Last week, the SEC added another pharmaceutical company to its list of FCPA violators when AstraZeneca agreed to a $5.5 million settlement with the SEC. AZ is now the 25th drug or medical device company to pay an FCPA penalty for violating the FCPA.

AZ’s violations were not limited to China as a number of recent FCPA enforcement actions against drug/medical device companies, but included Russia. Management, and sales and marketing staff, devised schemes to pay government-owned healthcare professionals with gifts, hospitality, travel, conference support, cash and other benefits in exchange for purchases of AZ products. AZ officials also made payments to local Chinese officials to avoid or reduce fines or penalties.

In China and Russia, AZ staff developed a chart for China and Russia, respectively, listing specific healthcare professionals, hospitals and entities with actual and forecasted benefits to be provided to each of these professionals or designated hospitals or healthcare entities.

AZ violated books and records and internal controls requirements by falsifying accounting entries for these expenses, and deficient internal controls for employee reimbursements, third-party vendors, speaker fees, conferences, gifts, travel and entertainment. In addition, AZ did not employ reasonable measures to ensure that sponsorship activities involving government officials in China were approved through the company’s established electronic system for review and approval of such expenses.

Five key takeaways from the AZ FCPA settlement:

Inadequate supervision of foreign subsidiaries – From a broad perspective, it is clear that AZ failed to monitor or supervise its subsidiaries activities. Whatever financial controls AZ may have had, the controls did not ensure appropriate review and monitoring above the subsidiary level. The fact that these activities occurred without any intervention or remediation by AZ officials outside of China and Russia speaks volumes about AZ’s commitment to ethics and compliance.

Deficient Training – The SEC cited AZ’s inadequate training to its sales and marketing employees in China and Russia who interacted with foreign healthcare officials in China and Russia.

China Specific Risks – Once again, another company has fallen victim to Chinese bribery techniques – use of fake receipts to secure unauthorized access to funds, and reliance on third party travel vendors as another way to fund bribery activities. Given the standard list of Chinese deficiencies, every company with China operations should review their internal controls to focus on third party payments and payment procedures and documentation requirements.

Failure to Voluntary Disclose – AZ did not voluntarily disclose its FCPA violations, and instead was forced to respond to an SEC inquiry. As a result, AZ was not able to earn as large a discount for cooperation and remediation.

Bank Accounts and Deficient Documentation – AZ made payments directly to bank accounts owned by healthcare professionals. AZ’s payment process should have identified these potential payments and required an appropriate justification before such payments could be made.

Similarly, AZ did not require appropriate documentation before reimbursing employees for expenses that were incurred to fund bribery payments to healthcare professionals. It is not clear that AZ even had a proactive pre-approval process before certain expenses are incurred.