Ross Booher

The once-little-enforced U.S. Foreign Corrupt Practices Act (FCPA) has claimed its fair share of headlines recently. The record for fines and penalties under the FCPA was shattered in December 2008 when Siemens announced that it settled FCPA charges with the government for $800 million. No let-up is expected in 2009 either; in January, the Los Angeles Times reported that government officials had advised that enforcing the FCPA is the second highest priority for the Department of Justice (DOJ), behind only combating terrorism.¹

Perhaps more concerning to executives are the comments of the department's chief FCPA enforcer: “The number of individual prosecutions has risen - and that's not an accident.… People have to be prosecuted where appropriate. This is a federal crime. This is not fun and games.”² Medical device, pharmaceutical, and other companies in the healthcare industry have been particularly vulnerable to running afoul of the stringent and sometimes surprising requirements of the FCPA.

What is the FCPA? The Basics.

The FCPA is a federal law that includes two general sets of provisions:

• Anti-bribery-- These provisions prohibit directly or indirectly offering “anything of value” to any “foreign official” for the purpose of influencing the decision of that official to do anything that assists the offerer in the obtaining or retaining of business. The interpretation of the statutory language is exceptionally broad-- “obtaining or retaining business” also includes improper payments to obtain permits, licenses, or reductions in taxes. Local custom is no defense and there is no exception for de minimis payments.
• Books and Records-- These provisions require companies to “make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer.” There is no materiality threshold. Additionally, companies must maintain a system of internal compliance controls that “provides reasonable assurances that transactions are executed in accordance” with generally accepted accounting principles (GAAP).

The requirements of the FCPA are often not intuitive. Business activities and practices that are often considered routine when seeking or retaining business from private parties may result in government investigations when they involve a “foreign official.” These activities may include the following:

• Entertainment expenses - expensive meals, tickets to pro sporting events, holiday gifts, first class air travel, etc.;
• Donations to a client's favored charity;
• Hiring relatives of a client

Additionally, companies may be held liable not only for their own conduct, but for the actions of subsidiaries, joint ventures, and third-party agents. FCPA due diligence is also critical during M&A transactions, as acquirers may be exposed to successor liability for FCPA violations previously committed by their targets.

Penalties can be severe. Such penalties include the following:

• For companies-- Felony convictions, fines of up to $2,000,000 per violation, disgorgement, denial of export licenses, and debarment from doing business with the U.S. government.
• For individuals and executives-- Felony convictions, imprisonment up to five years, and fines up to $100,000 per violation, along with disgorgement and debarment.

Companies that violate the FCPA will often be required to hire an independent compliance monitor that reports directly to the government. Finally, FCPA violations have formed the predicate for a bevy of shareholder suits, as well as parallel investigations and prosecutions by foreign governments.

Why Must Healthcare Companies and Executives Be Particularly Vigilant?

Since 2007, the Securities and Exchange Commission (SEC) and the DOJ appear to have launched an industry-wide probe into potential FCPA violations in the orthopedic implant industry. A number of major medical device companies have disclosed government investigations into their companies or subsidiaries. What characteristics of the healthcare industry have made companies especially vulnerable to FCPA concerns?

First, companies in the healthcare industry are often required to obtain government licenses, patents, approvals, and permits that many other companies do not. The more touchpoints a company has with government officials, the more likely it is that a violation will occur. Second, companies and employees in the medical industry likely are at a higher risk because the broad interpretation of “foreign official” may include potential clients and contacts that you, your employees, and agents might not expect. Here are some examples:

• In many countries, healthcare workers, including physicians, are considered “government officials” if they work in state hospitals.³
• In many nations, seemingly private businesses may be controlled by the government or by political party members. In countries such as China, where many prominent businesspersons are also members of the ruling Communist Party, otherwise lawful expenses reimbursed to such businesspersons may violate the FCPA because “political party officials” are considered “foreign officials” under the statute.
• To facilitate licensing or permit applications, many companies hire local consultants or agents. U.S. businesses have an obligation to take reasonable steps to avoid FCPA violations by their consultants and agents. Federal enforcers expect companies to engage in significant due diligence before hiring local agents and consultants and to take continuing steps to help prevent FCPA violations.

Lessons Learned: What Can I Do to Reduce FCPA Exposure for My Company, My Employees, and Myself?

Practitioners agree that an effective compliance program typically includes the following elements:

• A specific anti-bribery policy that provides important details, such as an identification of the full range of company-affiliated individuals subject to the policy; a comprehensive definition of prohibited activities; information regarding accessible resources for help in addressing FCPA issues; and a description of sanctions for violations;
• A hotline and/or other means whereby possible FCPA violations can be reported confidentially;
• Reasonable measures to vet any foreign agents that the company uses abroad. These measures can help the company avoid charges or sanctions for the unauthorized actions of its independent agents;
• Periodic training for all appropriate employees on the FCPA and the company's anti-corruption policy;
• A record-keeping policy that specifically acknowledges the company's record-keeping obligations under the FCPA and that describes its methods for discharging those obligations;
• Periodic FCPA audits and testing of the company's accounting and internal controls; and
• Diligent internal investigations of alleged FCPA violations and appropriate sanctions imposed against violators

Executives and counsel of medical device companies should ask themselves the following questions to reduce the risk of an FCPA investigation:

• Is our FCPA compliance program well-designed and tailored to the circumstances, business activities, and foreign jurisdictions in which we are involved? Do we have enhanced compliance efforts in high-risk areas, such as China, India, Mexico, South America, Eastern Europe, Africa, and the Middle East?
• How would our employees and foreign agents describe our compliance program and our commitment to it to an investigator? Would they be able to articulate what the company considers impermissible? How would they describe the way the company handles complaints and questions?
• Are employees and foreign agents asking questions and seeking opinions when the circumstances are ambiguous? Have we investigated problem areas and complaints? Are we changing activities based on our compliance program?

The role of management is one of the most important aspects that enforcers will consider when deciding whether to prosecute a company. Prosecutors have emphasized that the “tone at the top” is critical to an effective compliance program.

While even the best compliance program may not prevent a rogue employee from violating the FCPA, it can make all the difference in whether a prosecutor is willing to prosecute only the offending employee, rather than the company and its management. Moreover, even if an enforcer decides to sanction a company, prosecutors are expected to consider the existence of an effective compliance program when assessing penalties or the need for an independent compliance monitor. Finally, and perhaps most importantly, the only reliable way to detect FCPA violations is to institute effective controls. The only thing worse than finding out from your outside counsel or auditor that you have potentially violated the FCPA is to find out from a DOJ subpoena.

Ross Booher is a Member of Bass, Berry & Sims, PLC where he practices in the Antitrust and Trade Practices Group. He represents and counsels businesses in complex litigation, internal investigations and regulatory compliance, including the FCPA. Booher has represented medical device manufacturers and other public and private companies in the healthcare sector. He previously served overseas as a U.S. Navy prosecutor and conducted sensitive criminal and national security investigations in foreign jurisdictions. He is a graduate of Vanderbilt University and the University of Tennessee College of Law. Booher can be reached directly at rbooher@bassberry.com or 615/742-7764.

Taylor Phillips is an Associate at Bass, Berry & Sims PLC where he practices in the Antitrust & Trade Practices Group. A graduate of the College of William and Mary and the University of Virginia School of Law, he concentrates his practice on corporate litigation, internal investigations and assisting companies in complying with the FCPA.

© 2009 Canon Communications LLC

Return to MX: Issues Update.