Medical Device Companies: Testing FCPA Compliance Program Effectiveness In Emerging Markets

Medical device companies that do business in emerging markets face the prospect of great reward as well as great risk. Increasingly, one of the major risks is exposure to the U.S. Foreign Corrupt Practices Act ("FCPA") and similar international anti-bribery laws and regulations. A key to mitigating this risk is to have a strong anti-corruption compliance program. This article describes some of the challenges that medical device companies face in emerging markets and provides practices to ensure that their anti-bribery compliance programs are robust and effective.

The FCPA And Its Reach

The FCPA prohibits corrupt payments to foreign government officials - directly or through intermediaries - for the purpose of retaining or obtaining business. In addition, the FCPA amended the U.S. Securities and Exchange Act of 1934 to require U.S. issuers to maintain accurate books and records and reasonable accounting controls. Corrupt payments to any foreign government official, regardless of rank or position, fall under the FCPA. Foreign officials include officers and employees of government-owned or -controlled commercial enterprises and officials of public international organizations.

The FCPA applies globally to U.S. persons and companies; to any stockholder, officer, director, employee, or agent of a U.S. company; to any U.S. or foreign company that has a class of securities registered on a U.S. securities exchange; and to anyone who acts in furtherance of a corrupt payment in the United States. It is enforced by the U.S. Department of Justice ("DOJ") and the Securities and Exchange Commission ("SEC") and can lead to criminal and civil penalties (including disgorgement of profits). Of specific note to medical device companies, the DOJ has stated publicly that it intends to increase its FCPA enforcement efforts with respect to the medical device and pharmaceutical industries.

The FCPA prohibits both direct and indirect improper payments. In this regard, the FCPA prohibits knowingly engaging in prohibited conduct through a third party, including consultants, contractors, joint venture partners, subsidiaries, or other business associates. Although the FCPA contains an exception for facilitating payments for expediting or securing the performance of routine governmental action such as obtaining permits, licenses, or other official documents, many anti-bribery provisions in other countries (including the recently enacted UK Anti-Bribery Act) prohibit such payments.

Heightened Corruption Risk In Emerging Markets

As medical device companies expand into emerging markets for activities such as product sales, product registration, clinical trials, and manufacturing, their exposure to FCPA-related enforcement increases. One of the biggest threats to the enormous growth opportunities in emerging markets is corruption. For example, Transparency International's Corruption Perception Index 2010 scores emerging market economies such as Brazil, China, India, Mexico, Egypt, Indonesia, Turkey, Philippines and Russia below 5 on a scale from 10 (very clean) to 0 (highly corrupt), which indicates a perception of a serious corruption problem in those important markets.

The structure of the healthcare systems in emerging markets contributes significantly to the FCPA risk in those markets. Many emerging market healthcare systems are government-managed, and in some countries hospitals are government-owned or -controlled. In addition, medical device companies may interact with government bodies such as certification, pricing and reimbursement authorities, as well as collaborate on a regular, even day-to-day, basis with healthcare professionals. Healthcare professionals may be invited to medical device education and training programs, granted financial support to organize scientific conferences, and engaged for services during the development of devices. Healthcare professionals who work at publicly owned hospitals are government employees, providing healthcare services in their official capacities, and the U.S. authorities have interpreted them to be "foreign officials" under the FCPA. In this environment, any payment to a healthcare professional or government official that could corruptly influence his or her actions in order to further a medical device company's business can subject such company to FCPA-related sanctions.

The manner of market entry in emerging markets also can lead to heightened FCPA risk. Entry into emerging markets may be best achieved (and in some markets may be required) through the participation of a local partner as a joint venture partner, a distributor, or an agent. The participation of local partners who may lack knowledge of global anti-corruption regimes or may have grown up without U.S.-standard compliance policies and practices substantially contributes to risk.

Elements Of An Effective Compliance Program

To mitigate this anti-corruption enforcement risk, it is critical that medical device companies have a robust and effective anti-bribery compliance program in place. Various standards have been identified for measuring the effectiveness of a company's compliance efforts, including those issued by the U.S. Sentencing Commission, the British Ministry of Justice, and the Organization for Economic Cooperation and Development (OECD). Fortunately, these (and other) standards contain significant overlap, often including the following primary elements:

• Implementing written policies and procedures;

• Establishing a compliance function;

• Conducting effective training and education;

• Developing effective lines of communication;

• Conducting internal monitoring and auditing;

• Effective enforcement of standards; and

• Prompt remediation when necessary.

