was made two days are the Director of the Silesian Health Fund agreed to make a purchase of Lilly products.

Here Lilly used charitable donations to a charitable foundation which was, as stated in the SEC Complaint, “founded and administered by the head of one of the regional government health authorities at the same time that the subsidiary was seeking the official’s support for placing Lilly drugs on the government reimbursement list.” There were a total of eight payments made to the charitable foundation. In addition to the charitable donations made, Lilly “falsely characterized the proposed payments”. Lilly had a group which reviewed the request for such donations called the “Medical Grant Committee [MGC]” which approved the payments “largely based on the justification and description in the submitted paperwork.”

III.       The Role of Internal Audit

Jon Rydberg, Principal of Orchid Advisors, has categorized the Lilly situation as one of a failure of internal controls. I would add that there was also a failure of internal audit. What does internal audit need to review in the context of charitable donations under the FCPA? Internal audit needs to start with the DOJ FCPA Guidance regarding charitable donations. Internal audit should begin by asking the following five initial questions:

(1)   What is the purpose of the payment?

(2)   Is the payment consistent with the company’s internal guidelines on charitable giving?

(3)   Is the payment at the request of a foreign official?

(4)   Is a foreign official associated with the charity and, if so, can the foreign official make decisions regarding your business in that country?

(5)   Is the payment conditioned upon receiving business or other benefits?

Next internal audit should make inquiries based upon the DOJ Opinion Releases issued regarding charitable donations. Some of the protections a company can do to comply with the FCPA regarding charitable donations are as follows:

1)      Have the donation recipients certified that they or the entity will comply with the requirements of the FCPA;

2)      Has the recipient provided audited financial statements; and

3)      Has the recipient restricted the use of the donated funds to humanitarian or charitable purposes only;

4)      Were the funds transferred to a valid bank account; and

5)      Ongoing auditing and monitoring of the efficacy of the charitable donation program.

Based upon the Schering-Plough and Lilly SEC enforcement actions, there are some additional inquiries that internal audit should make, they are as follows:

a.      What was the timing of the charitable donation or promise to make a donation in relation to the obtaining or retaining of business?

b.      Did the company follow its normal protocol for requesting, reviewing and making a charitable donation or is there a pattern of unusual donations outside the protocol?

c.       Did any one person make multiple donations just below their authority level so that it did not have to go up the line for review?

d.      Was the total amount donated to one charitable foundation out of proportion to the rest of the country or region’s charitable donation budget?

e.       Did the sales in one area, region or country spike after a pattern of charitable donations?

The information on the red flags from the prior Opinion Releases and the best practices, as set out in the FCPA Guidance, have been available for some time. I think that the information found in both the Schering-Plough and Lilly enforcement actions have a different focus for internal audit. In addition to looking at the timing of charitable donations to see if they are at or near the time of the awarding of new or continued business, I think that internal audit may now need to look at overall increases in sales to determine if they are tied to a pattern of charitable donations. I once heard my colleague Henry Mixon explain how the award of a contract may be the product of fraud or corruption. By looking at the timing and quantum of charitable donations, internal audit may be able to ascertain that a spike in sales is tied to corrupt conduct. This may not be something that is on the current radar of auditors when they review charitable donations, but may now be something they need to consider.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

The Lilly FCPA Enforcement Action (Part III) Lessons Learned from Russia

This Part III is the final installment of my review of the Eli Lilly and Company (Lilly) FCPA enforcement action brought by the Securities and Exchange Commission (SEC). In this Part III, I will review the FCPA issues that Lilly found itself involved with in Russia and use those issues in the context of Paul McNulty’s Three Maxims regarding the effectiveness of a FCPA compliance program. First, what did you do to prevent it? Second, what did you do to detect it? Third, what did you do to remedy it?

I.                   Russia

Lilly used a distributor sales model in Russia. However, there was a further twist which got Lilly into FCPA hot water. Lilly would enter into an agreement with a third party other than the distributor who was selected by the government official making decisions on the purchase of Lilly products. Lilly did little to no due diligence on these third parties which would have identified the beneficial owners of these entities. Further, these other third parties were usually not domiciled in Russia, nor did they have bank accounts in Russia. In other words, they were Offshore Agents who were paid a flat fee or percentage of the total sales with no discernible work or services performed.

