The resolution of the US Government’s multifaceted investigation of Olympus Corporation provides important lessons about the relationship between US and global compliance programs and the evolving legal and compliance risks faced by all life sciences companies that interact with healthcare professionals (HCPs) and institutions in the marketing and sale of their products in the United States and overseas. On February 29, 2016, medical device company Olympus Corporation of the Americas (OCA) and a subsidiary, Olympus Latin America Inc. (OLA), agreed to pay US$646 million in a global settlement of civil and criminal fraud, kickback, bribery, and conspiracy charges. As part of the coordinated settlement, Fraud & Abuse and FCPA liability was addressed and OCA—the largest US distributor of endoscopes—and OLA each entered into three-year deferred prosecution agreements with the US Department of Justice (DOJ) that require them to meet certain reform and compliance requirements or risk future prosecution. OCA also entered into a Corporate Integrity Agreement.
The Olympus settlement is significant because it is one of the few global settlements to allege kickback payments to US and foreign physicians, as well as allegations of fraud on US healthcare programs, in a single resolution. Moreover, the fact that a former high-level compliance officer acted as the whistleblower in the civil fraud case showcases the risks that can arise for a multinational life sciences company that engages in high risk commercial strategies without an effective system of internal compliance controls to temper compliance risks. The settlement documents emerging from the government’s multi-pronged investigation provide valuable lessons for legal, compliance and business personnel who are tasked with managing the execution of business strategies in an increasingly global, competitive, and cost-pressured business environment.
Kickbacks in the United States
In its Deferred Prosecution Agreement (Fraud & Abuse DPA), OCA, the US subsidiary of the Japanese company Olympus Corporation, agreed to pay US$312.4 million in penalties to resolve criminal charges under the US Anti-Kickback Statute (AKS). OCA also admitted in the Fraud & Abuse DPA that the company and certain of its officers and employees unlawfully provided doctors, hospitals, and other health care providers in the US various types of remuneration, including grants, payments for travel and recreational activities, consulting payments, and gifts or no-charge loans of equipment, in order to induce those individuals and entities to purchase OCA products.
The Statement of Facts in the Fraud & Abuse DPA details conduct that occurred between 2006 and 2011 that included awarding a hospital a US$5,000 grant to facilitate a US$750,000 equipment sale; delaying a US$50,000 research grant until a hospital agreed to buy OCA equipment; paying for a trip for three doctors to travel to Japan in 2007 as a quid pro quo for their hospital’s decision to switch to OCA from a competitor; and giving a doctor—who OCA believed had a major role in a New York medical center’s buying decisions—US$400,000 in free endoscopes and other equipment for his private medical practice. These and other kickbacks facilitated more than US$600 million in medical and surgical equipment sales for OCA, earning the company more than US$230 million in gross profits.
OCA agreed to rigorous compliance, remedial, and monitoring requirements in order to defer criminal prosecution. Consistent with similar DPAs that DOJ has concluded in other major AKS cases, OCA will be required, among other things, to enhance its compliance training and maintain an effective compliance program, maintain a whistleblower hotline and website for employees and customers, ensure annual certification of program effectiveness by OCA’s CEO and board of directors, and adopt an executive financial recoupment program requiring executives who engage in misconduct or fail to promote compliance to forfeit up to three years of performance pay. The DOJ selected an independent monitor to evaluate and oversee OCA’s compliance with the Fraud & Abuse DPA. The Fraud & Abuse DPA can be extended for two additional years if OCA fails to comply with its terms and requirements.
OCA also agreed to pay a total of US$310.8 million to resolve civil claims under federal and state False Claims Acts (FCAs). The government intervened in an FCA qui tam complaint filed by OCA’s former compliance officer, John Slowik, in New Jersey federal court, alleging that kickback payments made by OCA to US healthcare providers led to the submission of false claims for OCA endoscopes to the Medicare and Medicaid programs. The government included Relator Slowik’s allegations that OCA violated the Foreign Corrupt Practices Act (FCPA) in the FCA complaint, allegations that further illustrated the lack of compliance controls over HCP relationships. For his contributions to the investigation and prosecution, Slowik will receive (i) US$44.1 million from the US$267.3 million OCA has pledged to pay for the federal FCA offenses and (ii) US$7 million of the US$43.5 million the company has agreed to pay the 29 states and District of Columbia that contributed to the falsely claimed Medicaid payments at issue. As a condition of release from exclusion and other administrative sanctions, OCA also entered into a five-year corporate integrity agreement (CIA) with the Office of Inspector General (OIG) of the US Department of Health and Human Services (HHS). The CIA imposes extensive compliance, training, policy, and disclosure requirements on the company and its officers and employees.
In parallel to the criminal and civil investigations into potential kickback payments to US healthcare providers and institutions, DOJ also investigated payments made by OCA’s subsidiary OLA to healthcare providers and institutions in Latin America. To resolve the investigation into FCPA violations, OLA agreed to pay US$22.8 million in criminal fines, admit certain misconduct, and enter into a three-year deferred prosecution agreement which includes ongoing compliance enhancements, including a monitor (FCPA DPA).
