BITTER PILL Aziz Rahman explains why the latest pharmaceutical bribery scandal emphasises the need for companies to have a strong compliance policy. 15 September 2016 8 months ago AstraZeneca has become the latest global drug maker to face financial penalties as part of a probe into companies that paid bribes to boost sales. In paying $5.5M to settle the allegations, it has shown both the damage bribery can cause to a company and the authorities’ determination to punish such behaviour. According to US legal papers, the firm had been accused of making improper payments to health care providers in Russia and China. Perhaps most tellingly, the papers show that from 2005 until at least 2010, AstraZeneca’s internal accounting controls were incapable of tracking interactions between its China and Russia subsidiaries and state-appointed healthcare officials in those countries. AstraZeneca sales and marketing staff and company managers at the subsidiaries designed and authorised schemes to use gifts, conference expenses, travel and cash to influence drug purchasing. Confirming the settling of the accusations, an AstraZeneca spokeswoman, announced: “We began enhancing our compliance programme prior to the start of the investigation. Strong ethics and acting with integrity are central to AstraZeneca’s code of conduct.” Prevention This seems like a classic case of closing the barn door after the horse has bolted. In recent years, several drugs companies have reached multi-million dollar settlements in the US for allegedly violating the Foreign Corrupt Practices Act. In 2014 Chinese authorities fined GlaxoSmithKline nearly $500 million for bribery offences. It’s fair to assume that many, if not all, of those companies wish that they had had enhanced compliance procedures in place before rather than after incidents of bribery became apparent. Some of them have had compliance procedures in place but, as the AstraZeneca statement indicates, it is clear these were either not fit for purpose or properly enforced. A carefully devised and well-enforced compliance programme will go a long way towards preventing bribery being carried out in a company’s name; regardless of where the company is based or where it trades. At the very least, it gives the company a chance to identify any wrongdoing which, although the bribery may have occurred, can still be very valuable. Leniency If a company can show that it did all it reasonably could to be legally compliant, this will be taken into account by investigators. This can be reflected in a lenient sentence. But such leniency will only be granted if the authorities can see evidence of: A strong anti-fraud culture in the workplace that has been promoted at all levels of the company. A commitment to being aware of (and combating) the risks of bribery in the geographical areas and business sectors in which the company trades. Commitment to carrying out due diligence regarding anyone who works with or on behalf of the company – agents, business partners and those in temporary roles. Clear procedures for reporting wrongdoing, which have been implemented, regularly reviewed and publicised to all staff and associates. Self-report At present, the authorities are keen for companies to self-report any wrongdoing. With Deferred Prosecution Agreements (DPA’s) now part of the British legal system, a thorough compliance procedure can help a company identify problems with bribery and enter into negotiations with the relevant authorities. And with the UK’s Bribery Act covering the worldwide activities of any company based in or doing business in the UK, its scope for prosecutions is large. This makes it particularly important for every company with a UK connection to make sure its house is in order – wherever it does business. As part of a DPA, the prosecutor can tell a company that has been acting illegally that a prosecution will be deferred or postponed if certain conditions are met. The conditions could be a fine, payment of reparation to victims, introducing new preventative measures or subjecting the company to reviews or ongoing monitoring. If a company complies with the DPA, it will suffer a far lesser punishment than if it did not comply with it – or it was not given the chance to enter into one. But the chances of a company being given the chance to enter a DPA will be very slim if its compliance procedures are weak or non-existent. At a time when bribery is high on the authorities’ agenda, compliance has to be seen as the prescription for companies looking to ensure a healthy and legal future.