An unprecedented explosion of government investigation and enforcement is at hand as federal regulators focus their efforts on ferreting out any fraud or abuse of the $1 trillion in COVID-19 relief funding programs through loans, grants and tax credits.
For pharma and bioscience companies, it is imperative to take steps now to limit the risks and consequences of such investigations. Regulatory threats to these companies may be forestalled by quick action to preserve evidence and correct systemic problems.
Increased scrutiny and automatic audit triggers were built into the Coronavirus Aid, Relief and Economic Security Act (CARES Act) and its Paycheck Protection Program (PPP). Congress has also created a Special Inspector General for Pandemic Recovery (SIGPR) to oversee CARES Act funding distribution, and the Department of Justice and Securities and Exchange Commission (SEC) have already begun investigations and fraud prosecutions.
Bioscience and pharma companies must be particularly vigilant about protecting against future SEC enforcement risks. These are highly regulated industries facing an enforcement perfect storm – fast cash, limited guidance and retrospective review. Further, they are at the forefront of the COVID-19 relief efforts, making them prime targets for unscrupulous persons as well as government investigations. There can be no deliberate omission, misrepresentation or falsification of information, or these companies will face potentially severe consequences.
Whistleblowers will not be far behind, and we can expect a plethora of civil actions to accompany these governmental inquiries as well.
Preparation, protection and response are the integral components in a company’s risk planning.
In preparing to meet the challenges that may arise from participating in a particular program, companies should focus on:
- eligibility requirements
- representations made in the application process
- use of the funds
- any required follow-up certifications
Documentation is vital to demonstrate prudent business decisions. This preparation should leverage compliance resources as well as documenting the application/funding process along with the ultimate use of the money.
Senior management should be involved in every critical stage, including an interim internal review. The company’s review must include an assessment of its responses to any complaints and an essential check to preserve documents and information.
Companies that prepare will reduce risk by demonstrating compliance. Protection, therefore, directly correlates with reducing risk.
For example, companies must recognize the interplay between cybersecurity and trade secret protection. Ensuring that corporate best practices are in place for managing and protecting patents and trade secrets will require an inquiry into credible threats to its intellectual property from various sources.
Employees are a first step in the protection process. Critical aspects of the employee lifecycle must be considered to protect the company. Companies should review the on-boarding and exit interview processes to identify issues relating to trade secrets. Remote workforces pose distinct risks and require specific mitigation measures.
Companies should consider using the latest cybersecurity tools to detect both external and internal threats and monitor for misappropriation. Plans to manage risk must also include joint venture partners and vendors, as well as independent contractors.
When a misappropriation occurs – regardless of preparation or protection efforts – certain responses are mandatory. Governance lapses will potentially lead to criminal prosecution, civil litigation and damages.
Companies must anticipate and prepare to be at the mercy of judicial and government priorities. Even the casual observer can see that the future possibly holds decisions regarding criminal or civil enforcement as well as decisions relating to cooperation with government investigations. Regulators will focus on statutes and available forums, for enforcement, and seek to obtain non-monetary relief – TROs and injunctions – and monetary relief. There are different damages approaches, trends, and litigation best practices, including discovery, trial presentation strategies, and coping with COVID-19 challenges. Further, the DOJ will also focus on hackers targeting COVID-19 vaccine researchers.
Ultimately, companies must be poised to protect their intellectual property in a variety of forums.
All public companies should expect SEC scrutiny. Companies must stay current on SEC guidance, and conduct internal audits regarding COVID-19-related disclosures to forestall SEC scrutiny and disruptions. The SEC will likely investigate and bring enforcement actions, and, accordingly, the SEC’s enforcement role in monitoring relief funding must be evaluated.
The SEC’s role in monitoring disclosures around COVID-19 and insider trading will be critical in any analysis. Finally, company insiders must avoid potential insider trading allegations while in possession of material, non-public information.
Pharma and bioscience companies in particular must monitor spending; avoid overlap; and save interim HHS and industry guidance to protect themselves from future SEC enforcement rules.
Preparation, protection and response are crucial components of coping with the coming wave of federal scrutiny any enforcement. Evaluating team knowledge, and ensuring every regulation and guidance is followed are the first steps in safeguarding any company’s future.