By Gail Dutton, Contributing Writer
Follow Me On Twitter @GailLdutton
Risk. In the age of social media, biopharma companies have to be more careful than ever about approving or denying compassionate use of investigational drugs. There is no safe “in or out” option. Denying compassionate use can result in a social media crisis, and providing it runs the risk of damage to research and valuation. Either choice opens the company to a crisis of reputation. Thus, effectively managing the risk associated with compassionate use is not only essential, but tricky.
Geographic risks are top of mind for life science executives according to a review of Security and Exchange Commission (SEC) filings by risk consultant BDO. Concern about international threats jumped from 71 percent in 2014 to 88 percent in 2015. “Despite this increase, actual international risks aren’t necessarily increasing,” says Ryan Starkes, partner and leader of the Life Sciences Practice at BDO USA. Instead, exposure to those risks increases as companies’ international activities increase.
As life sciences companies move and expand operations out of the U.S., there will always be concerns regarding international operations,” Starkes says. “This growing concern about international threats, therefore, may indicate that more companies are looking to expand internationally.” Supporting that theory, the recent BDO USA, LLP Tax Outlook Survey indicates that 63 percent of its respondents (100 tax directors at companies with market capitalization of at least $1 billion) expect to expand internationally within the next three years.
DOJ TARGETS SMBs
As international footprints expand, companies should pay particular attention to the increasingly stringent enforcement of the Foreign Corrupt Practices Act (FCPA). After targeting Big Pharma for the past five years, the U.S. Department of Justice (DOJ) is turning its attention to small and midsize life sciences companies. As rationale, it cites systematic risks that extend beyond hospitality to include physician recruitment for clinical trials and pay-to-prescribe scenarios.
Smaller firms may be easy targets. Their small staffs often are struggling to return a profit, without compliance officers to focus on preventing FCPA breaches by their employees or agents.
The DOJ’s change in focus doesn’t let large firms off the hook. They face the same risks and, when acquiring firms, acquire those firms’ risk exposure as well as their assets.
VIEWS OF CORRUPTION VARY
“In the past decade, the U.S. has undergone significant changes in how business interactions are conducted and reported,” Starkes says. “Foreign countries — with a few exceptions — haven’t established as strong a base, which increases the risk of something happening.” Those differences contributed to the entanglements of Bio-Rad, Bruker, Eli Lilly, Pfizer, and Schering-Plough.
Part of the challenge, particularly in emerging regions, is that the understanding of what constitutes a bribe or conflict of interest varies among cultures. For example, events or programs that may be acceptable for medical personnel in the U.S. may be considered FCPA infractions when conducted in countries with national health services.
The most frequent misconduct today involves pay-to-prescribe schemes, bribes to gain regulatory approval or to be listed on formularies, charitable contributions, interactions with state-owned enterprises, and work with third-party sales representatives, according to Andrew Ceresney, director of the SEC’s division of enforcement, speaking at the CBI Pharmaceutical Compliance Congress in March.
SALES TO FOREIGN GOVERNMENTS
“Life sciences companies are particularly at risk to FCPA charges stemming from sales to foreign government officials (including hospital administrators in government-run health systems),” Starkes says. In regions with government health systems, the FCPA considers medical professionals to be government officials and hospitals to be state-owned enterprises.
Pfizer China, for example, was charged with FCPA violations because it developed a program that awarded points to physicians for prescribing its products. The points could be redeemed for merchandise, including medical books, cell phones, and tea sets. Pfizer, therefore, was charged with providing items of value to government officials in exchange for business.
Charitable contributions also are scrutinized under the same criteria. The Stryker case is an example. In 2013, the SEC charged the medical equipment manufacturer with FCPA violations because (among other infractions) it donated nearly $200,000 to fund a university laboratory in Greece that was favored by a public hospital physician. Stryker paid $13.2 million to settle the case.
In another example, in 2004, Schering- Plough donated $76,000 to a Polish foundation headed by the director of a government agency that funded pharmaceutical purchases and who influenced the pharmaceutical choices made by other medical organizations. Schering- Plough paid $500,000 in penalties.
“The interaction may not be malicious, but intent doesn’t release the company from obligations to ensure their employees are following U.S. law,” Starkes emphasizes.
