The addition of a compliance defense has raised its head again in the Foreign Corrupt Practices Act (FCPA) commentariat. In a post on the FCPA Blog by Philip Fitzgerald, entitled “From Europe, the case for an FCPA good-faith defense”, Fitzgerald posits that enforcement of foreign bribery in the US is effective under the FCPA because such enforcement is aided by the doctrine of respondeat superior. Fitzgerald then argues that a good-faith compliance defense has been considered for some time as a potential counterweight to respondeat superior. The reason being that if companies had incentives for effective compliance programs and were “accused of violating the FCPA could mount a defense based on their efforts to prevent the bribery are evident. Corporations accused of violating the FCPA would have access to courts and jury trials to contest and challenge FCPA allegations, would probably be encouraged to discover and self-report overseas bribery, and may not feel compelled to enter into settlements with enforcement agencies that can prejudice the rights of both the organizations and their employees.”
Here is the problem with that argument. It apparently makes no difference what the incentives will be for a company to put a compliance program in place. For even if you have a compliance program it still has to be effective. Last year this was driven home by Wal-Mart and its allegations of wide spread bribery and corruption in its Mexico subsidiary. This year we have GlaxoSmithKline PLC (GSK) running amok with allegations that it engaged in bribery and corruption in its Chinese operations.
GSK Prior Enforcement Action
All of the above is pretty eye popping in and of itself. But consider the following about GSK, a little over one year ago, in July of 2012; GSK pled guilty and paid $3 billion to resolve fraud allegations and failure to report safety data in what the US Department of Justice (DOJ) called the “largest health care fraud settlement in U.S. history” according to its press release. The DOJ press release went on to state that “GSK agreed to plead guilty and to pay $3 billion to resolve its criminal and civil liability arising from the company’s unlawful promotion of certain prescription drugs, its failure to report certain safety data, and its civil liability for alleged false price reporting practices.” The press release noted that the resolution was the largest health care fraud settlement in US history and the largest payment ever by a drug company for legal violations.
You would think that any company which has paid $3 billion in fines and penalties for fraudulent actions would take all steps possible not to engage in bribery and corruption. Indeed as part of the settlement GSK agreed to a Corporate Integrity Agreement (CIA). This CIA not only applied to the specific pharmaceutical regulations that GSK violated but all of the GSK compliance obligations, including the FCPA.
In addition to requiring a full and complete compliance program, the CIA specified that the company would have a Compliance Committee, inclusive of the Compliance Officer and other members of senior management necessary to meet the requirements of this CIA, whose job was to oversee full implementation of the CIA and all compliance functions at the company. These additional functions required Deputy Compliance Officers for each commercial business unit, Integrity Champions within each business unit and management accountability and certifications from each business unit. Training of GSK employees was specified. Further, there was detail down to specifically state that all compliance obligations applied to “contractors, subcontractors, agents and other persons (including, but not limited to, third party vendors)”.
GSK’s Code of Conduct (entitled “One Company One Approach”) states quite clearly, “The GSK attitude towards corruption in all its forms is simple: it is one of zero tolerance, whether committed by GSK employees, officers, complementary workforce or third parties acting for or on behalf of the company. Accordingly, we must never make, offer to make, or authorise any improper payments or provide anything of value to any individual, or at the request of any individual, for the purpose of influencing, inducing or rewarding any act, omission or decision to secure an improper advantage, or obtain and retain business.”
In its Code of Practice for Promotions and Customer Interactions, there is a detailed procedure laid out for any sponsorship of a corporate event, conference or travel. This procedure requires that “The Scientific Engagement Operating Practice “Congress Sponsorships” must be followed for sponsorships of scientific and medical congresses (conferences) at international and local (country) levels”. Further, if there is a grant a specific procedure must be followed.
The company has a Third Party Code of Conduct, which states:
Third Parties shall conduct their business in an ethical manner and act with integrity. The ethics elements include the following statement:
Business Integrity, Reputation and Fair Competition
Corruption, extortion and embezzlement are prohibited. Third Parties shall not pay or accept bribes or participate in other illegal inducements in business or government relationships.
