From China to Poland and Brazi l- The Lilly FCPA Enforcement Action- Part II

by Thomas Fox

In Parts II and III of my review of the Eli Lilly and Company (Lilly) Foreign Corrupt Practices Act (FCPA) enforcement action brought by the Securities and Exchange Commission (SEC), I will discuss some the processes and procedures which you can use in your Foreign Corrupt Practices Act (FCPA) or UK Bribery Act compliance program which should enable you to prevent or detect FPCA violations, similar to those Lilly sustained, as discussed in Part I of these blog posts on the Lilly enforcement action. Today, in Part II, I will discuss the FCPA issues that Lilly faced in China, Brazil and Poland.

As it is a New Year, I would like to start out with listing Paul McNulty’s Three Maxims regarding the effectiveness of a FCPA compliance program. I have been privileged to hear Paul speak many times for several years. These Maxims were the questions he posed to companies when he was in his role as the United States Deputy Attorney General. First, what did you do to prevent it? Second, what did you do to detect it? Third, what did you do to remedy it?

With the McNulty Maxims in mind, Lilly got into FCPA hot water for using four different styles of bribery schemes in four separate countries. In China, the corruption involved employees and bribery payments which were falsely labeled as reimbursement of expenses. In Brazil, the corruption involved a distributor which received a larger than normal discount for Lilly products. The additional revenues generated from this discount were used to pay a bribe. In Poland, the corruption involved charitable donations which were falsely labeled in Lilly’s books and records. These charitable donations were used to induce a Polish government official to approve the purchase of Lilly products; and, finally, Lilly’s subsidiary in Russia, paid bribes to Offshore Agents who were domiciled outside Russia and who performed no services for the compensation they received.

I.                   China

According to the SEC Complaint, in China the FCPA violations centered around various sales representatives who submitted false expense reports to cover bribes which were paid or their supervisors who instructed them to do so. The SEC Complaint noted that although the dollar amounts for the gifts provided to Chinese officials “generally small, the improper payments were wide-spread throughout the [Chinese] subsidiary.” To prevent such actions, a company must train its employees about the requirements of the FCPA, or any other relevant anti-corruption law, regarding what is and is not allowed under such laws. A company must then follow up to monitor and audit such activities. In a sales model which is employee based, internal audit must review the expense reports of its sales representatives as they represent the highest risk of corruption.

II.                  Brazil

In Brazil, Lilly used the distributor model to market its drugs through third-party distributors who then resold these products to public and private entities. As noted by Matt Ellis, in his post entitled “Eli Lilly’s Distributor in Brazil: The Non-Obvious FCPA Risk”, the discounts that distributors typically receive from manufacturers such as Lilly can be problematic under the FCPA because “enforcement officials can see these discounts as potential “loose money” that can be used for bribe payments. This is especially the case when the distributor is engaging in other activities on behalf of the producer, like marketing, licensing, and customs clearance.” This was the situation that Lilly found itself in as the standard range of discounts given to distributors was “between 6.5% and 15%, with the majority of distributors in Brazil receiving a 10% discount” but in early 2007, at the request of a Lilly sales manager, the company awarded an unusually high discount of between 17% and 19% to a distributor for the sale of a Lilly drug to the government of one of the states of Brazil. The distributor used approximately 6% of this additional discount to create a fund to pay Brazilian government representatives to purchase the Lilly drugs from him.

a.      Prevent

In the area of prevent, the SEC Complaint noted the following “Lilly-Brazil’s pricing committee approved the discounts without further inquiry. The policies and procedures in place to flag unusual distributor discounts were deficient.” Lastly, as stated by Ellis, “It noted that the company relied on representations of the sales and marketing manager without adequate verification and analysis of the surrounding circumstances of the transactions.” Indeed Kara Brockmeyer, the SEC’s chief FCPA enforcer, stated in the SEC Press Release announcing the matter:

Eli Lilly and its subsidiaries possessed a “check the box” mentality when it came to third-party due diligence. Companies can’t simply rely on paper-thin assurances by employees, distributors, or customers. They need to look at the surrounding circumstances of any payment to adequately assess whether it could wind up in a government official’s pocket.

All of this means that if a discount is outside the normal range typically given to a distributor, a red flag is raised as to why the increased discount was allowed. Simply basing a management decision on the representations of a sales manager is not a sufficient mechanism to clear such a red flag.

b.         Detect

From the detect prong, internal audit needs to follow up with ongoing monitoring and auditing. Internal audit can be used to help determine the reasonableness of a commission rate outside the accepted corporate norm. Further, as noted by Jon Rydberg, of Orchid Advisors, in an article entitled “Eli Lilly’s Remedial Efforts for FCPA Compliance – After the Fact”, the company should be “implementing compliance monitoring and corporate auditing specifically tailored to anti-corruption” for the distributor sales model.

III.             Poland

Here Lilly used charitable donations to a charitable foundation which was, as stated in the SEC Complaint, “founded and administered by the head of one of the regional government health authorities at the same time that the subsidiary was seeking the official’s support for placing Lilly drugs on the government reimbursement list.” There were a total of eight payments made to the charitable foundation. In addition to the charitable donations made, Lilly “falsely characterized the proposed payments”. Lilly had a group which reviewed the request for such donations called the “Medical Grant Committee [MGC]” which approved the payments “largely based on the justification and description in the submitted paperwork.”

a.      Prevent

From the prevent prong, it is clear that if the MGC had adequately reviewed the donation request, it would have determined that the charitable foundation was administered by the same person making the decision over the sale of Lilly products. Indeed, the largest request was made just two days after the government decision maker authorized a large purchase of Lilly products. The SEC Complaint also noted that of there were different corporate justifications for the eight requests for the charitable donations made. So, as noted by Rydberg, there was a failure of corporate governance and financial controls. In its FCPA Guidance, the Department of Justice (DOJ) lists five questions which a company should ask when considering a charitable donation. They are: (1) What is the purpose of the payment? (2) Is the payment consistent with the company’s internal guidelines on charitable giving? (3) Is the payment at the request of a foreign official? (4) Is a foreign official associated with the charity and, if so, can the foreign official make decisions regarding your business in that country? (5) Is the payment conditioned upon receiving business or other benefits?

b.      Detect

From the detect prong, there are several things which can be incorporated into a FCPA compliance program regarding charitable donations. The DOJ has issued several Opinion Releases on charitable donations and based on Opinion Release 10-02, some of the protections a company can do to comply with the FCPA regarding charitable donations are as follows:

1)      Certifications by the recipient that it will comply with the requirements of the FCPA;

2)       Due diligence to confirm that none of the recipient’s officers or directors are affiliated with the foreign government at issue;

3)      A requirement that the recipient provide audited financial statements;

4)      A written agreement with the recipient restricting the use of funds to humanitarian or charitable purposes only;

5)      Steps to ensure that the funds were transferred to a valid bank account;

6)      Confirmation that contemplated activities had occurred before funds were disbursed; and

7)      Ongoing auditing and monitoring of the efficacy of the program.

These protections allow an audit trail which can be monitored or audited by the company’s audit team.

Tomorrow I will take a look at Lilly’s FCPA violations in Russia and use that information to set forth some minimum best practices which you can use in your compliance program to help you both prevent, detect and then FCPA compliance violations.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox, Compliance Evangelist | Attorney Advertising

Written by:

Thomas Fox

Compliance Evangelist on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.