The Grim Reaper, GlaxoSmithKline And The Death Knell For The Compliance Defense

by Thomas Fox

The addition of a compliance defense has raised its head again in the Foreign Corrupt Practices Act (FCPA) commentariat. In a post on the FCPA Blog by Philip Fitzgerald, entitled “From Europe, the case for an FCPA good-faith defense”, Fitzgerald posits that enforcement of foreign bribery in the US is effective under the FCPA because such enforcement is aided by the doctrine of respondeat superior. Fitzgerald then argues that a good-faith compliance defense has been considered for some time as a potential counterweight to respondeat superior. The reason being that if companies had incentives for effective compliance programs and were “accused of violating the FCPA could mount a defense based on their efforts to prevent the bribery are evident. Corporations accused of violating the FCPA would have access to courts and jury trials to contest and challenge FCPA allegations, would probably be encouraged to discover and self-report overseas bribery, and may not feel compelled to enter into settlements with enforcement agencies that can prejudice the rights of both the organizations and their employees.”

Here is the problem with that argument. It apparently makes no difference what the incentives will be for a company to put a compliance program in place. For even if you have a compliance program it still has to be effective. Last year this was driven home by Wal-Mart and its allegations of wide spread bribery and corruption in its Mexico subsidiary. This year we have GlaxoSmithKline PLC (GSK) running amok with allegations that it engaged in bribery and corruption in its Chinese operations.

GSK Prior Enforcement Action

All of the above is pretty eye popping in and of itself. But consider the following about GSK, a little over one year ago, in July of 2012; GSK pled guilty and paid $3 billion to resolve fraud allegations and failure to report safety data in what the US Department of Justice (DOJ) called the “largest health care fraud settlement in U.S. history” according to its press release. The DOJ press release went on to state that “GSK agreed to plead guilty and to pay $3 billion to resolve its criminal and civil liability arising from the company’s unlawful promotion of certain prescription drugs, its failure to report certain safety data, and its civil liability for alleged false price reporting practices.” The press release noted that the resolution was the largest health care fraud settlement in US history and the largest payment ever by a drug company for legal violations.

You would think that any company which has paid $3 billion in fines and penalties for fraudulent actions would take all steps possible not to engage in bribery and corruption. Indeed as part of the settlement GSK agreed to a Corporate Integrity Agreement (CIA). This CIA not only applied to the specific pharmaceutical regulations that GSK violated but all of the GSK compliance obligations, including the FCPA.

In addition to requiring a full and complete compliance program, the CIA specified that the company would have a Compliance Committee, inclusive of the Compliance Officer and other members of senior management necessary to meet the requirements of this CIA, whose job was to oversee full implementation of the CIA and all compliance functions at the company. These additional functions required Deputy Compliance Officers for each commercial business unit, Integrity Champions within each business unit and management accountability and certifications from each business unit. Training of GSK employees was specified. Further, there was detail down to specifically state that all compliance obligations applied to “contractors, subcontractors, agents and other persons (including, but not limited to, third party vendors)”.

GSK’s Code of Conduct (entitled “One Company One Approach”) states quite clearly, “The GSK attitude towards corruption in all its forms is simple: it is one of zero tolerance, whether committed by GSK employees, officers, complementary workforce or third parties acting for or on behalf of the company. Accordingly, we must never make, offer to make, or authorise any improper payments or provide anything of value to any individual, or at the request of any individual, for the purpose of influencing, inducing or rewarding any act, omission or decision to secure an improper advantage, or obtain and retain business.”

In its Code of Practice for Promotions and Customer Interactions, there is a detailed procedure laid out for any sponsorship of a corporate event, conference or travel. This procedure requires that “The Scientific Engagement Operating Practice “Congress Sponsorships” must be followed for sponsorships of scientific and medical congresses (conferences) at international and local (country) levels”. Further, if there is a grant a specific procedure must be followed.

The company has a Third Party Code of Conduct, which states:

Third Parties shall conduct their business in an ethical manner and act with integrity. The ethics elements include the following statement:

  1. Business Integrity, Reputation and Fair Competition

Corruption, extortion and embezzlement are prohibited. Third Parties shall not pay or accept bribes or participate in other illegal inducements in business or government relationships.