The SEC Complaint noted that Lilly itself provided contracts to these third parties which described their services as “immediate customs clearance” or “immediate delivery” of the products or in assisting Lilly in “obtaining payment for the sales transaction” and such other oldie but goodies as “the promotion of the products” and “marketing research.” The SEC Complaint also noted that the services described were actually provided by other entities including Lilly itself.

There also charitable donations made by Lilly in Russia but here Lilly simply made proposals to government decision makers regarding how the company “could donate or other support various initiatives there were affiliated with public or private institutions headed by the government officials or otherwise were important to the government officials.” In addition to the problems with the charitable donations policy in Russia, there were two reports provided to Lilly’s corporate headquarters identifying some of the compliance issues that the company was having in Russia but there was follow up from the corporate office. You have to put “boots on the ground” to make a proper inquiry, assessment or review for a high risk country. Antonia Chion, Associate Director in the SEC Enforcement Division put it another way when he was quoted in the SEC Press Release announcing the Complaint. He said, “When a parent company learns tell-tale signs of a bribery scheme involving a subsidiary, it must take immediate action to assure that the FCPA is not being violated. We strongly caution company officials from averting their eyes from what they do not wish to see.”

a.      Prevent

From the prevent prong there are several things that the compliance practitioner can put in place. There should be an adequate system of internal accounting sufficient to provide reasonable assurance that a company maintains accountability for its assets. Such a system would also provide a procedure that would ensure transactions were executed in accordance with management’s authority. Regarding third parties, a company cannot simply rely on the paperwork submitted by third parties but must verify its accuracy through independent due diligence. A company should also have procedures in place to safeguard that it is not offering anything of value to government officials to assist in retaining or obtaining business. Lastly, when the corporate office receives a report from a high risk country or area in which to do business, there must be follow up on the report.

 b.      Detect

Regarding detect, a company’s internal audit must have procedures in place designed to assess FCPA compliance or other anti-bribery law risk for sales of products and purchases of goods. If there are red flags or other indicia of high risk noted, there must be additional monitoring, review and auditing. As noted in Part I of these posts on the Lilly enforcement action, several Russian distributors were domiciled outside the company, in both Cyprus and the British Virgin Islands. None of these red flags were investigated or followed up. Audit must do more than simply assure itself of the soundness of the paperwork which is submitted to it or it reviews. If the circumstances surrounding the existence of a party or transaction suggest the possibility of a FCPA violation or corruption it must be followed up and reviewed.

II.                Remedy

I have laid out the facts as reported in the SEC Complaint in some detail for several reasons. One of which is to emphasize how wide ranging Lilly’s conduct was regarding FCPA violations. I think that it is incumbent to note that even with this wide ranging and apparently pervasive conduct, Lilly did not sustain a Deferred Prosecution Agreement or even a Non-Prosecution Agreement for criminal violations of the FCPA by the Department of Justice. There was only a civil Complaint filed by the SEC. As to the financial penalty, Lilly agreed to pay disgorgement of $13,955,196, prejudgment interest of $6,743,538, and a penalty of $8.7 million for a total payment of $29,398,734. Lilly also agreed the retention of an independent consultant to review and make recommendations about its foreign corruption policies and procedures but it does not have a monitor.

Lilly also engaged in the third prong of McNulty’s Maxims by remedying the FCPA violations during the pendency of the investigation. These remedies were listed in the SEC Complaint. In China, where the FCPA violation were engaged in by Lilly employees, the company “terminated or otherwise disciplined” those involved. Lilly also agreed to certain structural changes in its compliance program. These changes included:

• enhancing anti-corruption due diligence requirements for relationships with third parties;
• implementing compliance monitoring and corporate auditing specifically tailored to anti-corruption;
• enhancing financial controls and governance; and,
• expanding anti-corruption training throughout the organization.