Third Parties should never communicate externally about GSK’s prospects, performance or policies nor disclose inside Information which would affect the price of GSK securities without proper authority. Third Parties are forbidden from making any public posting of confidential or proprietary information related to any aspect of GSK’s business.
Third Parties shall conduct their business consistent with fair and vigorous competition and in compliance with all applicable anti-trust laws. Third Parties must strictly adhere to the letter and spirit of the Competition laws in all jurisdictions. Third Parties shall employ fair business practices including accurate and truthful advertising.
According to the GSK Code of Conduct, all of this is to be backed up by “a Global Ethics & Compliance team which is responsible for providing oversight and guidance to ensure compliance with applicable laws, regulations, and company policies, as well as fostering a positive, ethical work environment for all employees.” The Code of Conduct also states that “GSK has an active system of internal management controls to identify company risks, issues and incidents with appropriate corrective actions taken. Our Risk Management and Compliance Policy provides the framework for these internal controls, to ensure significant risks are escalated to the proper levels of senior management.”
Frankly I do not know how much clearer a company can state that we will not engage in bribery and corruption. But the problem for GSK seems to be that none of the above was effective because the company did not follow its own stated protocols.
The Uselessness of a Compliance Defense
So how does all of this portend the end of efforts to add a compliance defense to the FCPA? As stated in its Code of Conduct, “The GSK attitude towards corruption in all its forms is simple: it is one of zero tolerance.” What do you think a compliance defense would do for GSK about now? GSK prided itself on its world-wide FCPA anti-corruption compliance program. It even said it would do so in settlement documents with the DOJ. The claim that companies would act more ethically and in compliance if they could rely on a compliance defense would seem to be negated by facts reported about GSK. Do these facts seem like a rogue employee or even junta of rogue China subsidiary employees going off on their own? Whatever your thoughts on that question may be, it certainly appears that having a best practices compliance program did not lead to GSK doing business more ethically. And what if GSK’s corporate headquarters in London was not involved in any illegal conduct or were even kept in the dark by GSK China? What does that say about having a robust compliance program?
Amending the FCPA to protect corporate headquarters in the US from liability under the doctrine of Respondeat Superior? At this point, I do not think that anyone can argue with anything close to a straight face that this problem was exclusive to China. The corporate parent received the benefits from any profits made due to the bribery so it is difficult to image why a corporation should not be a part of any enforcement action. I suspect that both the DOJ and the UK Serious Fraud Office (SFO) will be asking the dreaded “Where Else” question about now.
GSK actually had knowledge of the allegations against it, through an internal company whistleblower. The whistleblower sent the allegations to the corporate headquarters back in January. However, just few days before the Chinese government detained the GSK employees, the company announced that it had found no evidence of any bribery or corruption. However, WSJ reporter Laurie Burkitt reviewed some internal GSK documents and, in an article entitled “China Accuses Glaxco of Bribes”, wrote that “Emails and documents reviewed by the Journal discuss a marketing strategy for Botox that targeted 48 doctors and planned to reward them with either a percentage of the cash value of the prescription or educational credits, based on the number of prescriptions the doctors made. This strategy even had a code name, which was ‘Vasily’ borrowing its name from Vasily Zaytsev, a noted Russian sniper during World War II, according to a 2013 PowerPoint presentation reviewed by the Journal.”
Burkitt reported in her article that “A Glaxo spokesman has said the company probed the ‘Vasily’ program and “[the] investigation has found that while the proposal didn’t contain anything untoward, the program was never implemented.”” But from my experience, if you have a bribery scheme that has its own code name, even if you never implemented that scheme, it probably means that the propensity for such is pervasive throughout the system.
The GSK tale drives home the point that having a compliance program is useless unless it is effective. Further, it is clear that by putting such an affirmative defense in place, companies may well go the paper compliance defense route and not dedicated the time and resources to make it effective. So whether you were pro or anti-compliance defense, I think that GSK is a stand-in for the Grim Reaper and what the matter will portend in this brave new world of anti-bribery and anti-corruption enforcement.