A Playbook for FCPA and Anti-Bribery Compliance Training & Communication



Similar documents
Library Guide: HIPAA

LIBRARY GUIDE: Pharmaceutical Sales & Marketing

FCPA 10 Hallmarks Self- Assessment

A Quality and Compliance Training Road Map for Emerging FDA-Regulated Companies

LIBRARY GUIDE: Medical Device Sales & Marketing

Top Seven Risks to Consider When Selecting a Life Science LMS

Simplify the Complexity of Managing 3rd Party Anti-Bribery / FCPA Compliance

Best Practices for Deploying a Learning Management System

Making SOP Training More Effective

Custom Course Development Services

Clinical Training Management

Using Training Data to Drive Up Quality Metrics SURVEY OF QUALITY ASSURANCE EXECUTIVES

Learning Management System Evaluation Guide

APEC General Elements of Effective Voluntary Corporate Compliance Programs

A Model for Training/Qualification Record Validation within the Talent Management System

FCPA and International Compliance

The SaaS LMS and Total Cost of Ownership in FDA-Regulated Companies

TRANSNATIONAL JOINT VENTURES. & the importance of fcpa compliance

Foreign business partners under the FCPA

ANTI-BRIBERY AND FOREIGN CORRUPT PRACTICES ACT COMPLIANCE POLICY

DIGITAL RIVER, INC. FOREIGN CORRUPT PRACTICES ACT AND ANTI-BRIBERY POLICY. (Adopted by resolution of the Board of Directors on December 1, 2011)

ComplianceWire COMPLIANCE MANAGEMENT FOR LIFE SCIENCE ORGANIZATIONS

The Fraud Section's Foreign Corrupt Practices Act Enforcement Plan and Guidancel

International Trade and Government Regulation practice in the Washington, DC office of Dechert LLP.

Guidance from the FCPA Experience Building an Effective Approach to the UK Bribery Act

FRANCHISORS AND FRANCHISEES: UNDERSTANDING COMPLIANCE RISKS

Model Anti-Bribery Policy/FCPA Version

Fraud-Related Compliance

The ITAR and the FCPA: What You Disclose May Hurt You. October 7, 2014

2016 The global ABB integrity program.

Anti-Money Laundering controls in Mergers & Acquisitions

ANTI-CORRUPTION AND ANTI-BRIBERY POLICY

ComplianceWire COMPREHENSIVE TRAINING SOLUTIONS FOR OPERATIONALLY EXCELLENT ORGANIZATIONS

FCPA: DOJ and SEC Guidance (Part 2) Parent-Subsidiary and Successor Liability

PROTIVITI FLASH REPORT

The Latest Wave of Securities Enforcement Actions And What To Do About It

How CMOs are Turning Their Training Programs into Market Differentiators

LAUREATE ANTI-CORRUPTION POLICY

FOREIGN CORRUPT PRACTICES ACT COMPLIANCE POLICY

Fraud-Related Compliance

BUSINESS PRINCIPLES FOR COUNTERING BRIBERY A MULTI-STAKEHOLDER INITIATIVE LED BY TRANSPARENCY INTERNATIONAL

COMPETITION TRIGGERS BATTLE FOR TALENT AND ACQUISITIONS

Fraud Risk Management Procedures

Fifth annual survey. Look before you leap Navigating risks in emerging markets

Continental Airlines Compliance Guidelines for Suppliers

Introduction to the U.S. Foreign Corrupt Practices Act

FCPA COMPLIANCE: THE BENEFITS OF AUTOMATING THIRD-PARTY DUE DILIGENCE

How To Know If You Can Get A Job At A Company

1-2 Corporate Compliance Practice Guide Corporate Compliance Practice Guide

COMPLIANCE: THE NEW INTERNATIONAL LAW

In the context of acquiring a foreign company, successor

The Foreign Corrupt Practices Act, the Anti-Kickback Statute, and Healthcare Fraud Enforcement. Anti-Bribery Provisions

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

{>> Foreign Corrupt Practices Act //]

LIBRARY GUIDE: Clinical Medical Device

The DOJ/SEC Resource Guide on the FCPA: Considerations for Government Contractors

ANTI BRIBERY AND FOREIGN CORRUPT PRACTICES ACT COMPLIANCE POLICY

Global Compliance Audit

CC255 C O R P O R A T E. Altus FCPA Policy. Last revised: 12 October 2010

Compliance Requirements for Healthcare Carriers

CARDINAL RESOURCES LLC INTRODUCTION

INTEGRITY IN ACTION - HEALTH CARE COMPLIANCE

IT Insights. Managing Third Party Technology Risk

II. Compliance Examinations - Compliance Management System. Compliance Management System. Introduction. Board of Directors and Management Oversight

INSIDER TRADING POLICY

Samsung Engineering Co., Ltd.