Third Parties should never communicate externally about GSK’s prospects, performance or policies nor disclose inside Information which would affect the price of GSK securities without proper authority. Third Parties are forbidden from making any public posting of confidential or proprietary information related to any aspect of GSK’s business.

Third Parties shall conduct their business consistent with fair and vigorous competition and in compliance with all applicable anti-trust laws. Third Parties must strictly adhere to the letter and spirit of the Competition laws in all jurisdictions. Third Parties shall employ fair business practices including accurate and truthful advertising.

According to the GSK Code of Conduct, all of this is to be backed up by “a Global Ethics & Compliance team which is responsible for providing oversight and guidance to ensure compliance with applicable laws, regulations, and company policies, as well as fostering a positive, ethical work environment for all employees.” The Code of Conduct also states that “GSK has an active system of internal management controls to identify company risks, issues and incidents with appropriate corrective actions taken. Our Risk Management and Compliance Policy provides the framework for these internal controls, to ensure significant risks are escalated to the proper levels of senior management.”

Frankly I do not know how much clearer a company can state that we will not engage in bribery and corruption. But the problem for GSK seems to be that none of the above was effective because the company did not follow its own stated protocols.

The Uselessness of a Compliance Defense

So how does all of this portend the end of efforts to add a compliance defense to the FCPA? As stated in its Code of Conduct, “The GSK attitude towards corruption in all its forms is simple: it is one of zero tolerance.” What do you think a compliance defense would do for GSK about now? GSK prided itself on its world-wide FCPA anti-corruption compliance program. It even said it would do so in settlement documents with the DOJ. The claim that companies would act more ethically and in compliance if they could rely on a compliance defense would seem to be negated by facts reported about GSK. Do these facts seem like a rogue employee or even junta of rogue China subsidiary employees going off on their own? Whatever your thoughts on that question may be, it certainly appears that having a best practices compliance program did not lead to GSK doing business more ethically. And what if GSK’s corporate headquarters in London was not involved in any illegal conduct or were even kept in the dark by GSK China? What does that say about having a robust compliance program?

Amending the FCPA to protect corporate headquarters in the US from liability under the doctrine of Respondeat Superior? At this point, I do not think that anyone can argue with anything close to a straight face that this problem was exclusive to China. The corporate parent received the benefits from any profits made due to the bribery so it is difficult to image why a corporation should not be a part of any enforcement action. I suspect that both the DOJ and the UK Serious Fraud Office (SFO) will be asking the dreaded “Where Else” question about now.

GSK actually had knowledge of the allegations against it, through an internal company whistleblower. The whistleblower sent the allegations to the corporate headquarters back in January. However, just few days before the Chinese government detained the GSK employees, the company announced that it had found no evidence of any bribery or corruption. However, WSJ reporter Laurie Burkitt reviewed some internal GSK documents and, in an article entitled “China Accuses Glaxco of Bribes”, wrote that “Emails and documents reviewed by the Journal discuss a marketing strategy for Botox that targeted 48 doctors and planned to reward them with either a percentage of the cash value of the prescription or educational credits, based on the number of prescriptions the doctors made. This strategy even had a code name, which was ‘Vasily’ borrowing its name from Vasily Zaytsev, a noted Russian sniper during World War II, according to a 2013 PowerPoint presentation reviewed by the Journal.”

Burkitt reported in her article that “A Glaxo spokesman has said the company probed the ‘Vasily’ program and “[the] investigation has found that while the proposal didn’t contain anything untoward, the program was never implemented.”” But from my experience, if you have a bribery scheme that has its own code name, even if you never implemented that scheme, it probably means that the propensity for such is pervasive throughout the system.

The GSK tale drives home the point that having a compliance program is useless unless it is effective. Further, it is clear that by putting such an affirmative defense in place, companies may well go the paper compliance defense route and not dedicated the time and resources to make it effective. So whether you were pro or anti-compliance defense, I think that GSK is a stand-in for the Grim Reaper and what the matter will portend in this brave new world of anti-bribery and anti-corruption enforcement.

Written by:

Thomas Fox

Compliance Evangelist on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.