Ted Acosta
Kathleen Meriwether
Operations in emerging markets are particularly liable.
Companies working in emerging markets are facing heightened scrutiny of their operations in many jurisdictions. Each firm’s approach varies based on its experience in the market and with enforcement actions. There are common considerations, however, that are important for all life science companies wrestling with bribery and corruption risks.
Heed Local Laws
While legislations from the Foreign Corrupt Practices and Organization for Economic Co-operation and Development are good baselines, understanding laws of the countries in which the company’s products are sold is key. Strong local antibribery and corruption laws may impact a firm’s policies and demand that new, locally focused policies be created. More relaxed local laws or the absence of such laws may suggest a different attitude by local operations toward transactions with government officials.
Thus analyzing local laws may require expertise in the area of criminal law and applicable penalties as well as recent cases related to bribery and corruption. Certain countries have enacted legislation specific to the life science industry, for example, regulating payments to healthcare providers (HCPs) and marketing expenditures. This type of legislation may not be harmonized across the industry, potentially resulting in different regulations for pharmaceuticals, biotechnology, medical equipment, and medical devices. Therefore, companies may need to consider engaging specialized counsel.
Company-wide compliance principles should be the foundation of general policies and behavior but should allow for local variation with documented approval from legal, compliance, and other parties. Anticorruption policies, in particular, should not be developed in isolation and then pushed down to every location in which the company’s products are sold. These policies should be flexible enough to accommodate stringent local requirements but developed with consideration for a company-wide culture, business model, sales prospects, customer base, sales regulations, and code of conduct (to the extent necessary to address the primary legal requirements).
Don’t Forget Third Parties
Life science companies may contract with a variety of third parties beyond distribution and sales intermediaries, such as travel agents, event planners, or consultants. Since third parties operate on a company’s behalf, they can create liability for the firm. As a result, it is important for company leaders to have a clear view of where and why third parties are used, who these contractors are, and what compliance and auditing provisions are included in their contracts. This requires that the firm obtains information about third-party contracts from the local markets and understands competitors’ activities, their use of third-parties, the business environment, and potential pressures in the market.
Companies must also perform due diligence for each third party to assess:
• the purpose for creating the relationship with the third party,
• the background of the company and its owners/employees,
• whether key employees or officers have ties to government entities,
• its financial stability and compensation model,
• which individual(s) within the company manage the third-party relationship,
• the services performed by the third party, including promotional and research activities,
• the nature and extent of the third party’s internal compliance programs,
• whether contracts include audit rights or requirements for third-party employees to receive training related to corruption and bribery, and
• whether third parties are permitted to subcontract work.
These procedures are also applicable when performing due diligence for acquisitions. In addition to general compliance risks, third parties could present issues that result in assumption of liability by the acquiring entity and the corresponding impact on the transaction price.
Effective Training Goes a Long Way
Most life science companies have developed training regarding their policies or codes of conduct. Findings from compliance assessments often indicate, however, that the policies and the spirit in which they were created are not understood by individuals in local markets. To increase the effectiveness of training, efforts should be made to ensure that the training:
• is presented in the local language,
• includes the support of local management,
• presents realistic case studies or examples,
• creates opportunities to interact or ask questions,
• includes aids for sales professionals and others to assist them in implementing the policies, and
• is offered on a regular basis and is part of the new employee training.
Follow-up training should be offered periodically, especially when there are changes to policies or local regulations and when audits or compliance assessments indicate significant compliance deficiencies.
Training should be extended not only to sales professionals but also members of management who interact with local government officials for business permits or other issues. Finance and accounting professionals responsible for recording transactions also should receive training. Additionally, it may be necessary to develop or present training to third parties, so they understand their obligations when working on behalf of the company.
Don’t Be Afraid to Revise Policies
The best policies on paper may not translate into effective controls in the field, particularly in emerging markets where a full complement of personnel and a robust control structure may not yet exist. Using a combination of risk-assessment tools like Transparency International’s Corruption Perception Index, internal audit findings, hotline calls, and other inputs, companies should select both high-risk and a number of other operations at random to assess effectiveness of the programs. This may include, for example, reviewing transaction documentation, understanding the nature and extent of employee or third-party interactions with HCPs, reviewing the resolution of previously raised compliance or audit issues, and meeting with employees or third parties to obtain their perceptions and understanding of the policies and training.
Specialized software may be useful for more frequent transaction monitoring to identify unusual trends or transactions that may warrant follow-up by compliance or internal audit. Assessments and transaction monitoring may result in policy changes to make them more realistic and responsive to the needs of individuals interacting with HCPs and other foreign government officials on a frequent basis.
Plan for the Worst
While one of the goals of an effective compliance program is to minimize the likelihood of investigations, regulatory inquiries, or other complaints that can increase financial or reputation risk, dealing with such matters is unavoidable. In preparation, companies should have a clearly defined incident response protocol that includes means for soliciting, receiving, and triaging notices or complaints. A core multidisciplinary investigation team that may include members of legal, compliance, internal audit, human resources, and IT should also be ready.
Outside counsel and forensic consultants may be necessary in particular circumstances. Potential compliance issues will need to be investigated, and findings reported to appropriate compliance, financial, legal, governance, board, or other relevant groups. The response plan should be reviewed at least semiannually to ensure contacts are up to date and to refine the plan based on lessons learned from previous investigations or other response efforts.
Ted Acosta ([email protected]) is principal, fraud investigation & dispute services, and Kathleen Meriwether ([email protected]) is principal, health sciences, fraud investigation & dispute services at Ernst & Young. The views expressed herein are those of the authors and do not necessarily reflect the views of Ernst & Young.