LANTHEUS HOLDINGS, INC. Foreign Corrupt Practices Act and Anti-Bribery Compliance Policy

PHI Air Medical, L.L.C. Compliance Plan

PMS 288 Blue or CMYK = C100-M85-Y0-C43 PMS 1255 Ochre / Yellow or CMYK = C0-M35-Y85-C30. Tax Compliance Services

COMPLIANCE MANAGEMENT SYSTEM

HILLENBRAND, INC. AND SUBSIDIARIES. Global Anti-Corruption Policy Statement and Compliance Guide

M&A in 2015: Successor Liability Under the FCPA. Norton Rose Fulbright US LLP Thursday, February 26, 2015

FCPA and Anti-Corruption in Latin America

Transcription:

A Playbook for FCPA and Anti-Bribery Compliance Training & Communication

Training & Communication By Ellen Leinfuss, SVP, Life Science, UL EduNeering The list of anti-corruption laws, regulations and guidance faced by global Life Science companies is daunting even for the most disciplined organization. Given the industry s primary business model of international markets, global production sites and cross-border supply chains, global companies will come under the jurisdiction of national, multi-lateral and international laws and regulations. Despite the emergence of new anti-bribery laws by countries including the United Kingdom, the US FCPA (Foreign Corrupt Policies Act) remains the world s most aggressively enforced anti-corruption legislation. In 2012, the government s prosecution of the health care industry returned a record $7.2 billion in penalties, disgorgements and related payments. Enforcement actions in 2012 also established Non-Prosecution Agreements (NPAs), Deferred Prosecution Agreements (DPAs) as the standard for DOJ to resolve FCPA cases against corporations. A review of global anti-bribery enforcement trends, along with our hands-on experience in the industry, point to four distinct cautions and risk mitigation actions for global health care covered in this paper. Page 2

Learn Before You FALL Despite the government s growing appetite to resolve FCPA cases through DPAs, NPAs or Declinations, none of these options are automatic or guaranteed. DOJ wants to see corporate action before it makes its final decision. Explained Lanny Breuer, former Assistant Attorney General, if companies want to avoid pleading guilty or to convince us to forego bringing a case altogether, they must prove to us that they are serious about compliance. Our prosecutors are sophisticated. They know the difference between a real compliance program and a make-believe one. DOJ s expectations in allowing a DPA or NPA are expressed in the Hallmarks of Effective Compliance contained in the joint DOJ/SEC FCPA Resource Guide (see page 7). As a practical application, the recent Pfizer DPA identified several factors that DOJ considered in evaluating its enforcement decision. Two of the most significant were Pfizer s extensive (and already in progress) remedial actions to its global anti-corruption compliance procedures Key topics and its agreement to maintain a consistent anti-corruption compliance program for all of its subsidiaries worldwide. Those actions convinced DOJ to impose a financial penalty 34% under the minimum recommended amount set by the US Sentencing Guidelines. While the Hallmarks and recent agreements provide insight into the thinking of DOJ and SEC on DPAs and NPAs, there has been no practical guidance about the government s expectations in considering declination. However, the Resource Guide offers some help in six hypothetical examples of declination. Those examples highlight corporate actions that would play into a declination decision: voluntary reporting of FCPA red flags following internal investigations; termination of a supplier relationship and employees involved after a company learned of bribes; reorganization of the compliance department including appointment of a compliance officer dedicated specifically to anti-corruption; improved training programs; and review of third party relationships. Action Plan: We strongly recommend that companies review recent DPAs, NPAs and the Resource Guide s examples of declinations to clarify the expectations of DOJ, SEC and other enforcement agencies. These resources confirm that the agencies expectations have consistently ratcheted up over the years. An understanding of current expectations is essential for companies to examine their own programs and address any inadequacies. Our review of recent enforcement actions point to requirements including: Anti-corruption due diligence, training and policy tracking for all directors, officers, employees, agents consultants and other third parties as soon as practical after a merger, acquisition or joint-venture action; Requirements that all third party distributors, agents, brokers and other third parties regardless of location or corporate relationship take training that includes an assessment of their understanding of the laws and obligations of representatives of the company; Continual self-assessment and internal audit, as opposed to external (imposed by DOJ) monitors; Demonstration that all training and communications are conducted in the employees native tongue and aligned to their business roles in the company. Page 3

