In the Episode, I visit with James Koukios, partner at Morrison & Foerster, Editor-in-Chief of the firm’s Top 10 International Anti-Corruption Developments. We visit about the firm’s Top 10 International Anti-Corruption Developments for March 2020.

Some of the highlights include:

  1. Portugal Freezes Assets of Africa’s Richest Woman-could this be even bigger than 1 MDB?
  2. Thoughts on Teva FCPA enforcement action in the context of it completing its DPA.
  3. What is the DOJ saying around FCPA enforcement in the Covid-19 era?
  4. What significance, if any, do you see in Mexico request to extradite former Pemex official?
  5. OECD Expresses Concern over Costa Rica’s Foreign Bribery Enforcement Record. What does this mean?

 Resources

To a copy of the Top 10 International Anti-Corruption Developments for March 2020 Newsletter click here.

As the international fight against corruption took two small steps forward this week in the 1MDB case, Tom and Jay brave the surge in Covid cases by staying safe at home. They are back to look at top compliance articles and stories which caught their eye this week.

  1. Goldman Sachs settles with Malaysia for nearly $4bn. Ben Otto and Chester Tay report in the WSJ. Former Malaysia PM convicted in 1MDB scandal, Harry Cassin reports in the FCPA Blog.
  2. Mike Volkov reports on two big enforcement actions in Pharma. Indivior and illegal marketing of opioid products. Taro Pharma and price-fixing.
  3. What are the shared elements in a best practices compliance program? Jaclyn Jaeger explores in Compliance Week. (sub req’d)
  4. How can you test your hotline? Matt Kelly explores on Radical Compliance.
  5. Why is Germany soft of corporate crime? Dick Cassin considers in the FCPA Blog.
  6. Whistleblower management in the EU. Frank Staelens in CCI.
  7. How can you audit AI? James Bone explores in CCI.
  8. What should be the goal of effective internal controls? Alex Movchan interviews Edmund Sanders in Risk and Compliance Platform Europe.
  9. This month on The Compliance Life, I am joined by Scott Sullivan, Chief Integrity and Compliance Officer at Newport Mining. In Part 1, we discussed the need for empathy in a CCO. In Part 2, we looked at reading the tea leaves and staying ahead of the (corp) wolf pack. In Part 3, we considered who a CCO needs on their compliance team. In this concluding Part 4, we look at the CCO and compliance function down the road.
  10. AMI week on Compliance and Coronavirus as Jerry Coyne discusses telemedicine and Covid-19, Don Stern on how Covid-19 will impact federal prosecutors and Mikhail Reider-Gordon compliance issues during the business reopenings.
  11. On the Compliance Podcast Network, Tom concludes the topic of 3rd party risk management. This week saw the following offerings: Monday-freight forwarders; Tuesday– risk ranking in the Supply Chain; Wednesday-data and 3rd party risk management (Vin DiCianni as guest); Thursday-enforcement actions; and Friday-wrap up. The month of July is being sponsored by Affiliated Monitors. Note 31 Days to a More Effective Compliance Program now has its own iTunes channel. If you want to binge out and listen to only these episodes, click here.  Join us in August for the role of the Board of Directors.
  12. Upcoming Webinars:

K2-FIN, Windward, and C4ADS Webinar—New Sanctions Developments in the Maritime Sector: UK Sanctions Shipping Guidance and Venezuelan Shipping in Focus, August 5, 2020 at 10:45 to 11:45 AM EST; with Juan Zarate and Eric Lorber. Registration and Information here.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is       Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

We are nearing the end of this exploration of two major corruption enforcement actions involving the pharmaceutical giant Novartis. One in the US and one for the rest of the world. The later was a  Foreign Corrupt Practices Act (FCPA) settlement, announced in late June, the Swiss pharmaceutical company Novartis AG, its Greek subsidiary Novartis Hellas S.A.C.I. (Novartis Greece) and Alcon Pte Ltd., a unit of eye-care company Alcon Inc., agreed to pay about $347 million in fines to resolve claims to settle its long standing FCPA enforcement action. Novartis Greece and Alcon Pte, a former subsidiary of Novartis AG and current subsidiary of Alcon Inc., agreed to pay $233 million in criminal penalties to resolve the Department of Justice (DOJ) investigation into FCPA violations. Novartis AG also agreed to pay $112 million to the US Securities and Exchange Commission (SEC) in a related matter.

