home > epc > winter 2012 > risky business
European Pharmaceutical Contractor

Risky Business

A practical guide for pharmaceutical companies looking to adapt their compliance programmes to today’s evolving demands.

There is no doubt that life sciences organisations are in the spotlight of anti-corruption authorities worldwide. Laws addressing corruption are not new, yet the related business risks and potential penalties are gaining prominence every year. European authorities are starting to apply US-style enforcement strategies to hold companies and their senior management accountable for failing to prevent corruption and bribery. The toughening of anti-bribery measures goes hand-in-hand with an increased scrutiny of pharma sales and marketing practices and a new focus on pharma medical and clinical activities, as illustrated by the recent changes made to the International Federation of Pharmaceutical Manufacturers Associations (IFPMA) Code in 2012, along with the new rules on transparency requirements affecting payments to healthcare professionals and conflicts of interest.

The implications of the evolving environment in which the European pharmaceutical industry resides are significant. Pharmaceutical and medical device companies can face criminal, civil and administrative liability for acts of the company and their associated persons.

Life sciences companies are facing with major penalties or large monetary settlements (1) – including GSK’s $3 billion fine in 2012, Pfizer’s $2.3 billion in 2009, and Abbott Laboratories’ $1.5 billion in 2012 – as well as aggressive prosecutorial conduct and invasive corporate integrity agreements in the US. There is also the risk of debarment from doing business with governments or trading on stock exchanges; loss of trust among healthcare professionals, patients, investors and other stakeholders; negative effects on shares prices (although, surprisingly, not in all cases); and the unquantifiable, but real, damage to a company’s public image and the reputation of the industry as a whole.

There is a clear trend towards holding companies’ senior managers and board members who are in a position to prevent, detect and respond to violations, but fail to do so, accountable for the acts of their organisations, including criminal prosecution of individuals (2). In eastern Europe, the CEO of Russia’s largest pharmaceutical distributor, Protek, was sentenced to 18 months in prison for bribing officials of Russia’s Federal Mandatory Health Insurance Fund. The former head of the Fund was sentenced to seven years in prison for accepting bribes and two of his deputies were each sentenced to nine years in prison and financial fines (3).

The increase in cross border collaboration between the UN and UK, US and European governments on investigations is also palpable. The DePuy International Limited case illustrates the implications of this increased collaboration. The alleged unlawful conduct consisted of payments made by DePuy International Limited (a British subsidiary of DePuy Incorporated, based in the US) to intermediaries for the purpose of making corrupt payments to Greek medical professionals working in the Greek public health system. Payments to the intermediaries amounted to 20 per cent of the price, at which the orthopaedic product was ultimately sold. These payments covered the commission for the intermediary and were available to be used to pay inducements or rewards for the use of orthopaedic products sold by DePuy International Limited (4). Following an internal complaint in 2006, Johnson & Johnson, who owned DePuy Incorporated, reported their findings to the US Department of Justice (DOJ) and the US Securities and Exchange Commission (SEC), who referred the case to the UK Serious Fraud Office (SFO). As a result, the global sanction in respect of the unlawful conduct in Greece resulted in a financial penalty of $21.4 million, part of a Deferred Prosecution Agreement with DOJ, a civil sanction of $24.2 million plus interest of $6.2 million by SEC, civil recovery order of £4.8 million by SFO, and freezing of assets worth $5.7 million by the Greek authorities.

In the Jessop case, the UN Independent Inquiry Committee inspecting the manipulation of the Oil-For-Food Program made a referral to the UK authorities regarding the illegal sale of medical goods by Mark Jessop’s companies to Hussein’s government. After investigation by the SFO and the defendant’s admissions in trial, Mr Jessop was charged to a custodial sentence of 24 weeks and ordered to pay £150,000 to the Development Fund for Iraq, as well as pay prosecution costs of £25,000 (5).

In this environment, ensuring that a company maintains adequate compliance procedures that prevent, identify and address wrongdoing is no longer optional for senior managers.

Meeting the Demands of Compliance

So, how can pharmaceutical companies address these fast emerging regulatory compliance demands?

The anti-bribery code issued by Transparency International (TI) and Social Accountability International – The Business Principles for Countering Bribery – has provided a good framework for companies to develop comprehensive antibribery programmes since 2003 (6). In addition to a comprehensive Guidance Document for the Business Principles, TI has created the TI Six Step Implementation Process, which provides a road map for the development and implementation of a programme, as well as a Self-Evaluation Tool, which aims to help companies evaluate the comprehensiveness and robustness of their anti-bribery programmes. A SME Edition addresses the needs of smaller companies.

