Four Clear Messages from Bristol-Myers Squibb FCPA Enforcement Action
The SEC’s FCPA enforcement action for $14.6 million against Bristol-Myers Squibb (“BMS”) in China provides a textbook example of how things can go wrong in China.
For the compliance practitioner (as well as CEO and senior executives) in the pharmaceutical and medical device industries, the BMS enforcement action should be read and digested as a quick checklist of important principles.
The facts underlying the BMS enforcement action are fairly common when it comes to China and pharmaceutical companies. Healthcare professionals (“HCPs”) demand gifts, cash, gift cards, conference sponsorships, speaking fees, and other benefits in exchange for prescriptions. The headline is pretty basic – no gifts, no prescriptions.
BMS employees responded to this demand – they used fake invoices and receipts, which are easy to secure in China, and other sources of cash to fund this bribery program. BMS employees had little difficulty in getting the cash they needed and paying the bribes that were required to keep their sales growing and meet significant sales requirements.
This bribery scheme continued without any real concern, even when senior executives, as well as the Audit Committee, were warned about potential problems and weaknesses in BMS’ controls in China governing such expenditures. There was no evident commitment to a culture of compliance; if anything, the incentives and the controls that were in place, and never remedied, communicated an implicit culture of non-compliance and sales at any cost.
The SEC’s enforcement action sends out some clear messages on the compliance front. They include:
Implement a prospective pre-approval expense process. Throughout the BMS bribery scheme, bribes were funded through retrospective reimbursement requests. Managers and employees submitted fake invoices and receipts to fund the bribery scheme. China has a notorious black market for fake receipts; they are easy to obtain and then use for reimbursement purposes. A prospective, pre-approval requirement establishes a basic framework for examination, verification, and documentation of a specific expenditure. As part of its remediation, BMS instituted a 100 percent pre-approval expenditure requirement process.
Require remediation of internal audit findings. BMS’ internal audits identified serious weaknesses in BMS’ controls in China, particularly with respect to gifts, meals, entertainment, speaker conferences, and physician payments. It is clear that, notwithstanding these findings, the internal audit function did not have a mandate to require appropriate remediation of findings and actions to be taken.
When problems occur or are identified, corporate leadership, legal, and compliance must respond. Despite numerous notifications to senior managers and even the Audit Committee about potential problems in China, no one acted to investigate or even respond to the problem. Such evidence is damning for a company and subjects individual actors to potential criminal liability.
Robust compliance requires resources. BMS’ bribery scheme continued in a corporate culture where compliance had inadequate resources. As noted by the SEC, BMS did not have a compliance officer located in China for a significant period of the timeframe in question. Instead, a compliance officer responsible for China was based in the United States and traveled only one time to China. Companies have to assign additional compliance resources, and especially assign them to specific regions. On-site compliance officers are more effective in building important relationships, monitoring corporate culture and offering their assistance to management. It is clear that BMS had no desire to expend resources on compliance and assign any resources to the China operation, notwithstanding the size and revenues generated in China.