Welcome to the only roundtable podcast in compliance. Today, we have the full quintet of Jonathan Armstrong, Jay Rosen, Matt Kelly, Jonathan Marks and Mike Volkov for a potpourri of discussions and ending with a veritable mélange of rants and shouts outs.

  1. Jonathan Armstrong critiques the recent SFO conviction of two former Unaoil employees and the controversy the SFO and its Director, Lisa Osofsky now find themselves in regarding their conduct. Armstrong shouts out to the West Indies cricket team for traveling to the UK to play at Lord’s.
  1. Jay Rosen considers telemedicine in the time of Covid-19. What does it mean for the practice of medicine? What are the compliance issues involved? Jay rants about the Trump Administration targeting surveillance on journalist in Portland and across the country.
  1. Matt Kelly looks at two recent US domestic corruption cases; one in Illinois involving ComEd and one in Ohio involving the Speaker of the Ohio House of Representatives. Matt shouts out to Rebecca Jones the former Florida state employee who left the government to start her own public record of Covid-19 in Florida when the state quit reporting on it.
  1. Mike Volkov looks at two recent OFAC enforcement actions. One involved Amazon and defective tracing software. The second Essentra, doing business with North Korea and shell companies. He draws out the lessons learned from both cases. He shouts out to podcasters and the podcasting community for getting their messages out.
  1. Jonathan Marks considers parallels he has observed in the development of the compliance profession from those he lived through in the Internal Audit world after Enron and WorldCom. He shouts out to the IIA for beginning the discussion to reconfigure its 3 Lines of Defense but chides them for not going far enough.
  1. Tom Fox rants about those attacking fellow Buffalo Wing addicts. 

The members of the Everything Compliance are:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com
  • Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com
  • Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at marks@bakertilly.com

The host and producer (and sometime panelist) of Everything Compliance is Tom Fox the Compliance Evangelist. Everything Compliance is a part of the Compliance Podcast Network. He can be reached at tfox@tfoxlaw.com

In the Episode, I am joined by Mike DeBernardis, Counsel at Hughes Hubbard, in the firm’s Washington office and a member of the firm’s Anti-Corruption and Internal Investigations and White Collar & Regulatory Defense practice groups. He represents corporate and individual clients in criminal, civil and administrative enforcement matters, including matters involving the Foreign Corrupt Practices Act and securities and accounting fraud. In this episode we take a deep dive into the DOJ’s 2020 Update to the Evaluation of Corporate Compliance Programs and DOJ and SEC FCPA Resource Guide, 2nd edition.

Some of the highlights include:

  1. What were the top changes DeBernardis observed in 2020 Update to Evaluation of Corporate Compliance Programs?
  2. What were the top changes for you in FCPA Resource Guide, 2nd edition?
  3. How should one read the Resource Guide, 2nd with the 2020 Update? In conjunction, separately or in some other way?
  4. Is there any significance  to the two documents being released so close together in time?
  5. Should you advise clients to do anything different because of these documents?

As the international fight against corruption took two small steps forward this week in the 1MDB case, Tom and Jay brave the surge in Covid cases by staying safe at home. They are back to look at top compliance articles and stories which caught their eye this week.

