On February 28, 2020, the U.S. Securities and Exchange Commission (“SEC”) announced a settled administrative proceeding with an Ohio-based pharmaceutical company, Cardinal Health, Inc. (“Cardinal”) over alleged violations of the Foreign Corrupt Practices Act (the “FCPA”). The settlement relates to alleged improper payments made by employees at its former Chinese subsidiary (“Cardinal China”) to government-employed healthcare professionals and employees at state-owned entities.

According to the SEC, prior to its acquisition by Cardinal in 2010, Cardinal China authorized and made payments from certain marketing accounts as directed by employees of its distribution customers. Although Cardinal China terminated most of these accounts due to known FCPA-related compliance risks after its acquisition, Cardinal China allegedly continued to operate these accounts for a European supplier of dermocosmetic products for which Cardinal China served as the exclusive product distributor in China (the “European company”). Cardinal China also formally employed approximately 2,400 employees for the European company including marketing employees who were in charge of selling the European company’s products in China, and who used these marketing accounts to pay third parties for marketing related expenses.

The SEC alleged that Cardinal China learned in 2016 that the marketing employees and the European company had disguised certain marketing payments, which were actually redirected to government-employed healthcare professionals and employees of state-owned entities who had influence over purchasing decisions related to the European company’s products.

In its settlement order, the SEC found that Cardinal and Cardinal China “were aware of the compliance risks posed by marketing accounts in China” and failed to adequately evaluate the red flags presented. For example, the SEC claimed that on at least two occasions, Cardinal China abruptly terminated similar accounts amid allegations that they had been used to facilitate improper payments, and that Cardinal had also received a report from a Cardinal China employee raising questions about the legality of these accounts. Indeed, the SEC cited to internal correspondence at the highest level of management that the SEC argued reflected awareness of this “enormous compliance risk.” However, the SEC claimed that no steps were taken to address the compliance risk in the face of these red flags.

As such, the SEC found that Cardinal China “did not apply its full internal accounting controls to these accounts” or the marketing employees in question, and also failed to accurately record on its books and records payments from these accounts. The SEC determined that Cardinal directly profited from the services it provided to the European company as a result of its deficient internal accounting controls.

In its settlement order, the SEC acknowledged Cardinal’s self-disclosure of the results of an internal investigation, cooperation, and remedial efforts, which included terminating all the marketing accounts, adding anti-bribery provisions in relevant contracts, and implementing robust controls and monitoring from Cardinal China’s legal and compliance personnel. Nevertheless, the SEC required Cardinal to disgorge all profits (of $5,400,000), pay pre-judgment interest, and pay a civil monetary penalty of $2,500,000.

SEC Settlement Order