 III.             Conclusion

The Lilly FCPA enforcement action, as laid out in the SEC Complaint, provides the compliance practitioner with solid information which can be used in a variety of ways to strengthen an anti-corruption/anti-bribery compliance program. First and foremost is the detailed discussion the different types of bribery schemes that were engaged in throughout the company. If your sales model is an employee based sales force, a distributor model with discounts off your list price or commission based third party agents, the Lilly FCPA enforcement action provides you with questions that you can ask to see if you company has FCPA issues to investigate. The SEC Complaint also details the internal controls failures which Lilly sustained and led to the enforcement action. There is also significant and detailed information on what you might look at or do in your compliance program to answer Paul McNulty’s three questions if you are in the position to deal with the SEC or DOJ on a FCPA issue.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

From China to Poland and Brazil-The Lilly FCPA Enforcement Action- Part II

In Parts II and III of my review of the Eli Lilly and Company (Lilly) Foreign Corrupt Practices Act (FCPA) enforcement action brought by the Securities and Exchange Commission (SEC), I will discuss some the processes and procedures which you can use in your Foreign Corrupt Practices Act (FCPA) or UK Bribery Act compliance program which should enable you to prevent or detect FPCA violations, similar to those Lilly sustained, as discussed in Part I of these blog posts on the Lilly enforcement action. Today, in Part II, I will discuss the FCPA issues that Lilly faced in China, Brazil and Poland.

As it is a New Year, I would like to start out with listing Paul McNulty’s Three Maxims regarding the effectiveness of a FCPA compliance program. I have been privileged to hear Paul speak many times for several years. These Maxims were the questions he posed to companies when he was in his role as the United States Deputy Attorney General. First, what did you do to prevent it? Second, what did you do to detect it? Third, what did you do to remedy it?

With the McNulty Maxims in mind, Lilly got into FCPA hot water for using four different styles of bribery schemes in four separate countries. In China, the corruption involved employees and bribery payments which were falsely labeled as reimbursement of expenses. In Brazil, the corruption involved a distributor which received a larger than normal discount for Lilly products. The additional revenues generated from this discount were used to pay a bribe. In Poland, the corruption involved charitable donations which were falsely labeled in Lilly’s books and records. These charitable donations were used to induce a Polish government official to approve the purchase of Lilly products; and, finally, Lilly’s subsidiary in Russia, paid bribes to Offshore Agents who were domiciled outside Russia and who performed no services for the compensation they received.

I.                   China

According to the SEC Complaint, in China the FCPA violations centered around various sales representatives who submitted false expense reports to cover bribes which were paid or their supervisors who instructed them to do so. The SEC Complaint noted that although the dollar amounts for the gifts provided to Chinese officials “generally small, the improper payments were wide-spread throughout the [Chinese] subsidiary.” To prevent such actions, a company must train its employees about the requirements of the FCPA, or any other relevant anti-corruption law, regarding what is and is not allowed under such laws. A company must then follow up to monitor and audit such activities. In a sales model which is employee based, internal audit must review the expense reports of its sales representatives as they represent the highest risk of corruption.

II.                Brazil

In Brazil, Lilly used the distributor model to market its drugs through third-party distributors who then resold these products to public and private entities. As noted by Matt Ellis, in his post entitled “Eli Lilly’s Distributor in Brazil: The Non-Obvious FCPA Risk”, the discounts that distributors typically receive from manufacturers such as Lilly can be problematic under the FCPA because “enforcement officials can see these discounts as potential “loose money” that can be used for bribe payments. This is especially the case when the distributor is engaging in other activities on behalf of the producer, like marketing, licensing, and customs clearance.” This was the situation that Lilly found itself in as the standard range of discounts given to distributors was “between 6.5% and 15%, with the majority of distributors in Brazil receiving a 10% discount” but in early 2007, at the request of a Lilly sales manager, the company awarded an unusually high discount of between 17% and 19% to a distributor for the sale of a Lilly drug to the government of one of the states of Brazil. The distributor used approximately 6% of this additional discount to create a fund to pay Brazilian government representatives to purchase the Lilly drugs from him.

