This article was republished with permission from Tom Fox’s FCPA Compliance and Ethics Blog.
The recent Olympus Corporation and related entities (collectively “Olympus”) enforcement action demonstrated a company seemingly dedicated to lying, cheating and stealing its way across the globe in search of the almighty dollar. As noted by Mike Volkov, “Olympus bears the unique moniker of completing a triple play of misconduct – violations of the domestic anti-kickback statute, the False Claims Act and the Foreign Corrupt Practices Act (FCPA). At the root of its problem is a culture committed to bribery and kickbacks.”
Added to this ignominy was that the company’s Chief Compliance Officer (CCO), John Slowik, tried to stop these actions internally and was fired for his trouble. Thereafter he filed a whistleblower claim and a Qui Tam case. According to the Department of Justice (DOJ) press release on the resolution, he was awarded over $51 million for his bringing the illegal acts to light.
The company, the U.S.’ largest distributor of endoscopes and related equipment, had engaged in a scheme to pay kickbacks to doctors and hospitals in the U.S. No doubt not wanting to be out of balance with its international sales, the company violated the FCPA in Latin America. Much has been and will continue to be written about the nefarious acts of the company; its long and widespread bribery schemes all tied together with an endemic culture of corruption as lessons to be learned by the anti-corruption compliance practitioner.
However, as this matter encompassed more than simply the FCPA and it was in the health care space, in addition to entering into a deferred prosecution agreement (DPA), the company entered into a corporate integrity agreement (CIA). This CIA has some very detailed instruction on the compliance program the company must put in place going forward. I realize that much of the detail relates to the specific health care requirements of the Office of Inspector General (OIG) and the Department of Health and Human Services (HHS); nevertheless, the CIA provides some interesting guideposts for you to consider in your own FCPA compliance program. Over the next couple of blog posts I will detail out some of the more interesting requirements under the CIA. Today, I will start with an overview.
According the to the DOJ press release, “The CIA details the compliance program [Olympus Corporation of the Americas (OCA)] must maintain, which must include:
- compliance responsibilities for OCA management and the Board of Directors;
- a health care compliance code of conduct that includes certain standards;
- training and education that includes specified standards;
- requirements for consulting arrangements, grants and charitable contributions, management of field assets and review of travel expenses;
- risk assessment and mitigation process; and
- review procedures for testing the compliance program.”
Under the CIA, Olympus “represents that it has implemented a compliance program that includes the following elements: a compliance officer, a compliance committee, training and education, policies and procedures, a hotline for reporting compliance issues and monitoring and auditing activities. [Olympus] shall continue its compliance program throughout the term of this CIA and shall do so in accordance with the terms set forth below. OCA may modify its compliance program as appropriate but, at a minimum, OCA shall ensure that during the term of this CIA, it shall comply with the obligations.” The CIA had two obligations that provide insights into how a compliance program should be structured.
Within 90 days following the execution of the CIA, the company is required to create a compliance committee. Interestingly, the CIA laid out who should be on this compliance committee. Of course, it included the CCO and other members of senior management necessary to meet the requirements of the CIA, but went on to suggest senior management from the following functions, “senior executives of relevant departments, such as sales, marketing, legal, medical affairs/medical information, regulatory affairs, research and development, human resources, audit, finance, manufacturing and operations.”
Even the functional leadership of the compliance committee was specified with the CCO as a co-chair with the Chief Executive Officer (CEO). Meeting dates were specified to occur at least quarterly with minutes kept and available to the OIG. Changes in committee membership also had to be approved by the OIG.
Board of Directors
The CIA recognized the Board has the responsibility for the “review and oversight of matters related to compliance with federal health care program requirements, FDA requirements and the obligations of this CIA.” The Board itself is required to include a non-executive member. The CIA went on to lay out specific requirements for the Board around its oversight of the compliance function.
It stated the Board is required to meet no less than quarterly to review and oversee the compliance program. The Board must report to the OIG, “description of the documents and other materials it reviewed, as well as any additional steps taken, such as the engagement of an independent advisor or other third-party resources, in its oversight of the compliance program and in support of making the resolution below during each reporting period.”
Most interestingly, under the CIA, the Board is required to adopt “a resolution, signed by each individual member of the Board, summarizing its review and oversight of OCA’s compliance with federal health care program requirements, FDA requirements and the obligations of this CIA” during each reporting period.
Finally, the CIA even required specific language in each Board resolution, reading “the Board of Directors has made a reasonable inquiry into the operations of OCA’s compliance program during the preceding 12-month period including the performance of the compliance officer and the compliance committee. Based on its inquiry and review, the Board has concluded that, to the best of its knowledge, OCA has implemented an effective compliance program to meet federal health care program requirements, FDA requirements and the obligations of the corporate integrity agreement.” If the Board cannot commit to this language, it must explain why not in writing to the OIG.
Admittedly, these provisions may seem onerous for a company who has not engaged in multiple criminal acts. However, these steps are required to ensure that Olympus fulfills its obligations going forward. Yet the requirements lay out what may move to best practices for an anti-corruption compliance program sooner rather than later. Consider the makeup of the compliance committee and its specified regular meeting schedule. Moreover, the Board obligations could be seen as cutting edge, but also drill down into how a Board can effectively provide oversight to a compliance program. Finally, the certification required on the Board resolutions will hopefully make each and every Board member take their oversight responsibilities seriously.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business advice, legal advice or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author gives his permission to link, post, distribute or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at 16.