This Part III is the final installment of my review of the Eli Lilly and Company (Lilly) FCPA enforcement action brought by the Securities and Exchange Commission (SEC). In this Part III, I will review the FCPA issues that Lilly found itself involved with in Russia and use those issues in the context of Paul McNulty’s Three Maxims regarding the effectiveness of a FCPA compliance program. First, what did you do to prevent it? Second, what did you do to detect it? Third, what did you do to remedy it?
Lilly used a distributor sales model in Russia. However, there was a further twist which got Lilly into FCPA hot water. Lilly would enter into an agreement with a third party other than the distributor who was selected by the government official making decisions on the purchase of Lilly products. Lilly did little to no due diligence on these third parties which would have identified the beneficial owners of these entities. Further, these other third parties were usually not domiciled in Russia, nor did they have bank accounts in Russia. In other words, they were Offshore Agents who were paid a flat fee or percentage of the total sales with no discernible work or services performed.
The SEC Complaint noted that Lilly itself provided contracts to these third parties which described their services as “immediate customs clearance” or “immediate delivery” of the products or in assisting Lilly in “obtaining payment for the sales transaction” and such other oldie but goodies as “the promotion of the products” and “marketing research.” The SEC Complaint also noted that the services described were actually provided by other entities including Lilly itself.
There also charitable donations made by Lilly in Russia but here Lilly simply made proposals to government decision makers regarding how the company “could donate or other support various initiatives there were affiliated with public or private institutions headed by the government officials or otherwise were important to the government officials.” In addition to the problems with the charitable donations policy in Russia, there were two reports provided to Lilly’s corporate headquarters identifying some of the compliance issues that the company was having in Russia but there was follow up from the corporate office. You have to put “boots on the ground” to make a proper inquiry, assessment or review for a high risk country. Antonia Chion, Associate Director in the SEC Enforcement Division put it another way when he was quoted in the SEC Press Release announcing the Complaint. He said, “When a parent company learns tell-tale signs of a bribery scheme involving a subsidiary, it must take immediate action to assure that the FCPA is not being violated. We strongly caution company officials from averting their eyes from what they do not wish to see.”
From the prevent prong there are several things that the compliance practitioner can put in place. There should be an adequate system of internal accounting sufficient to provide reasonable assurance that a company maintains accountability for its assets. Such a system would also provide a procedure that would ensure transactions were executed in accordance with management’s authority. Regarding third parties, a company cannot simply rely on the paperwork submitted by third parties but must verify its accuracy through independent due diligence. A company should also have procedures in place to safeguard that it is not offering anything of value to government officials to assist in retaining or obtaining business. Lastly, when the corporate office receives a report from a high risk country or area in which to do business, there must be follow up on the report.
Regarding detect, a company’s internal audit must have procedures in place designed to assess FCPA compliance or other anti-bribery law risk for sales of products and purchases of goods. If there are red flags or other indicia of high risk noted, there must be additional monitoring, review and auditing. As noted in Part I of these posts on the Lilly enforcement action, several Russian distributors were domiciled outside the company, in both Cyprus and the British Virgin Islands. None of these red flags were investigated or followed up. Audit must do more than simply assure itself of the soundness of the paperwork which is submitted to it or it reviews. If the circumstances surrounding the existence of a party or transaction suggest the possibility of a FCPA violation or corruption it must be followed up and reviewed.
I have laid out the facts as reported in the SEC Complaint in some detail for several reasons. One of which is to emphasize how wide ranging Lilly’s conduct was regarding FCPA violations. I think that it is incumbent to note that even with this wide ranging and apparently pervasive conduct, Lilly did not sustain a Deferred Prosecution Agreement or even a Non-Prosecution Agreement for criminal violations of the FCPA by the Department of Justice. There was only a civil Complaint filed by the SEC. As to the financial penalty, Lilly agreed to pay disgorgement of $13,955,196, prejudgment interest of $6,743,538, and a penalty of $8.7 million for a total payment of $29,398,734. Lilly also agreed the retention of an independent consultant to review and make recommendations about its foreign corruption policies and procedures but it does not have a monitor.
Lilly also engaged in the third prong of McNulty’s Maxims by remedying the FCPA violations during the pendency of the investigation. These remedies were listed in the SEC Complaint. In China, where the FCPA violation were engaged in by Lilly employees, the company “terminated or otherwise disciplined” those involved. Lilly also agreed to certain structural changes in its compliance program. These changes included:
enhancing anti-corruption due diligence requirements for relationships with third parties;
implementing compliance monitoring and corporate auditing specifically tailored to anti-corruption;
enhancing financial controls and governance; and,
expanding anti-corruption training throughout the organization.
The Lilly FCPA enforcement action, as laid out in the SEC Complaint, provides the compliance practitioner with solid information which can be used in a variety of ways to strengthen an anti-corruption/anti-bribery compliance program. First and foremost is the detailed discussion the different types of bribery schemes that were engaged in throughout the company. If your sales model is an employee based sales force, a distributor model with discounts off your list price or commission based third party agents, the Lilly FCPA enforcement action provides you with questions that you can ask to see if you company has FCPA issues to investigate. The SEC Complaint also details the internal controls failures which Lilly sustained and led to the enforcement action. There is also significant and detailed information on what you might look at or do in your compliance program to answer Paul McNulty’s three questions if you are in the position to deal with the SEC or DOJ on a FCPA issue.