Both the DOJ and SEC have stated that the existence of an effective FCPA compliance program can mitigate the consequences of an FCPA violation, while the failure to implement an effective program is viewed negatively.

Testing The Effectiveness Of Your Compliance Program

Medical device companies should be proactive and subject their compliance programs to rigorous, risk-based internal monitoring and auditing. This is especially important in emerging markets, where the potential for FCPA violations is high and resources to fight corruption are limited. To ensure that compliance programs are working properly, medical device companies should test not only for weaknesses in their programs but also for ineffiencies in their compliance procedures or system applications. The scope and frequency of testing should be based on the degree of risk to the organization from non-compliance. As such, companies should consider taking the following specific steps to test and review their FCPA compliance programs:

1. Preliminary Risk Assessment Reviews

An effective initial step is to conduct a preliminary FCPA risk assessment and develop specific action-based plans for any emerging market prior to entering the market. This could include focused research on agencies prone to corruption as well as due diligence on potential business partners. Such tests allow medical device companies to assess preliminarily whether they have standard or recommended compliance measures in place and what compliance measures might be instituted at the outset to limit risk.

2. Ongoing Risk Assessment Reviews / Internal Audits

After market entry, companies should continue to conduct focused FCPA risk assessments and compliance function audits on a regular basis. The frequency of these reviews will depend on the number of markets in which a company operates but should pay special attention to high-risk countries or business lines. These reviews can determine whether particular transactions have been reviewed against governance requirements and whether documented procedures are being followed. In addition, they can confirm the extent to which a company's internal investigations have been completed and tracked.

Companies should consider subjecting high-risk business units and markets to an ongoing risk assessment review/audit at least once every three years. Among other things, these ongoing reviews/audits should focus on the following:

• Standard operating procedures and policies regarding FCPA compliance, procurement, and travel and expenses;

• Approval forms relating to gifts, hospitality and entertainment, educational grants, charitable contributions, business donations, corporate sponsorships, political contributions, domestic/international meetings, consultant engagements, third-party transactions, and clinical trials;

• Arrangements with customers, healthcare professionals, distributors, and agents (e.g. proof of performance, sales discounts, specific clauses in key agreements, fair market value performance, etc.);

• Local training materials, including proof that training was completed; and

• Local legal opinions relating to anti-corruption compliance.

3. FCPA Trend Analysis

An internal analysis of trends in FCPA compliance is an important tool that should be prepared, updated and reviewed on a regular basis. It can either highlight the effectiveness of a company's compliance program or indicate potential problems. In preparing this trend analysis, companies should consider reviewing a sample of transactions in the following categories:

• Payments to government officials or to third parties who interact with government officials;

• Travel and expense reports (including supporting documentation);

• International meetings and site visits;

• Educational/research grants; and

• Charitable/political contributions.

4. Targeted FCPA Training

Employees in high-risk locations should receive detailed policy and procedure training on a priority basis. The procedures should include viable systems to achieve compliance, including systems for the monitoring, auditing, and reporting of suspected FCPA misconduct without fear of reprisal. If possible, this training should be conducted in the local language and in person as opposed to videoconference or online module. The back-and-forth dialogue between the trainers and the employees in the local markets is one of the most effective ways to determine whether any FCPA compliance gaps exist, particularly with respect to policy and procedure implementation.


FCPA enforcement does not show signs of easing over the coming years. New foreign and international anti-bribery laws and regulations such as the UK Anti-Bribery Act, which addresses both bribery of foreign government officials and overseas private corruption, demand special attention. In addition, there is increasing cooperation between enforcement authorities throughout the world, including in emerging market economies such as China and India. Moreover, the DOJ has said repeatedly that the healthcare industry is a focus of its enforcement efforts. It is therefore important for medical device companies to have an effective compliance program in place and to test it regularly to ensure that it is adequate and effective.

Published October 4, 2011.