In a wide-ranging speech on Tuesday, Securities and Exchange Commission Director of Enforcement Andrew Ceresney discussed recent SEC actions and current concerns involving the pharmaceutical and medical technology industries. Ceresney’s speech is noteworthy because it highlights areas that are getting particular attention from the SEC’s Enforcement Division, namely the Foreign Corrupt Practices Act, internal controls and accounting, and disclosure of dealings with the Food and Drug Administration. These areas of focus are not especially new – indeed, on a number of points the speech echoed topics and themes we discussed in a recent webinar on health care enforcement actions by the Department of Justice. Pharmaceutical and medical technology companies would be wise to review their own internal policies, controls and compliance programs in light of Ceresney’s remarks.

Foreign Corrupt Practices Act (FCPA)

Ceresney called the pharmaceutical industry “a high-risk industry for FCPA violations,” noting that pharmaceutical representatives often have regular contact with doctors, pharmacists, and administrators at public hospitals in foreign countries who may be classified as foreign officials under the FCPA. The anti-bribery provisions of the FCPA generally prohibit corrupt use of the U.S. mails or interstate commerce to offer, pay, promise, or authorize payment of money or anything of value to influence a foreign official. See 15 U.S.C. § 78dd-1 et seq. Ceresney described several enforcement actions in which the SEC pursued companies that made payments to get their products included on government reimbursement lists or offered charitable contributions or bonus programs to government doctors who prescribed their products in foreign countries.

The SEC’s focus on FCPA enforcement actions is consistent with DOJ’s similar emphasis on pursuing foreign corruption cases in the health care field including, most notably, the November 2014 settlement in which Bio-Rad Laboratories agreed to pay $55 million to DOJ and the SEC to settle charges of FCPA violations involving officials in Russia, Vietnam, and Thailand.

In his speech, Director Ceresney emphasized the need for strong internal compliance programs to prevent and detect FCPA violations, highlighting in particular the importance of undertaking risk assessments and third-party due diligence. He also touted the FCPA Resource Guide prepared by the SEC and the Department of Justice as a source of recommendations for an effective compliance program. Ceresney also strongly encouraged companies that detect FCPA misconduct to self-report. He stated that the SEC may reward self-reporting and cooperation through non-prosecution or reduced penalties, while observing that violations at companies that do not self-report may be exposed by employees who come forward through the SEC’s whistleblower program. Again, this emphasis on the benefits of self-reporting recalls remarks by Leslie Caldwell, Assistant Attorney General for DOJ’s Criminal Division, following the Bio-Rad settlement.

We note, however, that in any matter involving potential FCPA issues, consultation with experienced counsel would be advisable before contacting the SEC.

Accounting and Internal Controls

Ceresney said that there had been a 40% increase in SEC enforcement actions in the financial reporting area in FFY2014 as compared to FFY2013. He recommended that “senior leadership of companies should place strong emphasis on the importance of designing and implementing strong internal controls” as a “key takeaway,” and recommended that in designing internal controls, management and audit committees should give particular attention to assessing specific risks in light of the firm’s business operations.

Disclosure Issues

Finally, Ceresney discussed corporate disclosures about dealings with the Food and Drug Administration, observing that “[a]ccuracy of reporting in your dealings with the FDA is critical to getting investors the information they need.” He cited three cases in which the SEC charged companies because their public statements about FDA actions or the likely timing of FDA approvals or applications were inconsistent with facts known to corporate insiders. In one case, the company knew that it could not meet its projected FDA application deadlines due to deficiencies in its clinical trial operations. In the second case, the company made statements about likely dates for Phase 2 trials and FDA approval that were misleading in light of the fact that the FDA had placed a hold on the company’s application to start Phase 1 trials. And in the third case, the company downplayed FDA concerns about its medical technology, calling those concerns merely “administrative” and “not substantive,” when in fact the FDA had raised questions about the device’s safety and efficacy.

We note, however, that the securities laws do not require companies to disclose every communication with the FDA. As one judge has commented: “It simply cannot be that every critical comment by a regulatory agency … has to be seen as material for securities law reporting purposes, especially … where there is constant and close supervision by the FDA…. Indeed, to think otherwise would be to insist on a flood of data that would overwhelm the market and would ironically be, in the end, actually uninformative.” Rahn v. Genzyme Corp. (In re Genzyme Corp. Sec. Litig.), C.A. No. 09-11267-GAO, 2012 U.S. Dist. LEXIS 44336, at *29 (D. Mass. Mar. 30, 2012). Whether disclosure of FDA communications is necessary or advisable in a given instance is again an area where consultation with counsel is highly recommended.