May the 4th Be Wtih YouMay 4th is universally recognized (at least in the universe I inhabit) as Star Wars Day. According to Wikipedia, “May 4 is called Star Wars Day because of the popularity of a common pun spoken on this day. Since the phrase “May the Force be with you” is a famous quote often spoken in the Star Wars films, fans commonly say “May the fourth be with you” on this day.” Given the rejuvenation of the franchise, in the form of Star Wars VII – The Force Awakens all Star Wars fans have reason to celebrate this May 4th in a manner we have not seen for some time.

The most recent entry into the Star Wars oeuvre revolves around a young girl, Rey, a scavenger who was abandoned as a child on the desert planet Jakku. She is patiently waiting for her family to return. She is completely self-sufficient and does everything for herself, until she is drawn into the intergalactic battle. It turns out The Force is strong in Rey and at the end of the movie she returns Luke Skywalker’s light sabre to him, strong implying that he is her father. Not so has intoned director J.J. Abrams, who has said publicly that Rey’s father did not appear in Episode VII. Rey is also, as my teenaged daughter informed me, “kick-ass”. Read More

Blackie SherrodBlackie Sherrod died last week. To any reader of sports pages across the nation and most particularly in Texas, Sherrod was about as good as it got. For me, he was right up there with Red Smith, Frank DeFord and Shirley Povich as one of the greatest sports writers of the second half of the 20th Century. His columns on the Dallas Cowboys in the 1960s and 1970s were truly pieces of art to be marveled at when savoring. He also had the good sense to hire Dan Jenkins and Bud Shrake as young sportswriters.

I thought about Sherrod when I read a recent article in the Harvard Business Review (HBR), entitled “Making Exit Interviews Count, authors Everett Spain and Boris Groysberg assert that exit interviews, when conducted with care, can be a very useful tool in two important areas: to increase employee engagement, to reveal what may not be working in the organization. Read More

OthelloWhich play in Shakespeare’s cannon presents the biggest clash of cultures, which leads to the most catastrophic result? I would have to opine Othello, one of the great tragedies in all of Shakespeare. Othello, a Moor and General in the service of the Venetian republic, wins great honors on the fields of battle with the Turks. He also wins the hand of the lovely Desdemona. However, off the battlefields, Othello falls prey to the whiles of Iago, who convinces Othello of the infidelity of his bride. Othello murders his wife and then, realizing his mistake, takes his own life.

There are many culture clashes going on in the play. The military ethos vs. the deceit of civilian life, African tribal culture vs. the isolation of life in Venice, and even the warm bloodedness of a Moor vs. the chilly civilization of 16th century Venice. Yet it all leads to one thing – destruction. Read More

SantayanaThe philosopher George Santayana is usually best remembered for the pithy saying, ‘Those who cannot remember the past are condemned to repeat it.” Santayana was an essayist, poet, professor and novelist. According to Wikipedia, Santayana was Spanish-born but was raised and educated in the United States. He wrote in English and is generally considered an American man of letters. At the age of forty-eight, Santayana left his position at Harvard, where he had been a Professor of Philosophy for over 20 years and returned to Europe, never to return to the United States.

While Santayana inspires what begins a two-part blog series, the lead quotation to theme these posts comes from the Oscar winning animator, Chuck Jones who, in describing two of his well-known creations, Roadrunner and Wily E. Coyote, used Santayana’s description of fanaticism when he articulated these cartoon characters as “redoubling your effort after you’ve forgotten your aim”.

Both of these two Santayana revelations are appropriate to introduce the Novartis Foreign Corrupt Practices Act (FCPA) enforcement action brought last week by the Securities and Exchange Commission (SEC). As noted by the FCPA Professor, this was the 22nd FCPA enforcement action brought against health care companies involving health care professionals. You might think those companies would begin to get the message that their conduct would be scrutinized for FCPA violations. Yet once again we see with Novartis, “redoubling your effort after you’ve forgotten your aim”. Even if the Chuck Jones observation is too ethereal for your company, if you do not study the past, you are condemned to repeat your mistakes.

Over the next two days I will explore at length the Novartis FCPA enforcement action. In today’s blog post, I will review the underlying conduct that got the company into FCPA hot water. Tomorrow I will look at what the company did in response to the revelations of FCPA misconduct and present some lessons to be learned by the compliance practitioner.

As noted in the SEC Cease and Desist Order (the Order), “From at least 2009 to 2013, certain employees and agents of Novartis subsidiaries conducting business in China engaged in transactions and provided things of value to foreign officials, principally healthcare professionals (“HCPs”). These payments took varied forms and were intended to influence the HCPs and thereby increase sales of Novartis pharmaceutical products. Employees and managers in the involved subsidiaries attempted to conceal the true nature of the transactions through the use of complicit third parties and by improperly recording the relevant transactions on the books and records of the respective subsidiaries, which were consolidated in the financial reports of Novartis. Examples include improperly recording the payments as legitimate expenses for travel and entertainment, conferences, lecture fees, marketing events, educational seminars, and medical studies. Novartis also failed to devise and maintain an effective system of internal accounting controls or an effective anti-corruption compliance program.”

