In yet another resolution with a life sciences company of alleged violations of the Foreign Corrupt Practices Act (“FCPA”), the Securities and Exchange Commission (“SEC”) took last week’s settlement with New York-based Bristol Meyers Squibb Company (“BMS” or the “Company”) to underscore one of its core mantras: operating via a joint venture provides little protection from enforcement scrutiny. Under the October 5, 2015 SEC order instituting resolved administrative proceedings (the “Order”), available athttp://www.sec.gov/litigation/admin/2015/34-76073.pdf, BMS will pay $14 million and submit to a two-year self monitorship to resolve SEC allegations that “its joint venture in China made cash payments and provided other benefits to healthcare providers [(“HCPs”)] at state owned and state-controlled hospitals in exchange for prescription sales.” See Oct. 5, 2015 SEC Press Release, available athttp://www.sec.gov/news/pressrelease/2015-229.html (the “Release”). The Order, which outlines purported red flags and program weaknesses at the BMS joint venture, sends a strong warning to other venturers: U.S. regulators expect effective compliance programs and timely responses to red flags throughout a corporate enterprise—and that includes joint ventures.
The BMS Resolution
As has become common among multi-nationals in emerging markets from Asia to Latin America and elsewhere, BMS “primarily” conducts its Chinese operations via a majority-owned joint venture, Sino-American Shanghai Squibb Pharmaceuticals Limited (“SASS” or the “Joint Venture”). BMS holds a 60% equity interest in SASS through its subsidiary, Bristol-Myers Squibb (China) Investment Co. Limited (“BMS China”). Though BMS formed SASS in 1982, it has allegedly, per the SEC’s order, “held operational control over this entity since 2009 when it obtained the right to name the President of SASS and a majority of SASS’s Board of Directors.” See Order at 2. BMS operations in China grew quickly, and by 2014, BMS China had more than 2,400 full time employees, and net sales of nearly $500 million. Id. at 3. BMS is not alone in its rush to expand its presence in China. Multi-national companies throughout the pharmaceutical industry have made unprecedented investments in manufacturing, research and development, and sales in China over the past decade. But like the explosion in desired commercial growth, undesired compliance challenges—and the resulting compliance costs—have also become all too familiar.
According to the Order, BMS allegedly failed to “respond effectively to red flags” at the Joint Venture that indicated a “widespread practice” of improper payments and benefits to HCPs in exchange for product sales. Id. Though not provided as a check list or formula for liability, the Order highlights the following as examples of red flags, or missed opportunities for improvement:
- internal and external audits of travel and entertainment and HCP meeting expenses from 2009 to 2013 that “found non-compliant claims, fake and altered invoices and receipts, and consecutively numbered receipts”—findings that were communicated to both the management of BMS China, as well as BMS compliance and business leaders reporting to BMS senior management, id. at 3;
- BMS China documents were “replete” with “detail[ed] . . . proposed ‘activity plans,’ ‘action plans,’ and plans for ‘investments in HCPs to increase prescription sales’”—documents that, per the Order, were in some instances “prepared at the direction of . . . district and regional sales managers of BMS China,” id. at 3–4;
- annual internal audits of BMS China from 2009 to 2013 that “repeatedly identified substantial gaps in internal controls, the results of which were reported to the Audit Committee and senior management of BMS,” id. at 4;
- BMS compliance assessments and audits of BMS China “revealed weaknesses in the monitoring of payments to HCPs”—findings that were provided to “senior management of BMS China as well as members of BMS’s global compliance department,” id.; and
- admissions by BMS China employees of the “widespread” use of falsified expense reimbursement claims to generate funds used to provide benefits to HCPs to induce sales—including allegations by former BMS employees in email to the BMS China President that this practice was an “open secret,” utilized as “there was no other way to meet . . . sales targets.” Id. at 3.
The SEC alleged that BMS failed in at least three fundamental ways: (1) “BMS China did not investigate [the allegations raised by former employees],” (2) “identified control deficiencies were not timely remediated,” and (3) “compliance resources were minimal.” Id. at 4. Specifically, the Order notes:
- from 1982 to 2006, BMS China had no formal FCPA compliance program;
- until 2012, the compliance officer responsible for the Asia-Pacific region was “based in the U.S. and rarely traveled to China”;
- there was no dedicated compliance officer for BMS China until 2008, and no permanent compliance position in China until 2010; and
- the sales force received “limited training,” much of which was “inaccessible to a large number of sales representatives” working in remote locations, with 67% of Chinese employees failing to complete mandatory anti-bribery training by the due date.