However, the FCPA enforcement action paled next to the former as laid out in the Stipulation and Order of Settlement and Dismissal (Stipulation) entered against Novartis Pharmaceuticals Corporation (Novartis US) for its bribery and corruption in the US. According to the DOJ Press Release, Novartis “agreed to pay over $729 million in separate settlements resolving claims that it violated the False Claims Act (FCA). The first settlement pertains to the company’s alleged illegal use of three foundations as conduits to pay the copayments of Medicare patients taking Novartis’s drugs Gilenya and Afinitor. The second settlement resolves claims arising from the company’s alleged payments of kickbacks to doctors.” The settlement was entered into in the US District Court for the Southern District of New York.

As bad as Novartis’ conduct was outside of the US, I can only say it was much worse inside the US. In addition to long running corruption schemes, the company either corrupted or worked with corrupt 503(c) companies to manipulate charitable co-payments for patients using certain Novartis drugs. The total fine and penalty paid for illegal conduct inside the US was over double that paid by Novartis for its conduct outside the US. Novartis settled domestic False Claims Act (FCA) and Anti-Kickback (AKS) violations for $729 million and settled FCPA violations for foreign bribery for $337 million. These cases had much for every compliance practitioner to consider, including the specific illegal conduct of Novartis, the deficiencies in their compliance program, compliance function and Chief Compliance Officer (CCO); the role of the whistleblower, corrupt culture and lessons learned. Over the past few blog posts, I have considered US settlements, as outlined in the Stipulation, Settlement Agreement (Agreement) and Corporate Integrity Agreement (CIA).

The FCPA enforcement action was made worse because Novartis AG is a recidivist, having entered into a resolution in 2016 with the SEC for bribery and corruption in the company’s Chinese business unit. In addition to joining the ignoble class of FCPA recidivist, Novartis AG somehow missed identifying years of bribery and corruption in Greece, Vietnam and Korea while allegedly investigating the corruption conduct in China. It would certainly appear that not only did Novartis AG put sales, sales, and sales above any semblance of compliance; Novartis AG had a culture of corruption baked into the organization so that it would seek out manners in which make corrupt payment to Health Care Providers (HCPs) to start and then continue to prescribe Novartis AG drugs. Indeed, the prescriptions written were the ‘return on investment’ of illegal payments to HCPs. According to the SEC Order, the corrupt payment schemes were in violation of the company’s compliance policies. But more than simply violating the company’s internal compliance policy of the prohibition of paying bribes, the business units routinely side-stepped the company’s compliance oversight process by engaging in the bribery schemes without required authorization. It was a complete, total and utter evisceration of the corporate compliance function by the business unit.

Just as in the FCPA world, Novartis US is a recidivist for corruption in the US. In 2010, it was put under a CIA. It required the expert to conduct a “Year One Compliance Program Effectiveness Review” a year after the 2010 CIA went into effect. The Stipulation stated, “As part of the review, the expert concluded that Novartis had only “partially” met its compliance goals in certain areas. The expert concluded that compliance monitoring had still largely remained “the responsibility of the business [team],” rather than those working in the compliance department”. Rarely in a major multi-national does one see such an under-staffed, continually overwhelmed and seemingly impotent compliance function. It appeared Novartis US had no intention of having anything close to an effective compliance program. Their approach is a sobering reminder of the cost of a company wholly disregarding its obligations to have a compliance program. According to the Stipulation, Novartis only created a compliance department in 1999 and for its initial two years the company’s compliance program “consisted of one employee.”

Thereafter, although Novartis hired additional compliance personnel in later years, it did not employ sufficient staff to investigate potential AKS violations. Yet whatever the meagre size of the compliance department, it did not have “the personnel and resources to adequately monitor that the tens of thousands of speaker and roundtable events that Novartis organized throughout the country each year complied with the AKS.”