One Size Does Not Fit All No single template will mitigate every company s FCPA risks or satisfy every company s compliance responsibilities. Agency officials and the FCPA Guide are consistent and unequivocal in that one-size-fits-all compliance programs are generally ill-conceived and ineffective because resources inevitably are spread too thin, with too much focus on low-risk markets and transactions to the detriment of high-risk areas. Risk assessment is the basis of any effective program, incorporating factors including corporate size and structure, pursuit of acquisitions and mergers, product lines, supply chains and reliance on third party entities or joint venture partners, locations of operations, and likely interactions with foreign government officials. One of the first lines of investigation is the potential for corruption in locations where the company, including its subsidiaries and relevant third parties. International organizations including Transparency International (transparency. org/cpi2012/results) regularly publish listings of the corruption risks and conditions in individual countries, enabling companies to anticipate risks and proactively address them in location-specific operations. DOJ s expectation for individualized, risk-specific compliance is especially important in FCPA training and education. The value of training is defined by its effectiveness, not the number of hours it consumes. To be effective, it must be timely, relevant and responsive to the current knowledge needs and risks of individual audiences. We often see companies launch extensive horizontal training across all operations and value chain members. Unfortunately, those same companies may not implement an equally vigorous vertical program that targets the diverse knowledge needs of employees at different corporate levels. Recent governmental scrutiny of corporate officers points to the need for role-specific education tailored for the unique needs of this group of corporate leaders. Enforcement actions in recent years have also exposed corporate vulnerability to the actions of department heads, managers and supervisors in the corporate organization and in third party entities. Action Plan: Companies with long-established training programs can fall victim to false security. We recommend that you mold your company s compliance and training programs around the lessons contained in DPAs, NPAs and the Resource Guide. Ensure that compliance is integrated into all business functions, especially financial functions related to subcontractor oversight, supply chain management, mergers and acquisitions, facility expansion, market entry and corporate restructuring. Retain a third party auditor to ensure that the risks identified through internal investigation are current and accurate. Examine well-established components of the compliance program for obsolescence or unresponsiveness to the risks exposed through assessment. Companies should use the power of technology to identify knowledge needs through surveys and interactive systems, followed by automatic assignment and delivery of training based on the identified needs. The diagram shows the use of SmartForms to automatically assign training or remediation based on an individual s risk category. Low Risk No Training Required... Employees and Contractors ComplianceWire General FCPA Awareness Activity and Risk Assessment Medium Risk Assign FCPA Training High Risk Notify Chief Compliance Officer Page 4

Global Program, LoCAL Delivery Effective compliance is driven on multiple levels, flowing downward from the executive suite that sets corporate commitment to a culture of compliance. The Chief Compliance Officer is tasked with providing the leadership in crafting and implementing a program that meets all regulatory requirements while translating the corporate policy into action throughout the organization. Notwithstanding the importance of those elements, stickiness of the message, the program and the required knowledge occurs closer to the individual, driven by direct managers and supervisors. Two strategies converge to make a program effective in daily practice. First, the policy and program must be integrated into all business functions, departments, locations and operations. At last year s DOJ-sponsored Pharmaceutical Compliance Roundtable, participants overwhelmingly agreed that integration of compliance into a company s broader business operations greatly enhanced the effectiveness of the program. Second, the compliance program should be managed by compliance managers who collaborate with local directors and managers, ensuring that the compliance message is relevant to each location s risks, employees, operations and laws. Action Plan: To establish and maintain a culture of compliance across a diverse enterprise, we recommend a blending of top-down policy setting with business-level program execution. Policies around Code of Conduct elements such as anti-bribery, conflicts of interest, privacy, FCPA and general interactions with health care providers are best set at the corporate level. Training and communications should be developed and tracked globally using a uniform methodology and format. But to maximize field- and business-level understanding and buy-in, we recommend compliance agents from within the local business to adapt the corporate compliance message to the risks, issues and operations of that region. Appropriate language, cultural examples and case studies should be used to reinforce the local message. Role-based training that highlights local situations and risks consistently deliver high levels of comprehension, retention and application. The diagram depicts our top-down, role-based training and communications approach, used to plan and automate relevant content, targeted to an individual s job role, responsibilities and risk. LEVELS: COMPANY COUNTRY DEPARTMENT ROLE CONTENT: Code of Conduct Privacy, Anti-Bribery Laws Sales vs. Service Interactions with HCPs Interactions with Vendors and/or Referral Sources Page 5