  1. Goldman Sachs settles with Malaysia for nearly $4bn. Ben Otto and Chester Tay report in the WSJ. Former Malaysia PM convicted in 1MDB scandal, Harry Cassin reports in the FCPA Blog.
  2. Mike Volkov reports on two big enforcement actions in Pharma. Indivior and illegal marketing of opioid products. Taro Pharma and price-fixing.
  3. What are the shared elements in a best practices compliance program? Jaclyn Jaeger explores in Compliance Week. (sub req’d)
  4. How can you test your hotline? Matt Kelly explores on Radical Compliance.
  5. Why is Germany soft of corporate crime? Dick Cassin considers in the FCPA Blog.
  6. Whistleblower management in the EU. Frank Staelens in CCI.
  7. How can you audit AI? James Bone explores in CCI.
  8. What should be the goal of effective internal controls? Alex Movchan interviews Edmund Sanders in Risk and Compliance Platform Europe.
  9. This month on The Compliance Life, I am joined by Scott Sullivan, Chief Integrity and Compliance Officer at Newport Mining. In Part 1, we discussed the need for empathy in a CCO. In Part 2, we looked at reading the tea leaves and staying ahead of the (corp) wolf pack. In Part 3, we considered who a CCO needs on their compliance team. In this concluding Part 4, we look at the CCO and compliance function down the road.
  10. AMI week on Compliance and Coronavirus as Jerry Coyne discusses telemedicine and Covid-19, Don Stern on how Covid-19 will impact federal prosecutors and Mikhail Reider-Gordon compliance issues during the business reopenings.
  11. On the Compliance Podcast Network, Tom concludes the topic of 3rd party risk management. This week saw the following offerings: Monday-freight forwarders; Tuesday– risk ranking in the Supply Chain; Wednesday-data and 3rd party risk management (Vin DiCianni as guest); Thursday-enforcement actions; and Friday-wrap up. The month of July is being sponsored by Affiliated Monitors. Note 31 Days to a More Effective Compliance Program now has its own iTunes channel. If you want to binge out and listen to only these episodes, click here.  Join us in August for the role of the Board of Directors.
  12. Upcoming Webinars:

K2-FIN, Windward, and C4ADS Webinar—New Sanctions Developments in the Maritime Sector: UK Sanctions Shipping Guidance and Venezuelan Shipping in Focus, August 5, 2020 at 10:45 to 11:45 AM EST; with Juan Zarate and Eric Lorber. Registration and Information here.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is       Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Today, we conclude our week of Sherlock Holmes-themed blog posts. We finished the review of The Adventures of Sherlock Holmes and moved on to The Memoirs of Sherlock Holmes. Today we conclude with The Adventure of the Gloria Scott. In it we learn more about Holmes’ fateful meeting with Watson than in any other story. Leslie Klinger, in “The New Annotated Sherlock Holmes Volume 1”, said, “There are many gaps in Holmes account of those early years – most intriguingly, what college he attended. The clues in this tale and several others have fueled generations of speculations.”

In his university days, Holmes spent a month with his friend, Victor Trevor, at the Trevor estate in Norfolk. The evening before Holmes’ departure an old man suddenly appeared at the house causing the elder Mr. Trevor to rush for a shot of brandy before greeting him. Seven weeks after Holmes left he received a telegram from the younger Trevor begging him to come back to Norfolk. Once he got there, Victor told Holmes that his father was dying as a result of a stroke suffered after he received a letter. They found that he had died while Victor had been meeting Holmes at the station.

The letter read, “The supply of game for London is going steadily up. Head-keeper Hudson, we believe, has been now told to receive all orders for fly-paper and for preservation of your hen pheasant’s life.” It meant nothing to Victor, and it was quite a while before Holmes deduced anything. He eventually discovered the key, that being if one read every third word beginning with the first, there was an intelligible message: “The game is up. Hudson has told all. Fly for your life.” Holmes had deduced that the game was blackmail. On his deathbed, Mr. Trevor told about some papers in a cabinet, one was a written confession detailing a lurid tale of crime, punishment, transport to Australia, mutiny, redemption and the inevitable fall.

Interestingly, the case is referenced by Holmes in “The Adventure of the Sussex Vampire” when Holmes consults an index of his past exploits for references to “vampires” and remarks on “the Voyage of the Gloria Scott” listed under “V”. It is also mentioned in passing in “The Adventure of the Musgrave Ritual” as Holmes recounts to Watson his early cases when he first became a detective.

I find this to be one of the strangest in the entire Holmes oeuvre. Holmes seems to have lesser skills in the story which would certainly fit his initial work as a detective which apparently began while he was in university. He basically decodes the letter sent to Mr. Trevor and deduces it contains a blackmail threat. Also, Watson does not narrate this story and it is told in Holmes voice, which is rare throughout the genre.