The OECD Good Practice Guidance on Internal Controls, Ethics and Compliance has added additional advice on the steps to achieve this compliance objective in relation to bribery in international business transactions (7). Both organisations set out similar principles that are reflected in recent national guidance, such as the UK Ministry of Justice Guidance on the Bribery Act 2010 (8).

The legal, regulatory and selfregulatory standards applicable to the pharmaceutical sector add another layer of guidance to ensure that the company procedures are suitable from an anti-bribery perspective. For example, in the UK, the SFO has reached a memorandum of understanding with the Association of the British Pharmaceutical Industry (ABPI) relating to aspects of the application of the UK Bribery Act 2010 to the pharmaceutical industry (9). The memorandum clarifies that although the SFO retains its discretion over which cases it chooses to pursue and when, it will not routinely intervene in matters covered by the ABPI Code and supports the self-regulatory approach enshrined in the Code.

Ultimately, the question of whether a company has adequate procedures in place to prevent bribery in the context of a particular prosecution is a matter that can only be resolved by the national courts, taking into account the particular facts and circumstances of the case. The onus remains, therefore, on the companies to prove that they had adequate procedures in place to prevent bribery.

Practical Steps to Update Your Company Compliance Programme

Step 1 – Show Top-Level Commitment
The top-level management of your company – the Board of Directors in large multinational pharma companies and the owners or funders in smaller pharmaceutical or biotechnology businesses – are expected to communicate strong, explicit and visible support and commitment to the company’s anti-bribery stance. This includes the internal controls in place, ethics and compliance programmes, and the company’s measures for preventing and detecting bribery. Top management is also expected to get involved in developing such bribery prevention procedures. A lack of participation by senior managers can be used as evidence of compliance programme failure even if the correct policies and procedures have been set up.

In practice, this means that top-level management commitment should be communicated and reflected on the company’s intranet and external websites. More importantly, top-level management should get involved in the selection and training of senior managers who would be leading the anti-bribery work. These are the persons who will be controlling the engagement of relevant associated persons (that is those performing services for, or on behalf of, the organisation), and who will be specifically involved in all the highprofile and critical decisions.

Top-level management should also take leadership on key measures, such as enhancement of the company’s code of conduct, as well as other codes and policies governing interactions with healthcare professionals, and endorse all bribery prevention-related publications.

In addition, top-level management should ensure that there is an internal awareness campaign that encourages transparent dialogue throughout the company, between commercial, medical and compliance departments. This step will help to achieve the effective dissemination and implementation of the company anti-bribery policies and procedures, getting through to employees, subsidiaries and associated persons, and ensuring that anti-bribery policies are not only clearly articulated, but also visible.

Step 2 – Tailor Your Risk Assessments
As part of a general compliance assessment or as stand-alone bribery risk assessment, it is important to tailor your existing risk assessments to assess the nature and the extent of your current exposure to external and internal risks of bribery.

This tailored assessment should be periodic, informed, documented, overseen by senior management and adequately resourced. It should also evolve with your company and be adjusted in line with the company changes, for example entering a new market with a very low corruption perception index.

The assessment of risk across the company will inform and drive the update of the existing policies and procedures and the development of new ones. The fuller the understanding of the bribery risk, the more effective the efforts to prevent bribery are likely to be.

A useful way of dealing with risk-assessments effectively is to separate compliance risks into two different groups: external and internal risks. Internal risks consist of the deficiencies appearing in the various steps for implementation of a compliance programme. These are:
  • Deficiencies in the policies and procedures (step 3)
  • Deficiencies in the conduct of due diligence procedures (step 4)
  • Deficiencies in internal communication and training (step 5)
  • Deficiencies in compensation structures and financial controls (step 6)
  • Deficiencies in disciplinary procedures (step 7)

The UK Bribery Act Guidance provides a useful classification of external risks into five broad groups:
  • Country (country level of corruption)
  • Sectoral (corruption risks level per industry sector)
  • Transaction (activity based corruption risks)
  • Business opportunity (high value projects, involving many intermediaries)
  • Business partnership risks (risks attached to certain relationships, such as the use of intermediaries in transactions with foreign public officials)

Internal and external risks should be identified and prioritised (‘red flags’). Enforcers of the Bribery Act and FCPA would expect pharma companies to identify and resolve red flags immediately, regardless of other implementation actions.

Step 3 – Enhance Your Company Procedures
Prepare an inventory of all your existing policies and procedures and update them to fill in any gaps, developing new procedures and controls as needed. Adequate bribery prevention procedures should be proportionate to the bribery risks the organisation faces.

