U.S. Securities and Exchange Commission (SEC) Enforcement Chief Andrew Ceresney’s remarks at CBI’s recent Pharmaceutical Compliance Congress highlight some key learning points for those in the pharmaceutical industry. Perhaps most notable is the fact that Mr. Ceresney was at the conference at all.
His presence signals a continued, intense focus on the pharmaceutical industry, which may well join the ranks of aerospace and defense and oil and gas as an object of regulators’ permanent corruption enforcement scrutiny. This is not because of any wanton disregard for the rule of law, but because, similar to aerospace and defense and oil and gas, “pharma” is inextricably linked to foreign officials owing to the prevalence of state ownership globally, particularly in overseas health systems.
In his remarks, Mr. Ceresney offered a fair amount of detail on corruption risk and anti-corruption controls that the SEC deems critical. Companies interested in advancing their anti-corruption compliance programs should pay close attention to these details. Chief among them are the factors that drive corruption risk, and the need for strong internal controls and requisite accuracy in public disclosures —specifically, those involving dealings with the Federal Drug Administration (FDA).
As the pharmaceutical industry has seen its fair share of Foreign Corrupt Practices Act (FCPA) enforcement activity in the past few years, these matters certainly aren’t new. However, the lessons continue to be a powerful reminder that a strong commitment and investment in compliance on the front end can help mitigate costly violations on the back end.
Factors that drive corruption risk
What creates heightened vulnerability to bribery and corruption for the pharmaceutical industry? Mr. Ceresney pointed out that the very nature of recurring interaction with overseas public hospital personnel – “foreign officials,” for the purposes of FCPA enforcement – can create heightened opportunities for the payment of bribes in exchange for the prescription of certain medications or medical products.
These “pay-to-prescribe schemes” involve varying types of improper compensation or reward to foreign officials in exchange for business. Making illicit payments – either directly or indirectly to foreign officials – in order for products to be included on approved lists or formularies is another hot-button issue. “Being on the list” is a market necessity for pharmaceutical and medical device companies; unfortunately, this creates an incentive for bad behavior in countries where bribery and corruption are commonplace.
Finally, the global philanthropy of the pharmaceutical industry — which is having a significant and positive impact in developing and emerging markets — has also created a conduit for noncompliance.
So, what can – and should – companies do to help mitigate these issues? Some simple tips include:
- Developing a more thorough understanding of everyday “touch points” with foreign officials.
- Considering bribery and corruption schemes explicitly in risk assessment activities.
- Monitoring payments and activities involving formulary applications and approvals for government reimbursement listings, including review of gifts, meals and entertainment of employees involved in such matters.
- Conducting thorough due diligence of recipients prior to payment of charitable donations, including the award of products, grants and honorariums.
The need for strong internal controls
How robust is the internal control framework designed to evaluate, mitigate and monitor corruption risk? Mr. Ceresney noted the importance of internal controls in creating a strong foundation not only for financial reporting, but also for the prevention of fraud. While many companies may say that “we comply with Sarbanes-Oxley (SOX), it’s all good,” the real challenge is in understanding the design and operating effectiveness of internal controls in “non-SOX” locations.
Such operations may not be material to an organization’s financial statements. However, they are often “ground zero” for compliance violations because they exist in countries with some level of “culturally accepted corruption” and have not received the same level of review as locations subject to management’s SOX evaluation. Recent enforcement action includes cases predicated on internal controls violations; this trend is expected to continue.
So, how can organizations help ensure they have a strong internal control framework that reinforces management’s ethical commitment, especially its prohibition against bribery in its business practices? Simply put, they must apply greater skepticism to, and scrutiny of, financial, operational and compliance processes utilizing a risk-based approach that inherently considers fraud within the organization, and consider particularly the potential for bribery and corruption in both commercial and government-related activities.
Accuracy in public disclosures
Why are public disclosures meant to be more than just an artful corporate creative writing exercise? At CBI’s Pharmaceutical Compliance Congress, Mr. Ceresney suggested that dealings with the FDA are mission-critical to the pharmaceutical industry, which makes the accuracy and timeliness of such information important to investors.
Pharmaceutical and medical device companies should note that Principle 8 of the Internal Control – Integrated Framework, released in May 2013 by the Committee of Sponsoring Organizations of the Treadway Commission (COSO 2013), highlights “fraudulent non-financial reporting” as an area of fraud typically considered by management during a risk assessment. Here again, recent enforcement actions provide a road map for fraud scenarios – these involving intentionally misleading information about FDA filings – that can be applied across the pharmaceutical industry.
Clearly, regulatory enforcement actions have provided the pharmaceutical industry with costly examples of the need for robust compliance programs which are founded on a solid internal control framework designed to prevent and detect fraud especially bribery and corruption. These experiences provide a clear blueprint for meaningful action by management who must proactively address the vulnerabilities to fraud common to pharmaceutical and medical device companies.
How well industry players – star pupils among the Fortune 500 – are paying attention to these history lessons may best be seen in the volume and type of future enforcement activity.