This previous post highlighted the SEC’s $25.2 million FCPA enforcement action against Sanofi and this post continues the analysis by highlighting additional issues to consider.
Sanofi’s FCPA scrutiny began in mid-2014 (see this prior post). Thus, from start to finish, its scrutiny lasted approximately 4 years.
At the risk of sounding like a broken record to regular readers … if the FCPA enforcement agencies want the public to have confidence in their FCPA enforcement programs, they must resolve instances of FCPA scrutiny much quicker. The validity and credibility of FCPA enforcement depends on this. Having FCPA scrutiny linger for over four years is inexcusable particularly since Sanofi, in the words of the SEC:
“During the course of the investigation, [Sanofi] provided regular briefings regarding the facts developed in its internal investigation in Kazakhstan, Levant, and the Gulf, and with respect to other countries. [Sanofi] timely conveyed the facts it learned in the course of its investigation, including facts that the Commission would not have been able to readily and independently discover, produced and highlighted particularly relevant documents, promptly responded to additional requests by the Commission staff, and provided translations of documents as needed.”
Invoking A Standard That Does Not Even Exist
To anyone who values the rule of law, it is troubling when an FCPA enforcement agency invokes a standard of liability that does not even exist under the FCPA.
Yet once again, that is what the SEC did in the Sanofi enforcement action.
In the words of the SEC, Sanofi violated the FCPA’s internal controls provisions “by failing to devise and maintain sufficient accounting controls to detect and prevent the making of improper payments to foreign officials.”
Problem is, the invoked “detect or prevent” standard does not even exist in the FCPA!
Rather, the FCPA’s internal controls provisions state that an issuer shall “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that” certain financial objectives are met.
The FCPA then defines “reasonable assurances” and “reasonable detail” to “mean such level of detail and degree of assurance as would satisfy prudent officials in the conduct of their own affairs.”
No-Charged Bribery Disgorgement
The Sanofi enforcement action is the latest example (of numerous prior examples) of the SEC seeking a disgorgement remedy in the absence of FCPA anti-bribery charges or findings. Specifically, the $25.2 million settlement amount, based on books and records and internal controls violations, consisted of the following: disgorgement of $17.5 million prejudgment interest of $2.7 million and a civil monetary penalty of $5 million.
As highlighted in this previous post (and numerous prior posts thereafter), so-called no-charged bribery disgorgement is troubling.
Among others, Paul Berger (here) (a former Associate Director of the SEC Division of Enforcement) has stated that “settlements invoking disgorgement but charging no primary anti-bribery violations push the law’s boundaries, as disgorgement is predicated on the common-sense notion that an actual, jurisdictionally-cognizable bribe was paid to procure the revenue identified by the SEC in its complaint.” Berger noted that such “no-charged bribery disgorgement settlements appear designed to inflict punishment rather than achieve the goals of equity.”
Kokesh Only Matters to the Extent Companies Don’t Roll Over and Play Dead
The disgorgement amount in the Sanofi enforcement action was troubling for another reason.
As highlighted here, in June 2017 the Supreme Court unanimously held in SEC v. Kokesh that disgorgement is a penalty and thus disgorgement actions must be commenced within five years of the date the claim accrues. However, as highlighted in this post, Kokesh, not to mention other Supreme Court decisions and other legal principles, only matter to the extent companies under FCPA scrutiny do not roll over and play dead.
The bulk of the disgorgement amount in the Sanofi enforcement action appears to have been based on the conduct in Kazakhstan which, per the SEC’s order, occurred between 2007 and 2011. In other words, 7-11 years prior to the enforcement action.
In short, Kokesh is not going to matter one bit if companies role over and play dead when under FCPA scrutiny and presumably Sanofi did what most companies under FCPA scrutiny do: either waive or toll statute of limitation defenses. As highlighted in this previous guest post from a former SEC Enforcement Division attorney and DOJ Fraud Section prosecutor, issuers simply need to stop doing this.
Is the Post-Enforcement Action Reporting Truly Necessary?
In the words of the SEC, Sanofi’s remedial efforts included the following:
“Prior to the Commission’s investigation, Respondent had begun independently enhancing its compliance program by, among other things, developing a centralized compliance program, revamping its internal controls and procedures over HCP expenditures, increasing the number of its compliance officers globally, enhancing the operation of local compliance committees, and placing compliance personnel in high-risk local markets. Additionally, it enhanced its (1) policies governing interactions with HCPs and government officials, gifts, travel, meetings, congresses, contributions, and ISTs; (2) anti-corruption training, audits, and due diligence procedures for third-party agents; and (3) monitoring for certain Sanofi-sponsored events for HCPs. Respondent also reports that it has terminated 121 employees, including senior local business managers, accepted resignations from another 14 employees, and disciplined 49 employees.”
