|Footnotes for this article are available at the end of this page.
The COVID-19 pandemic has dramatically changed the way many of us now work. While this has created unforeseen opportunities, these changes have also brought with them serious, unanticipated consequences. One such consequence is the increased opportunity for corruption. This is especially true for pharmaceutical, technology, equipment, and other medical companies. Warnings about the increased compliance risks were an important theme of the virtual “Brazil 2020” conference that the American Conference Institute held on September 23-24, 2020.1
The pandemic has created significant business challenges, including obstacles to anticorruption and transactional due diligence. COVID-19 has caused disruptions in supply chains, reductions in operational and compliance budgets, and displacements of employees. Under the circumstances, companies may be tempted to focus on priorities other than compliance – but that would be a mistake that can have substantial adverse consequences.
The pandemic started in China sometime last year and moved to North and South America in late January or early February. At first, it was predicted to end relatively quickly; instead it has become entrenched and spread globally.2 Unfortunately, there is no end in sight, and until there is a proven vaccine, companies and their employees will be living with this unprecedented threat to their personal safety and productivity.
As if these challenges are not enough, COVID-19 poses an unanticipated challenge to the fight against corruption in Brazil and the rest of Latin America. Governments have been scrambling to import ventilators from around the world, expand Intensive Care Unit capacity, and introduce extensive financial stimulus packages to healthcare providers (“HCPs”). In this environment of emergency spending, relaxed controls and working remotely, the risks for corruption have increased significantly.3 This is particularly true for medical companies that provide products, services, and equipment to state-run healthcare systems, such as those in Brazil and Latin America, where corruption that would not otherwise be within the jurisdiction of the US Department of Justice (“DOJ”) may nonetheless violate the Foreign Corrupt Practices Acts (“FCPA”).
Established in 1977 to prevent and sanction companies that bribe foreign government officials, the FCPA is an enforcement tool utilized by both the DOJ and the US Securities and Exchange Commission (“SEC”). Specifically, the FCPA prohibits companies and individuals that are within the scope of the statute4 from offering, authorizing, or making payments, or giving anything of value, to any foreign official for the purpose of obtaining or retaining business. Although one normally does not think of HCPs like hospital administrators, physicians, nurses, and lab personnel as “foreign officials,” the DOJ and SEC deem them as such if they are employed by state-run healthcare systems. Recent examples of prosecutions of companies that paid bribes to HCPs in Brazil include: US v. Olympus Latin America, Inc. (2016 – endoscopes); US v. Zimmer Biomet Holdings, Inc. (2017 – orthopedic and dental transplant devices); and Alexion Pharmaceuticals, Inc. (2020 – Soliris/pharma).
Medical companies that routinely interact with HCPs have an increased risk for violating the FCPA if they promise or provide remuneration or other benefits to the HCPs, including gifts, travel, meals, and entertainment expenses, for the purpose of obtaining or maintaining business.5 The risk of violating the FCPA may increase further if the medical company employs a distributor or sales agent to interact with HCPs unless that third party is subject to the same compliance scrutiny as employees of the company.
With the disruption in supply chains, reductions in operational and compliance budgets, and increased demand for certain medical supplies and services, medical companies may focus more on productivity and sales than on anticorruption compliance. While the focus on business operations is understandable, it is more important than ever to adequately resource and implement effective workforce training and compliance functions.
Medical companies are interacting with HCPs at an increased rate, at the same time that HCPs and employees of medical companies are working remotely and, thus, not subject to the same degree of oversight by compliance officers as they were before the pandemic. This can lead to potentially weakened internal control environments with fewer internal audits of distributors and other third parties, supply chain disruptions and changes in risks as operations shift to new regions and new vendors. Other increased risks resulting from the pandemic may include a de-emphasis on organizational culture, workforce training, and, potentially, an increase in whistleblower reports as pressure increases to meet unrealistic sales goals.
