8 steps to evaluate risks of bribery and corruption

The recently implemented U.K. Bribery Act and reinvigoration of the U.S. Foreign Corrupt Practices Act have placed pharmaceutical companies and all businesses on notice. Here’s practical help for conducting risk assessments, developing global policies, employee training, monitoring, due diligence on third parties and more.

Not so long ago, pharmaceutical industry sales representatives commonly plied health care providers with golf outings and extravagant gifts. In 2006, I conducted an investigation at a multinational pharmaceutical company in Japan. The company’s compliance team and I conducted interviews with at least 20 sales reps who allegedly had bribed doctors to prescribe the company’s products. We discovered that the company had implemented and trained its employees on anti-bribery policies, but it never effectively adopted those policies and so didn’t weave them into the culture. As the review unfolded, it was evident that leadership didn’t fully embrace anti-bribery policies. The sales reps’ comments confirmed our suspicions that management didn’t have an anti-bribery mindset: “Leadership told me to do it; therefore I did.”    

Anti-bribery and anti-corruption (ABAC) compliance is becoming a necessity for the world’s pharmaceutical industry because of a number of factors, including but not limited to:  

• Pharmaceutical companies are increasingly finding themselves doing business in some of the world’s poorest countries, which lack necessary infrastructure and controls to combat corruption. 
• The U.S., under the Foreign Corrupt Practices Act (FCPA), and the U.K., under the recently implemented Bribery Act, are prosecuting more organizations for international bribery.
• The U.S., which is aggressively asserting jurisdiction over companies whose principal place of business is outside of the country, is finding more cross-border cooperation. 
• The Organisation for Economic Co-operation and Development (OECD) member companies are increasingly enforcing anti-corruption statutes.
• Non-governmental organizations, such as Transparency International, have increased global awareness of the societal costs of corruption, especially as it affects the world’s poorest societies.
• Health care professionals (HCPs) or health fund administrators in many countries are often employees of governments or work at public institutions, which may define them as “public officials” under many bribery laws.
• Pharmaceutical companies have significantly limited benefits provided to HCPs over the years; however, in some countries, it’s often a standard business practice.
• Multinational pharmaceutical companies entering into new markets often use third parties such as distributors or contract sales forces because they don’t have sufficient resources with language and business fluency, business networks or supply chains to sell directly.
• The uptick in co-marketing/co-promotion and joint-venture arrangements are increasing the need for holistic approaches among different companies.

Therefore, an out-of-sight, out-of-mind approach to ABAC compliance can lead to very serious consequences. Under these regulations, for example, a government can prosecute a party that had no “knowledge” of corrupt payments if the company was aware of potential warning signs or red flags and consciously failed to conduct adequate due diligence to prevent or fix any possible problems.

HOT TARGET AREAS 

Many specific activities, which occur daily within the pharmaceutical industry, pose substantial compliance risks. Here are some examples of critical areas: 

• Fee-for-service payments to HCPs.
• Educational grants and sponsorships.
• Research grants.
• Clinical research and publication of clinical trials.
• Charitable donations and community support activities.
• Travel and entertainment expenses.
• Consultant meetings and use of consultants.
• Employment of agents.
• Support for third-party medical meetings and conferences.
• Company-sponsored educational and promotional meetings.
• Gifts or other items of value provided to HCPs.

Pharmaceutical companies are now struggling to understand how these ABAC laws affect them and what they can do to address compliance risk. While some companies are still reacting to the growing volume of warnings, many companies have already designed and implemented successful programs that effectively mitigate ABAC risk.   

Here are elements of what I see as leading practices for many companies:

1. KNOW AND UNDERSTAND THE U.S. FCPA AND THE U.K. BRIBERY ACT 

The FCPA makes it unlawful for U.S. citizens and companies to pay bribes to foreign government officials to obtain or retain business or receive any improper advantage. The FCPA prohibits direct and indirect bribe paying through third parties and also requires U.S. and non-U.S. companies with securities listed in the U.S. to meet its accounting provisions.

The accounting provisions of the FCPA, which are designed to operate along with its anti-bribery provisions, require issuers to make and keep detailed books and records that accurately reflect the transactions of the corporation and to maintain an adequate system of internal accounting controls.

The U.K. Bribery Act includes four offenses: 1) offering, promising or giving a bribe 2) requesting, agreeing, receiving or accepting a bribe 3) bribing a foreign public official and 4) being a corporate organization and failing to put into place adequate procedures to prevent bribery.

The FCPA has proved to have broad jurisdictional reach; however, the Bribery Act appears to have an even broader jurisdictional nexus than the FCPA because it covers any act committed globally by any commercial organization that conducts business in the U.K. Also, the Bribery Act explicitly prohibits commercial bribery and doesn’t include an exception for facilitating payments.

Read all the nuances and differences at the SEC’s “Spotlight on Foreign Corrupt Practices Act,” and Transparency International UK’s “Adequate Procedures Guidance.”  

