The Pfizer DPA: Parts I-III

The Pfizer DPA: Parts I-III

The Pfizer DPA: The New Minimum Best Practices for a FCPA Compliance Program? Part I

It's Friday and once again it was a wild week in the Foreign Corrupt Practices Act (FCPA) and wider compliance world. In the FCPA arena, as most compliance practitioners are aware, Pfizer settled is FCPA enforcement action this week. In its settlement Pfizer paid $15 million in criminal penalties to the Department of Justice (DOJ) and $45.2 million in disgorgement and pre-judgment interest to the Securities and Exchange Commission (SEC). While the total settlement did not put Pfizer on the coveted 'Top 10 FCPA Settlements of All-Time' list, Pfizer did land on the FCPA Blog's 'Top Ten Disgorgement' list. A special kudos goes to the FCPA Professor for his exhaustive review, over two separate blog postings, of the Criminal Information, Deferred Prosecution Agreement (DPA), SEC Civil Complaint and the DOJ and SEC Press Releases.

The DPA had some very interesting new wrinkles regarding the compliance regime that Pfizer agreed to institute. They were all called "enhanced compliance obligations" and were included in three supplemental attachments to the standard Attachment C, of the DPA. They were monikered Attachments C.1, C.2 and C.3. I have set out below the obligations that Pfizer agreed to in Attachment C.1.

Attachment C.1 - Corporate Compliance Program

This is the attachment that has traditionally set out the standard 13 point minimum best practices compliance program that has been in each DPA since at least the Panalpina settlement of November, 2010. The Pfizer corporate compliance program is as follows:

1.         A clearly articulated corporate policy against violations of the FCPA, including its anti-bribery, books and records, and internal controls provisions, and other applicable counterparts (collectively, the "anti-corruption laws");

2.         Promulgation of compliance standards and procedures designed to reduce the prospect of violations of the anti-corruption laws and Pfizer's compliance code. These standards and procedures shall apply to all directors, officers, and employees and, where necessary and appropriate, outside parties while acting on behalf of Pfizer in a foreign jurisdiction, including but not limited to, agents, consultants, representatives, distributors, teaming partners, and joint venture partners (collectively, "agents and business partners").

3.         The assignment of responsibility to one or more senior corporate executives of Pfizer for the implementation and oversight of compliance with policies, standards, and procedures regarding the anti-corruption laws. Such corporate officials) shall have the authority to report matters directly to Pfizer's Board of Directors or any appropriate committee of the Board of Directors.

4.         Mechanisms designed to ensure that the policies, standards, and procedures of Pfizer regarding the anti-corruption laws are effectively communicated to all directors, officers, employees, and, where appropriate, agents and business partners. These mechanisms shall include: (a) periodic training for all directors, officers, and employees, and, where necessary and appropriate, agents and business partners; and (b) accompanying certifications by all such directors, officers, and employees, and, where necessary and appropriate, agents, and business partners, certifying compliance with the training requirements.

5.         An effective system for reporting suspected criminal conduct and/or violations of the compliance policies, standards, and procedures regarding the anti-corruption laws for directors, officers, employees, and, where necessary and appropriate, agents and business partners.

6.         Appropriate disciplinary procedures to address, among other things, violations of the anti-corruption laws and Pfizer's compliance code by Pfizer's directors, officers, and employees.

7.         Appropriate due diligence requirements pertaining to the retention and oversight of agents and business partners.

8.         Standard provisions in agreements, contracts, and renewals thereof with all agents and business partners that are reasonably calculated to prevent violations of the anti-corruption laws, which may, depending upon the circumstances, include: (a) anti-corruption representations and undertakings relating to compliance with the anti-corruption laws; (b) rights to conduct audits of the books and records of the agent or business partner to ensure compliance with the foregoing; and (c) rights to terminate an agent or business partner as a result of ally breach of anti-corruption laws, and regulations or representations and undertakings related to such matters.

9.         Periodic testing of the compliance code, standards, and procedures designed to evaluate their effectiveness in detecting and reducing violations of anti-corruption laws and Pfizer's compliance code.

In a subsequent posting I will dive more deeply into the Enhanced Compliance Obligations and the Corporate Reporting Obligations and what these new requirements might portend for your compliance program.