Novartis fell afoul of the FCPA through two of its subsidiaries doing business in China, Shanghai Novartis Trading Ltd. (Sandoz China) and Beijing Novartis Pharma Co, Ltd. (Novartis China). The actions of each subsidiary are instructive for the compliance practitioner so they will be taken up separately.

Sandoz China

Sandoz China’s plan was to increase sales of generic products. They endeavored to do so by targeting selected HCPs to “influence”. To accomplish this influence “certain sales representatives provided HCPs with such things as cash and gifts, which were funded through the submission of false expense reports.” The false expense reports were created to create a pot of money to pay for gifts and entertainment. Needless to say, these expenses were not booked properly in the company’s books and records.

This was not a situation where an individual, rogue employee or even a group of nefarious actors hid a bribery scheme from management but a focused, targeted campaign approved by the management of Sandoz China. The Order goes on to state, “certain employees maintained projections in spreadsheets that directly linked a certain cash value to be provided to HCPs in exchange for a certain number of prescriptions per month. In certain instances, these planned amounts were referred to as “investments,” between several hundred and several thousand dollars annually, and the HCPs were in some instances categorized into and tracked by different tiers, including one tier described as “money worshippers.””

But it was far more than simply the purchase of a few gifts for targeteddecision- makers. Sandoz China used travel to the US as another excuse to provide illegal benefits. The company claimed these trips were “educational events” but the Order noted, “in many instances, the actual trips did not include an educational purpose or the scientific/educational components were minimal in comparison to the sightseeing or recreational activities, and were instead a method of influencing the HCPs. The related expenses were approved and paid with little or no supporting documentation.”

A prime example set out was an alleged conference in Chicago, yet there was a side trip to Niagara Falls, a mere 530 miles away from the conference site. Sandoz China paid the travel expenses for spouses too.. And in one of the great compliance notations of all time, the company paid for “cover charges at a strip club.” I guess we can assume the Chinese entertained were male. There were also instances were Sandoz China simply billed the corporate office approximately $25K for events and there was no evidence the events ever occurred.

Sandoz China even came up with a new mechanism to engage in illegal bribery and corruption. They paid monies to officials “to collect and analyze patient medical data for the stated purpose of better understanding the use and reaction of a particular Novartis drug among patients.” Leaving aside the issue of whether this action violated any patient privacy rights in China, the Order said, “the studies did not provide any legitimate medical data, but rather were used to financially reward HCPs who had prescribed the drug.” These payments totaled over $500K in 2009-2010.

Novartis China

This entity appears to have used the well-known Chinese vehicle of ‘travel agencies’ to further its bribery and corruption schemes. The Order stated, “The payments were made through event planning and travel companies retained by Novartis China ostensibly to arrange transportation, accommodations and meals for HCPs in connection with educational conferences and other business activities. Through the use of these complicit vendors, HCPs were provided with improper inducements to prescribe or recommend Novartis products. The subsidiary recorded these payments as legitimate selling and marketing costs in its books.” These events were both inside and out of China. In addition to the use of travel agencies to engage in corrupt activities, there was no due diligence or even rudimentary compliance review of these third parties from a compliance perspective.

Finally there were insufficient compliance internal controls around both subsidiaries in China. There was insufficient training of the Chinese staff in both hiring and retention of third parties and in managing these relationships after their contracts were signed. These controls were not “sufficient and appropriate support for the selling and marketing expenses submitted by these vendors.”

Tomorrow I will continue my review of the Novartis FCPA enforcement action to see what the company did when it found out about these deficiencies and what lessons can be gleaned by the compliance practitioner.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2016

George KennedyGeorge Kennedy died this week. He was one of the few actors who went from playing tough guys to being a hit in comedies. According to his obituary in the New York Times (NYT), Kennedy played “vicious killers, bumbling lawmen, saddle tramps, bank robbers, scowling bullies – anybody you’d be foolish to mess with or trust in an emergency who played tough guys, oafs, G.I.’s and a bonanza of cowboys as one of Hollywood’s most versatile and durable character actors. He portrayed them all in more than 200 films and television productions in an acting career that spanned nearly five decades. He also won an Oscar as the best supporting actor of 1967 for his performance in the Paul Newman film “Cool Hand Luke”(pictured left).

