Featured Article

8 steps to evaluate risks of bribery and corruption

Please sign in to save this to your favorites.
Date: July 1, 2013
Read Time: 11 mins
Career and Professional Development Fraud Investigation and Examination Fraud Prevention and Deterrence

The recently implemented U.K. Bribery Act and reinvigoration of the U.S. Foreign Corrupt Practices Act have placed pharmaceutical companies and all businesses on notice. Here’s practical help for conducting risk assessments, developing global policies, employee training, monitoring, due diligence on third parties and more.

Not so long ago, pharmaceutical industry sales representatives commonly plied health care providers with golf outings and extravagant gifts. In 2006, I conducted an investigation at a multinational pharmaceutical company in Japan. The company’s compliance team and I conducted interviews with at least 20 sales reps who allegedly had bribed doctors to prescribe the company’s products. We discovered that the company had implemented and trained its employees on anti-bribery policies, but it never effectively adopted those policies and so didn’t weave them into the culture. As the review unfolded, it was evident that leadership didn’t fully embrace anti-bribery policies. The sales reps’ comments confirmed our suspicions that management didn’t have an anti-bribery mindset: “Leadership told me to do it; therefore I did.”    

Anti-bribery and anti-corruption (ABAC) compliance is becoming a necessity for the world’s pharmaceutical industry because of a number of factors, including but not limited to:  

  • Pharmaceutical companies are increasingly finding themselves doing business in some of the world’s poorest countries, which lack necessary infrastructure and controls to combat corruption. 
  • The U.S., under the Foreign Corrupt Practices Act (FCPA), and the U.K., under the recently implemented Bribery Act, are prosecuting more organizations for international bribery.
  • The U.S., which is aggressively asserting jurisdiction over companies whose principal place of business is outside of the country, is finding more cross-border cooperation. 
  • The Organisation for Economic Co-operation and Development (OECD) member companies are increasingly enforcing anti-corruption statutes.
  • Non-governmental organizations, such as Transparency International, have increased global awareness of the societal costs of corruption, especially as it affects the world’s poorest societies.
  • Health care professionals (HCPs) or health fund administrators in many countries are often employees of governments or work at public institutions, which may define them as “public officials” under many bribery laws.
  • Pharmaceutical companies have significantly limited benefits provided to HCPs over the years; however, in some countries, it’s often a standard business practice.
  • Multinational pharmaceutical companies entering into new markets often use third parties such as distributors or contract sales forces because they don’t have sufficient resources with language and business fluency, business networks or supply chains to sell directly.
  • The uptick in co-marketing/co-promotion and joint-venture arrangements are increasing the need for holistic approaches among different companies.
All global pharmaceutical companies, as well as many businesses in all other industries, must be cognizant that they’re subject to global laws, such as the FCPA and the Bribery Act. Prosecutors also are extending investigations of one company to its competitors in the industry or geographic area to discover possible widespread bad behavior. 

Therefore, an out-of-sight, out-of-mind approach to ABAC compliance can lead to very serious consequences. Under these regulations, for example, a government can prosecute a party that had no “knowledge” of corrupt payments if the company was aware of potential warning signs or red flags and consciously failed to conduct adequate due diligence to prevent or fix any possible problems.

HOT TARGET AREAS 

Many specific activities, which occur daily within the pharmaceutical industry, pose substantial compliance risks. Here are some examples of critical areas: 

  • Fee-for-service payments to HCPs.
  • Educational grants and sponsorships.
  • Research grants.
  • Clinical research and publication of clinical trials.
  • Charitable donations and community support activities.
  • Travel and entertainment expenses.
  • Consultant meetings and use of consultants.
  • Employment of agents.
  • Support for third-party medical meetings and conferences.
  • Company-sponsored educational and promotional meetings.
  • Gifts or other items of value provided to HCPs.

Pharmaceutical companies are now struggling to understand how these ABAC laws affect them and what they can do to address compliance risk. While some companies are still reacting to the growing volume of warnings, many companies have already designed and implemented successful programs that effectively mitigate ABAC risk.   


Here are elements of what I see as leading practices for many companies:

1. KNOW AND UNDERSTAND THE U.S. FCPA AND THE U.K. BRIBERY ACT 

The FCPA makes it unlawful for U.S. citizens and companies to pay bribes to foreign government officials to obtain or retain business or receive any improper advantage. The FCPA prohibits direct and indirect bribe paying through third parties and also requires U.S. and non-U.S. companies with securities listed in the U.S. to meet its accounting provisions.

The accounting provisions of the FCPA, which are designed to operate along with its anti-bribery provisions, require issuers to make and keep detailed books and records that accurately reflect the transactions of the corporation and to maintain an adequate system of internal accounting controls.

The U.K. Bribery Act includes four offenses: 1) offering, promising or giving a bribe 2) requesting, agreeing, receiving or accepting a bribe 3) bribing a foreign public official and 4) being a corporate organization and failing to put into place adequate procedures to prevent bribery.

The FCPA has proved to have broad jurisdictional reach; however, the Bribery Act appears to have an even broader jurisdictional nexus than the FCPA because it covers any act committed globally by any commercial organization that conducts business in the U.K. Also, the Bribery Act explicitly prohibits commercial bribery and doesn’t include an exception for facilitating payments.

Read all the nuances and differences at the SEC’s “Spotlight on Foreign Corrupt Practices Act,” and Transparency International UK’s “Adequate Procedures Guidance.”  

2. CONDUCT AN ABAC RISK ASSESSMENT

An ABAC program should focus on the specific risks of corruption and bribery facing the company. These risks are derived from the nature of the operations, the degree of business with government entities, its use of agents and third parties, business locations and company size. An ABAC risk assessment will allow the company to appropriately prioritize risks and place itself in a position, should unforeseen issues arise, to demonstrate that it used due care in assessing its risk. Take additional risk assessments periodically to ensure that the program is meeting new risks and challenges as the business and regulatory environments change.

3. DEVELOP A GLOBAL ABAC POLICY 

The global compliance policy for multinational companies should be a clear statement of the company’s position that it won’t tolerate governmental and commercial bribery. It should require each region to develop ABAC policies that are tailored to their local regulations. The policy also should provide operational guidelines for achieving compliance and address issues such as:  

  • Bribery of government officials.
  • Commercial bribery.
  • Facilitating payments.
  • Travel expenses. 
  • Gifts and entertainment.
  • Controls around cash and other high-risk transactions.
  • Third-party due diligence.
  • Due diligence in mergers and acquisitions. 
  • Use of third-party agents, consultants and other intermediaries. 
  • Accuracy of financial reporting.
  • Audits of internal controls. 

Distribute the global ABAC policy to all employees, translate into all appropriate languages and post it on the company’s internal website with other compliance-related policies. The policy should allow individuals to recognize or avoid problem situations and encourage all employees and third parties to seek guidance and report violations. 

4. TRAIN AND EDUCATE ALL EMPLOYEES AND THIRD PARTIES ON ABAC POLICIES 

Training is really the key in launching a successful ABAC program. At a minimum, every person in a position to obtain business through bribery or other improper means should receive anti-corruption compliance training. Also consider training all legal, internal audit, accounting and financial employees. This is especially true for multinational companies that have operations in countries that have a history of corruption.

Consider a mixture of live training for targeted and senior employees and web-based training for all other employees. Conduct enhanced training for senior management and employees in finance, legal, internal audit, sales, marketing and procurement. Legal counsel should review and approve the training to meet the company’s ABAC risks.

Update the training and provide it to new or transitioning employees. Track and certify employees’ understanding of the policies. Ensure that you communicate your company’s procedures for reporting potential violations and that employees don’t have to fear retribution.

A colleague recently told me about a great example of good employee training. A marketing employee at a pharmaceutical company, who had retained a physician as a consultant, was faced with a difficult situation. The physician requested a first class ticket for a business trip, which was against company policy. When the employee refused, the physician threatened to cancel the contract if he didn’t get the top airline ticket. This isn’t your typical scenario covered under anti-bribery training, but the marketing employee was trained well enough to raise the issue to the compliance department.

5. MONITOR COMPLIANCE

Design ABAC compliance monitoring based upon risks the company faces and then test existing controls to mitigate those risks. Internal audit or the compliance department should monitor the activities routinely based on the relative likelihood of ABAC violations to identify any potential variations.

Monitoring activities are a powerful deterrent. They send the tone-at-the-top message that senior management is committed to compliance. Employees with relevant skill sets and training should conduct the audits. Employees with the CFE credential, forensic accounting training, and anti-bribery and anti-corruption experience are particularly needed to effectively identify risk. Appropriate follow-up and disciplinary action are crucial to creating an anti-corruption culture. For example, conduct timely follow-up investigations when issues arise or when policies or controls need improvement.

6. CONDUCT THIRD-PARTY DUE DILIGENCE

Create policies to govern the retention of agents, consultants, commercial sales representatives and other third parties to address the risk that they may pay or offer to pay bribes on the company’s behalf. In Department of Justice Opinion Procedure Release 08-02, the U.S. government stated that organizations should develop and implement “… a comprehensive, risk based FCPA and anti-corruption due diligence work plan which will address, among other things, the use of agents and other third parties; commercial dealings with state-owned customers; any joint venture, teaming or consortium arrangements; customs and immigration matters; tax matters; and any government licenses and permits. Such work plan will organize the due diligence effort into high risk, medium risk and lowest risk elements.”