Pfizer DPA Part II - Enhanced Compliance Obligations and Corporate Compliance Obligations

Last week I began an exploration of the Pfizer Deferred Prosecution Agreement (DPA) which was announced last week by the Department of Justice (DOJ) in connection with its settlement of Foreign Corrupt Practices Act (FCPA) violations. In Part I, I reviewed the Corporate Compliance Obligations, Attachment C.1. Today we review the Enhanced Compliance Obligations, Attachment C.2 and Corporate Reporting Obligation, Attachment C.3, which Pfizer agreed to implement and operate under. In Part III, I will discuss some of the implications raised by the Pfizer DPA for the compliance practitioner.

 I.                   Attachment C.2 - Pfizer's Enhanced Compliance Obligations

In addition to the minimum best practices,as set out in Attachment C.1 - Corporate Compliance Obligations, Pfizer agreed to the following additional compliance obligations:

A.     In General. Pfizer will maintain the appointment of a senior corporate executive with significant experience with compliance with the FCPA, including its anti-bribery, books and records, and internal controls provisions, as well as other applicable anticorruption laws and regulations (hereinafter "anti-corruption laws and regulations") to serve as Chief Compliance and Risk Officer, who will have reporting obligations directly to the Chief Executive Officer. The company will maintain the appointment of heads of compliance with responsibility for each of its business units ("BU Compliance Leads") who have reporting obligations through the Chief Compliance and Risk Officer or General Counsel. There will be an Executive Compliance Committee to oversee Pfizer's compliance program.

The company will maintain gifts, hospitality, and travel policies and procedures in each jurisdiction that are appropriately designed to prevent violations of the anti-corruption laws and regulations. Further and at a minimum, these policies and procedures shall contain the following restrictions regarding foreign government officials, including but   not limited to public health care providers, administrators, and regulators: (i) Gifts must be modest in value, appropriate under the circumstances, and given in accordance with anti-corruption laws and regulations, including those of the government official's home country; (ii) Hospitality shall be limited to reasonably priced meals, accommodations,

and incidental expenses that are part of product education and gaining programs, professional training, and conferences or business meetings; (iii) Travel shall be limited to product education and training programs, professional training and education, and conferences or business meetings; and (iv) Gifts, hospitality, and travel shall not include expenses for anyone other than the relevant officials, unless different standards are required by local law or regulation.

B.     Complaints, Reports and Compliance Issues. The company will maintain "significant" resources for the compliance function. It shall have (a)An international investigations group charged with responding to and investigating anti-corruption compliance issues reported on a global basis acid ensuring that appropriate remedial measures are undertaken after the completion of an investigation; (b) An anti-corruption program office providing centralized assistance and guidance regarding the implementation, updating and revising of the FCPA Procedure, the establishment of systems to enhance compliance with the FCPA Procedure, and the administration of corporate-level training and annual anti-corruption certifications; and (c) A mergers and acquisitions compliance function designed to support early identification of compliance risks associated with complex business transactions and to ensure the integration of Pfizer's compliance procedures into newly acquired entities.

Lastly the company must maintain its mechanisms for making and handling reports and complaints related to potential violations of anti-corruption laws and regulations, including, when appropriate, referral for review and response by internal audit, finance, legal, compliance and other personnel as appropriate, and will ensure that reasonable access is provided to an anonymous, toll-free hotline as well as to an anonymous electronic complaint form, where anonymous reporting is legally permissible.

C.   Risk Assessments and Proactive Reviews. Pfizer will continue to conduct a risk-based program of annual proactive anti-corruption reviews of high-risk markets. These FCPA proactive reviews are designed to identify anti-corruption con7pliance issues, examine compliance procedures and controls as implemented in the field and identify best practices to be implemented in additional markets. In doing so, Pfizer will identify markets which are at high risk for corruption because of the business and location. Five of these will be identified and reviewed annually. Each review shall contain the minimum: (a) On-site visits by an FCPA review team comprised of qualified personnel from the Compliance and, when appropriate, Legal Divisions who have received FCPA and anti-corruption training;  (b) Where appropriate, participation in the on-site visits by qualified auditors; (c) Review of a representative sample, appropriately adjusted for the risks of the market, of contracts with and payments to individual foreign government officials or health care providers, as well as other high-risk transactions in the market; (d)  Creation of action plans resulting from issues identified during FCPA proactive reviews; these action plans will be shared with appropriate senior management, including when appropriate the Chief Compliance and Risk Officer, and will contain mandatory remedial steps designed to enhance anti-corruption compliance, repair process weaknesses, and deter violations; and € Where appropriate, feasible, and permissible under local law, review of the books and records of a sample of distributors which, in the view of the FCPA proactive review team, may present corruption risk.

