Recent FCPA enforcement action dishes up important compliance reminders

by Mike Koehler May 7, 2019

The U.S Department of Justice and Securities and Exchange Commission (SEC) recently announced a  Foreign Corrupt Practices Act (FCPA) enforcement action against German-based medical device company, Fresenius Medical Care, resulting in an approximately $232 million settlement. If you’re not familiar with the FCPA, the law prohibits business organizations from paying or offering money or other things of value, directly or indirectly,  to foreign officials to influence their discretion in obtaining or retaining business.

This wide-ranging enforcement action against Fresenius serves as an important reminder for compliance professionals in all industries regarding several prominent FCPA enforcement practices. Below are a few compliance takeaways that you can apply to your business.

FCPA enforcement defines “foreign officials” as a more extensive category than you may realize

The FCPA enforcement action against Fresenius alleged improper relationships with physicians, nurses, and hospital administrators associated with various foreign healthcare systems. Given that Congress intended for “foreign officials” to mean traditional government officials, such as national presidents and prime ministers, it may surprise you that health officials are considered foreign officials by the U.S. government, but this enforcement theory has been prominent for at least a decade.

Compliance officers in the health care sector need to be aware of this and communicate it to any employees in the global marketplace who may have points of contact with this expansive category of alleged “foreign officials.” Indeed, without first understanding which points of contact in the global marketplace are subject to the FCPA, many subsequent compliance practices may be for naught.

Under FCPA enforcement policy, “anything of value” means just that

Under the FCPA, “anything of value” is a broad category. The items of value offered to physicians, nurses, or hospital administrators by Fresenius included gifts, side trips and extra day accommodations for physicians in connection with travel to medical conferences, donations to charities or projects of importance to the physicians, educational benefits, payment through sham consulting contracts for non-existent services, and providing free shares in various business entities.

Having a strong internal control environment is key

In the Fresenius case, the government was critical of Fresenius’s lack of an FCPA-required internal control environment. For instance, the SEC found (among other internal control deficiencies) that Fresenius failed to properly assess and manage its worldwide risks; devote sufficient resources to compliance, including failing to assign a compliance officer to high-risk regions; adequately train employees on its anti-corruption policies; and engage in sufficient due diligence of third parties.

Minimize FCPA risk

FCPA risk is best minimized when compliance is approached as a team effort among your accounting, finance, and auditing departments. With high levels of collaboration, problematic corporate expenses can be prevented.

Mike Koehler

Professor Mike Koehler runs the FCPA Professor website, described as the "Wall Street Journal concerning all things FCPA related." His expertise and views are informed by a decade of FCPA practice experience.