2. CONDUCT AN ABAC RISK ASSESSMENT

An ABAC program should focus on the specific risks of corruption and bribery facing the company. These risks are derived from the nature of the operations, the degree of business with government entities, its use of agents and third parties, business locations and company size. An ABAC risk assessment will allow the company to appropriately prioritize risks and place itself in a position, should unforeseen issues arise, to demonstrate that it used due care in assessing its risk. Take additional risk assessments periodically to ensure that the program is meeting new risks and challenges as the business and regulatory environments change.

3. DEVELOP A GLOBAL ABAC POLICY 

The global compliance policy for multinational companies should be a clear statement of the company’s position that it won’t tolerate governmental and commercial bribery. It should require each region to develop ABAC policies that are tailored to their local regulations. The policy also should provide operational guidelines for achieving compliance and address issues such as:  

• Bribery of government officials.
• Commercial bribery.
• Facilitating payments.
• Travel expenses. 
• Gifts and entertainment.
• Controls around cash and other high-risk transactions.
• Third-party due diligence.
• Due diligence in mergers and acquisitions. 
• Use of third-party agents, consultants and other intermediaries. 
• Accuracy of financial reporting.
• Audits of internal controls. 

Distribute the global ABAC policy to all employees, translate into all appropriate languages and post it on the company’s internal website with other compliance-related policies. The policy should allow individuals to recognize or avoid problem situations and encourage all employees and third parties to seek guidance and report violations. 

• Does your company plan to use subcontractors or individuals other than your own employees to perform services under the proposed agreement? If yes, will they subcontract out certain services?
• Please list each person, company or entity having 10 percent or more ownership in your company.
• List all officers and directors of your company.
• List the managers of your company who will be principally responsible for performing under the proposed agreement.
• Are any individuals principally responsible for performing under the proposed agreement either a government official or have a familial relationship with a government official?
• If yes to the above, do any individuals have any decision-making authority or involvement as part of their job or position that could relate to the award or retention of business to the company?

Include ABAC contractual provisions
For third parties that your company may deem as higher risk, consider including ABAC provisions in the contracts that include:
 

• Compliance with local law and the company’s ABAC policies.
• Disclosure of all foreign government officials who are directors, officers or employees and any relatives that may be foreign government officials.
• Right of the company to terminate the contract and withhold payment if contract terms are violated.
• Right to audit the vendor’s books and records.
• Requirement that payment be made to a bank account in the vendor’s name and in the country where the vendor is located and not offshore or in a tax haven jurisdiction.
• Maintenance of accurate and detailed books and records.
• Certifications of compliance.

Train third parties
The company can require vendors to undergo company-sponsored training on its ABAC policies. Tie these policies to the company’s procurement processes and update appropriately.

Exercise the right to audit
Require a written contract with ABAC representations and warranties that demand the right to audit the vendor for compliance. For example, it might be necessary to devise special processes for review and approval of payments when the company needs to perform enhanced due diligence for particularly high-risk vendors. 

These processes may include submission of required supporting documentation for a payment, review and analysis of invoice details and contract terms, and review of whether the legal or compliance department appropriately reviewed the payment. The scope of audits can include the review of these vendor payments and the required supporting documentation. Audits can also include the inclusion of ABAC contractual provisions and whether training has been certified. 

Incorporate a policy on ABAC due diligence in any contemplated merger, acquisition or joint venture. Include statements accurately disclosing any past ABAC violations in the seller’s representations and warranties related to the transaction or as part of the merger or joint venture contract. Also address future compliance with ABAC policies in the contract and conduct post-merger due diligence reviews.

7. BUILD ABAC FINANCIAL CONTROLS INTO STANDARD PROCEDURES

Consider implementing specific ABAC financial controls around high-risk operations and processes. Focus these controls on high-corruption risk areas such as transactions with government customers, procure-to-pay, cash, petty cash, gifts, meals and entertainment. These heightened financial controls, which are focused on deterring and detecting illicit payments, can be a critical firewall in avoiding ABAC books and records violations.

Earlier in my career, I conducted an investigation in Brazil in which a company asked our team to review journal entries from various accounts on the company’s general ledger. I was shocked to see so many accounts with unclear and potentially problematic names, such as “miscellaneous” or “cash” accounts. As we looked deeper at the specific transactions within these accounts, we saw, in the transaction detail field, terms such as “facilitation payment,” “cash payment for customs” and even “bribe” (in both English and Portuguese).

8. CERTIFY COMPLIANCE 

Many companies have formal programs to certify and re-certify senior employees regularly on FCPA compliance that serve as continuing reminders of employee’s compliance responsibility. Certification processes also may identify issues that otherwise might not have surfaced.

JUST A START

These guidelines can provide a good starting point as you begin to create and implement your ABAC program. However, simply establishing an ABAC compliance program isn’t the solution for preventing fraud and corruption within your company. Such programs need constant reinforcement, monitoring and updating as business and regulations change.  

DISCLAIMER: This article, which reflects the thoughts of the author, is for educational and informational purposes only and does not constitute legal advice. If you need legal advice, please contact a licensed attorney.

Melanie Trinidad, Esq., CFE, is an associate director with Eisai Inc. in Woodcliff Lake, N.J. 

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or ACFE.com. Permission of the publisher is required before an article can be copied or reproduced.