D. Acquisitions. The Company will continue to ensure that, when practicable and appropriate on the basis of a FCPA risk assessment, new business entities are only acquired after thorough risk-based FCPA and anti-corruption due diligence was conducted by a suitable combination of legal, accounting, and compliance personnel. When such anti-corruption due diligence is appropriate but not practicable prior to acquisition of a new business for reasons beyond Pfizer's control, or due to any applicable law, rule, or regulation, Pfizer will continue to conduct anti-corruption due diligence subsequent to the acquisition and report to the Department any corrupt payments or falsified books and records as required by company's reporting obligations found in Attachment C.3 Pfizer will ensure that Pfizer's policies, standards and procedures regarding anticorruption laws and regulations apply as quickly as is practicable, but in any event no more than one year post-closing, to newly-acquired businesses, and will promptly: (a) Train directors, officers, and senior managers, and those employees working in positions involving activities covered by Pfizer's policies regarding anti-corruption and compliance with the FCPA, and, where necessary and appropriate, agents and business partners; and (b) Include all newly-acquired businesses in Pfizer's regular anti-corruption auditing schedule.

E. Relationships with Third Parties. Based upon its internal risk assessment, the company will conduct risk-based due diligence of sales intermediaries, including agents, consultants, representatives, distributors, and joint venture partners. Such due diligence will be conducted prior to the retention of any new agent, consultant, representative, distributor, or joint venture partner and for all such sales intermediaries will be updated no less than once every three years. At a minimum, such due diligence shall include: (a) a review of the qualifications and business reputation of the sales intermediaries; (b) a rationale for the use of the sales intermediary; and (c) a review of relevant FCPA risk areas.

Where due diligence of a sales intermediary raises a serious red flag, the relevant information shall be reviewed by personnel from the compliance or legal divisions who have received FCPA and anti-corruption training. Where appropriate and where permitted by applicable law, the company will include appropriate compliance terms and conditions in each contract with such third parties.

F. Training. The company will provide biennial training on anti-corruption laws and regulations to directors, officers, executives, and employees working in positions involving activities covered by Pfizer's policies regarding anti-corruption and compliance with the FCPA. The company will provide enhanced FCPA training for all internal audit, financial, compliance and legal personnel involved in FCPA proactive reviews or anti-corruption due diligence related to the potential acquisition of new businesses, if not already qualified and experienced. When it is appropriate on the basis of a FCPA risk assessment, the company will provide FCPA and anti-corruption training to relevant agents and business partners, at least once every three years.

The company shall maintain a system of annual certifications from senior managers in each of Pfizer's Business Units, Divisions, and operational functions (at the market or regional level, or the reasonable equivalent) as appropriate, confirming that their standard operating procedures adequately implement Pfizer's anti-corruption policies, procedures and controls, including training requirements, that they have reviewed and followed up on any issues identified in FCPA trend analyses, and that they are not aware of any FCFA or other corruption issues that have not already been reported to the Compliance Division or the Legal Division.

II.                Attachment C.3 - Corporate Compliance Reporting

Here Pfizer agreed to conduct an initial report and two follow up reports during the pendency of the DPA. These reports would be set forth in a complete description of its FCPA and anti-corruption related remediation efforts to date, its proposals reasonably designed to improve the policies and procedures of Pfizer for ensuring compliance with the FCPA and other applicable anti-corruption laws, and the parameters of the subsequent reviews. The two follow up reports will incorporate any comments provided by the DOJ on the Initial Report, to further monitor and assess whether the policies and procedures of Pfizer are reasonably designed to detect and prevent violations of the FCPA and other applicable anti-corruption laws.