The areas that present higher risk from a compliance and bribery-corruption perspective for pharmaceutical companies are those activities that involve payments to healthcare professionals or other public officials, including foreign individuals, directly by the company or by a third-party on the company’s behalf. This is particularly the case in the context of networks of third-party agents and in connection to high risk activities, such as sponsorships of medical conferences and the conduct of clinical trials in foreign markets.

The following is a non-exhaustive list illustrating those activities that should be covered by policies and corresponding standard operating procedures. Activities that involve payments to healthcare professionals:
  • Donations to organisations comprised of healthcare professionals
  • Commercial sponsorships; sponsorship of healthcare professionals to attend events
  • Independent medical educational grants
  • Investigator-led studies
  • Clinical trials
  • Non-interventional studies
  • Market research involving healthcare professionals
  • Consultant and speakers arrangements
  • Annual limits on compensation for healthcare professionals
  • Public disclosure of payments to HCPs

Other risk activities not involving payments to healthcare professionals are: charitable contributions; interactions with patients and patient organisations; the provision of off-label information; the review and approval of promotional and non-promotional materials; sales representatives training and assessment; sales representatives compensation; provision of medical samples; scientific publications; use of prescriber data; interaction of medical and commercial functions; company representatives (other than sales representatives) training and assessment.

Applying these updated policies and procedures retrospectively to existing associated persons may be difficult, but should be done over time, adopting a risk-based approach with due allowance for what is achievable and the level of control over existing arrangements (10).

In addition, other topics that general bribery prevention procedures should cover are: direct and indirect employment, including recruitment, terms and conditions, disciplinary action and remuneration; governance of business relationships with all other associated persons including preand post-contractual arrangements; decision-making, such as the delegation of authority procedures, separation of functions and the avoidance of conflicts of interest; enforcement and detailing discipline processes and sanctions for breaches of the organisation’s anti-bribery rules.

Step 4 – Apply Due Diligence
Apply properly documented risk-based due diligence to the hiring and the regular oversight of associated persons.

Due diligence of specific prospective associated persons may significantly mitigate risks. A due diligence process, combined with the use of anti-bribery terms and conditions in your company relationships with your contractual counterparts, in addition to requesting these counterparts to adopt a similar approach with the next party in the chain, are effective approaches to address risks arising as a result of the relationships with intermediaries in the supply chain.

Step 5 – Communicate and Train
Ensure periodic communication and documented training for all levels of your company, including subsidiaries, on the company compliance programme. Making information available assists in more effective monitoring, review and evaluation of the bribery prevention procedures, while training provides the knowledge and skills needed to use such procedures and deal with issues that may arise.

It is important to provide guidance and advice to managers, employees and, where appropriate, any associated persons, including effective measures when they need urgent advice in difficult situations.

A key aspect to ensure internal communication is the establishment of internal ‘speak up’ procedures. These ‘speak up’ lines should be secure, confidential and accessible means for internal and external parties to raise concerns about bribery on the part of employees and associated persons, to provide suggestions for improvement of bribery prevention procedures and controls, and for requesting advice. For the ‘speak up’ procedures to be effective there must be adequate protection for those reporting concerns (11), including an adequate whistleblower protection procedure.

In addition to the general training provided to all employees and agents, (for example e-learning or web-based tools), specific training tailored to specific roles should be provided to higher risks functions. This includes the commercial functions in direct contact with healthcare professionals or public officials and, in particular, those agreeing payments to healthcare professionals for services. It is also important to tailor training for employees and agents in highrisk markets, such as developing markets where your company may conduct clinical, medical and charitable activities.

In circumstances where your company uses third-party intermediaries to deal with healthcare professionals on your behalf, it will be relevant for such third parties to undergo bribery prevention training.

Step 6 – Monitor and Review
Monitor and review your anti-bribery procedures, fill in gaps and make improvements where necessary. Internal monitoring and review would consist of:

  • Internal financial control mechanisms – establish a solid system of financial and accounting procedures, including a system of internal controls, reasonably designed to ensure the maintenance of fair and accurate records and accounts, to ensure that they cannot be used for the purpose of bribery or hiding such bribery. This financial system will also help provide insight into the effectiveness of procedures designed to prevent bribery. As pharmaceutical companies now need to track every interaction and financial transaction, monitor both direct and indirect payments undertaken, and then reconcile expenses to each healthcare professional, you may want to shift away from manual processes to suitable software systems to keep up with multinational and complex company operations
  • Formal periodic reviews – country reviews and sector/activity based reviews provide an important source of information on effectiveness and a means by which employees and other associated persons can inform continuing improvement of anti-bribery policies
  • Staff surveys – questionnaires and feedback from training, provide an important source of information on effectiveness and a means by which employees and other associated persons can inform continuing improvement of anti-bribery policies

Step 7 – Discipline
Apply appropriate disciplinary procedures to address breaches of the company compliance programme at all levels.


