Financial relationships between pharma companies, health care professionals/health care organizations and public officials – particularly overseas – present significant enterprise risks. Companies face severe potential sanctions for alleged improper relationships with health care professionals and/or public officials. Sanctions include liability under criminal statutes, like the U.S. Foreign Corrupt Practices Act (FCPA) or criminal health care fraud statute. There are also civil statutes, ones focused on securities and fraud in particular. And a criminal conviction or civil judgment could to exclusion from federal health programs, which can be a “death penalty” for a life sciences company.
With limited resources to police these relationships, prosecutors and regulators have taken a “carrot and stick” approach, attempting to incentivize transparency and self-disclosure in particular to root out bribery or corruption risks that, from their perspective, can affect health outcomes. On the regulatory front, there are affirmative reporting obligations through the Sunshine Act. The Sunshine Act obliges pharma companies to report gifts above US$10 given to health care professionals and organizations.
But no set of compliance measures or regulatory obligations can prevent every potential bad actor from misconduct. This is especially true when dealing with health care professionals outside the United States. So, the U.S. Department of Justice has created a set of incentives to complement regulatory compliance programs through the FCPA Corporate Enforcement Policy “to motivate companies to voluntarily self-disclose FCPA-related misconduct, fully cooperate with the Fraud Section, and, where appropriate, remediate flaws in their controls and compliance programs.” The policy provides a mechanism to self-report any conduct identified by a life sciences company in its relationships with health care professionals throughout the world. It includes a general, but critical, benefit for engaging in all three steps: a potential criminal declination if misconduct is identified and disclosed.
The Potential Risks
Life sciences companies have more touchpoints with government officials than companies in other industries, and this exposes them to more potential FCPA risk. They need their products approved for use in foreign jurisdictions, and that means engaging with government officials for those approvals.
Moreover, life sciences companies conduct numerous clinical trials in countries where the health system is largely nationalized. Again, this results in interactions with scientists and other officials who might be considered foreign officials under the FCPA.
Finally, life science companies often sponsor educational and speaker programs that involve health care professionals, including those associated with public hospitals or government entities. So, those health care professionals might be considered foreign officials under the FCPA, too.
Compounding these multiple touchpoints with government officials is the need to often rely on third parties, such as clinical research organizations or site management organizations. This results in interactions a life sciences company may not fully control. Yet, it may still be liable if the third party engages in misconduct acting on the company’s behalf.
To Disclose or Not Disclose
Recognizing these risks, many companies have spent the last few years enhancing their compliance programs and third-party contracting practices to improve compliance with anti-bribery and corruption laws.
Yet no compliance program is foolproof, and issues will be identified. While the policy emphasizes self-disclosure and cooperation, life sciences companies in particular should consider the following factors as they decide whether to engage DOJ under the program:
- Does self-disclosure in the United States trigger disclosure obligations elsewhere? Seeing the success of the FCPA in the United States, other jurisdictions have passed similar laws and/or are trying to implement programs like the policy. Indeed, some jurisdictions may require mandatory reporting of potential corruption issues.
The company would have to consider disclosure obligations in other jurisdictions. Since life sciences companies typically operate in more countries than companies in other industries, this potential consequence is more acute. And companies must be aware of what level of cooperation they’re legally able to provide depending on jurisdiction. For example, companies may be subject to blocking statutes that ban producing evidence out of China. Or, they may be subject to limits on providing information out of the EU due to the GDPR (or other data privacy regimes).
- What is the true cost-benefit of the self-disclosure? This analysis can cut in two ways. First, while self-disclosure may help a company get a declination, that doesn’t mean it won’t be subject to disgorgement or large civil penalties by the U.S. Securities and Exchange Commission.
Given the ill-gotten gains on some products and the potential time period covered, that amount could be substantial and as burdensome as a significant criminal fine. Further, in other circumstances, self-disclosure may not result in disgorgement. But it might invite an investigation that costs the company far more, including in terms of reputational harm, than the value of the issue being disclosed.
- If, despite fulfilling all the elements of the policy, DOJ pushes for a criminal conviction, it could result in substantial collateral consequences, exposing the company to exclusion.
The Department of Health and Human Services – Office of Inspector General has been taking a more aggressive position on exclusion in recent years. It emphasizes that exclusion is mandatory for criminal convictions involving “fraud, theft, or other financial misconduct.”
Given the books and records violations often triggered by FCPA investigations, mandatory exclusion is a real possibility if a company is forced to accept a criminal conviction related to anti-bribery and corruption.
The increased FCPA enforcement activity and the policy have changed the enforcement environment. They’re designed to encourage self-disclosure, cooperation, and remediation. But, because the risk profiles for life sciences companies are unique, they need to ask themselves a different set of questions.
Gejaa Gobena
Gejaa Gobena is a partner at Hogan Lovells in Washington D.C. Gejaa uses his almost two decades of experience as both a former senior prosecutor and private attorney to help companies and individuals thoughtfully navigate high-stakes investigations and government enforcement actions, particularly in the area of healthcare fraud.