This was as basic as it gets. The compliance function was under-resourced to do the most basic job that could have been assigned to it. Even when it came to testing, the corporate compliance policy requirements around its physician speaker program, the company “did not conduct a comprehensive field audit of speaker events until 2008, after approximately 90 percent of the events at issue in this case had already occurred.” Moreover, the audits were likely no more than perfunctory examinations as “sales representatives would typically receive advance notice if their programs were going to be audited.”

As many compliance lessons as there are to be garnered from the FCPA and FCA actions, I find there to be one over-riding lesson. It really all does start with tone at the top. Clearly Novartis top management in both Switzerland and the US had no intention of letting a little compliance get in the way of making money. With this clear message from top management, the company’s compliance function had zero chance of success of preventing, detecting or remediating illegal conduct. It was simply baked into the DNA of the company.

And never forget the cherry on top, Novartis was the company which had Chief Executive and General Counsel approval to hire convicted felon Michael Cohen to lobby the Trump Administration.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2020

The same day that the 2020 Resource Guide was released, the Securities and Exchange Commission (SEC) announced it had settled a Foreign Corrupt Practices Act (FCPA) enforcement action involving Alexion Pharmaceuticals Inc. (Alexion) who agreed to pay more than $21 million to resolve charges that it violated the books and records and internal accounting controls provisions of the FCPA. According to the SEC Press Release, the case was resolved via a Cease and Desist Order (Order) where Alexion “agreed to cease and desist from committing violations of the books and records and internal accounting controls provisions of the FCPA and pay $14,210,194 in disgorgement, $3,766,337 in prejudgment interest, and a $3.5 million penalty.” Yesterday I begin a two-part blog post series looking at this enforcement action by reviewing the bribery schemes. Today I conclude by considering how the use of data analytics could prevent these types of corruption schemes from even getting off the ground.

Turkey

Alexion Turkey used a sales program called the Named Sales Program (NSP) to mask its corrupt payments to sell its Soliris therapy. Alexion Turkey illegally paid Health Care Providers (HCPs) employed at state-owned healthcare institutions for services, including research and educational events to get through this process. This bribery scheme led Alexion Turkey to hire a consultant to facilitate the payment of bribes. It was accomplished by paying the consultant fees and alleged expense reimbursements.

How could data analytics have helped here? The most basic way would be to test the expenses charged back by the consultant against other similarly situated consultants. Such benchmarking is straight forward with a comparison of the fees and expenses charged back to the company for reimbursement. From there, a compliance professional could next consider the HCPs the consultant had formal relationships with and test the number of products prescribed or sold through those HCPs.

According to the Order, each patient’s application to begin Soliris therapy required review and approval by HCPs appointed to serve on commissions in Turkey’s Ministry of Health, separate approvals to pay for the prescription and recurring approvals to continue the patient on Soliris therapy. The Order noted, “The Consultant passed a portion of these funds on to Turkish government officials, in the form of cash, meals, or gifts, to secure favorable treatment for Soliris.” The compliance function could review the timing of the illegal payments, even if they were masked as legitimate business entertainment for instance, to see if approvals were given at or near the time of such business entertainment or expenditure. Finally, “These HCPs were responsible for approving or denying patient prescriptions for Soliris and had influence over key regulatory matters, such as treatment guidelines and reimbursement criteria.  Alexion Turkey paid these HCPs to influence them to approve patient prescriptions and support regulatory actions favorable to Soliris.” Once again, a simple correlation could be run to see if corrupt payments were made at or near the time that a quid pro quo was paid back to Alexion.

The consultant used this money as a slush fund to make bribe payments in the form of cash, meals, or gifts to HCPs to secure favorable treatment for Soliris. Certain Alexion Turkey employees recorded these payments inaccurately in the books and records. In one of the most improbable scenarios recently seen in a FCPA enforcement action, one “Alexion Turkey manager directed that the description of the Consultant’s claimed expenses should be written in pencil. The use of pencil would allow the description of the expenses to be easily changed or concealed.” HCPs were paid over $100,000 and Alexion Turkey made some $7.5 million in ill-gotten gains as a result.