a.      Prevent

In the area of prevent, the SEC Complaint noted the following “Lilly-Brazil’s pricing committee approved the discounts without further inquiry. The policies and procedures in place to flag unusual distributor discounts were deficient.” Lastly, as stated by Ellis, “It noted that the company relied on representations of the sales and marketing manager without adequate verification and analysis of the surrounding circumstances of the transactions.” Indeed Kara Brockmeyer, the SEC’s chief FCPA enforcer, stated in the SEC Press Release announcing the matter:

Eli Lilly and its subsidiaries possessed a “check the box” mentality when it came to third-party due diligence. Companies can’t simply rely on paper-thin assurances by employees, distributors, or customers. They need to look at the surrounding circumstances of any payment to adequately assess whether it could wind up in a government official’s pocket.

All of this means that if a discount is outside the normal range typically given to a distributor, a red flag is raised as to why the increased discount was allowed. Simply basing a management decision on the representations of a sales manager is not a sufficient mechanism to clear such a red flag.

b.         Detect

From the detect prong, internal audit needs to follow up with ongoing monitoring and auditing. Internal audit can be used to help determine the reasonableness of a commission rate outside the accepted corporate norm. Further, as noted by Jon Rydberg, of Orchid Advisors, in an article entitled “Eli Lilly’s Remedial Efforts for FCPA Compliance – After the Fact”, the company should be “implementing compliance monitoring and corporate auditing specifically tailored to anti-corruption” for the distributor sales model.

III.             Poland

Here Lilly used charitable donations to a charitable foundation which was, as stated in the SEC Complaint, “founded and administered by the head of one of the regional government health authorities at the same time that the subsidiary was seeking the official’s support for placing Lilly drugs on the government reimbursement list.” There were a total of eight payments made to the charitable foundation. In addition to the charitable donations made, Lilly “falsely characterized the proposed payments”. Lilly had a group which reviewed the request for such donations called the “Medical Grant Committee [MGC]” which approved the payments “largely based on the justification and description in the submitted paperwork.”

a.      Prevent

From the prevent prong, it is clear that if the MGC had adequately reviewed the donation request, it would have determined that the charitable foundation was administered by the same person making the decision over the sale of Lilly products. Indeed, the largest request was made just two days after the government decision maker authorized a large purchase of Lilly products. The SEC Complaint also noted that of there were different corporate justifications for the eight requests for the charitable donations made. So, as noted by Rydberg, there was a failure of corporate governance and financial controls. In its FCPA Guidance, the Department of Justice (DOJ) lists five questions which a company should ask when considering a charitable donation. They are: (1) What is the purpose of the payment? (2) Is the payment consistent with the company’s internal guidelines on charitable giving? (3) Is the payment at the request of a foreign official? (4) Is a foreign official associated with the charity and, if so, can the foreign official make decisions regarding your business in that country? (5) Is the payment conditioned upon receiving business or other benefits?

b.      Detect

From the detect prong, there are several things which can be incorporated into a FCPA compliance program regarding charitable donations. The DOJ has issued several Opinion Releases on charitable donations and based on Opinion Release 10-02, some of the protections a company can do to comply with the FCPA regarding charitable donations are as follows:

1)      Certifications by the recipient that it will comply with the requirements of the FCPA;

2)       Due diligence to confirm that none of the recipient’s officers or directors are affiliated with the foreign government at issue;

3)      A requirement that the recipient provide audited financial statements;

4)      A written agreement with the recipient restricting the use of funds to humanitarian or charitable purposes only;

5)      Steps to ensure that the funds were transferred to a valid bank account;

6)      Confirmation that contemplated activities had occurred before funds were disbursed; and

7)      Ongoing auditing and monitoring of the efficacy of the program.

These protections allow an audit trail which can be monitored or audited by the company’s audit team.