Id. at 3–4. According to the Order, BMS China generated more than $11 million in profits from the problematic payments and benefits to HCPs—transactions BMS China inaccurately recorded in its books and records, which, in turn, were consolidated with BMS’s own books and records. As a result, “BMS falsely recorded the relevant transactions as legitimate business expenses . . . .” Id. at 2.
Despite these challenges—all too frequent in the life sciences sector—the resolution has several positives for BMS. First, in a world where investigations can languish for years, if not a decade—particularly those that, as here, are initiated by the government (BMS disclosed the receipt of an SEC subpoena in March of 2012,see Bristol-Myers Squibb 2012 Form 10-K at 105)—BMS was able to conclude the investigation and reach resolution on the China allegations in just over three years. Second, though certainly not miniscule, the $14 million payment ($2.75 million of which is a penalty), pales in view of the current “top 10” FCPA resolutions ranging from $800 million to $185 million. Third, though BMS is subject to a two-year self-monitorship with reporting requirements to the SEC, the Company avoided the costly and often cumbersome imposition of an independent (or hybrid) monitorship. Finally—and following on the heels of at least seven declinations in life sciences beginning with Grifols S.A., who received a declination from the Department of Justice (“DOJ”) in November 2012, through declinations received by several other major, multi-national pharmaceutical companies in the intervening months, BMS may have managed to resolve the China FCPA allegations without a corresponding DOJ component. As noted, the BMS investigation was initiated by an SEC subpoena, but the public record makes clear that the DOJ was at some level involved. See, e.g.,Bristol-Myers Squibb 2015 Form 10-K at 103 (noting the Company’s cooperation with the DOJ relating to the investigation); Release (acknowledging the contributions of the DOJ in the matter). Although no formal DOJ declination has been disclosed, there is no public indication that the DOJ is separately pursuing the Company—an outcome that may be a product of the Company’s cooperation and negotiations, a lack of DOJ jurisdiction over the matter, or both.
These positives notwithstanding, the BMS resolution—with “red flags” common to those operating in China in the pharmaceutical industry—underscores the continued challenges faced in this business-critical market. Despite the increased focus of local, Chinese enforcement on corruption, including the execution of numerous public officials for accepting bribes, the reality remains as described in the BMS Opinion: “HCPs in China rely upon the ‘gray income’ to maintain their livelihood,” and sales personnel frequently face, as one BMS sales representative described, the “extremely clear [message] . . . : ‘no money, no prescription.’” Order at 5.
Potential FCPA Liability for Joint Venturers
Though the BMS joint venture was majority-owned, both guidance and enforcement make clear the view of U.S. prosecutors: joint venture owners—regardless of majority or minority status—may be held responsible for the corrupt acts of the venture under both the FCPA’s accounting provisions (as was the case with BMS) and/or its anti-bribery provisions. Under the accounting provisions, a venturer may be liable for the non-compliance of the venture where the venturer fails to “proceed in good faith to use its influence, to the extent reasonable under the issuer’s circumstances, to cause . . . the [venture] to devise and maintain a system of internal accounting controls.” 15 U.S.C. § 78(m)(b)(6). Section 78(m)(b)(6) provides factors relevant to the “good faith” determination, and includes both “the relative degree of the issuer’s ownership . . . and the laws and practices governing the business operations of the country in which the [enterprise] is located.” Id.; see also FCPA Resource Guide at 43 (echoing this standard and noting that “all the circumstances” are taken into account in evaluating an issuer’s good faith efforts). While no express formula for “good faith” exists, in prior matters the SEC has focused on a venturer’s failure to exercise its available mechanisms of control. See, e.g.,In re BellSouth Corp., SEC Release No. 45,279 (Jan. 15, 2012), available at https://www.sec.gov/litigation/admin/34-45279.htm (alleging that Bellsouth violated the accounting provisions despite its 49% ownership status, where it had “operational control” of a Nicaraguan joint venture that engaged in allegedly corrupt activities despite BellSouth’s “ability to cause [the venture’s] compliance”); see alsoSEC. v. RAE Systems, Inc., 10-cv-2093 (D.D.C. 2010) (alleging that RAE violated the accounting provisions where, to avoid “chok[ing] the sales engine” of its majority-owned joint venture, RAE failed to utilize its control to change relevant practices identified in due diligence as problematic).