Russia

In Russia, the bribery scheme was a bit different. The Order noted, “Certain state-employed HCPs also served in official roles at the regional and federal levels of the Russian government healthcare system. These HCPs provided expert opinions relied upon by decision-makers regarding the allocation of regional healthcare budgets and the regulatory treatment of Soliris.  Alexion Russia senior managers believed that these HCPs had decision-making authority regarding regional healthcare budgets and regulatory decisions.” This is a variation of the Key Influencer bribery scheme used by Novartis in Greece.

Yet once again, a very straight-forward approach could be used. Simply correlate the dates of payments, entertainment or any other thing of value provided to these officials and the dates of their actions back which promoted Alexion products. You could even start with a chart listing dates of benefits provided to the corrupt HCP(s) and then date of benefit back to Alexion, regardless of what that corrupt act was for the company.

Alexion Russia paid HCPs employed at state-owned healthcare institutions for services, including research, consulting on specific topics, and hosting educational events and activities. Here, in addition to the correlation of corrupt benefits provided to the HCPs with the benefits provided back to Alexion, the compliance professional could look at the overall spend on educational events and activities. Any sophisticated gift, travel and entertainment recordation system provider would be able to help you understand when the total amount paid looks askance.

Brazil and Colombia

Finally, there were bribery schemes involving Alexion Brazil and Alexion Colombia. Here the local business units either created or directed third parties to create inaccurate financial records concerning payments to third parties. In one instance, Alexion Brazil caused a PAO to pay for the manager’s personal expenses for alcohol and personal travel. To fund this bribe, they had the corrupt manager submit a fictitious invoice, which was then reimbursed by Alexion Brazil. In another, a senior manager “directed a PAO to submit an invoice that falsely described that the funds would be used for “legal support” services. This inaccurate invoice allowed Alexion Colombia to approve the payment locally instead of obtaining approval for the payment through the global grant process, as required by Alexion’s policies.”

Any international corporation worth is salt will run data on its foreign business unit expenses. Even if corrupt payments are hidden in such apparently legitimate expenses, the power of data analytics is to identify anomalies for further investigation. This means that if legitimate expenses increase significantly as their payment is used to fund bribery, a robust but even high-level data analytics approach would uncover the “patterns in raked leaves” and allow a deeper dive investigation.

The fact that compliance functions did not previously have access to this data or was seen as somehow outside the compliance function’s remit simply no longer is valid. In the 2020 Update to the Department of Justice’s (DOJ’s) Evaluation of Corporate Compliance Programs it asked,  under the section entitled Data Resources and Access, the following questions Do compliance and control personnel have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions? Do any impediments exist that limit access to relevant sources of data and, if so, what is the company doing to address the impediments?

The clear import is that a compliance professional must have access to the data and then actually do something with it going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2020

The same day that the 2020 Resource Guide was released the Securities and Exchange Commission (SEC) announced it had settled a Foreign Corrupt Practices Act (FCPA) enforcement action involving Alexion Pharmaceuticals Inc. (Alexion) who agreed to pay more than $21 million to resolve charges that it violated the books and records and internal accounting controls provisions of the FCPA. According to the SEC Press Release, the case was resolved via a Cease and Desist Order (Order) where Alexion “agreed to cease and desist from committing violations of the books and records and internal accounting controls provisions of the FCPA and pay $14,210,194 in disgorgement, $3,766,337 in prejudgment interest, and a $3.5 million penalty.” Today I begin a two-part blog post series looking at this enforcement action. In today’s post I will consider the bribery schemes. Tomorrow I will look at the use of data analytics to prevent these types of corruption schemes from even getting off the ground.

Background

As with most recent FCPA enforcement actions announced by the SEC, this matter had some very interesting and useful information for the compliance practitioner. The company engaged in bribery as a standard business practice in a wide variety of countries and through several wholly owned subsidiaries, including Alexion Ilaç Ticaret Limited Sirketi (“Alexion Turkey”) incorporated in 2010; Alexion Pharma OOO (“Alexion Russia”) incorporated in 2012; Alexion Pharma Brazil (“Alexion Brazil”) incorporated in 2009 and Alexion Pharma Colombia SAS (“Alexion Colombia”) incorporated in 2009. Alexion Colombia’s books and records were consolidated into Alexion’s financial statements.