These enhanced obligations could well become the new minimum best practices in the FCPA compliance arena. You should take a look at these obligations and compare them with your program to see where you might be lacking or need to enhance your compliance coverage.

Pfizer DPA Part III - What Does It All Mean?

Last week I began an exploration of the Pfizer Deferred Prosecution Agreement (DPA) which was announced last week by the Department of Justice (DOJ) in connection with its settlement of Foreign Corrupt Practices Act (FCPA) violations. In Part I, I reviewed the Corporate Compliance Obligations, Attachment C.1. In Part II, I reviewed the Enhanced Compliance Obligations, Attachment C.2 and Corporate Reporting Obligation, Attachment C.3, which Pfizer agreed to implement and operate under. In Part III, I will discuss some of the implications raised by the Pfizer DPA for the compliance practitioner.

Below is a comparison chart of the minimum best practices compliance program as set out in the Panalpina DPA and all DPAs coming forward with the minimum best practices compliance program as set out in the Pfizer DPA. While the number of compliance obligations is somewhat different, when read in conjunction with the Enhanced Compliance Obligations of Attachment C.2, there is not significant difference. Therefore, and initially, the compliance practitioner must read both the Corporate Compliance Obligations and Enhanced Compliance Obligations in conjunction with each other.

CORPORATE COMPLIANCE COMPARISON CHART

Panalpina Minimum Best Practices

Pfizer 9 Point Corporate Compliance Program

1. Code of Conduct. To ensure against FCPA violations.

1. Clearly articulated corporate policy against FCPA violations.

2. Tone at the Top. A company will ensure that its senior management provides visible support and commitment to its corporate anti-corruption policy.

2.  Promulgation of compliance standards and procedures designed to reduce the prospect of violations of the anti-corruption laws and Pfizer's compliance code.

3. Written policies and procedures.  Should be created in the following areas (a) gifts; (b) hospitality, entertainment, and expenses; (c) customer travel; (d) political contributions; (e) charitable donations and sponsorships; (f) facilitation payments; and (g) solicitation and extortion.

3. Assignment of one or more senior corporate execs for implementation and oversight of compliance program. They shall report to the Board.

4. Risk Assessment. Perform risk assessment and use it to inform your compliance program. 9(b)-internal and confidential reporting system.

4. Effective communication of the compliance policies including training and certification of training.

5. Annual Reviews. No less than annually, a company should review and update as appropriate to ensure continued compliance program effectiveness.

5. An effective system for reporting illegal conduct or violations of the company anti-corruption program.

6. Senior Management Oversight and Reporting. Assignment of one or more senior corporate executives for implementation & oversight of compliance program and they shall report to Board of Directors

6. Appropriate disciplinary procedures.

7. Internal controls.  These should include financial and accounting procedures which should ensure that the company has accurate and fair books and records, which cannot be used for or conceal bribery.

7. Appropriate due diligence for retention and oversight of agents and business partners.

8. Training. A company shall effectively communicate compliance program through training and annual certifications

8. Standard compliance terms and conditions in contracts including (1) reps and undertakings re: anti-corruption compliance; (2) right to audit; and (3) right to terminate for breach thereof.

9. Advice and Guidance.  The Company should establish or maintain an effective system for: (a) Providing guidance; (b) Internal and confidential reporting; and (c) Responding to such requests and undertaking appropriate action in response to such reports.

9. Periodic testing of Pfizer compliance code and anti-corruption procedures.

10. Discipline. A company shall institute appropriate disciplinary procedures to address violations compliance policy or ant-corruption laws.

11. Third Party Reps. (a) Properly documented risk-based due diligence and regular oversight of agents and business partners;  (b) Informing agents and business partners of the compliance standards; and (c) Seeking a reciprocal commitment from agents and business partners.

12. Compliance terms and conditions. Should be included in every agent agreement.

13. Ongoing Assessment. Period review and testing of compliance program to evaluate it and improve the program's effectiveness.

 

In addition to a Chief Compliance Officer (CCO) and Risk Officer (RO) who will have report directly to the Chief Executive Officer (CEO), there was further specified requirements for compliance leads to be appointed with responsibility for each of its business units who would in turn report to the CCO and RO or General Counsel (GC). Finally, similar to the situation we observed in the Halliburton settlement of its shareholder derivative action, Pfizer will have an Executive Compliance Committee, which will sit below the Board of Directors to oversee Pfizer's compliance program.