Nevertheless, as a condition of settlement Sanofi is required to “report on the status of its remediation and implementation of compliance for a period of at least two years.” As stated in the order:
“During this two-year period, Respondent shall conduct and prepare self reviews, as well as related follow-up, and submit written reports of the results, as set forth in the Compliance Program Review Plan (“Plan”) submitted with its Offer of Settlement and report to the Commission staff as outlined below:
[Sanofi]] shall submit to the Commission staff a written report within six (6) months of the entry of this Order setting forth a complete description of its Foreign Corrupt Practices Act (“FCPA”) and anti-corruption related remediation efforts to date, its proposals reasonably designed to improve the policies and procedures of [Company] for ensuring compliance with the FCPA and other applicable anticorruption laws, and the parameters of the subsequent reviews (the “Initial Self Report”). […]
[Sanofi] shall undertake two (2) follow up reviews (the “Follow up Self Reports”), incorporating any comments provided by the Commission staff on the previous report(s), and following up on matters identified in earlier reports, to further monitor and assess whether the policies and procedures of [Company] are reasonably designed to detect and prevent violations of the FCPA and other applicable anti-corruption laws.”
Is post-enforcement action reporting truly necessary or yet another example of a government required transfer of shareholder wealth to FCPA Inc. (see here a prior post including additional posts embedded therein).
Relevant to the Success Issue
With the FCPA turning 40, it is prudent to ask the salient question of whether the FCPA has been successful in achieving its objectives? (See here for a prior post and here for 25 minute video on the subject).
The following statement from Charles Cain (SEC FCPA Unit Chief) in the SEC’s release is relevant to the above question.
“Bribery in connection with pharmaceutical sales remains as a significant problem despite numerous prior enforcement actions involving the industry and life sciences more generally. While bribery risk can impact any industry, this matter illustrates that more work needs to be done to address the particular risks posed in the pharmaceutical industry.”
Not the First Time
This week’s FCPA enforcement action is not the first time Sanofi has resolved a bribery enforcement action. As highlighted here:
“A German court convicted two former [Sanofi] employees of bribery … and slapped the French drugmaker with a €28 million ($39 million) fine […] According to Reuters, a Sanofi ($SNY) spokesman said an investigation of the former employees found that between 2007 and 2010 they had bribed a consultancy that advised one of the company’s clients–a pharmaceuticals dealer–in order to win more orders from that client. “Sanofi was unfairly given preference because of this,” he told the news service.”
The Sanofi enforcement action is yet another involving so-called distributor discounts. The SEC explains in its order:
“The funds paid to foreign officials were derived from discounts and credit notes extended to several distributors who colluded with senior managers to kick back funds to Sanofi employees in Kazakhstan which were then used to pay Kazakh officials.
The scheme took several stages to execute. First, senior managers of Sanofi KZ identified to a distributor a public tender for pharmaceuticals that could be filled by Sanofi products. Second, the distributor submitted a bid for the public tender and, when awarded, notified Sanofi of its need to purchase products to fulfill the tender. Third, the sale price between Sanofi and the distributor included a pre-determined discount or credit note from the sale price between the distributor and the public institution. Fourth, from the amount of the discount or credit note, Sanofi and the distributor were able to designate a portion as the funds which were used to bribe Kazakh officials. Fifth, once the funds which were used to bribe Kazakh officials were earmarked, the distributor kicked back those funds to Sanofi employees who then delivered the illicit proceeds to Kazakh officials. The scheme typically involved providing a 20-30 percent discount to the distributors, a portion of which was then used as the funds from which bribes were paid to Kazakh officials. The funds kicked back to Sanofi employees were tracked in internal spreadsheets and referred to as “marzipans.”
At the time, Sanofi had no standardized commercial policy for distributor discounts and did not review the discounts provided by local management.”
FCPA Institute - Denver (May 4-5)
A unique two-day learning experience ideal for a diverse group of professionals seeking to elevate their FCPA knowledge and practical skills through active learning. Learn more, spend less. CLE credit is available.