On April 8, 2011, Johnson & Johnson ("J&J") entered into a deferred prosecution agreement ("DPA") with the Department of Justice (the "DOJ") and a consent decree (the "Consent Decree") with the Securities and Exchange Commission (the "SEC" and, collectively, the "U.S. Government") resolving criminal and civil liabilities for alleged violations of the Foreign Corrupt Practices Act (the "FCPA") by wholly owned subsidiaries in Greece, Poland and Romania, as well as allegations relating to concerns with regard to the UN Oil for Food Program (the "OFFP"). Simultaneously, J&J announced that it had reached a corresponding agreement with the United Kingdom Serious Fraud Office (the "SFO") (collectively the DPA, Consent Decree and SFO resolution are referred to herein as "Settlements").

In the DPA, the U.S. Government cited: 1) J&J's voluntary disclosure, 2) its thorough internal investigation; 3) its cooperation with the U.S. Government; and 4) the substantial remedial measures undertaken by the company early on to improve its anticorruption compliance program as reasons for substantially reducing the monetary penalties assessed against the company, which were twenty five percent below the minimum range as set out in the DPA from the U.S. Federal Sentencing Guidelines.

This Alert outlines some of the unique components of the J&J Settlements, including the close coordination between prosecutorial bodies in the United States and the United Kingdom, the additional compliance undertakings J&J has committed to implement, and self-monitoring by J&J during the three-year term of the DPA.

Coordinated Global Action

The level of international cooperation in the Settlements illustrates the extent to which foreign and domestic regulators are dedicated to prosecuting corruption on a coordinated, global scale. Perhaps of most interest to multinational companies facing multi-jurisdictional investigations, because of the close coordination between the U.S. and U.K. governments, the U.K. government declined to seek criminal charges against J&J, citing the principles of double jeopardy. Further, the DPA specifically refers to J&J's investigation by and cooperation with the SFO; continued cooperation with the DOJ and SEC is required as part of the Settlements, as well as cooperation with any foreign agency designated by the DOJ.

Enhanced Compliance Commitments

Settlements with the U.S. Government typically include an attachment that outlines the standard, 'best practices' compliance commitments to be undertaken by the company. While those standard compliance commitments are included in the J&J Settlements, through the inclusion of an additional, more detailed set of compliance undertakings, J&J agrees to implement company-specific enhancements to its compliance program. Further, J&J must report to both the SEC and the DOJ every six months for a period of three years regarding the status of those enhancements.

Summarized below are those compliance areas that reflect a heightened commitment by J&J under the DPA:

  • Senior Management Responsibility: In addition to the obligation to assign compliance program responsibility to one or more senior corporate officers, J&J's enhanced compliance obligation adds another level of detail and applies across various management positions. J&J must appoint a senior corporate executive with significant experience with the FCPA "as well as other applicable anti-corruption laws and regulations" as its Chief Compliance Officer ("CCO"), and the CCO must have reporting obligations to J&J's Audit Committee. Further, J&J must appoint a global compliance leadership team comprised of compliance heads within each business segment and corporate function, to oversee the company-wide compliance program.
  • Policies and Procedures: J&J is required to implement specific policies and procedures governing gifts, hospitality and travel. The provisions are intended to cover interactions with government officials, including health care professionals ("HCPs"). This more detailed approach to J&J's enhanced compliance requirements is likely a reflection of the realities of the health care industry and the extensive interactions with government officials including HCPs that qualify as "government officials" under the FCPA.
  • Complaints, Reports, and Compliance Issue: The DPA details the structure and mechanisms for reporting possible violations, including the required composition of oversight committees to include members of J&J's internal audit, legal and compliance functions.
  • Risk Assessments: J&J must conduct annual risk assessments of markets where it has government customers or other compliance risks, and must include a market-level review of trends in interactions with government officials, including HCPs. J&J's compliance program must be adjusted to accommodate for any new risk areas identified.
  • FCPA Audits: J&J must identify its top five "high-risk" operating companies (reviewed annually and updated as necessary) according to stipulated criteria and perform audits of those companies at least once every three years. All remaining companies that pose corruption risk must be audited every five years. The audits must include a review of a statistically representative sample of contracts with and payments to individual HCPs. Further, specific action plans must be developed and 'lessons learned' incorporated into the compliance program. Where "appropriate, feasible and permissible under local law", the FCPA audits must include a review of the books and records of distributors which may present corruption risk.
  • Relationships with Third Parties: In addition to the customary requirements with regard to third party due diligence programs, all new third parties, as well as third parties whose due diligence reviews raise red flags, must be reviewed by regional compliance officers with anticorruption expertise. Provided no red flags are present, J&J's standard due diligence review may be conducted by local businesses and reviewed by local health care compliance officers. J&J must update its due diligence reviews of all third parties at least once every three years.
  • Training: J&J has committed to providing annual anticorruption training to directors, officers, executives and employees who could present corruption risk to the company, as well as enhanced training for all internal audit, financial and legal personnel involved in FCPA audits, due diligence reviews and acquisitions. J&J must provide training to third parties that interact with government officials on the company's behalf at least once every three years.
  • Certifications: Senior managers in each of J&J's corporate level functions, divisions and business units in each foreign country must complete annual certifications, certifying that J&J's local procedures adequately implement J&J's anticorruption policies and procedures, and that the individuals completing the certifications are not aware of any unreported corruption issues.
  • Acquisitions: Prior to acquisition, J&J is required to ensure that thorough anticorruption due diligence of the new business has been conducted by qualified legal, accounting and compliance personnel. If it is not practicable to conduct comprehensive anticorruption due diligence prior to acquisition for reasons "beyond J&J's control", J&J is required to conduct such due diligence post-acquisition and then report any corrupt payments, falsified books and records, or inadequate internal controls to the DOJ. J&J is required to implement its anticorruption polices and procedures in the new business no later than one year post-closing, and to train officers and employees in the acquired company, as well as any third parties that present corruption risk. In addition, J&J is required to conduct an FCPA-specific audit of a newly-acquired business within 18 months of acquisition.

Self-Monitoring

Over the course of the past several years, the DOJ and SEC have cast a more critical eye to the appropriateness of imposing an independent monitor. Starting in 2009 with the Helmerich & Payne settlement, the DOJ has indicated a willingness to permit companies to self-monitor and report during established time intervals. Over the past two years, the U.S. Government has begun to give credit to companies committed to improving their compliance programs by enabling them to self-report on their compliance program improvements, pursuant to schedules and criteria set forth by the DOJ and SEC. With the J&J Settlements, while permitting such self-monitoring and reporting, the U.S. Government has also imposed enhanced compliance commitments beyond those customarily required.

Conclusion: Corruption Risks in the Health Care Sector

Global health care businesses face especially difficult challenges because of unique industry characteristics that increase the likelihood of corruption-related violations. In most international markets, health care companies have extensive interactions with HCPs who are considered government officials for purposes of anti-corruption compliance. Further, HCP activities on behalf of health care companies span a wide range, from consulting services relating to new products, to speaking engagements at congresses and seminars, to investigator roles on clinical trials.

In addition to extensive interactions with HCPs, health care companies are especially dependent on third parties. Third parties are frequently given a significant amount of responsibility in their particular markets or regions; some third parties help health care companies register their products in certain jurisdictions, and enable companies to find, compete for and negotiate new contracts and sources of business. Also specific to the health care industry, third party clinical research organizations (which may in turn consist of government officials) sometimes help companies complete the product testing and research that is necessary prior to approval and during the life of the product. Ensuring adequate approval and oversight over these varied third party relationships puts significant strain on the compliance programs of many health care companies.

The DPA and Consent Decree demonstrate the U.S. Government's continued interest in ensuring that companies in the health care industry comply with the FCPA. DOJ officials have commented publicly about the numerous active investigations within the health care sector, and the DOJ and SEC issued letters to a number of major pharmaceutical companies in June 2010 inquiring into their sales and marketing practices, particularly with regard to the use of third parties in high risk countries. Moreover, the U.S. Government's close cooperation with the SFO in this matter may also indicate a global interest in health care enforcement.

The content of this article does not constitute legal advice and should not be relied on in that way. Specific advice should be sought about your specific circumstances.