The Enhanced Compliance Obligations require that Pfizer maintain policies and procedures regarding gifts, hospitality, and travel in each jurisdiction that are appropriately designed to prevent violations of the anti-corruption laws and regulations, presumably tailored to each jurisdiction. This statement would seem to focus on reasonableness not only in terms of monetary value but also in factoring in the jurisdiction where the gift or hospitality is to be provided. Finally, and as always, travel and training must have a business purpose.

There was a very detailed plan laid out for a risk-based program of annual proactive anti-corruption reviews of high-risk markets. It consists of five markets which are at high risk for corruption because of the business and location. The specifics for each visit will be a useful guide for the compliance practitioner to compare with similar work done by his compliance group. It includes (a) On-site visits by an FCPA review team comprised of qualified personnel from the Compliance, Audit and Legal functions who have received FCPA and anti-corruption training; (b) Review of a representative sample, appropriately adjusted for the risks of the market, of contracts with, and payments, to individual foreign government officials or health care providers, as well as other high-risk transactions in the market; (c) Creation of action plans resulting from issues identified during the proactive reviews; these action plans will be shared with appropriate senior management and should contain mandatory remedial steps designed to enhance anti-corruption compliance, repair process weaknesses, and deter violations; and (d) a review of the books and records of a sample of distributors which, in the view of the FCPA proactive review team, may present corruption risk.

Interesting, the DPA specifies that Pfizer will maintain "significant" resources for the compliance function. These significant resources will be dedicated to several different types of compliance tools, including (a) an international investigations group charged with responding to and investigating anti-corruption compliance issues and ensuring that appropriate remedial measures are undertaken after the completion of an investigation; (b) an anti-corruption program office providing centralized assistance and guidance regarding the implementation, updating and revising of the FCPA Procedure, the establishment of systems to enhance compliance with the FCPA Procedure, and the administration of corporate-level training and annual anti-corruption certifications; and (c) a mergers and acquisitions (M&A) compliance team designed to support early identification of compliance risks associated with complex business transactions and to ensure the integration of Pfizer's compliance procedures into newly acquired entities. There was a slightly different time schedule listed for Pfizer to complete post-acquisition auditing, training and implementation of the Pfizer compliance program into the acquired company. I have added to my recent FCPA M&A Box Score Summary.

Time Frames

Halliburton 08-02

J&J

DS&S

Pfizer

FCPA Audit

  • 1. High Risk Agents - 90 days
  • 2. Medium Risk Agents - 120 Days
  • 3. Low Risk Agents - 180 days

18 months to conduct full FCPA audit

As soon "as practicable"

One year

Implement FCPA Compliance Program

Immediately upon closing

12 months

As soon "as practicable"

One year

Training on FCPA Compliance Program

60 days to complete training for high risk employees, 90 days for all others

12 months to complete training

As soon "as practicable"

One Year

While there was no new language regarding risk evaluation, due diligence on, or other management of third party business parties, the DPA did specify that when it is appropriate on the basis of a FCPA risk assessment, the company will provide FCPA and anti-corruption training to relevant agents and business partners, at least once every three years.

The company is also to use annual certifications from senior managers in each of Pfizer's Business Units, Divisions, and operational functions confirming that their standard operating procedures adequately implement Pfizer's anti-corruption policies, procedures and controls, including training requirements; that they have reviewed and followed up on any issues identified in FCPA trend analyses; and that they are not aware of any FCFA or other corruption issues that have not already been reported to the Compliance Division or the Legal Division.

There is a wealth of information in the Pfizer DPA and other documents relating to its resolution of these FCPA issues. I would commend all the documents to you to read and see what areas your company may need to look at more closely and how these Compliance and Enhanced Compliance Obligation Attachments may provide insight into areas where you might be lacking or need to enhance your compliance program and coverage.  These enhanced obligations could well become the new minimum best practices in the FCPA compliance arena.

 Visit the FCPA Compliance and Ethics Blog, hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

For more information about LexisNexis products and solutions connect with us through our corporate site.

 

  • Tags: