- The Corruption Conundrum: Medtech Companies and the FCPA in Emerging Markets
- August 3, 2010 | Author: George D. Martin
- Law Firm: Faegre & Benson LLP - Minneapolis Office
Criminal prosecution of individuals and multi-million dollar sanctions imposed upon companies for violations of the U.S. Foreign Corrupt Practices Act (FCPA) are at unprecedented levels. And this is only the beginning. U.S. enforcement authorities have made clear that more resources and information sharing than ever will be dedicated to finding and punishing violations of the FCPA worldwide. Medical technology companies engaged in international business are at particular risk and are well advised to be proactive—immediately—by re-examining (or adopting, as the case may be) a rigorous FCPA compliance program with the best practices and internal controls necessary to mitigate the significant legal exposure and reputational risk arising out of doing business internationally and presented by the FCPA. Deferring a comprehensive risk assessment and tailored compliance program in this enforcement environment is inadvisable.
Medical device, medical supply and other medtech companies increasingly view penetration of international markets as a strategic imperative. Emerging markets such as China, India, Russia, Brazil and others in the Middle East offer tantalizing revenue possibilities. Foreign government spending on stimulus packages and massive government investment to improve the health care industry create enticing opportunities. At the same time, however, the extensive foreign government ownership in such markets creates peril for all companies subject to the FCPA—especially those unprepared to deal with the realities of how business is often conducted there. The U.S. regulators understand the role played by foreign government instrumentalities in their health care systems and the widespread corruption prevalent in emerging markets. As a result, they have the U.S. medical technology industry, among others, in their sights.
But is this relatively recent saber-rattling by the U.S. Securities & Exchange Commission (SEC) and U.S. Department of Justice (DOJ) simply the latest beltway enforcement fad that soon will pass? Is the recent attention being paid to the FCPA by lawyers and accountants just a predatory attempt to frighten unsuspecting clients to gin-up more work at a time when professional services industries are experiencing pressures of their own? Can a U.S. company find shelter by utilizing multiple layers of distributors to deny culpability and avoid FCPA liability? The answer to all of the above questions is, regrettably, no. The risks are real, the expectations for compliance are substantive and the penalties for non-compliance are severe.
The FCPA at its core makes it unlawful to offer, pay or give anything of value, directly or indirectly, to any foreign official for the purpose of wrongfully obtaining or retaining any business or securing any business advantage. The FCPA applies to U.S. "issuers" and "domestic concerns." In addition to the anti-bribery aspects of the FCPA, books and records and financial controls requirements are imposed upon "issuers."
The statute extends liability to domestic concerns that make corrupt payments "to any person" knowing that all or a portion of such payment is later going to be made to a foreign official for the purpose of influencing an act or decision of that official in order to assist in obtaining or retaining business. Knowledge can be actual or constructive. (That is, one cannot ignore red flags, bury one's head in the sand and plead ignorance.). "Any person" includes foreign subsidiaries and other third parties, such as agents, consultants, distributors, and joint venture partners. (What one may not do directly, one may not do indirectly.) "Foreign officials" include even low level procurement employees at partially state-owned companies—as well as hospitals, clinics, universities and other instrumentalities of the foreign government. (Coverage extends to dealings with persons holding a status far below a high level foreign government dignitary.)
The DOJ, as the chief enforcement agency as to "domestic concerns," expects parties subject to the FCPA to exercise diligence and take precautions necessary to ensure that they have formed business relationships with "reputable and qualified partners and representatives". It warns that U.S. companies must be mindful of "red flags" that might indicate a prospective third party's propensity for unethical conduct, and must investigate promptly and fully any reasonable suspicions in this regard.
Although Congress' main purpose in adopting the FCPA was to eliminate corrupt business practices, the accounting provisions of the FCPA vest the SEC with broad powers in relation to the financial management and reporting requirements of corporations subject to SEC regulation. Specifically, the "books and records" provisions provide that every issuer shall "make and keep books, records, and accounts, which in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer. The "internal controls" provision requires issuers to "devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances" that transactions and assets are properly maintained.
Additionally, the SEC exercised its expanded authority under the FCPA's accounting provisions by promulgating two rules that create liability for corporations and individuals who falsify accounting records or make materially false statements to an outside auditor (specifically, Rule 13b2-1 provides that "[n]o person shall, directly, or indirectly, falsify or cause to be falsified, any book, record or account subject to section 13(b)(2)(A) of the Securities Exchange Act.").
Given all that, is it really possible for U.S. companies to buy businesses, and to do business, in countries with pervasive state ownership or control? Absolutely. But first it is important to understand the primary areas of risk to be addressed, which include:
- Acquisitions of foreign companies and U.S. companies with international sales or operations
- Joint ventures operating in non-U.S. markets
- Use of agents, distributors, consultants and other intermediaries
- International operations having company employees engaged in international business development
- Use of local statutory auditors (particularly when issuers have such jurisdictions out of their Section 404 Sarbanes-Oxley audit scope)
- A loosely defined, poorly enforced and locally administered gift, travel and entertainment policy not tailored to specific (and particularly risky) international markets
Below are recommendations to help mitigate key FCPA risks for medtech companies.
- Ensure that the "tone at the top" is clearly and consistently one that emphasizes highly ethical conduct and a culture that fully expects compliance with the law.
- Begin with an externally and independently driven FCPA risk assessment based upon the jurisdictions in which your company does business, the nature of its sales channels, end user profile, importance of government relations, and history of any complaints and any other red flags that have emerged to date.
- Require FCPA diligence in all acquisitions involving foreign companies or US companies with international operations, as well as prior to entering into any international joint ventures or similar collaborative arrangements.
- Develop a comprehensive and well documented FCPA compliance program and conduct FCPA training, worldwide, internally and externally (as appropriate) with annual compliance certifications.
- Designate a compliance officer independent of the accounting function.
- Establishing an independent internal audit function (utilizing internal or external resources).
- Train to emphasize policies regarding completion and review of expense reports.
- Monitor even international legal entities that are considered immaterial by making periodic site visits by U.S. accounting or internal audit personnel.
- Develop standard distributor and foreign sales representative agreements that include specific FCPA language and a right to audit/terminate clause. Periodically exercise the right to audit on selected resellers/distributors as a compliance monitoring tool.
- Perform due diligence on all new resellers/distributors prior to entering into any agreements.
- Establish (or review the adequacy of, as the case may be) the whistleblower process from a global perspective, including hotline language availability and emphasizing it in training. Ensure that whistleblower protection policies are in place and properly communicated.
- Immediately, objectively and independently investigate any "red flags" that emerge, as the company has a duty to investigate.
- Conscious disregard will be treated by the U.S. regulators as constructive knowledge.
- Adopt and demonstrate a zero tolerance policy for violations.
The FCPA is here to stay. Compliance expectations are high and the SEC and DOJ can be unforgiving. But complying is possible and medical technology companies can grow thriving businesses in emerging markets notwithstanding the dominant role in those economies played by foreign governments that brings into play the FCPA. Assess your FCPA risk now, adopt a best practices model for financial controls and utilize seasoned FCPA counsel to develop a comprehensive FCPA training and compliance program, with a zero tolerance policy for violations. None of this guarantees that employees, distributors and others acting on your behalf on the other side of the globe will always behave as they should. But, it will go a long way towards creating and demonstrating that your "tone at the top" is genuinely one of compliance, with a compelling story to tell based upon a defensible FCPA program if ever required to explain to the U.S. enforcement authorities, "how did that happen and how do you know it isn't happening throughout the company?"