This previous post went long and deep as to the Eli Lilly enforcement action from last month.  This post continues the analysis by highlighting additional notable issues.

If This Is The Standard, Then Every Issuer Is An FCPA Violater.

This previous post discussed how the SEC’s August 2012 FCPA enforcement action against Oracle diluted FCPA enforcement to a new level.

The SEC’s China allegations against Lilly further dilutes FCPA enforcement.  The focus of the allegations is that sales representatives at Lilly-China, between 3-6 years ago, submitted false expense reports for items such as wine, speciality foods, a jade bracelet, meals, visits to bath houses, card games, karaoke bars, door prizes, spa treatments and cigarettes.  Because the SEC charged only FCPA books and records and internal controls violations based on these allegations, the identity of the ultimate recipients was not relevant, although the SEC did allege that the ultimate recipients were ”government-employed physicians.”

If the SEC’s position is that an issuer violates the FCPA’s books and records and internal controls provisions because some employees, anywhere within its world-wide organization, submit false expense reports for such nominal and inconsequential items, then every issuer has violated and will continue to violate the FCPA.

Once again, the SEC’s charging decisions prove hallow its recent Guidance related rhetoric.  (See here for the prior post).

What Is Really Being Accomplished?

Let me state for the record, lest there be any misunderstanding, that I support strong FCPA enforcement as to conduct Congress intended to capture in passing the FCPA, that adheres to fundamental legal principles, and that actually makes a difference in accomplishing the FCPA’s objective.  My criticisms and concerns of the DOJ and SEC’s FCPA enforcement has been across a wide spectrum, including that in egregious instances of corporate bribery, the DOJ has been too lenient.  See here for my article “The Facade of FCPA Enforcement” and here for my November 2010 Senate testimony.

To be sure, certain things were accomplished by the Lilly enforcement action.  $29.4 million was added to the U.S. treasury and FCPA Inc.’s pre-enforcement action professional fees and expenses likely exceeded that amount.

Beyond this, it is an open question whether the Lilly enforcement action really accomplished anything.

For starters, let’s start with the SEC’s mission.  As stated on its website, the SEC’s mission is ”to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.”

How is this mission accomplished by the Poland and Russia allegations in the SEC’s complaint?

The Poland allegations concern approximately $39,000 in payments made by Lilly-Poland approximately 12 years ago to a legitimate and bona fide Polish charitable foundation, albeit one allegedly headed by the Director of a Government Health Fund.

The Russia allegations, the only allegations in the complaint that give rise to FCPA anti-bribery charges, concern the conduct of Lilly-Vostok and its use of various third parties in connection with government pharmaceutical business.  There is only one paragraph in the SEC’s complaint concerning specific knowledge of the alleged improper conduct and that paragraph (para. 28 of the complaint) cites a Lilly-Vostok e-mail from 18 years ago and another Lilly-Vostok e-mail from 13 years ago.

The same what is really being accomplished question could also be asked concerning a post-enforcement action requirement imposed on Lilly by the SEC.

The SEC devoted a paragraph of its complaint to “Lilly’s Remedial Measures” and stated as follows.

“Since the time of the conduct noted in this Complaint, Lilly has made improvements to its global anti-corruption compliance program, including: enhancing anticorruption due diligence requirements for relationships with third parties; implementing compliance monitoring and corporate auditing specifically tailored to anti-corruption; enhancing financial controls and governance; and expanding anti-corruption training throughout the organization.”

In other words, per the SEC, over the last approximate decade, Lilly has made extensive enhancements to its FCPA compliance program.  Against this backdrop, what is really being accomplished by the requirement that Lilly engage a compliance consultant for a 60 day period?

“Check The Box” Due Diligence?

One of the greater frustrations I experienced during my FCPA practice career was attending meetings with SEC FCPA enforcement attorneys and learning of the alternate world they lived in.  In their alternate world, companies – 7 to 10 years ago – were supposed to have current FCPA best practices throughout their organization and the absence of such current best practices was evidence of FCPA books and records and internal control violations.

I was reminded of this alternate world when reading the SEC’s release (here) in connection with the Lilly enforcement action.  In it, Kara Novaco Brockmeyer (Chief of the SEC Enforcement Division’s Foreign Corrupt Practices Unit) stated as follows. “Eli Lilly and its subsidiaries possessed a ‘check the box’ mentality when it came to third-party due diligence.”

“Check the Box” due diligence?