It seemed like a good way to introduce some of the remarks of Brian Rabbitt, Acting Assistant Attorney General US Department of Justice, Criminal Division, after the departure of Brian Benczkowski the first week of July. The remarks were presented at the Ethics & Compliance Initiative (ECI) webinar, entitled ECI Best Practices Forum: A Q&A with the DOJ, where ECI Chief Executive Officer, Pat Harned, interviewed Rabbitt on the 2020 Update to Evaluation of Corporate Compliance Programs. It provided solid information for every compliance practitioner and one which they need to use in any best practices compliance program.

Rabbitt said the starting point was that the DOJ wanted to make clear that every policy will be evaluated on its own merits. But it is more than each compliance program standing on its own merits. It is compliance program evolution. While this is not a new concept it is the bane of those compliance defense seekers who believe that any company with a paper program should get a free get of jail card from any DOJ enforcement. The 2020 Update makes clear not only the absurdity of that position but the 2020 Update further demonstrates the DOJ will only give full compliance program credit to companies that engage in continuous improvement based upon continuous monitoring. That monitoring can take many forms, from data analytics to information through risk assessments and root cause analysis. Whatever strategy is used, a compliance professional must be able to, as Rabbitt phrased it, “see around the corners”.

The mandate of continual renewal and regular updates extends to all phases of a best practices compliance program. In the area of third-parties, companies must move beyond performing due diligence only at contract renewal. It has to be done on an ongoing basis. The reason is simple; if a third-party engages in unethical or illegal behavior during the pendency of a contractual relationship and the company does not find out about, it is the company which will pay the likely (FCPA) price.

Rabbitt ended his remarks by considering the interplay of the FCPA Resource Guide, 2nd edition to the 2020 Update to the Evaluation of Corporate Compliance Programs. Rabbitt noted that the FCPA Resource Guide, 2nd edition, is a compendium of all things FCPA and it is an expression of both the DOJ and Securities and Exchange Commission (SEC). The Evaluation of Corporate Compliance Programs is a DOJ expression of what it believes to be some of the best practices in a compliance program. You can refer to the FCPA Resource Guide, 2nd edition, for all things FCPA but when it comes to compliance programs you should refer to the Evaluation of Corporate Compliance Programs.

We end our Sherlock Holmes themed week by first giving a big shout out to Harned and her team at ECI for putting together this fabulous webinar. I also hope that you enjoyed reliving some of The Memoirs of Sherlock Holmes we considered this week.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2020

We are nearing the end of this exploration of two major corruption enforcement actions involving the pharmaceutical giant Novartis. One in the US and one for the rest of the world. The later was a  Foreign Corrupt Practices Act (FCPA) settlement, announced in late June, the Swiss pharmaceutical company Novartis AG, its Greek subsidiary Novartis Hellas S.A.C.I. (Novartis Greece) and Alcon Pte Ltd., a unit of eye-care company Alcon Inc., agreed to pay about $347 million in fines to resolve claims to settle its long standing FCPA enforcement action. Novartis Greece and Alcon Pte, a former subsidiary of Novartis AG and current subsidiary of Alcon Inc., agreed to pay $233 million in criminal penalties to resolve the Department of Justice (DOJ) investigation into FCPA violations. Novartis AG also agreed to pay $112 million to the US Securities and Exchange Commission (SEC) in a related matter.

However, the FCPA enforcement action paled next to the former as laid out in the Stipulation and Order of Settlement and Dismissal (Stipulation) entered against Novartis Pharmaceuticals Corporation (Novartis US) for its bribery and corruption in the US. According to the DOJ Press Release, Novartis “agreed to pay over $729 million in separate settlements resolving claims that it violated the False Claims Act (FCA). The first settlement pertains to the company’s alleged illegal use of three foundations as conduits to pay the copayments of Medicare patients taking Novartis’s drugs Gilenya and Afinitor. The second settlement resolves claims arising from the company’s alleged payments of kickbacks to doctors.” The settlement was entered into in the US District Court for the Southern District of New York.