Tomorrow I will take a look at Lilly’s FCPA violations in Russia and use that information to set forth some minimum best practices which you can use in your compliance program to help you both prevent, detect and then FCPA compliance violations.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

The Lilly FCPA Enforcement Action Part I – Key Lessons Learned on Sportsmanlike Conduct

As you see from today’s picture I am enthusiastically wearing a New England Patriots (classic) shirt. You may ask yourself why am I wearing this shirt? The reason is because of a rather rash wager I made with Jay Rosen, Vice President of Merrill Brink, earlier this month on the Patriots/Texans football game. (I also made the same wager with Matt Kelly, Editor of Compliance Week, who says he will use the photo for marketing Compliance Week 2013, good luck with that!) I can’t quite seem to remember the final score but I do recall that it was what we in Texas might call a full ‘butt-whoopin’. Up until that game, the Patriots were 19-1 at home in the month of December over the past ten years, after beating the Texans, they became 20-1. The key lesson I learned from this experience is to evaluate your risk and then manage that risk accordingly.

Earlier this month, the Securities and Exchange Commission (SEC) announced the settlement of the Eli Lilly and Company’s (Lilly) violations of the Foreign Corrupt Practices Act (FCPA). The enforcement action details a number of bribery schemes that Lilly had engaged in for many years in multiple countries. Indeed Lilly used four different styles of bribery schemes in four separate countries; all of which violated the FCPA. In China, corrupt payments were falsely called reimbursement of expenses; in Brazil, money that was characterized as a discount for distributor was used to pay a bribe; in Poland, charitable donations were falsely labeled and used to induce a Polish government official to approve the purchase of Lilly products; and, finally, Lilly’s subsidiary in Russia, paid bribes to Offshore Agents who were domiciled outside Russia and who performed no services for which they were compensated.

I think the most noteworthy information found in this enforcement action is that it provides significant guidance to the compliance practitioner on not only the different types of bribery schemes used, but more importantly, by reading into the types of conduct the DOJ and SEC finds violates the FCPA, it is valuable as a lesson on how to structure tools to manage FCPA risks going forward. In this post I will detail the bribery schemes that Lilly engaged in and in Part II, I will discuss how the Lilly enforcement action should inform your FCPA compliance program.

I.                   China – Use of False Expense Reports to Cover Improper Gifts and Cash Payments

In China, Lilly employees used the classic system of submitting inflated expense reports and using the excess reimbursements to pay bribes. More ominously, not only did the sales representatives engage in this tactic but their supervisors did and also instructed subordinates to do so as well. The list of gifts that were provided to Chinese government officials was as wide ranging as it was creative. There were gifts consisting of specialty foods, wines and a jade bracelet. There were paid trips to bath houses, karaoke bars and spas. There was money paid to purchase “door prizes and publication fees to government employed physicians.” It was even noted that bribes were paid consisting of cigarettes. In the SEC complaint it stated that “Although the dollar amount of each gift was generally small, the improper payments were wide-spread across the [China] subsidiary.”

II.                Brazil – Use of Distributor Discounts to Fund Bribes

In Brazil, Lilly sold drugs to distributors who then resold the products to both public and private entities. It was the classic distributor model where Lilly sold the drugs to the distributors at a discount and then the distributors would resell the products “at a higher price and then took their discount as compensation.” There was a fairly standard discount given to the distributors which generally ranged “between 6.5% and 15%, with the majority of distributors in Brazil receiving a 10% discount.”

However in early 2007, at the request of a Lilly sales manager, the company awarded an unusually high discount of between 17% and 19% to a distributor for the sale of a Lilly drug to the government of one of the states of Brazil. The distributor used approximately 6% of this additional discount to create a fund to pay Brazilian government representatives to purchase the Lilly drugs from him. Further, the Lilly sales manager who requested this unusual discount was aware of the bribery scheme. Moreover, this increase in the discount was approved by the company with no further inquiry as to the reason for the request or to substantiate the basis for such an unusually high discount. If there were any internal controls they were not followed.