The SEC’s allegations concerning due diligence (or lack thereof) focus on the conduct of Lilly-Vostok, a Russian subsidiary, between 1994 through 2005.  In other words, 7 to 18 years ago.   Even the SEC acknowledged that, as to the relevant third-parties, ”Lilly’s due diligence” consisted of “ordering a Dun and Bradstreet report and conducting a search using an internet service to scan publicly available information.”  Elsewhere, the SEC acknowledges that Lilly-Vostok “in conjunction with outside counsel” conducted due diligence on various third parties.

Effective due diligence?  Probably not – the SEC alleges that certain beneficial owners were not identified and that there was no documentation that certain third parties were capable of performing the engaged services.  Due diligence consistent with today’s best practices?  Probably not.

Yet to call such due diligence efforts – which took place 7 to 18 years ago – “check the box” is emblematic of the SEC’s alternate reality.

The Double Standard On Display

I have frequently written about the FCPA’s double standard.  (See here for all prior posts).  The double standard regards the seemingly obvious fact that there is little intellectual or moral consistency between enforcement of the FCPA and enforcement of the U.S. domestic bribery statute (18 USC 201).  The double standard is present when a U.S company’s interaction with a “foreign official” is subject to more scrutiny and different standards than its interaction with a U.S. official.

Prior double standard posts (here and here) have explored the frequency in which U.S. business gives to charitable donations favored by influential politicans.  No consequences or legal action is taken.

Yet when a U.S. company gives to charitable donation favored by foreign politicians - well that is stuff of bribery and corruption.  In addition to the Chudow (Poland) Castle Foundation allegations in the SEC’s Lilly complaint, is the following allegation concerning Russia.

“From 2005 through 2008, Lilly-Vostok made various proposals to government officials in Russia regarding how Lilly-Vostok could donate to or otherwise support various initiatives that were affiliated with public or private institutions headed by the government officials or otherwise important to the government officials. Examples included their personal participation or the participation of people from their institutions in clinical trials and international and regional conferences and the support of charities and educational events associated with the institutes. At times, these proposals to government officials were made in a communication that also included a request for assistance in getting a product reimbursed or purchased by the government. Generally, Lilly-Vostok personnel believed these proposals were proper because of their relevance to public health issues and many of the proposals were reviewed by counsel. Nonetheless, Lilly-Vostok did not have in place internal controls through which such proposals were vetted to ascertain whether Lilly-Vostok was offering something of value to a government official for a purpose of influencing or inducing him or her to assist Lilly-Vostok in obtaining or retaining business.”

No DOJ Involvement

As indicated in the prior Lilly post, the Lilly enforcement action was the latest in a series of FCPA enforcement actions begun in 2011 against pharmaceutical / health care-related companies.  All actions (Johnson & Johnson, Smith & Nephew, Biomet, and Pfizer) have been based on the same general set of allegations (things of value to various foreign health care providers for an alleged business purpose).  However, the Lilly enforcement action is the only enforcement action with no DOJ involvement.  In “The Facade of FCPA Enforcement,” I discuss how the lack of enforcement transparency contributes to the facade of enforcement when the same core set of facts are resolved with materially different results.

A Message For Internal Audit

I have long discussed (see here and here for prior posts and here for a recent interview) the importance of FCPA goggles for internal audit and finance professionals – meaning that internal audit and finance personnel should be specifically trained to approach their specific job functions not only in the traditional way, but also with “FCPA goggles” on.  I have noted that it is clear from recent FCPA enforcement actions that the SEC expects much more from non-legal personnel when it comes to FCPA compliance, including the ability to spot FCPA issues and display a high degree of (I’ll call it) intellectual curiosity as to certain issues.

The SEC’s complaint against Lilly contains an emphatic message to the internal audit community.  Paragraph 46 of the complaint states, in full, as follows.

“[D]espite an understanding that certain emerging markets were most vulnerable to FCPA violations, Lilly’s audit department, based out of Indianapolis, had no procedures specifically designed to assess the FCPA or bribery risks of sales and purchases.  Accordingly, transactions with off-shore entities or with government-affilated entities did not receive specialized or closer review for possible FCPA violations.  In assessing these transactions, the auditors relied upon the standard accounting controls which primarily assured the soundness of the paperwork.  There was little done to assess whether, despite the existence of facially acceptable paperwork, the surrounding circumstances or terms of a transaction suggested the possibility of an FCPA violation or bribery.”