Over this two-part blog post series, I have been considering the Stryker Corporation 2018 Foreign Corrupt Practices Act (FCPA) enforcement action brought by the Securities and Exchange Commission (SEC). The company had previously sustained a FCPA enforcement action back in 2013, paying a penalty to the SEC of $3.2 million, together with disgorgement and interest of $9.7 million for a total fine and penalty to the SEC of $12.9. The first FCPA enforcement action involved conduct in multiple countries from 2003 to 2008 and was settled via a Cease and Desist Order(prior Order).

In this second penalty in 2018, the company paid a fine of $7.8 million to the SEC. It was settled via a Cease and Desist Order(Order). It involved conduct from 2010 to 2017, which means that the FCPA violative conduct occurred after Stryker had settled its initial FCPA enforcement action. The bribery schemes involved in this second SEC fine were in several countries including India, Kuwait and China. Each of these bribery schemes provides multiple lessons to be learned by the compliance professional.

In Part I of this series, I considered the facts of the enforcement action, as well Stryker’s sales models involved. Today, I want to look at the specific FCPA violations, the actions which the company engaged in, allowing it to escape with as light a fine and penalty as it did receive, and, finally, the lessons to be learned from each of the three countries where the company fell into FCPA grief.

FCPA Violations

 In India, Stryker was hit with the double whammy of both books and records violations and lack of effective internal controls. Under the books and records, from 2010 through 2015, Stryker’s Indian subsidiary “failed to make and keep complete and accurate books and records that reflected its transactions and disposition of assets. In particular, Stryker India recorded potentially problematic payments to its dealers and to HCPs [health care providers], some of which lacked any supporting documentation reflecting a clear business purpose.” Even when the company did perform a forensic review of the subsidiaries “general ledger for the period 2010 through 2015 found a complete lack of documentation for 144 out of 533 transactions selected as a sample of Stryker India’s highest-risk and most compliance-sensitive accounts. The missing documentation encompassed transactions of nearly every high-risk category, including: consulting payments to HCPs, payments of travel and lodging for HCPs, payments to event organizers, discounts on the price of Stryker products to dealers, commissions awarded to dealers, and marketing expenses.”

In the area of ineffective internal controls the Order stated, “even after the 2012 audits revealed evidence of dealers not complying with Stryker policies — as required by their contracts with Stryker India — and of hospitals requesting invoices with prices higher than the prices that Stryker India had specifically negotiated with such hospitals, Stryker failed to devise and maintain a system of internal accounting controls designed to detect and prevent dealers from engaging in the practice of inflating invoices to certain private hospitals for the sale of Stryker orthopedic products.”

In both China and Kuwait, the company failed in its internal control regime. In China, “Stryker’s failure to vet, approve, train, and monitor its distributors and sub-distributors in China in accordance with the company’s policies, increased the risk of bribery and other improper payments in connection with the sale of Stryker products. Stryker failed to implement its internal accounting controls to detect and prevent the use of these unauthorized sub-distributors in China.” In Kuwait, “Stryker failed to implement its policies to test or otherwise assess whether the Kuwait Distributor was complying with Stryker’s anti-corruption policies.”

The Comeback

How did Stryker make a sufficient comeback from these abject failures even though it had sustained a prior FCPA violation and some of the conduct in this second FCPA enforcement action occurred after the prior Order was entered into in 2014? It apparently started with a robust internal investigation and extensive cooperation with the SEC. However, the company also worked quite diligently to remediate its compliance program.

The Order related a wide range of remedial actions engaged in by Stryker. These included:

• enhanced and updated compliance policies, procedures, and best practices for Stryker India;
• new compliance measures with additional internal controls around (i) the monitoring of Stryker’s relationship with HCPs and indirect sales channels, including dealers and distributors, (ii) reducing the risk of unauthorized business practices in India, and (iii) due diligence of third-parties, including all sales models used by the company;
• increased compliance training of all Stryker India employees and local management, including an FCPA compliance workshop for Stryker India’s leadership team;
• a new centralized system for dealer documentation [Document, Document, and Document] and a modified dealer commission structure which was designed to increase transparency around the payment of commissions to dealers in India;
• compliance audits related to marketing events, event documentation, and employee reimbursements in India; and
• audits of dealers’ and distributors’ business practices in India. Further, Stryker terminated certain senior employees at Stryker India, appointed new leadership to head Stryker India, and sent a notice of termination to the Kuwait Distributor.

The company also “fortified its existing compliance program, which is designed to prevent, detect, and remediate potential misconduct. This program develops, maintains, and implements corporate policies and standard operating procedures setting forth specific due diligence and documentation requirements for relationships with foreign officials, HCPs, consultants, and distributors.”

The fact that Stryker was under a previous FCPA enforcement action (prior Order) may have actually helped it in this situation as it was able to bring the matter to the attention of the SEC and most probably had at least a working relationship with them that allowed it to move swiftly and expeditiously on these remediation elements.

Lessons Learned

The dealer sales model is not one which has previously been the subject of a FCPA enforcement action. It therefore behooves any business using this sales model to study the Stryker FCPA enforcement action. It would have appeared the dealer model was a risk management strategy to protect against the abuses seen in other FCPA enforcement actions involving distributors where the discount granted to the distributor was used as the pot to generate funds for bribery. However, Stryker apparently had not considered the fraud and corruption of the customer in this equation. It is not clear from the Order if the dealer approached the customers with this bribery and fraud scheme or if the customer approached the dealers but the fact pattern makes clear the need for controls around billing by dealers even if the corporate parent sets the pricing.

In Kuwait the bribery scheme was outlandish per diems, which were paid to HCPs when they attended conferences. This is a well-known bribery scheme. But the greater problem for Stryker was that its distributor rejected any attempts to audits its books and records for suspicious or corrupt payments. This is different from having an audit clause and not invoking it. The clear bottom line in this scenario is that if any third-party fails to (1) allow the insertion of an audit clause into your contract or (2) fails to allow an audit, even in the face of a legally existing right to do so; run, don’t walk, away from this third-party.

In China there was a combination of corruption schemes that we have previously seen. The first was to append corrupt sub-distributors to a previously approved distributor. This was close to one of the schemes in the 2018 Panasonic Avionics FCPA enforcement action, there corrupt agents were appended to previously approved agents. A similar scheme involving sub-agents was found in a 2014 Hewlett-Packard FCPA enforcement action. In the Stryker case the company had actual knowledge that the corrupt sub-distributors were being used, as the Order stated, “At times, Stryker China employees worked directly with these unauthorized sub-distributors, and at other times installation records were falsified to hide the involvement of the unauthorized sub-distributors in the sale of Sonopet products.”

When you have business unit employees defrauding the corporate office en masse you have a very big problem. Whether the Chinese business unit employees were instructed to do so by subsidiary management or it was just antipathy for the home office, it portends a much larger cultural problem which may well take some time to remedy.

The second Stryker FCPA enforcement action provides multiple lessons for every compliance practitioner. You should study this and the prior Order so that hopefully your company will not move into the FCPA recidivist category.

[View source.]