Similarly, under the anti-bribery provision, liability may attach where a venture—regardless of the percentage of ownership—satisfies the requisite, “knowing” state of mind, either because it (a) is aware of the conduct, that such circumstance exists, orthat such a result is substantially certain to occur, or (b) has a firm belief that such circumstance exists or that such result is substantially certain to occur (assuming, of course, that jurisdiction exists). See Section 30A(f)(2)(A) of the Exchange Act, 15 U.S.C. § 78dd-1(f)(2)(A); 15 U.S.C. §§ 78dd-2(h)(3)(A), 78dd(f)(3)(A). Though the fate of a venturer, particularly a minority owner, is less clear as its actions move down the scale from active involvement and/or express approval of violative acts to knowledge of the problematic conduct or awareness of red flags, prosecutors may take the view that the requisite knowledge and authorization may come either via express approval or the failure to act despite knowledge of the affiliate’s wrongful conduct. See FCPA Resource Guide at 27–28. While no enforcement actions connect these dots, some regulators appear to take the more extreme view that “failure to act” liability can attach where a venture knows of the violative acts and remains in the venture—a position seemingly stretching FCPA liability beyond the pale—particularly where a venturer is actively taking other measures to effectively mitigate the concerns.
Considerations from the BMS Resolution
Though the BMS resolution serves as a continued reminder of the anti-corruption challenges corporations face in China, its core message is much broader: prosecutor expectations regarding effective compliance programs and timely and appropriate responses to red flags reach the entirety of a corporate operation—even to joint ventures. As with wholly owned companies, entities involved in joint ventures should carefully consider appropriate mechanisms to ensure effective compliance programs and build credibility with regulators critical to avoid both FCPA enforcement and liability. To that end, companies involved in joint ventures should consider:
- Obtaining thoughtful control mechanisms over the venture at the outset. Each venturer should strategically analyze the risks of the venture in view of the specific market, the business operation, and the strategic role of the venture in the larger business portfolio. In view of the risk assessment, consider negotiating for the control mechanisms sufficient to appropriately mitigate identified risks, including a mechanism for exiting the venture.
- Once in the venture, the venture should regularly evaluate the exercise of available control mechanisms in light of the specific circumstances presented, mindful that prosecutors may view controls over the venture as “rights” with a corresponding obligation to exercise those controls as necessary to ensure the compliance of the venture.
- From the outset and throughout the venture, regularly and unequivocally communicate to partners the commitment to and mandate for compliance at the joint venture. This messaging can range from the negotiation of FCPA-related controls, and representations and warranties in the governing documents, to formal and informal communications throughout operations. Regardless of the particular communications, be mindful of both express and implied messaging and/or actions—such as approval of “unrealistic” sales targets, or inadequate compliance resources—that could be misconstrued by partner(s), thereby undercutting or diminishing the commitment to compliance.
- Implementing an effective compliance program tailored to the structure and risk profile of the particular enterprise. As emphasized in the FCPA Resource Guide and in seemingly all public remarks by FCPA prosecutors, the U.S. government expects integrated, global compliance programs, tailored to industry-, business-, and market-specific risks. These programs should include mechanisms that effectively bring issues to light, such as robust reporting mechanisms and auditing and real-time monitoring functions. While compliance programs in joint ventures certainly should not be expected to be carbon copies of those implemented in wholly-owned entities, a joint venture should have a program that effectively detects and deters venture-specific concerns, and significant deviations from the venturer’s broader program should be thoughtful and reasoned. Given the SEC’s criticism of BMS for not having in place a compliance program in its venture nearly a decade ago, back in 2006, the time to assess existing joint venture programs is now.
- Regularly assessing the risks presented by the enterprise and continuously improving compliance efforts. No compliance program is perfect, and no controls can guarantee against all misconduct. But companies cannot put in place a program and leave its future development and effectiveness to chance. As with the core enterprise, companies should ensure regular compliance assessments of their joint ventures to ensure the compliance program is in fact meeting the actual challenges faced by the enterprise.
- Ensuring effective communication and training programs throughout the venture. In many instances these long-understood efforts are unfortunately neglected or, where utilized, ineffective. Training cannot simply come off the shelf. Rather it should be targeted to the specific risks of the enterprise and made available to all employees to encounter those risks in appropriate format. Similarly, communications should not be canned messages and tag lines, but rather should communicate the meaningful and thoughtful commitment of management at all levels of the organization.