© Grant Thornton LLP. All rights reserved.
CPE Credit is not available for viewing archived programs.Please visit http://www.grantthornton.com/events for upcoming programs.
Third party compliance for life sciences companies: Issues and strategies to mitigate risk
Original Broadcast Date: October 2013
© Grant Thornton LLP. All rights reserved. 2
Lisa WalkushPrincipal and Life Sciences LeaderAdvisory ServicesPhiladelphia, PA
Matt RubleDirectorAdvisory ServicesPhiladelphia, PA
Bill OlsenPrincipal and U.S. Anti-Corruption LeaderAdvisory ServicesWashington, D.C.
Presenters
© Grant Thornton LLP. All rights reserved. 3
• Define the issues and potential risks related to third-party relationships
• Describe risk-mitigation strategies• Identify current trends in FCPA guidelines
and enforcement • Indicate the benefits of implementing
our Third-Party Integrity Framework
Third party compliance for life sciences companiesLearning objectives
© Grant Thornton LLP. All rights reserved. 4
Third party compliance for life sciences companiesAgenda
• Global Corruption Overview• Current Trends• Life Sciences Specific Risk• Third Party Program Development• Compliance Program Development
© Grant Thornton LLP. All rights reserved.
Global Corruption Issues: FCPAOverview
Foreign Corrupt Practices Act summary
Congress initially passed the FCPA in 1977 in the wake of the Watergate scandal and after discovering that more than 400 corporations had made questionable or illegal payments to foreign officials to gain business or ease business processes. The FCPA’s goal is to prevent the bribery of foreign officials and encourage the establishment of certain accounting controls and practices.
Two key provisions of the FCPA
The anti-bribery provision prohibits U.S. companies and citizens, foreign companies listed on a U.S. stock exchange, or any person acting while in the U.S., from paying or offering to pay — directly or indirectly — money or anything of value to a foreign official in order to obtain or retain business.
Books and records and internal controls provisions require issuers — any company, including foreign companies, with securities traded on a U.S. exchange, or otherwise required to file periodic reports with the SEC — to keep books and records that accurately reflect business transactions and maintain effective internal controls.
© Grant Thornton LLP. All rights reserved.
UK Bribery Act Overview
UK Bribery Act 2010
The UK Bribery Act covers the whole spectrum of relationships, not just the bribery of officials like the FCPA. While there are similarities to the FCPA, the act is far broader in scope — with virtually all companies that conduct business in the UK subject to its strict regulations. The act applies to both public and private sectors. Penalties can be as severe as 10 years in jail and/or unlimited fines for individuals, companies and partnerships.
Four key offenses:
1. Offering, promising or giving an advantage
2. Requesting, agreeing to receive or accepting an advantage
3. Bribing a foreign public official
4. Failing to prevent bribery
© Grant Thornton LLP. All rights reserved. 7
Third party compliance for life sciences companiesAgenda
• Global Corruption Overview• Current Trends• Life Sciences Specific Risk • Third Party Program Development• Compliance Program Development
© Grant Thornton LLP. All rights reserved.
Control person liability
– Executives penalized even without alleged knowledge of illegal acts
• Successor liability
– Mergers and acquisitions
• Dodd-Frank whistleblower protections
• Recent DOJ Guidelines
• DPA vs. NPA
• Prosecution of third parties and individuals
Current trendsEnforcement approach highlights
© Grant Thornton LLP. All rights reserved.
Current Trends
Source: 2012 Corruption Perception Index(Transparency International)
Percentage levels of public sector corruption
© Grant Thornton LLP. All rights reserved.
Bribery and Corruption Risk Indicators
Source: Corruption Indicators(SFO| Serious Fraud Office)
• Entity directly or through agents or representatives enters into sales agreements or material transactions with foreign, government-owned entities, or other officials– Pressure to make quick or early payments to contracts
• Entity has operations in higher-risk geographies
• Operations conducted in higher-risk industries – individual may make unexpected or impulsive decisions
accepting projects/contracts
© Grant Thornton LLP. All rights reserved.
Bribery and Corruption Risk Indicators Source: Corruption Indicators
(SFO| Serious Fraud Office)
• Weak or ineffective anti-bribery and anti-corruption compliance programs– Abuse of decision making power when dealing with
certain contractors– Avoidance of independence checks– Missing documentation regarding meetings and decision
process
• The entity's competitors, partners, suppliers, agents or customers recently charged or being investigated for bribery or corruption violations
© Grant Thornton LLP. All rights reserved.
Bribery and Corruption Risk Indicators (con't)
Source: Corruption Indicators(SFO| Serious Fraud Office)
• Indications of possible bribery or corruption violations by employees, agents, contractors, or other affiliates– company procedures or guidelines not being followed– abnormally high commission payments being paid
• The entity uses third-party agents, consultants, or intermediaries when performing general business in other countries
© Grant Thornton LLP. All rights reserved. 13
Third party compliance for life sciences companiesAgenda
• Global Corruption Overview• Current Trends• Life Sciences Specific Risk • Third Party Program Development• Compliance Program Development
© Grant Thornton LLP. All rights reserved.
Life sciences companies and risks
In almost every country across the world, healthcare is a socialized program.
Hospitals are government entities and doctors and other healthcare professionals are government employees.
Pharmaceutical companies with a global reach are especially exposed to risk in this environment.
© Grant Thornton LLP. All rights reserved.