As bad as Novartis’ conduct was outside of the US, I can only say it was much worse inside the US. In addition to long running corruption schemes, the company either corrupted or worked with corrupt 503(c) companies to manipulate charitable co-payments for patients using certain Novartis drugs. The total fine and penalty paid for illegal conduct inside the US was over double that paid by Novartis for its conduct outside the US. Novartis settled domestic False Claims Act (FCA) and Anti-Kickback (AKS) violations for $729 million and settled FCPA violations for foreign bribery for $337 million. These cases had much for every compliance practitioner to consider, including the specific illegal conduct of Novartis, the deficiencies in their compliance program, compliance function and Chief Compliance Officer (CCO); the role of the whistleblower, corrupt culture and lessons learned. Over the past few blog posts, I have considered US settlements, as outlined in the Stipulation, Settlement Agreement (Agreement) and Corporate Integrity Agreement (CIA).

The FCPA enforcement action was made worse because Novartis AG is a recidivist, having entered into a resolution in 2016 with the SEC for bribery and corruption in the company’s Chinese business unit. In addition to joining the ignoble class of FCPA recidivist, Novartis AG somehow missed identifying years of bribery and corruption in Greece, Vietnam and Korea while allegedly investigating the corruption conduct in China. It would certainly appear that not only did Novartis AG put sales, sales, and sales above any semblance of compliance; Novartis AG had a culture of corruption baked into the organization so that it would seek out manners in which make corrupt payment to Health Care Providers (HCPs) to start and then continue to prescribe Novartis AG drugs. Indeed, the prescriptions written were the ‘return on investment’ of illegal payments to HCPs. According to the SEC Order, the corrupt payment schemes were in violation of the company’s compliance policies. But more than simply violating the company’s internal compliance policy of the prohibition of paying bribes, the business units routinely side-stepped the company’s compliance oversight process by engaging in the bribery schemes without required authorization. It was a complete, total and utter evisceration of the corporate compliance function by the business unit.

Just as in the FCPA world, Novartis US is a recidivist for corruption in the US. In 2010, it was put under a CIA. It required the expert to conduct a “Year One Compliance Program Effectiveness Review” a year after the 2010 CIA went into effect. The Stipulation stated, “As part of the review, the expert concluded that Novartis had only “partially” met its compliance goals in certain areas. The expert concluded that compliance monitoring had still largely remained “the responsibility of the business [team],” rather than those working in the compliance department”. Rarely in a major multi-national does one see such an under-staffed, continually overwhelmed and seemingly impotent compliance function. It appeared Novartis US had no intention of having anything close to an effective compliance program. Their approach is a sobering reminder of the cost of a company wholly disregarding its obligations to have a compliance program. According to the Stipulation, Novartis only created a compliance department in 1999 and for its initial two years the company’s compliance program “consisted of one employee.”

Thereafter, although Novartis hired additional compliance personnel in later years, it did not employ sufficient staff to investigate potential AKS violations. Yet whatever the meagre size of the compliance department, it did not have “the personnel and resources to adequately monitor that the tens of thousands of speaker and roundtable events that Novartis organized throughout the country each year complied with the AKS.”

This was as basic as it gets. The compliance function was under-resourced to do the most basic job that could have been assigned to it. Even when it came to testing, the corporate compliance policy requirements around its physician speaker program, the company “did not conduct a comprehensive field audit of speaker events until 2008, after approximately 90 percent of the events at issue in this case had already occurred.” Moreover, the audits were likely no more than perfunctory examinations as “sales representatives would typically receive advance notice if their programs were going to be audited.”

As many compliance lessons as there are to be garnered from the FCPA and FCA actions, I find there to be one over-riding lesson. It really all does start with tone at the top. Clearly Novartis top management in both Switzerland and the US had no intention of letting a little compliance get in the way of making money. With this clear message from top management, the company’s compliance function had zero chance of success of preventing, detecting or remediating illegal conduct. It was simply baked into the DNA of the company.

And never forget the cherry on top, Novartis was the company which had Chief Executive and General Counsel approval to hire convicted felon Michael Cohen to lobby the Trump Administration.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2020