Keep the MeSSAGe Top of Mind Companies spend tens of millions of dollars to roll out new products. They employ multiple modalities television, websites, social media, mobile apps, games, coupons and sales and drive a consistent message: buy me, use me, stay loyal to me. Repeating the message in multiple forms pays off. Studies show that exposing consumers a second time can increase product recognition by nearly 30%; a third exposure boosts that recognition to nearly 100%. How well do companies sell their all-important compliance message to their own organizations? Not well in many cases. Selling compliance requires more than a one-shot email, dried-out PowerPoint presentation or five-year old Code of Conduct. Companies can take a cue from their own advertising campaigns and successful marketers to sell the message of compliance and performance throughout their organizations by borrowing from other industries and approaches. Plan and execute your compliance program as if it were a marketing campaign and make sure that compliance messaging is continually renewed and reinforced to keep it relevant, engaging and responsive to the evolving risks confronting the company. Action Plan: Compliance messaging should be delivered by executive, senior, business unit, regional and local managers throughout the year at events ranging from annual sales meetings to routine sales representative review sessions and ride-alongs. Plan a launch strategy for the company s compliance program. Update the Code of Conduct, using technology to drive interest and provide round-the-clock access for reference. Use multiple modalities tailored to each unique audience, language and business function. Reinforce the message consistently through short reminders such as clips on the company s internal TV network, posters in the corridors, newsletters and periodic email or text messages. Use games, contests and performance reviews that include reports of possible wrongdoing to encourage the right behaviors. Use the creativity of employees to develop new communications tools. Employ situation/solution examples from inside and outside the Life Science industry, using them as starting points for employees to share responses and discuss the advantages and disadvantages of each response. Tailor the messaging and tools for local audiences, not only through simple translation but through role-based training, scenario-based presentation, communications channels unique to each local operation and local people selling the story. If the message does not stay fresh, employees cannot be expected to believe it is timely, relevant and important. CHANNEL FREQUENCY RESPONSIBILIITY Company Newsletter Email Compliance Intranet Site Regional Mgrs Meetings Ethics and Compliance Team Meetings Ethics Report Key Dept. Heads Bi-weekly Ongoing, as needed Updated monthly Quarterly Monthly Updated quarterly Ongoing Corporate communications IT Compliance office Functionspecific Compliance office Corporate communications Direct Sales Meetings Yearly Sales management Example Compliance Communications Program Plan Page 6

End Note The Resource Guide affirms that compliance programs must evolve. Organizations that consistently comply with FCPA and other regulatory requirements understand that compliance requires continual improvement. Companies should regularly review their compliance programs, test internal controls to ensure they are working properly, and update elements when necessary. Hallmarks of Effective Compliance: fcpa Resource Guide In the November, 2012 FCPA Resource Guide, the US DOJ and the SEC set out the 10 Hallmarks for an effective anti-corruption compliance program. They caution that compliance programs that employ a check the box approach may be inefficient and, more importantly, ineffective. The Guide notes that a company s compliance program if designed carefully, implemented earnestly and enforced fairly will allow the company generally to prevent violations, detect those that do occur and remediate them promptly and appropriately. The Hallmarks of Effective Compliance are: 1. Commitment from senior management and a clearly articulated policy against corruption. 2. Code of Conduct and compliance policies and procedures. 3. Oversight, autonomy and resources. 4. Risk assessment. 5. Training and continuing advice. 6. Incentives and disciplinary measures. 7. Third party due diligence and payments. 8. Confidential reporting and internal investigations. 9. Continuous improvement: Periodic testing and review. 10. Mergers and acquisitions: Pre-acquisition due diligence and post-acquisition integration. Page 7

About UL EduNeering UL EduNeering is a business line within UL Life & Health s Business Unit. UL is a global independent safety science company offering expertise across five key strategic businesses: Life & Health, Product Safety, Environment, Verification Services and Enterprise Services. UL EduNeering develops technology-driven solutions to help organizations mitigate risks, improve business performance and establish qualification and training programs through a proprietary, cloud-based platform, ComplianceWire. For more than 30 years, UL has served corporate and government customers in the Life Science, Health Care, Energy and Industrial sectors. Our global quality and compliance management approach integrates ComplianceWire, training content and advisory services, enabling clients to align learning strategies with their quality and compliance objectives. Since 1999, under a unique partnership with the FDA s Office of Regulatory Affairs (ORA), UL has provided the online training, documentation tracking and 21 CFR Part 11-validated platform for ORA-U, the FDA s virtual university. Additionally, UL maintains exclusive partnerships with leading regulatory and industry trade organizations, including AdvaMed, the Drug Information Association, the Personal Care Products Council and the Duke Clinical Research Institute. 202 Carnegie Center Suite 301 Princeton, NJ 08540 609.627.5300 UL and the UL logo are trademarks of UL LLC 2013. uleduneering.com WP/13/120513/LS

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information