In an 8-K issued last week, Biomet, Inc., (“Biomet” or the “Company”) an Indiana-based medical device company, announced that the Department of Justice (“DOJ”) had extended the Company’s Deferred Prosecution Agreement (“DPA”) and monitorship relating to violations of the Foreign Corrupt Practices Act (“FCPA”).[1] While few details have been disclosed relating to this historic extension, its warning is clear—where prosecutors question a company’s candor, cooperation, or remediation of issues, the grip of formal oversight will not be easily released.

The Use of Deferred Prosecution Agreements in Resolving FCPA Investigations

For nearly a decade, multinational companies facing investigations into alleged FCPA transgressions have sought to avoid criminal prosecution through several negotiated vehicles with the U.S. government. Following many years of use resolving various types of criminal cases,[2] the DPA has emerged as the preferred method for resolving FCPA investigations. Under these agreements, the DOJ agrees to postpone or “defer” prosecution of violations arising from a stated set of facts (on which the company and government agree) in exchange for the company’s satisfaction of specified requirements—typically, significant compliance enhancements and, often, either a period of independent-, self-, or, more recently, hybrid-monitorship. If by the end of the stated DPA period (generally ranging from 18 months to three years), the company has, in the view of the DOJ, fulfilled its DPA requirements, the DPA expires by its terms and the DOJ seeks to dismiss the criminal action against the company. The courts then usually grant the dismissal, marking an end to these cases.[3]

DPAs are attractive mechanisms for both companies that wish to avoid action on an indictment, and regulators who retain an enforcement arm to facilitate continued oversight of the company’s compliance and steps to address the issues investigated. Despite a slight pull back in response to criticism of the oversight provided in corporate monitorships accompanying DPAs in a handful of medical device resolutions,[4] DPAs continue to be a go-to mechanism for resolving FCPA investigations. In 2014 alone, the DOJ entered into 19 publically-disclosed corporate DPAs, an increase of nearly 25% over the 2013 total, and more than doubling the eight agreements entered just ten years before. DPA usage is alive and well in FCPA cases.

DPAs resolving FCPA cases typically contain many provisions that provide meaningful guideposts to other companies regarding regulator expectations and best practices, including with regard to what constitutes an effective compliance program. Given its minimal usage, however, the now-common DPA language permitting extension of the DPA term to which Biomet fell victim, too often goes unappreciated. Through this provision, generally mirrored in each of the recent FCPA DPAs in the life sciences sector, the DOJ reserves the right to unilaterally extend the DPA term where, “the Department determines, in its sole discretion, that [the company] has knowingly violated any provision of th[e] Agreement.”[5]Notwithstanding the risk this language presents on its face to the settling company, these terms—now rather common across DPAs—had been rarely invoked to date.[6]

However, on March 13, 2015, just weeks before its FCPA DPA was set to expire, the DOJ informed Biomet that its DPA and accompanying monitorship were being extended for another full year. With this extension, Biomet serves as the most recent example of the continued perils life science companies face in the FCPA space.  Even where a company believes the risk of enforcement is waning or has passed, lack of vigilance can exact a steep price.

The Biomet DPA Extension

On March 26, 2012 Biomet entered a DPA and Final Judgment with the DOJ and SEC resolving allegations that the Company, its subsidiaries, and agents (including third-party distributors) paid more than $1.5 million in corrupt payments to government doctors in Argentina, Brazil, and China from 2000 to 2008.[7]Biomet’s executives and internal auditors in Indiana allegedly were aware of the payments as early as 2000 but failed to stop them.[8] Biomet did not voluntarily disclose these matters to the government. Instead, the conduct came to the attention of regulators as a result of its proactive, industry-wide investigation into bribery by medical device companies (an industry sweep like the one that took place in the pharmaceutical industry).[9]

Biomet agreed to pay a $17.28 million criminal penalty to the DOJ, and $5.4 million in disgorgement of profits including pre-judgment interest to the SEC. Additionally, the DPA, originally set for a three-year term, required the implementation of rigorous internal controls and compliance enhancements, and the appointment of an independent, external compliance monitor regularly reporting to the DOJ on the state of the Company’s compliance program.

