Corporate Integrity Agreements and Anti-Corruption Compliance Schedules

more+
less-

It is interesting to compare how the Justice Department handles compliance issues in different contexts.   

The Justice Department, with the Office of Inspector General/Health and Human Services, enters into Corporate Integrity Agreements to prevent off-label marketing violations, anti-kickback and False Claims Act violations.  CIAs are very detailed and prescriptive, and are enforced by the OIG using administrative procedures.  The CIA is not filed in court but administered by the OIG. 

In contrast, Schedule C is enforced by a court if it is part of a Deferred Prosecution Agreement, and by the Justice Department if it is part of a Non-Prosecution Agreement.  In the case of an NPA, the Justice Department’s only remedy is to file or refile a criminal case against the company which violates the NPA.

With the aggressive growth of healthcare fraud and corruption prosecutions, the number of requirements imposed by CIAs and Schedule C has increased dramatically.  Prosecutors and regulators are obviously frustrated by their perception (whether right or wrong) that companies are not taking compliance seriously.  As a result, the compliance requirements have become more detailed and prescriptive. 

A comparison of CIAs and Schedule C shows a number of similarities in purpose but not in the mechanisms to achieve compliance.  At bottom, CIAs and Schedule C seek to regulate or influence specific interactions between company representatives and a class of customers.  Adding to the complication, Schedule C also focuses on interactions between third parties, acting on behalf of a company, and foreign government officials. 

CIAs are focused on pharma and medical device marketing representatives and doctors or other service providers in order to prevent marketing representatives from promoting off-label uses, engaging in kick-backs or other improper influences.  Schedule C is intended to prevent improper payments to foreign government officials.

It is interesting to compare the specific mechanisms used in CIAs to more general requirements listed in Schedule C, particularly enhanced requirements.  CIAs provide some interesting ways in which to ensure compliance with the overall proscription. 

CIAs require detailed review and monitoring programs for interactions between sales representatives and health care providers and institutions.  In contrast, Schedule C has general requirements for monitoring activities of third party agents, consultants and distributors but there is no prescribed procedure for that requirement. 

Given the significant risk that third parties create for global companies, there are ways in which to increase a company’s ability to monitor such interactions, including new technologies (from the health care sector) for reporting or collecting data on a real-time basis on the substance of an interaction between a third party and a foreign government official; additional contractual obligations for reporting on a regular basis; and specific auditing programs of third parties as contemplated in Schedule C requirements in recent DOJ FCPA settlements.   

To help focus this comparison, I put together the following chart.  The specific details can vary among CIAs or Schedule C settlements but I tried to describe the general picture. 

 

CIA and Schedule C

Compliance Program Element Corporate Integrity Agreement Schedule C
Chief Compliance Officer Yes Yes, and for each division or sector
Term 5 years 2-3 Years
Corporate Board Specific compliance and certification requirement for each Board member Yes. No certification
Management Accountability Specific compliance and certification requirement for designated senior managers Yes. No certification
Written Code of Conduct Distribution and certification requirement Distribution and certification requirement
Third Parties Distribute code of conduct and compliance program and certification by each Third Party that it has “substantially comparable” code of conduct and compliance program Distribute compliance program, certification and training
Policies and Procedures Policies and procedures: to conduct Promotion Functions; to conduct Product Related Functions; to provide reimbursement support; to distribute materials and information by sales representatives, and medical affairs office (including a tracking requirement for Product Inquiries); to monitor interactions between medical personnel and health care providers and institutions; to provide product samples; to fund charities, grants or education programs; to review all promotional materials prior to distribution; to avoid financial incentives for sales persons to engage in illegal conduct; to monitor sponsorship of clinical trials, authorship of publications Policies and procedures for gifts, meals, entertainment expenses; charitable donations and sponsorships; political contributions; facilitation payments; and solicitation and extortion; Due diligence review and monitoring program for third party intermediaries
Training and Education One hour of general training; three hours annually of specific training for sales and product related personnel; one hour for Board of Directors training; certification requirement Periodic training and annual certification by Board management and employees, and third parties
Review Company must hire “Independent Review Organization” to assess and evaluate Promotion and Product Related Functions: IROs conduct two types of reviews: A Systems Review and a Transactions Review with detailed requirements for each No specific requirement
Disclosure and Complaints Company must maintain disclosure and complaint process to report suspected violations outside supervisory chain which shall include non-retaliation policy and anonymous reporting mechanism; and requirement that Company review allegations and maintain log of review and any actions Same except for action requirement and log of actions taken
Reportable Events Mandates disclosure of potential civil or criminal violation Same for anti-corruption violations
Field Force Monitoring Program Detailed system to evaluate and monitor sales force interactions with health care providers and institutions, including speaker monitoring, record gathering, observations Conduct periodic review and testing of its anti-corruption compliance program; Due diligence review of third parties and monitoring; specific audits of high-risk operations
Health Care Provider, Research, Publication and Medical Education Monitoring Company is required to monitor activities of health care providers hired as consultants and company-financed research activities Same as above
Disclosure Requirements Company is required to disclose medical education grants, charitable contributions, payments to consultants, clinical trials, and post-marketing research No requirement
Reporting Implementation Report within 180 days; annual reports Annual report
OIG Inspection, Audit and Review Rights OIG has detailed rights to audit, review and inspect any aspect of the Company’s operations related to the CIA None
Stipulated Penalties Range from $1500 to $5000 per day per violation depending on type of violation None
Material Breach and Exclusion Company may be excluded from industry for a material breach, subject to right to cure and dispute resolution procedures If DPA, contempt power
Risk Assessments None Basic requirement and targeted requirement in high-risk countries on periodic basis
Acquisitions Applies to all acquired companies Applies to acquired companies but one year to 18 month period for integrating new company into anti-corruption compliance program