In contrast with the more established compliance controls found in the US, in Europe, company compliance officers are still determining policies and assessing the implications of global, regional and local regulatory requirements. For many companies, the process of creating a regulatory compliance team in Europe is still in its project phase.

With demands for information and transparency increasing everywhere across Europe, pharmaceutical companies must move beyond the planning stage, consider every aspect of spend and embark upon operational compliance programmes. In this line, the business-based attitude of the European market should enable companies not only to embed compliance activity in every part of the company, but also be able to derive some additional benefits from these key compliance steps and from improved transparency, whether for internal compliance and commercial reasons or external disclosure.

There is a real opportunity for European pharmaceutical companies to establish a good image in the healthcare sector The industry should increasingly consider transparency as a significant competitive advantage and benefit, and an opportunity to improve resource utilisation, rather than simply an expensive and time-consuming exercise. However, while the commitment is there, pharmaceutical companies are facing the challenge to actually deliver transparency, both from a technology and business model perspective.

This is a multi-disciplinary, and for many companies a multi-jurisdiction, project that is not just about acquiring the right technology but also about being able to impose compliance as a key factor in the company’s business model, especially in relation to those activities involving interactions with healthcare professionals. The ability to achieve this aim and update the company procedures to today’s demands is greater when the company acts pre-emptively and proactively.

It is the right time to work with other stakeholders in the field to identify the necessary resources and to put in place the compliance procedures that will mitigate both the risks and the costs associated with the evolving European and global compliance demands.

  1. Visit: List_of_largest_pharmaceutical_ settlements_in_the_United_States
  2. Transparency International UK, an Evaluation of UK Corporate Plea Agreements and Civil Recovery in Overseas Bribery Cases, May 2012
  3. Prime Tass Newswire 12 August 2009
  4. SFO Press Release of 8 April 2011
  5. Medical Goods to Iraq supplier jailed for paying kick-backs, SFO Press Release of 13 April 2011
  6. Transparency International Business Principles for Countering Bribery 2009 edition
  7. OECD Good Practice Guidance on Internal Controls, Ethics and Compliance of March 2010
  8. Section 9 of the Bribery Act 2010, Guidance about procedures which relevant commercial organisations can put into place to prevent persons associated with them from bribing
  9. Memorandum of Understanding between the ABPI, the PMCPA and the SFO of 1 April 2011
  10. 1Principle 1.5 of UK Bribery Act 2010 Guidance 11. Principle 5.3 of the UK Bribery Act 2010 Guidance

Read full article from PDF >>

Rate this article You must be a member of the site to make a vote.  
Average rating:

There are no comments in regards to this article.

Keith M Korenchuk counsels and advises global companies on regulatory and compliance matters worldwide, with a focus on compliance programme effectiveness and implementation, operations and evaluation, and related regulatory counselling and advice. Keith prior experience includes serving as the CEO of a company that focused on pharmaceutical and healthcare sector compliance, as well as the CEO of a research and development company that focused on homeland security technologies.

Silvia Valverde is an associate in Arnold & Porter LLP’s London office. She is a member of the FDA and Healthcare, Compliance and Global Anti-Corruption practice groups and advises global companies on compliance and related regulatory matters. Silvia focuses on the life sciences sector, assisting clients in the pharmaceutical, biotechnology, medical devices and cosmetic industry. She has an MA in European Community Law from the Universite Libre de Bruxelles (ULB) and trained at the EMA before qualifying as a UK solicitor in 2001. 
Keith M Korenchuk
Silvia Valverde
Print this page
Send to a friend
Privacy statement
News and Press Releases

Turkish Cargo maintains its steady growth.

According to the data obtained by WACD, the international air cargo information provider, in May; Turkish Cargo, the global air cargo brand providing service to 124 countries around the world, increased its tonnage rate by 7.1 percent, and grew substantially across the industry which shrank by 5.1 percent in the global air cargo market.
More info >>

White Papers

What is process characterization?


Process characterization is an essential step in the commercialization of a new (biological) drug. For drug product commercialization, manufacturers must validate the drug’s manufacturing process. This ensures that the manufacturing process delivers consistently a quality product and that the patient is not at risk.
More info >>

Industry Events

2020 Avoca Quality and Innovation Summit

3-4 June 2020, Amsterdam, The Netherlands

The 2020 Avoca Quality and Innovation Summit will take place 3-4 June 2020, in Amsterdam, The Netherlands.
More info >>



©2000-2011 Samedan Ltd.
Add to favourites

Print this page

Send to a friend
Privacy statement