Pay-to-prescribe schemes may take the form of charitable contributions, but also service contracts. For example, in 2012 the SEC said Lilly’s Russian subsidiary used fraudulent marketing agreements to funnel millions of dollars to Russian officials in exchange for business. In that case, paperwork was accepted at face value with no due diligence regarding purported service providers. Furthermore, the SEC indicated the company had known about the violations in its Russian subsidiary for five years but had ignored the problem. Lilly paid $29 million to settle the charges.
The actions of third-party sales representatives, distributors, and resellers reflect on the company they represent. Therefore, for example, a distributor’s representatives placing drugs in a foreign market for an American pharmaceutical company are subject to U.S. laws. The pharmaceutical company is liable for the representatives’ actions.
UPCOMING AREAS OF FOCUS
For the future, life sciences companies also need to be aware of the potential for research fraud. The DOJ predicts that falsifying research data to gain marketing advantage will be the next focus of enforcement officials.
There also are concerns that the DOJ or other enforcement agencies will begin mining companies’ open payments databases to discover outliers that may tip them off to misconduct. Companies, therefore, should monitor their own data with the same forensics eye that law enforcement auditors would use. That attention extends to monitoring healthcare professionals to discover unusual financial links to the company.
Life sciences companies also should be aware of the British Bribery Act of 2010. Widely considered the most stringent antibribery law in the world, it stipulates that any entity conducting business “or part of a business” in the U.K. is subject to this law throughout its global operations. This law considers failure to prevent payment of a bribe a violation, thus requiring companies to have strong anticorruption policies in place and known throughout its workforce and among its agents.
STRONG INTERNAL CONTROLS
“The best way for a company to avoid these violations … is to have a robust FCPA compliance program,” Ceresney said at CBI’s Pharmaceutical Compliance Congress last spring. Often, companies first become aware of FCPA violations when investigating accounting issues or putting internal controls in place.
The DOJ is increasing its focus on financial reporting and in 2014 reported a 40 percent increase in financial enforcement actions compared with 2013. Financial executives and auditors are being scrutinized to ensure financial data is accurate and reliable.
This scrutiny is extending to internal controls. The DOJ has brought charges when it deemed internal controls inadequate in certain areas of operation, such as income tax. The key issues companies face generally are the use of controls that don’t match their businesses or that aren’t updated as the company and the business environment change.
“The stronger your internal controls, the better chance you have of mitigating risks,” Starkes insists. He advises taking a forensics approach using third-party auditors to evaluate payments to determine the reasons for each transaction and to identify patterns and their rationale.
Sarbanes-Oxley (SOX) provides one part of the controls. COSO (the Committee of Sponsoring Organizations of the Treadway Commission) provides the other. The COSO Internal Control – Integrated Framework is used to meet the requirements of Section 404 of SOX.
Available in eight languages, “COSO is the leading guidance for designing, implementing, and monitoring internal controls and assessing their effectiveness. The most recent updates provide a good opportunity for companies to connect the dots among FCPA, SOX, and COSO requirements,” Starkes adds.
The 2013 COSO updates expanded reporting beyond finances to internal and nonfinancial reporting. It now includes expectations for governance and reflects changes in business and regulatory complexity, globalization, evolving technologies and, importantly, fraud prevention and detection.
BUILD A CULTURE OF COMPLIANCE
A culture of compliance, aided by an internal framework, minimizes the risk that corruption will go unchecked. “A compliance culture is driven by the core values of top management. It’s about constant maintenance and ongoing follow-up — and not overlooking something that appears amiss,” Starkes says.
He advises companies to think outside the box and consider the specific controls that are needed given their individual risks and those of their industry. Then, document those controls and ensure the staff understands them in the context of their business. Finally, monitor the controls to ensure the staff responds effectively to business and environmental changes.
Preventing or minimizing the risks of corrupt practices comes down to oversight. “Look at best practices in your industry and in other industries,” Starkes advises. “Pay particular attention to common schemes in your industry and geographic area of operations. Evaluate your own operations and brainstorm to identify specific risks and residual exposures. Rank them and map existing controls to them. Think creatively about how those controls could be evaded and ways to prevent circumvention. Then, once a plan is implemented, monitor its success.”
Risks are inherent in any geographic area, but as R&D, manufacturing, and outsourcing in general become increasingly global, the potential for violating anticorruption laws grows. Mitigate those risks with strong internal controls and a culture that understands and combats corruption at all levels.