Under the FCPA DPA related to the FCPA claims, OLA admitted paying US$3 million in bribes to medical practitioners at government-owned health care facilities in Argentina, Brazil, Bolivia, Chile, Colombia, Costa Rica, and Mexico. Between 2006 and 2011 OLA admitted that its senior management designed and implemented a plan to increase medical equipment sales in Central and South America through illicit payments of personal benefits, including cash, money transfers, personal or non-OCA medical education, travel, free or heavily discounted equipment, and other items of value to certain HCPs employed at government-owned and private health care facilities who could (i) authorize or influence those facilities’ decisions to purchase OCA equipment and (ii) prevent local public institutions from switching to the technology of Olympus competitors.
According to the FCPA DPA, OLA’s primary strategy was to appoint HCPs who could influence purchasing decisions as managers of training centers the company was ostensibly creating to provide education and to encourage the development of minimally invasive procedures in the region. As manager of a training center, each “Key Opinion Leader” (KOL) identified by OLA was paid an annual salary of US$65,000 per year and received (i) a 50% discount on OCA/OLA equipment and (ii) a separate US$130,000 budget for what the company termed “VIP Management.”
OLA later established a “Miles Program” to provide free travel to KOLs for personal, non-training center or non-business reasons. Under the program, one “mile” was equivalent to one US dollar that could be used for personal or non-OCA/OLA medical education travel expenses. OLA offered certain KOLs who operated training centers between 5,000 and 30,000 miles (i.e., US$5,000 and US$30,000) in compensation under the Miles Program. OLA did not require any pre-approval of the travel and did not establish or use any review process for submitted expenses that were to be redeemed under the Miles Program.
The FCPA DPA also imposes broad corporate compliance requirements and mandates that, as necessary and appropriate, OLA and OCA will adopt new or modify existing internal controls, policies, and procedures in order to ensure that they maintain a sound system of internal accounting controls and also maintain a rigorous anti-corruption compliance code, standards, and procedures designed to detect and deter violations of the FCPA and other applicable anti-corruption laws. These requirements are set forth in Exhibit C to the DPA. The independent monitor appointed to oversee the Fraud & Abuse DPA will also oversee and monitor the FCPA DPA.
Significance for Global Compliance and Legal Professionals
The concurrent civil and criminal settlements by Olympus provide important guidance for global companies operating in the medical device, life sciences, and pharmaceuticals sectors. Lessons learned from the Olympus actions include the following:
- The inclusion of US fraud and abuse and FCPA violations in the this settlement suggests that prosecutors may increasingly focus on the investigation of global business strategies. Many companies do not sufficiently harmonize policies and controls in their various international operations, often with significant compliance functions and controls in major markets and less stringent approaches or sporadically monitored business activities where local enforcement risk is low. While a US approach to compliance programs is not necessarily appropriate for application around the world, the Olympus settlement suggests that a more harmonized approach is warranted.
- The Olympus settlement demonstrates the importance of developing, reviewing, implementing, and monitoring business strategies with a focus on compliance. Unlike some cases where the activities may have been limited to individual or lower level misconduct, the activities in Olympus focused around developed programs and strategies such as the use of product training centers to achieve commercial goals, the use of a “Miles Program” to provide free travel, and systematically focusing on “KOL” management for commercial objectives. Organizations should emphasize the need to develop compliant strategies starting with brand and medical plan development and the early and meaningful involvement of compliance or legal in reviewing these strategies before they are launched. The importance of that involvement is particularly needed outside the US where compliance awareness and controls are still evolving.
- The role of the compliance officer in the case is significant. From the underlying facts it is clear that the compliance officer had neither management support nor sufficient resources to accomplish the goal of implementing and maintaining an effective compliance program. The allegations and admissions in the settlement showcase an aggressive commercial strategy operating without the check of effective legal or compliance resources. The settlement illustrates the dangers for companies who do not support compliant behavior or the development of an effective compliance program.
- The Olympus settlement highlights the need to limit not only formal commercial involvement in activities like medical grants, but also the need to limit the use of commercial considerations in the review and approval of medical activities. The use of “return on investment,” the selection of key opinion leaders based upon their ability to influence future product sales, and market share considerations are inappropriate as factors in criteria used to evaluate medical activities, regardless of who in the organization makes the decision. A policy that requires medical control of medical activities is thus not in itself sufficient to control risks in this area, particularly in corporations where medical functions are under pressure to show value and collaborate with commercial colleagues. Actual control and decision-making in practice must align with the boundaries between medical and commercial functions.
- Using HCPs as consultants presents continuing risks. The Olympus settlement highlights the risks associated with engaging HCPs without establishing adequate business justification and documenting that justification. The case also shows that perceived efforts to conceal remunerative relationships with individual HCPs from their employers or institutions—particularly government owned or controlled institutions—is a red flag. Compliance teams should review not only their organizations’ selection and engagement processes for HCP-consultants, but also the oversight process used by their company to ensure that the services provided were actually delivered, that adequate documentation is routinely kept to demonstrate that the interaction was appropriate, and that HCPs are authorized to enter into those arrangements by their employers. The needs assessment process continues to be a focus point for US fraud and abuse investigations, as well as foreign bribery investigations, and companies must ensure that metrics such as the frequency of consulting meetings, the number of consultants, the frequency of use of specific consultants, and the aggregate spend on consulting fees and travel for individual HCPs is subject to periodic review.