According to the Order, Alexion engaged in bribery and corruption by making payments to foreign officials in order to influence them to provide favorable regulatory treatment for Alexion’s primary drug, Soliris, and to approve Soliris prescriptions for individual patients. In addition, from 2011 to 2015, Alexion Russia made payments to foreign officials in order to influence the allocation of regional healthcare budgets for Soliris, increase the number of approved Soliris prescriptions and favorably influence the regulatory treatment of Soliris. The payments were made in a variety of ways, including through the use of a third-party consultant, honoraria, and grants. Alexion Brazil and Alexion Colombia failed to maintain accurate books and records regarding third-party payments.

The Bribery Schemes

Alexion Turkey had a sales program called the Named Sales Program (NSP). The NSP was required to have each patient’s application reviewed and approved by healthcare providers (“HCPs”) appointed to serve on commissions in Turkey’s Ministry of Health, separate set of approvals to pay for the prescription, and recurring approvals thereafter to continue the patient on Soliris therapy. Alexion Turkey illegally paid HCPs employed at state-owned healthcare institutions for services, including research and educational events to get through this process.

This led Alexion Turkey to hire a consultant to facilitate the payment of bribes. It was accomplished by paying the consultant fees and alleged expense reimbursements. The consultant used this money as a slush fund to make bribe payments in the form of cash, meals, or gifts to HCPs to secure favorable treatment for Soliris. Certain Alexion Turkey employees recorded these payments inaccurately in the books and records. In one of the most improbable scenarios recently seen in a FCPA enforcement action, one “Alexion Turkey manager directed that the description of the Consultant’s claimed expenses should be written in pencil. The use of pencil would allow the description of the expenses to be easily changed or concealed.” HCPs were paid over $100,000 and Alexion Turkey made some $7.5 million in ill-gotten gains as a result.

In Russia, Soliris was also sold through the NPS process and reimbursed through regional healthcare reimbursements. To obtain approval for these reimbursements, various regions were required allocate funds to Soliris from regional healthcare budgets. Alexion Russia paid HCPs employed at state-owned healthcare institutions for services, including research, consulting on specific topics, and hosting educational events and activities. These payments were fraudulent and inaccurately recording in the entity’s books and records.

Moreover, certain state-employed HCPs also served in official roles at the regional and federal levels of the Russian government healthcare system. These HCPs provided expert opinions regarding the allocation of regional healthcare budgets and the regulatory treatment of Soliris. Alexion Russia made over $1 million in payments to these HCPs, which included funds paid to influence the HCPs to take positions favorable to Alexion Russia in connection with regional budget allocations, to increase the number of approved Soliris prescriptions, and to favorably influence the regulatory treatment of Soliris. These payments were recorded inaccurately in their books and records as honoraria, educational expenses, business meeting expenses, and scientific research. In Russia there was over $1.3 million in bribes paid and the resulting ill-gotten gain by the company was over $7.5 million.

Finally, there were bribery schemes involving Alexion Brazil and Alexion Colombia. They created or directed third parties to create inaccurate financial records concerning payments to third parties, including patient advocacy organizations (“PAOs”). In one instance, Alexion Brazil caused a PAO to pay for the manager’s personal expenses for alcohol and personal travel. To fund this bribe, they had the corrupt manager submit a fictitious invoice, which was then reimbursed by Alexion Brazil. As the quid pro quo, the corrupt manager and an employee in Alexion Brazil submitted grant requests to Alexion’s global grant review committee that misstated how the requested funds would be allocated to the different activities covered in the grant request.

In Alexion Colombia, a senior manager “directed a PAO to submit an invoice that falsely described that the funds would be used for “legal support” services. This inaccurate invoice allowed Alexion Colombia to approve the payment locally instead of obtaining approval for the payment through the global grant process, as required by Alexion’s policies.” Both Alexion Brazil and Alexion Colombia failed to maintain accurate books and records of its financial transactions involving payments to third parties. The Order went on to state, “Notably, both subsidiaries failed to regularly maintain certain documents underlying a substantial number of financial transactions. Finally, when they were caught, Alexion allowed Alexion Brazil to destroy relevant documents demonstrating the fraud.”

Tomorrow I will consider how data analytics could have been used to both detect and prevent these bribery schemes and provide some lessons to be garnered by the compliance professional.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2020