The U.S. Securities and Exchange Commission (SEC)'s heightened Foreign Corrupt Practices Act (FCPA) enforcement shows no signs of slowing down. In 2010, the SEC created a specialized unit dedicated specifically to FCPA violations. Not coincidentally, the settlement fees it collected jumped from $644 million in 2009 to $1.8 billion in 2010. Seven years in, medtech companies remain prominently in the mix.
Last year, Teva Pharmaceutical agreed to pay $519 million to settle charges alleging it paid bribes to Russia, Ukraine, and Mexico government officials. GlaxoSmithKline settled FCPA charges related to pay-to-prescribe schemes for $20 million. AstraZeneca, Novartis AG, and other Medtech companies also paid millions to settle claims in 2016.
Because of their deep pockets and extensive contact with overseas government employees, medtech companies remain vulnerable to FCPA violations. A compliance program with FCPA emphasis will help ward off investigations.
What Is FCPA?
FCPA prohibits public U.S. companies "from bribing foreign officials for government contracts and other business," according to SEC's website. Congress enacted FCPA in 1977 to halt--or at least slow down--corrupt business practices and create an even playing field.
The Act comes in two parts. Anti-bribery provisions prohibit public companies from directly or indirectly offering "anything of value" to any "foreign official" for the purpose of influencing that person's decision in a way that helps the company gain business. The accounting provision requires public companies to keep accurate books and records that "accurately and fairly reflect the transactions and dispositions of the assets of the issuer."
FCPA violation penalties can range in the millions. Individuals found liable may receive felony convictions, fines, and exclusion from doing business with the U.S. government.
Why Medtech Is a Target
Medtech's business nature makes it a natural FCPA bull's-eye. "The way these companies go to market presents challenges from an FCPA standpoint," said Scott Shaffer, managing director of global due diligence for Kreller Group, a due diligence investigation services company based in Cincinnati, Ohio. "They work with doctors or intermediaries who then interact with healthcare systems, which are primarily managed by government organizations."
In many countries, local governments regulate health systems and play a more active role in those systems. Most healthcare workers, including physicians, are considered government officials if they work in state hospitals.
Medtech companies often have to obtain government licenses, patents, approvals, and permits. The more contact with government officials, the greater the risk of an FCPA violation.
Pharmaceutical and medical device companies regularly use distributors, agents, and other third parties during international operations. These third parties, if not properly trained in FCPA compliance, create risk.
What to Watch For
FCPA prohibits companies from "corruptly" offering something of value. In the areas of travel, dining, and entertainment, lines blur between fair and corrupt. The delineator is whether a company intends to influence a foreign official's decision.
"It's permissible to fly a doctor to corporate headquarters to review an application and its technology," said Shaffer. "It wouldn't be okay to fly the doctor's family to Disney World."
Jane Kim, partner at KYZ Law, PC, who helps clients with business, healthcare regulatory, compliance, and litigation matters, said companies should watch excessive spending. "Use coach, not first class," she said. "If you're paying for a foreign official's hotel, think Hyatt or Hilton, not Ritz Carlton."
Medtech companies should also treat charitable contributions with caution. Utah-based Nu Skin Enterprises was found to have violated FCPA by donating to a charity related to a high-ranking member of China's Communist Party in order to influence a regulatory investigation. Avoid donations to charities affiliated with foreign officials.
Tips for Compliance
Medtech companies must have robust compliance programs and anti-bribery policies to ensure they abide by FCPA. Shaffer advises companies to focus on internal and external control and due diligence and clearly define all third-party relationships. "Focus on high-risk engagements to make sure you absolutely know what they do on the company's behalf," he said.
A comprehensive compliance program includes training for both internal salespeople and third parties. "They should all understand what FCPA is and what they should and shouldn't do under the compliance policy," said Shaffer.
Kim advises medtech companies to thoroughly vet third parties to catch red flags. "FCPA requires companies to obtain certification from foreign third parties stating they will comply with FCPA provisions," she said. "If someone refuses to sign, that's a red flag." If third parties ask for an unusually high commission, won't provide proper accounting, or lack transparency, appear unqualified, or insist on working with a particular individual, be wary, Kim said.
Companies operating in corrupt countries, where bribes are part of doing business, aren't completely hampered. FCPA has a "grease payment" exception that applies only to routine government action. These tasks may include processing paperwork, expediting permits, licenses, work visas, and mail pickup, and cross-country goods transit. The grease payment amount must be reasonable. It doesn't apply to an award of contract.
As SEC continues to prioritize FCPA enforcement, medtech companies can avoid exposure by prioritizing training and compliance. As Kim said, "the best defense is a robust compliance program and honest accounting."
Heather R. Johnson is a freelance writer based in Oakland, California.
[Image courtesy of JANEB13/PIXABAY]