Approximately midway through its DPA term, in October 2013, Biomet became aware of issues relating to its operations in Brazil (a market at issue in the original resolution) and Mexico, including conduct that predated the DPA.[10] While not included in the Company’s 8-K disclosure, the New York Times reported that an anonymous whistle-blower alleged that Biomet distributors had paid government doctors to purchase products in those markets.[11] In response to these allegations, Biomet retained outside counsel to conduct an investigation and eventually undertook remedial measures including the termination of employees and executives. These efforts and its DPA reporting obligations notwithstanding,[12] the Company’s disclosure states that “in April 2014 and thereafter”—apparently six months after learning of the issues—“Biomet disclosed these matters to and discussed these matters with the independent monitor and the DOJ and SEC.”[13] Despite this dialogue, the Company received a July 2014 subpoena from the SEC for documents relating to these issues, an enforcement tool rarely utilized in the course of a cooperative DPA relationship. Adding further punch and emphasizing the teeth of the “deferred” aspect of a DPA, “the DOJ has informed Biomet that it retains its rights under the DPA to bring further action against Biomet relating to the conduct in Brazil and Mexico disclosed in 2014 or the violations set forth in the DPA.”[14] As a result, Biomet now faces an extension of its DPA and the threat of further enforcement action—not just as to the newly discovered issues, but as to all of the conduct at issue in its original settlement as well.

Lessons Learned From the Biomet DPA Extension

Against the backdrop of numerous active investigations, some of which involve companies in their second face off with the government, the Biomet DPA extension, the first of its kind in the recent history of FCPA resolutions, again makes clear that the life sciences sector remains squarely in the cross hairs of FCPA enforcement. While information detailing the “new” Biomet concerns and the resulting DPA extension is limited, the extension underscores the seriousness with which regulators approach, not just investigations, but oversight of corporate offenders, and emphasizes the fact that DPA close outs are not automatic. For companies under DPAs, the best strategy for avoiding extended external government oversight is much the same as the strategy to avoid government prosecution in the first place: build and maintain hard-earned credibility with regulators by:

  • Implementing an effective compliance program, including adequate mechanisms for detecting concerns. As emphasized in The FCPA Guide[15] and in seemingly all public remarks by FCPA prosecutors, the U.S. government expects integrated, global compliance programs, tailored to industry-, business-, and country-specific risks. These programs should include mechanisms that effectively bring issues to light, such as robust reporting mechanisms and auditing and real-time monitoring functions. Where regulators are not confident that a compliance program is adequate to both deter and detect potential wrongdoing, as may have been the case with Biomet, there is more likely to be greater government scrutiny.
  • Making thoughtful and timely decisions about disclosure. In this age of increased disclosure, there can be no question that regulators increasingly expect to be informed of the discovery of potential wrongdoing—particularly where the issues are of significant value, implicate senior leadership, and/or demonstrate material control or program gaps. This expectation is considerably stronger in the FCPA DPA context where many companies face, as did Biomet, express obligations to disclose additional issues as they arise throughout the DPA period.[16] While there are certainly many important considerations that must necessarily accompany decisions on what and when to disclose, a company providing too little information too late will find regulators leery of trusting the company’s ability or willingness to self-police in the future. In the context of an FCPA DPA, companies like Biomet proceed at their own peril when the content or timing of their disclosures are perceived by regulators as falling short of government expectations.
  • Enacting demonstrable compliance program improvement. No compliance program is perfect and no controls can guarantee against all misconduct, especially in industries, such as life sciences, where there are multiple levels and methods of interacting with government officials, including healthcare professionals (typically deemed to be foreign officials by U.S. prosecuting authorities). Nonetheless, a company that can demonstrate that its compliance efforts have driven positive change will reduce the risk of monitorship and formally mandated enhancements. In order to achieve that demonstrable improvement, it is not enough for companies to construct a seemingly effective compliance program and leave its future well-being to chance. Instead, much like annual physicals, companies must regularly conduct proactive check-ups to ensure their compliance program is in fact meeting the actual challenges and risks faced by the enterprise.