Pharmaceutical and medical device companiesFCPA
As of today, the Department of Justice and the SEC have
prosecuted eighteen drug and device companies for FCPA
violations. Three companies have publicly disclosed
declinations (of course, there may be more which were never
made public). And sixteen companies are currently under
investigation.
Source: JD Spura Law News
© Grant Thornton LLP. All rights reserved.
FCPA SettlementsPharmaceutical and medical device companies
FCPA Settlements in Millions
0 20 40 60 80 100 120 140 160
18.6
23
70
142.2
4.52013
2012
2011
2010
2009
© Grant Thornton LLP. All rights reserved. 17
Top 10 FCPA settlementsPharmaceutical and medical device companies
Johnson & Johson (2011)
Pfizer (2012)
Eli Lilly (2012)
GE (2010) Biomet (2012)
Smith & Nephew (2012)
Novo Nordisk (2009)
Orthofix (2012)
Diagnostic Products
(2005)
Phillips (2013)
0
10
20
30
40
50
60
70
80
Settlements
© Grant Thornton LLP. All rights reserved.
What can today's pharmaceutical and medical device companies do mitigate the risk of corruption in their businesses?
Proactively remediate risk by globally
identifying, assessing, investigating, and
training existing and proposed new third party
intermediaries.
© Grant Thornton LLP. All rights reserved. 19
Third party compliance for life sciences companiesAgenda
• FCPA/UK BA Overview• Current Trends• Risk Management• Third Party Program Development• Compliance Program Development
© Grant Thornton LLP. All rights reserved.
Third party due diligence programs
• Develop a standardized on-boarding process for new third parties• Assess the risk of existing third parties relationships• Identify Business Sponsors within the business to manage the third
party relationships and their contracts• Configure a technology solution complete with efficient workflow
capabilities and robust business-specific reporting • Develop contracting system and training program for third parties
© Grant Thornton LLP. All rights reserved.
Existing Relationships
• Address/Examine Data Privacy concerns • Extract, cleanse, and standardize third party data existing in
business's systems, databases, etc. • Confirm relationship status• Conduct risk assessments and investigations• Analyze risk and recommend remediation of any red flags
identified within the investigative risk reports• Issue contract to mitigate any existing or potential risk
© Grant Thornton LLP. All rights reserved.
New Relationships
• Completes and submits onboarding forms to initiate the on-boarding process of a new third party relationship
• Examine risks of the proposed relationship– name check– geographic risks– relationship risks
• Risk score is determined and categorized as low, medium, or high
• Any high risk relationships are sent for further investigation
© Grant Thornton LLP. All rights reserved.
New Relationships (con't)
• Once investigative report is generated, the risks present are analyzed and any identified red flags– make determination whether to proceed with engaging
third party relationship
• Issue contract to mitigate potential risks
• Train third party contact(s) on both business and governmental compliance policies and procedures
© Grant Thornton LLP. All rights reserved. 24
Third party compliance for life sciences companiesAgenda
• Global Corruption Overview• Current Trends• Life Sciences Specific Risk • Third Party Program Development• Compliance Program Development
© Grant Thornton LLP. All rights reserved.
Top recommendationsEstablishing an effective and sustainable compliance program
1. Strong tone at the top
2. Alignment with DoJ "best practices"
3. Strong internal global support network that includes legal and HR teams
4. Create awareness around developing a culture of compliance through effective communication and training
5. Keep your finger on the pulse through ongoing monitoring and reporting of all programs and implement corrective actions
© Grant Thornton LLP. All rights reserved.
Recent DOJ Guidance
Hallmarks of Effective Compliance Program
• Commitment from senior management and clearly articulated policy against corruption• Code of Conduct and Compliance Policies and Procedures• Oversight, Autonomy, and Resources• Risk Assessment • Training and Continuing Advice• Incentives and Disciplinary Measures• Third-Party Due Diligence and Payments• Confidential Reporting and Internal Investigation• Continuous Improvement: Periodic Testing and Review• Mergers and Acquisitions: Pre-Acquisition Due Diligence and Post-Acquisition Integration
© Grant Thornton LLP. All rights reserved.
Create: Understand current state. Build approach Use external expertise (where needed)
Operationalize: Roll out all elements of program. Finish all “existing Third-Party” work.
Maintain: Integrate all processes into business-as-usual
All new and existing Third-
Parties in common
management process/program
1. Establish strong company management systems
2. Identify and assess risks
3. Design and implement a strategy to respond to identified risks
4. Carry out Action Plan to address risks
5. Report on results
Program Management & Governance
Change Management
Sustainable program:Representative timeline
© Grant Thornton LLP. All rights reserved. 29
Lisa WalkushPrincipal and Life Sciences LeaderAdvisory ServicesPhiladelphia, PA
Matt RubleDirectorAdvisory ServicesPhiladelphia, PA
Bill OlsenPrincipal and U.S. Anti-Corruption LeaderAdvisory ServicesWashington, D.C.
Presenters
© Grant Thornton LLP. All rights reserved. 30
Disclaimer
This Grant Thornton LLP presentation is not a comprehensive analysis of the subject matters covered and may include proposed guidance that is subject to change before it is issued in final form. All relevant facts and circumstances, including the pertinent authoritative literature, need to be considered to arrive at conclusions that comply with matters addressed in this presentation. The views and interpretations expressed in the presentation are those of the presenters and the presentation is not intended to provide accounting or other advice or guidance with respect to the matters covered.
For additional information on matters covered in this presentation, contact your Grant Thornton LLP adviser.