After conducting this risk assessment and prioritizing third parties, following are additional activities a company can take to mitigate ABAC risks:

Conduct pre-contract due diligence
Implement a robust approval process for hiring vendors. As part of this approval process, consider requesting the vendor to complete a questionnaire focusing on ABAC risks and running background checks before retaining the vendor. Some key questions to ask vendors include, but aren’t limited to, the following:  
  • Does your company plan to use subcontractors or individuals other than your own employees to perform services under the proposed agreement? If yes, will they subcontract out certain services?
  • Please list each person, company or entity having 10 percent or more ownership in your company.
  • List all officers and directors of your company.
  • List the managers of your company who will be principally responsible for performing under the proposed agreement.
  • Are any individuals principally responsible for performing under the proposed agreement either a government official or have a familial relationship with a government official?
  • If yes to the above, do any individuals have any decision-making authority or involvement as part of their job or position that could relate to the award or retention of business to the company?

Include ABAC contractual provisions
For third parties that your company may deem as higher risk, consider including ABAC provisions in the contracts that include:
 

  • Compliance with local law and the company’s ABAC policies.
  • Disclosure of all foreign government officials who are directors, officers or employees and any relatives that may be foreign government officials.
  • Right of the company to terminate the contract and withhold payment if contract terms are violated.
  • Right to audit the vendor’s books and records.
  • Requirement that payment be made to a bank account in the vendor’s name and in the country where the vendor is located and not offshore or in a tax haven jurisdiction.
  • Maintenance of accurate and detailed books and records.
  • Certifications of compliance.

Train third parties
The company can require vendors to undergo company-sponsored training on its ABAC policies. Tie these policies to the company’s procurement processes and update appropriately.

Exercise the right to audit
Require a written contract with ABAC representations and warranties that demand the right to audit the vendor for compliance. For example, it might be necessary to devise special processes for review and approval of payments when the company needs to perform enhanced due diligence for particularly high-risk vendors. 

These processes may include submission of required supporting documentation for a payment, review and analysis of invoice details and contract terms, and review of whether the legal or compliance department appropriately reviewed the payment. The scope of audits can include the review of these vendor payments and the required supporting documentation. Audits can also include the inclusion of ABAC contractual provisions and whether training has been certified. 

Incorporate a policy on ABAC due diligence in any contemplated merger, acquisition or joint venture. Include statements accurately disclosing any past ABAC violations in the seller’s representations and warranties related to the transaction or as part of the merger or joint venture contract. Also address future compliance with ABAC policies in the contract and conduct post-merger due diligence reviews.

7. BUILD ABAC FINANCIAL CONTROLS INTO STANDARD PROCEDURES

Consider implementing specific ABAC financial controls around high-risk operations and processes. Focus these controls on high-corruption risk areas such as transactions with government customers, procure-to-pay, cash, petty cash, gifts, meals and entertainment. These heightened financial controls, which are focused on deterring and detecting illicit payments, can be a critical firewall in avoiding ABAC books and records violations.

Earlier in my career, I conducted an investigation in Brazil in which a company asked our team to review journal entries from various accounts on the company’s general ledger. I was shocked to see so many accounts with unclear and potentially problematic names, such as “miscellaneous” or “cash” accounts. As we looked deeper at the specific transactions within these accounts, we saw, in the transaction detail field, terms such as “facilitation payment,” “cash payment for customs” and even “bribe” (in both English and Portuguese).

8. CERTIFY COMPLIANCE 

Many companies have formal programs to certify and re-certify senior employees regularly on FCPA compliance that serve as continuing reminders of employee’s compliance responsibility. Certification processes also may identify issues that otherwise might not have surfaced.

JUST A START

These guidelines can provide a good starting point as you begin to create and implement your ABAC program. However, simply establishing an ABAC compliance program isn’t the solution for preventing fraud and corruption within your company. Such programs need constant reinforcement, monitoring and updating as business and regulations change.  

DISCLAIMER: This article, which reflects the thoughts of the author, is for educational and informational purposes only and does not constitute legal advice. If you need legal advice, please contact a licensed attorney.

Melanie Trinidad, Esq., CFE, is an associate director with Eisai Inc. in Woodcliff Lake, N.J. 

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or ACFE.com. Permission of the publisher is required before an article can be copied or reproduced.

Ad

Begin Your Free 30-Day Trial

Unlock full access to Fraud Magazine and explore in-depth articles on the latest trends in fraud prevention and detection.

Learn More Already a member? Sign In

You May Also Like