FCPA Compliance Tips for the Pharmaceutical/Medical Device Company’s Compliance Officer

The pharmaceutical and medical device industries are extremely vulnerable to Foreign Corrupt Practices Act (“FCPA”) investigations and prosecutions because most companies that research, develop, test or sell pharmaceutical products or medical devices overseas interact with foreign officials on a regular basis. Three years ago, the U.S. Department of Justice indicated that FCPA compliance in the pharmaceutical and medical device industries would be an enforcement priority for the agency. The Department has made good on its word, initiating FCPA-related inquiries of multiple pharmaceutical and medical device companies, and the pace of FCPA inquiries in this area is accelerating.

Several factors increase the FCPA risk for pharmaceutical and medical device companies: (i) a majority of health systems outside of the U.S. are regulated by local governments, which tend to play a more active role as participants in those health systems; (ii) the pharmaceutical and medical device industries outside the U.S. is growing at a very significant rate, especially in countries with a high corruption index (as measured by groups like Transparency International); (iii) pharmaceutical and medical device companies make significant use of distributors, agents and other third parties in their international operations; and (iv) a large, and increasing, number of clinical trials are being conducted outside of the United States.


The FCPA makes it unlawful for a business or individual “corruptly” to offer, pay, promise to pay, or authorize payment of anything of value to a “foreign official” for the purpose of obtaining or retaining business or securing any improper business advantage. The definition of “foreign official,” as discussed below, has presented problems generally, and for the pharmaceutical and medical device industries specifically.

The Act covers U.S. citizens, companies based in the U.S. and any non-U.S. company with operations in this country and that makes use of U.S. foreign or interstate commerce. In many circumstances, actions by a company employee or representative in another country can result in the U.S. parent or affiliate being accused of violating the FCPA. This “knowledge” standard, also discussed below, also has presented problems for the pharmaceutical and medical device industries.

The FCPA also proscribes failure to meet specified recordkeeping and internal control requirements for publicly traded and privately held pharmaceutical and medical device companies.

Penalties for Non-Compliance

Violations of the FCPA’s antibribery provisions expose companies to criminal fines of up to $2 million per violation. Individuals face up to five years’ imprisonment and criminal fines of up to $100,000 per violation. Over the past year, aggregate fines and penalties assessed to companies in connection with FCPA violations have averaged over $18 million per violation, since the Justice Department believes that each corrupt act is a separate violation of the Act. Criminal violations of the FCPA’s books and records provisions by a company are subject to a fine of up to $25 million. Individuals face up to a $5 million fine and 20 years’ imprisonment for criminal books and records violations. In addition, for publicly-traded pharmaceutical and medical device companies, the Securities and Exchange Commission has authority under the FCPA to impose civil penalties of up to $10,000 per violation of the books and records provisions.

FCPA investigations can generate negative publicity, trigger significant legal fees, and provide a basis for derivative lawsuits. For example, in late 2011, SciClone Pharmaceuticals Inc. and its shareholders settled a FCPA derivative lawsuit, whereby the company paid $2.5 million in attorneys’ fees and agreed to implement and maintain an extensive FCPA compliance program. The amount of potential fines and penalties against SciClone is still to be determined.

FCPA investigations and prosecutions, in general and for the pharmaceutical and medical device industries specifically, remain a top enforcement priority for the Department of Justice. The number of FCPA cases has skyrocketed over the past three years with financial penalties reaching new heights. Earlier this month, an indirect, wholly-owned subsidiary of Pfizer Inc. entered into a deferred prosecution agreement with the Justice Department related to FCPA violations in Eastern Europe wherein the subsidiary paid a fine of $15 million. In April 20011, Johnson & Johnson, paid more than $79 million in penalties to the Justice Department and the Securities and Exchange Commission for FCPA violations.
FCPA investigations also are targeting foreign companies through their US affiliates. Cooperation among various nations’ enforcement entities is increasing, with increased information sharing among enforcement agencies and joint antibribery prosecutions

Tips to Minimize Risk

Here are some tips to help pharmaceutical and medical device company compliance officers sleep at night. First, recognize the broad scope of the term “Foreign Officials.” The FCPA focuses on offers and payments to “foreign officials.” Government ministers, administrators and ministers such as those within a country’s customs agency, pharmaceuticals/medical device regulatory agency, and health ministry fit squarely within the FCPA’s definition of “foreign official.” Identifying other “foreign officials” within the scope of the FCPA, however, can be a challenge. The Justice Department looks at the degree to which an entity is controlled by a foreign government, not whether the entity provides a traditional government service. Therefore, in the Justice Department’s view, doctors, pharmacists, lab technicians, and other health professionals at state-owned facilities are “foreign officials.” The Justice Department also takes the view that the term “foreign official” applies to any employee of a state-owned facility, regardless of seniority or rank.

As stated by Lanny Breuer, the Assistant Attorney General for the Criminal Division of the US Department of Justice, “it is entirely possible, under certain circumstances and in certain countries, that nearly every aspect of the approval, manufacture, import, export, pricing, sale and marketing of a drug product in a foreign country will involve a ‘foreign official’ within the meaning of the FCPA.”

Compliance officers should verify the level of government control over potential clients and customers, and should assume (as a default position) that all employees of foreign health care providers are “foreign officials.”

Second, a pharmaceutical or medical device company’s operations involving affiliates, agents and other third parties can expand its FCPA exposure. Under the FCPA, a company may be held liable for the actions of others, even without actual knowledge of the violation. The relevant standard includes actions taken with “actual knowledge” of the intended results, as well as actions taken with a “conscious disregard” or “willful blindness” to circumstances that would reasonably alert an individual to violations of the Act. Payments made to foreign officials through third parties violate the FCPA in the same manner as direct payments by a company employee. Therefore, a pharmaceutical company must monitor the actions of every affiliate, agent and third party providing services to it. Comprehensive due diligence in the contracting process, insistence upon compliance with the FCPA’s requirements (and the company’s FCPA compliance program), and ongoing training and certification are crucial to mitigating this kind of FCPA risk.

Third, pharmaceutical and medical device companies should develop and distribute to their employees and agents a written policy and procedure specifying the company’s FCPA compliance policy. The compliance policy should be translated into the local language(s) of each jurisdiction in which the company operates. As part of the compliance program’s upkeep, the company should provide annual training on the FCPA and the company’s obligations, and should specify attendance and certification requirements. Further, a company should conduct realistic risk assessments that consider a jurisdiction’s bribery reputation, the company’s operations in that jurisdiction, and the nature and frequency of interactions with “foreign officials” in that jurisdiction.

Fourth, pharmaceutical and medical device companies also should develop and rigorously use standardized documentation and contractual terms for foreign agents, representatives, consultants, distributors, and clinical research organizations (referred to as “third parties” in this article). Those terms should include affirmations that the third parties agree to comply with the FCPA’s obligations. Prior to engaging any third party, and on an ongoing basis thereafter, the company should conduct thorough due diligence of each potential agent or representative. Effective diligence should include in-person interviews and background checks, as well as frequent audits of a third party’s expenditures—particularly for gifts and entertainment expenses that involve foreign officials or seem to be larger than expected.

Lastly, compliance managers should create confidential reporting mechanisms for employees and other individuals to report FCPA issues. Managers also need to investigate thoroughly and in a timely manner any FCPA-related issues that come to their attention, especially when those issues are referred by company employees.

Preventing FCPA exposure is the key to a successful compliance program, and the above-discussed tips should help pharmaceutical and medical device companies comply with the Act.

For more near real-time information and discussion on key compliance issues, please visit Arnall Golden Gregory Foreign Corrupt Practices Act Compliance Center Group on LinkedIn.

Please click the link below to download the entire document.