Although companies may be tempted to shift their focus away from compliance, the DOJ and SEC have actively continued to enforce the FCPA. Brazilian and US authorities developed a close, cooperative working relationship during the Lava Jato investigation (Operation Car Wash), which resulted in dramatic changes to Brazil’s business, political, and legal climate. That relationship facilitated information and document sharing, cooperation concerning tips and leads, and assistance on a long series of cross-border investigations.
Last year, Reuters reported that Brazilian federal prosecutor, Marisa Ferrari, is investigating “truly massive” bribery and price gouging by companies looking to tap into Brazil’s healthcare system. The details of the investigation remain confidential, but it is highly likely that the DOJ and SEC have teamed with their Brazilian counterparts on the investigation. Moreover, Christopher Cestaro, Chief of the DOJ’s FCPA Unit in Washington, DC, confirmed during the Brazil 2020 conference that US investigations and prosecutions have not been slowed by COVID-19. The DOJ and the FBI are not traveling to the extent they did before the pandemic, but they are making use of technology to work remotely and coordinate their activities with law enforcement authorities in Brazil and throughout Latin America. This continuing emphasis on enforcement is highlighted by the fact that the DOJ and SEC have both issued new anticorruption policies during the height of the pandemic.6
In this challenging environment, a medical company can lower its corruption risks by keeping its foot on the pedal regarding its compliance obligations. The DOJ recognizes that some employees will engage in misconduct despite a company’s best efforts. In consideration of that, DOJ will evaluate a company’s compliance program to determine whether it was both effective at the time of the offense and at the time of the charging decision or resolution. That evaluation will drive: (1) the form of the resolution or prosecution; (2) the monetary penalty, if any; and (3) the compliance obligations contained in a criminal resolution (e.g., monitorship or reporting obligations).7
A robust and effective compliance program is one of the best ways that a medical company – and for that matter, any company – can lower its corruption risks and reduce the chances of becoming the target of an FCPA enforcement action. As per the DOJ’s updated 2020 compliance program policy, prosecutors are required to make individualized evaluations about how to resolve an investigation based on a company’s risk profile and its compliance solutions. Medical companies doing business in Brazil and Latin America can comply with their obligations to shareholders and other stakeholders, and mitigate corruption risks, by continuing to push back on the compliance challenges posed by COVID-19.
 Arnall Golden Gregory LLP was a lead sponsor of the Brazil 2020 conference. John P. Rowley III, partner in the firm’s Government Investigations group, and Bill Olsen, Managing Director of Forensic Advisory Services, made compliance presentations to the conference participants.
 As of October 5, 2020, the disturbing COVID-19 statistics are as follows:
Global: 35,527,480 confirmed cases
Brazil: 4,927,235 confirmed cases
US: 7,459,102 confirmed cases
Source: Johns Hopkins University Coronavirus Resource Center
 Source: The 2020 Capacity to Combat Corruption (CCC) Index.
 The FCPA’s anti-bribery provisions apply to:
Issuers: Companies that trade their securities on the US exchanges and their officers, directors, employees,
Domestic concerns: US companies and their officers, directors, employees, and agents; and
Other persons: Non-US persons and entities and those entities’ officers, directors, employees, and agents who
act in furtherance of a bribe while in US territory.
 Although bribery requires the participation of two parties, the person who makes the bribe and the one who takes it, the FCPA only prohibits the “making” of the bribe. Foreign officials who receive the bribe are not within the scope of the statute but may be prosecuted under local bribery laws or, in some cases, other US criminal laws such as money laundering or wire fraud. Under US law, a company can be held criminally responsible for the misconduct of an employee acting within the scope of his authority and for the benefit of his company.
 In June 2020, the DOJ updated its Evaluation of Corporate Compliance Programs. In July 2020, DOJ issued its FCPA Resource Guide (2d Edition). See Arnall Golden Gregory LLP’s Summary of Updates to DOJ’s Resource Guide. And, in Sept 2020, the SEC issued amendments to the rules governing its Whistleblower program.
 The three fundamental questions DOJ will ask a company whose employees may have violated the FCPA are: (1) Is the company’s compliance program well designed? (2) Is the program begin applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively? (3) Does the compliance program work in practice? See DOJ’s Evaluation of Corporate Compliance Programs