Yesterday, the Securities and Exchange Commission (SEC) announced a Foreign Corrupt Practices Act (FCPA) enforcement action against Bristol-Myers Squibb Company (BMS) for the actions of the company’s joint venture (JV) in China, which made cash payments and provided other benefits to health care providers (HCPs) at state-owned and state-controlled hospitals in exchange for prescription sales. The matter was settled through a SEC administrative proceeding granting an agreed upon Cease and Desist Order, based upon the company’s Offer of Settlement (the “Offer”) which the Commission has determined to accept. For its conduct violative of the FCPA, the company agreed to a total fine and penalty of $14MM, which included the return of $11.4 million of profits plus prejudgment interest of $500,000 and payment of a civil penalty of $2.75 million.

According to the Order, BMS did business in China, which “primarily operates through Sino-American Shanghai Squibb Pharmaceuticals Limited (“SASS”), a majority-owned joint venture. BMS holds a 60% equity interest in SASS and has held operational control over this entity since 2009 when it obtained the right to name the President of SASS and a majority of the members of SASS’s Board of Directors.”

According to the SEC Press Release, the company “lacked effective internal controls over interactions with health care providers at BMS China, its majority-owned joint venture.  Between 2009 and 2014, BMS China sales representatives sought to secure and increase business by providing health care providers in China with cash, jewelry and other gifts, meals, travel, entertainment, and sponsorships for conferences and meetings. BMS China inaccurately recorded the spending as legitimate business expenses in its books and records, which were then consolidated into the books and records of Bristol-Myers Squibb.

Among the findings in the SEC’s order:

• Bristol-Myers Squibb failed to respond effectively to red flags indicating that sales personnel provided bribes and other benefits to generate sales from health care providers in China.
• Bristol-Myers Squibb did not investigate claims by certain terminated employees of BMS China that faked invoices, receipts, and purchase orders were widely used to fund improper payments to health care providers.
• The company failed to adequately install internal controls and those which were deemed insufficient by company’s own internal audit group were never properly remediated even though “repeatedly identified substantial gaps in internal controls, and the results were reported to the Audit Committee and senior management of” the company.

Bristol-Myers Squibb was slow to remediate gaps in internal controls over interactions with health care providers and monitor potential inappropriate payments to them that were identified repeatedly in annual internal audits of BMS China between 2009 and 2013.” Kara Brockmeyer, Chief of the Enforcement Division’s FCPA Unit, was quoted in the Press Release for the following,  “Bristol-Myers Squibb’s failure to institute an effective internal controls system and to respond promptly to indications of significant compliance gaps at its Chinese joint venture enabled a widespread practice of providing corrupt inducements in exchange for prescription sales to continue for years.”

The company extensively remediated its compliance program in the face of these deficiencies. The Order set out may of the steps taken by BMS to enhance its anti-bribery and general compliance training and policies and to strengthen its accounting and monitoring controls relating to interactions with HCPs, including travel and entertainment expenses, meetings, sponsorships, grants, and donations funded by its Chinese business unit. Many of these can be useful actions which a Chief Compliance Officer (CCO) or compliance practitioner can use a benchmark against their compliance program. The steps taken include: numerous steps to improve the internal controls and compliance program at BMS China. Examples cited in the Order included (1) a 100% pre-reimbursement review of all expense claims; (2) the implementation of an accounting system designed to track each expense claim, including the request, approval, and payment of each claim; and (3) the retention of a third-party vendor to conduct surprise checks at events sponsored by sales representatives. The company terminated over ninety employees and also disciplined an additional ninety employees, including sales representatives and managers of the company, who failed to comply with or sufficiently supervise compliance with relevant policies. In addition, BMS replaced certain BMS China officers as part of an overall effort to enhance “tone at the top” and a culture of compliance. Finally, BMS revised the compensation structure for BMS China employees by reducing the portion of incentive-based compensation for sales and distribution, eliminated gifts to HCPs, implemented enhanced due diligence procedures for third-party agents, implemented monitoring systems for speaker fees and third-party events, and incorporated risk assessments based on data analytics into its compliance program.

Most interestingly, although a corporate monitor was not required, there was a quite rigorous schedule laid out under which the company had to report to the SEC its continued progress on implementation of a best practices compliance program going forward. The company agreed to “Report to the Commission periodically, at no less than nine-month intervals during a two-year term, the status of its FCPA and anticorruption related remediation and implementation of compliance measures.”

Further, the company was required to “submit to the Commission staff a written report within one-hundred eighty (180) calendar days of the entry of this Order setting forth a complete description of its remediation efforts to date, its plans for any future enhancements or improvements to its policies and procedures for ensuring compliance with the FCPA and other applicable anti-corruption laws, and the parameters of the subsequent reviews (the “Initial Report”).” Then at 270 days they are required to submit a follow up report.

This enforcement action continues the clear trend of SEC only FCPA enforcement actions for internal controls violations of the Act. CCOs need to heed this very clear message and determine what gaps exist in their compliance internal controls. While the SEC order did not specify the full cost to BMS for its investigation and remediation, it can only be surmised to be far above the amount of the fine and penalty.

[View source.]