In a late career twist he moved to ironic comedy starring in the “cult favorite “The Naked Gun: From the Files of Police Squad!” (1988) and its sequels, “Naked Gun 2 ½: The Smell of Fear” (1991) and “Naked Gun 331/3: The Final Insult” (1994), Mr. Kennedy played Capt. Ed Hocken, wincing and grimacing at the wreckage wrought by Mr. Nielsen’s bumbling Lt. Frank Drebin.” Sometimes to win all you need is a real cool hand.

One of the things Chief Compliance Officers (CCOs) and compliance practitioners face is how to scale up a compliance program for dramatic growth, which can occur organically and sometimes inorganically through acquisitions. However, in both situations a CCO, who is a single compliance resource for a company, may need to scale up quickly. A recent Harvard Business Review (HBR) article authored by Ranjay Gulati and Alicia DeSantola, entitled “Start-Ups That Last”, looked at this scalability issue in the context of start-ups.

I found that their insights could be useful for the compliance professional who might confront the issue. This is because scaling up your compliance function does not mean the CCO should disavow who is personable and accessible. Nonetheless you need to be prepared to manage that corporate growth and to learn new ways of operating and behaving. This will provide a stronger and more effective compliance program in the long term.

For a single source compliance functionary, who knows everyone and is accessible to everyone in the organization, it is sometimes difficult to begin to delegate out. The egalitarian nature of such an operation cannot be denied. Moreover, there tends to be consistency when one person makes the decisions. However this situation can lead to bottlenecks when there is simply too much work to do. The authors note, “organizations spin out of control as centralized authority becomes a bottleneck that hinders information flow, execution and decision making.”

Hierarchy is not always bad. The key is to put structures in place that remain flexible enough to keep the company moving forward in the right direction but does not discourage solo contribution. However, the CCO must work to keep from having too many layers in the decision making process while provided the second set of eyes and that any best practices compliance program requires. You should try to find the balance between formal structures with informal communications up and down your chain. Such a communication system can help streamline and make more efficient the process of compliance. Finally, this will help you to embed compliance within the fabric of your organization.

The next area the authors discuss is not one usually considered by a CCO or compliance practitioner. It is planning and forecasting with discipline. In the compliance realm, we usually will posit a risk assessment and use the results as a road map for a 1, 3 or 5 year game plan. However, if you can move from this process to more robust forecasting, you can have a framework in place that allows you to test how new compliance initiatives are received and also react more dynamically to the business market, “with an eye towards larger objectives and sustaining” compliance.

You need to begin with strategic planning. This is moving beyond simply ‘what I want to be when I grow up’ to regular goal-setting to build your long-term compliance vision for the company. You can sit down with your business lead counter-parts and ask what is there strategic vision for both products and markets? If they identify Brazil as a huge growth opportunity, then you will need to forecast out what their team will need from the compliance perspective. More pointedly, what processes and protocols can you put in place that will allow the business team to move into Brazil seamlessly, both on the operational and tactical level?

Here technology can be a real leg up for you and your compliance program. By using both data analytics and transaction monitoring, you can be more nimble to deliver a proscriptive compliance solutions going forward. Further, once a solution is determined you can then scale that solution companywide, as circumstances dictate. The authors note, “Setting clear goals and guidelines, systemically gathering and sharing information to shed light on performance and enable better forecasting, and creative processes instead of relying on key individuals” are all hallmarks that your program is running more efficiently.

A final area the authors consider is how to sustain a culture when scaling up. This is something near and dear to every CCO or compliance practitioner’s heart as we are motivated to do the most business in compliance with our company’s ethics and ethos. Obviously it will be important to sustain this cultural ethos during times of rapid growth. You must work to codify and then reinforce this cultural ethos going forward. Obviously a robust Code of Conduct and written compliance programs are important first steps but they must be reinforced in the face of rapid business and personnel growth. Indeed, it starts with the hiring process as your first touch point to communicate the company’s expectations around compliance and weed out those who may not have the same business ethics that you stand for going forward.

Equally important is to continue this communication, with founding members or senior executives of the company being ambassadors for compliance. This is more than simply good tone at the top. This is senior management holding town halls around your ethical culture, holding compliance moments and using social media tools to talk to and listen to employees about issues around compliance.

I once worked at a software company that held ‘Final Friday’s’ where employees could all get together and visit with senior management. Initially these were held weekly. However, as the company grew they were moved to monthly and then quarterly and even as they became less frequent, they actually gained in popularity because it not only reminded everyone of some far off nostalgic days that may never have actually existed but it allowed everyone to get together in a collegial atmosphere. You can try something like that through the social media tools of Blab or Periscope.

As a CCO who is the sole member of a corporate compliance department, you may have created something very special and unique. The authors end with the comment, “Between the extremes of ad hoc and prescriptive organizing, there’s a useful middle ground.” By moving towards this place, you, as the CCO, can make your company more nimble, more efficient and may well provide to your company a market differentiator.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2016