- While training has always been an essential and appropriate part of the safe use of medical devices, its importance is growing in both the device and life sciences sectors with the evolving scientific developments and the increased use of combination products and delivery mechanisms. The Olympus case highlights the need for physician training and product demonstration programs to focus on meeting unmet clinical or educational needs, rather than commercial goals such as future purchases or patient referrals. These activities must be subject to tight compliance controls, both in the US and abroad, including a needs assessment process for provision of free goods and a Fair Market Value analysis of any corresponding payments. Payments to healthcare providers for evaluations of free or below-cost demonstration products raise greater risks of government scrutiny under the AKS, FCA, and FCPA. Selection of HCP participants in training or product demonstration activities must focus on clinical and medical criteria and not commercial considerations, such as potential for future purchases or patient referrals. Equally important where travel is involved is selecting attendees based on the need for training as opposed to providing travel benefits to the HCP.
- The use of medical grants and donations to help achieve commercial goals was another area of misconduct present in Olympus. The government has long warned the life sciences industry about the potential for fraud and abuse in the provision of medical educational grants, research grants, and charitable contributions. While most organizations have separated the grantmaking process from the commercial organization in the US, this same separation may not be as developed in international markets. The government’s focus on the composition of the Olympus grant committee is a reminder that a perception of commercial influence over otherwise legitimate grantmaking activities can be used as evidence that such transfers of value are intended to induce purchases or referrals, outside of applicable safe harbors. The risks posed by these activities increase where grants are used to support educational programs or research studying uncleared or unapproved product uses. Medical product companies must ensure that grantmaking activities are governed by clear, written criteria focused on legitimate business objectives and not driven by the potential to increase business or influence referrals.
- While most life sciences companies have policies in place to govern consultant travel, companies must consider whether those policies are specific to types of fraud or corruption risks in the markets in which they operate. It seems obvious that the Olympus “Miles Program” (which purportedly provided travel as an inducement to HCPs) should never have been permitted. However, such misconduct cannot always be detected by compliance professionals until after it has reached the execution stage. Therefore, it is important to ensure that the business takes ownership of its programs and recognizes basic compliance standards. This can be achieved through training of business leadership and vendors involved in set-up and execution of consultant arrangements so that they can understand and identify possible problems before the company is at risk. It can also be achieved through senior leadership support of the business “ownership” of compliant business practices through “tone at the top.”
- State-run tenders are used very frequently for procurement in many parts of the world and often present significant corruption risks. The Olympus actions show that compliance programs need to have mechanisms in place to identify who is on a tender committee or who otherwise have the capability or ability to influence tender specifications or awards. Diligence needs to be a key part of any compliance review and approval control process and compliance controls need to be put in place to resolve identified “red flags.” For example, if the HCP is engaged at a fair market value rate, but the engagement is designed to influence a tender process, compliance risks will exist even though it may look on paper that a qualified HCP is paid a fair market value rate. These risks are compounded when a company engages a third party to assist in the tender process. Enforcement authorities have historically focused their attention on payments to third parties involved in the tender process, and therefore companies must ensure that compliance controls, including training on company policies, a needs justification process, review of third party payments, and strong contractual provisions are in place to minimize execution risks in these relationships.
- Compliance programs need to be designed around core principles of prohibiting transfers of value that improperly influence the behavior of HCPs, healthcare organizations, and others in the position of influencing purchasing or other business decisions regardless of where those interactions occur throughout the world. The Olympus case brings together both US and global law enforcement considerations that serve as important reminders that similar conduct will be subject to scrutiny even though the legal basis on which the conduct is attacked may differ. The case also presents an opportunity for life sciences companies to benchmark their compliance programs using the US focused Corporate Integrity Agreement, the US program requirements in the Fraud & Abuse DPA and the requirements for global programs as set forth in Exhibit C of the FCPA DPA as the benchmark. There is an increasingly clear standard for global compliance programs that has been reinforced by the case.
- The US Government will review carefully payments seeking to influence procurement decisions. The FCPA allegations in Olympus relating to illicit payments to HCPs responsible for procurement decisions are consistent with allegations made in numerous other US enforcement actions in recent years involving the aggressive promotion of medical devices or pharmaceutical product sales overseas. Notably, HCPs in foreign markets are not necessarily senior government officials, but can often be individual physicians or hospital administrators with authority to make procurement decisions.
- The unique role of the compliance officer as the whistleblower in this case, and the large personal FCA recovery, will likely be used as a recruitment tool throughout the qui tam relators bar. This continues to create incentives for employees to report outside the internal reporting channels of their corporate structure, and emphasizes the need for companies to develop meaningful issue reporting for employees to invoke without fear of retaliation.