III.             Poland – Use of Charitable Donations to Obtain Sales of Drugs

In Poland we see our old friend the Chudow Castle Foundation (Foundation). You may remember this charity as it was the subject of a prior SEC enforcement action involving Schering-Plough Corporation. The thing that got both Lilly and Schering-Plough into trouble was that the Foundation was controlled by the Director of the Silesian Health Fund (Director) and with this position he was able to exercise “considerable influence over the pharmaceutical products local hospitals and other health care providers in the region purchased.”

Just how did this bribery scheme camouflaged as a charitable donation work? Initially it started while Lilly was in negotiations with the Director for the purchase of one of Lilly’s cancer drugs for public hospitals and other health care providers in the region. The Director actually made a request for a donation directly to representatives of Lilly. Thereafter, the Foundation itself made “subsequent requests” for donations.

In addition to this obvious red flag, Lilly did no due diligence on the Foundation and falsely described the nature of the payments not once but three separate times with three separate descriptions. Lilly turned some of the monies over not to the Foundation, but to the Director for use at his “discretion”. Interestingly, the donations were not only made at or near the time of a contract execution, with one donation being made two days after the Director authorized the purchase of the drugs from Lilly.  Internally Lilly even discussed the size of a donation, calling it a “rebate” and said “it will depend on the purchases of medicines.”

IV.              Russia – Use of Offshore Agents Who Performed No Services

As with Brazil, Lilly used a distributor sales model in Russia. However, there was a further twist which got Lilly into FCPA hot water. Lilly would enter into an agreement with a third party other than the distributor who was selected by the government official making decisions on the purchase of Lilly products. The other third parties were usually not domiciled in Russia, nor did they have bank accounts in Russia. In other words, they were Offshore Agents who were paid a flat fee or percentage of the total sales with no discernible work or services performed.

There was little to no due diligence performed on these Offshore Agents. In one instance, detailed in the SEC Complaint, Lilly ran a Dun and Bradstreet report on a third party agent, coupled with an internet search on a third party domiciled in Cyprus. There was no determination of the beneficial ownership of this Offshore Agent nor was there any determination of the business services which this Offshore Agent would provide, subsequently this . This Offshore Agent was paid approximately $3.8MM. An additional  Offshore Agent, again in Cyprus, which Lilly conducted little to no due diligence on, received a $5.2MM commission. Under another such agreement, yet another Cypriot Offshore Agent received a commission rate of 30% of the total sale.

What about the services that these Offshore Agents provided to Lilly? First and foremost, they all had their own special “Marketing Agreement” which was actually a template contract prepared by Lilly. The services allegedly provided by these Offshore Agents included “immediate customs clearance” or “immediate delivery” of the product. There were other equally broad and vague descriptions such as “promotion of the products” and “marketing research”. But not only was there little if no actual evidence that these Offshore Agents provided such services; Lilly, or its regular in-country distributors, actually performed these services.

Unlike their experience in Poland, officials from Lilly simply inquired directly from government officials with whom it was negotiating if it could “donate or otherwise support various initiatives that were affiliated with public or private institutions headed by the government officials or otherwise important to the government officials.” As noted in the SEC Complaint, Lilly had neither the internal controls in place nor performed any vetting to determine whether it “was offering something of value to a government official for the purpose of influencing or inducing him or her to assist Lilly-Vostok in obtaining or retaining business.”

In my next post I will discuss how the compliance practitioner can use the information and facts presented in the Lilly enforcement action as teaching points to evaluate and enhance a company’s compliance program.

Although I rarely agree with Peggy Noone, I always read her Saturday column in the Wall Street Journal (WSJ) and would like to end my blogging year with the closing paragraph, which I quote in full, from her article entitled “About Those 2012 Political Predictions”:

Lesson? For writers it’s always the same. Do your best, call it as you see it, keep the past in mind but keep your eyes open for the new things of the future. And say what you’re saying with as much verve as you can. Life shouldn’t be tepid and dull. It’s interesting—try to reflect the aliveness in your work. If you’re right about something, good. If you’re wrong, try to see what you misjudged and figure out why. And, always, “Wait ’til next year.”

A safe and Happy New Year to all.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012