Featured Expert Contributor, White Collar Crime & Corporate Compliance
It has been a busy few months for the Fraud Section of the Department of Justice (“DOJ”) as the section continues its road show to educate the health care community on its recent Foreign Corrupt Practices Act (“FCPA”) guidance. As has been widely reported, DOJ announced a new policy (which took effect immediately) of applying its FCPA Corporate Enforcement Policy to health care companies. DOJ has focused considerable enforcement resources lately on health care companies’ alleged payment of bribes to foreign officials.
DOJ’s FCPA Corporate Enforcement Policy, which can be found here, incentivizes companies to self-disclose FCPA violations by declining to pursue prosecution when a company satisfies certain requirements. Specifically, DOJ explains:
“When a company has voluntarily self-disclosed misconduct in an FCPA matter, fully cooperated, and timely and appropriately remediated, all in accordance with the standards set forth below, there will be a presumption that the company will receive a declination absent aggravating circumstances involving the seriousness of the offense or the nature of the offender.”
Justice Manual, FCPA Corporate Enforcement Policy §9-47.120(1).
Companies operating in the health care space are no strangers to robust compliance programs and self-reporting of violations to state and federal authorities. However, companies operating domestically may not have incorporated the FCPA into their compliance plans. In light of DOJ’s new focus on anti-bribery efforts in the health care industry, companies should take the opportunity to update their compliance plans accordingly.
DOJ has made it clear, however, that an updated compliance plan is but one step in creating a culture of FCPA compliance so a health care company could benefit from the protections afforded by the FCPA Corporate Enforcement Policy. The DOJ expects buy-in from the company’s executive team and warns that corporate failure to support the compliance committee’s efforts will not bode well for those seeking this policy’s protections.
In addition to the usual compliance strategies of policies, risk assessments, training, and audits, companies should develop a detailed response plan so they can act quickly when faced with a potential FCPA situation, as self-disclosure is required “within a reasonably prompt time after becoming aware of the offense” Justice Manual, FCPA Corporate Enforcement Policy §9-47.120(3)(a). This includes items such as identifying team members who will manage the response, identifying third parties with whom the team may need to work, such as legal counsel and a forensic auditing group, and issuing a legal hold to ensure preservation of evidence.
In order to implement this new policy, DOJ has established a partnership between its Healthcare Fraud Strike Force and FCPA prosecutors. The creation of this new partnership, along with DOJ’s latest efforts to spread the word about this new policy, leaves no doubt that DOJ is planning to ramp up its enforcement of the FCPA with respect to health care companies.