This is the second time I have written about this general issue.  See here for the previous post regarding Johnson & Johnson and its “enhanced compliance obligations.”

The recent Foreign Corrupt Practices Act enforcement action against Pfizer is notable in many respects.  (See here for a prior post detailing certain notable aspects).  It is also notable for the “enhanced compliance requirements” Pfizer is required to adhere to pursuant to the terms of the deferred prosecution agreement.

Below are the pertinent facts alleged by the DOJ and/or SEC relevant to the issues discussed in this post

The substantial bulk of the enforcement action concerns conduct of Pharmacia Corporation (an entity Pfizer acquired in 2003) and Wyeth (an entity Pfizer acquired in 2009).

In the 18 months following its acquisition of Wyeth, Pfizer conducted a due diligence and investigative review of the Wyeth business operations and integrated Pfizer’s internal controls system into the former Wyeth business entities.

The DOJ or SEC do not allege that anyone at Pfizer’s or Wyeth’s corporate headquarters knew of or approved the conduct at issue.

As soon as the problematic conduct came to the attention of Pfizer’s corporate headquarters, it made a timely voluntary disclosure to the enforcement agencies.

Pfizer’s self-investigation was thorough and wide-ranging.  The DOJ stated as follows.  “From 2004 to the present, Pfizer, using external counsel and forensic accountants, internal Legal, Compliance, and Corporate Audit personnel, conducted an extensive, global review of its operations regarding allegations of improper payments to Government officials and government doctors, including in Pfizer HCP markets and those of other Pfizer subsidiaries.”  Likewise, the SEC stated as follows.  “[Since 2004, Pfizer] diligently and thoroughly undertook a global internal investigation of its operations in no less than 19 countries …”.

Pfizer provided significant cooperation to the enforcement agencies in their investigations.

Pfizer undertook early and extensive remedial efforts and has made substantial and continuing improvements to its global anti-corruption compliance policies and procedures.  The DOJ stated as follows.  “[S]tarting immediately in 2004, Pfizer launched extensive remedial actions including:  undertaken a comprehensive review of its compliance program, implementing enhanced anti-corruption compliance policies and procedures on a worldwide basis, developing global systems to support employee compliance with the enhanced procedures, adding FCPA-specific reviews to its internal audits, performing proactive anti-corruption compliance reviews in approximately ten markets annually, and conducting comprehensive anti-corruption training throughout the organization.”  Likewise, the SEC stated as follows.  “Pfizer also undertook a comprehensive review of its operations, enhanced its internal controls and compliance functions, engaged in significant disciplinary measures, and developed and implemented global FCPA compliance procedures, including the development and implementation of innovative proactive procedures, and sophisticated supporting systems.”

Thus, for approximately eight years, Pfizer has been doing the right thing.  When the enforcement agencies themselves use words such as thorough, wide-ranging, extensive, global, worldwide, diligent, comprehensive, proactive, significant, innovative and sophisticated, there can be no reasonable doubt about this.

Yet, just as in the Johnson & Johnson enforcement action, the Pfizer DPA requires the company to adhere to “enhanced compliance obligations.”  These obligations require the company to, among other things, “select at least five markets to receive FCPA proactive reviews a year” and each proactive review shall include, at a minimum, “on-site visits by an FCPA review team,” a “review of a representative sample … of contracts with and payments to individual foreign government officials or health care providers, as well as other high-risk transactions in the market,” and “where appropriate, feasible, and permissible under local law, review of the books and records of a sample of distributors …”.

FCPA compliance policies and procedures are good.  Yet given the allegations against Pfizer (as opposed to entities Pfizer acquired) and given what Pfizer has done over the past eight years, are the “enhanced compliance obligations” truly necessary?

Or is this another example of a company being required by the government (under risk of prosecution for failure to do so) to engage in fishing expeditions (when the company has already gone fishing) just for the sake of going fishing again and thus represent a boundless and unconstrained transfer of shareholder wealth to FCPA Inc.?

Such fishing expeditions are, of course, lucrative for FCPA Inc.  Hence one of the reasons you probably do not see those in the industry raising concerns about the emerging trend of “enhanced compliance obligations.”

Yet such concerns should be raised and have been raised here.