It is interesting to compare how the Justice Department handles compliance issues in different contexts.
The Justice Department, with the Office of Inspector General/Health and Human Services, enters into Corporate Integrity Agreements to prevent off-label marketing violations, anti-kickback and False Claims Act violations. CIAs are very detailed and prescriptive, and are enforced by the OIG using administrative procedures. The CIA is not filed in court but administered by the OIG.
In contrast, Schedule C is enforced by a court if it is part of a Deferred Prosecution Agreement, and by the Justice Department if it is part of a Non-Prosecution Agreement. In the case of an NPA, the Justice Department’s only remedy is to file or refile a criminal case against the company which violates the NPA.
With the aggressive growth of healthcare fraud and corruption prosecutions, the number of requirements imposed by CIAs and Schedule C has increased dramatically. Prosecutors and regulators are obviously frustrated by their perception (whether right or wrong) that companies are not taking compliance seriously. As a result, the compliance requirements have become more detailed and prescriptive.
A comparison of CIAs and Schedule C shows a number of similarities in purpose but not in the mechanisms to achieve compliance. At bottom, CIAs and Schedule C seek to regulate or influence specific interactions between company representatives and a class of customers. Adding to the complication, Schedule C also focuses on interactions between third parties, acting on behalf of a company, and foreign government officials.
CIAs are focused on pharma and medical device marketing representatives and doctors or other service providers in order to prevent marketing representatives from promoting off-label uses, engaging in kick-backs or other improper influences. Schedule C is intended to prevent improper payments to foreign government officials.
It is interesting to compare the specific mechanisms used in CIAs to more general requirements listed in Schedule C, particularly enhanced requirements. CIAs provide some interesting ways in which to ensure compliance with the overall proscription.
CIAs require detailed review and monitoring programs for interactions between sales representatives and health care providers and institutions. In contrast, Schedule C has general requirements for monitoring activities of third party agents, consultants and distributors but there is no prescribed procedure for that requirement.
Given the significant risk that third parties create for global companies, there are ways in which to increase a company’s ability to monitor such interactions, including new technologies (from the health care sector) for reporting or collecting data on a real-time basis on the substance of an interaction between a third party and a foreign government official; additional contractual obligations for reporting on a regular basis; and specific auditing programs of third parties as contemplated in Schedule C requirements in recent DOJ FCPA settlements.
To help focus this comparison, I put together the following chart. The specific details can vary among CIAs or Schedule C settlements but I tried to describe the general picture.
CIA and Schedule C
|
Compliance Program Element |
Corporate Integrity Agreement |
Schedule C |
|
Chief Compliance Officer |
Yes |
Yes, and for each division or sector |
|
Term |
5 years |
2-3 Years |
|
Corporate Board |
Specific compliance and certification requirement for each Board member |
Yes. No certification |
|
Management Accountability |
Specific compliance and certification requirement for designated senior managers |
Yes. No certification |
|
Written Code of Conduct |
Distribution and certification requirement |
Distribution and certification requirement |
|
Third Parties |
Distribute code of conduct and compliance program and certification by each Third Party that it has “substantially comparable” code of conduct and compliance program |
Distribute compliance program, certification and training |
|
Policies and Procedures |
Policies and procedures: to conduct Promotion Functions; to conduct Product Related Functions; to provide reimbursement support; to distribute materials and information by sales representatives, and medical affairs office (including a tracking requirement for Product Inquiries); to monitor interactions between medical personnel and health care providers and institutions; to provide product samples; to fund charities, grants or education programs; to review all promotional materials prior to distribution; to avoid financial incentives for sales persons to engage in illegal conduct; to monitor sponsorship of clinical trials, authorship of publications |
Policies and procedures for gifts, meals, entertainment expenses; charitable donations and sponsorships; political contributions; facilitation payments; and solicitation and extortion; Due diligence review and monitoring program for third party intermediaries |
|
Training and Education |
One hour of general training; three hours annually of specific training for sales and product related personnel; one hour for Board of Directors training; certification requirement |
Periodic training and annual certification by Board management and employees, and third parties |
|
Review |
Company must hire “Independent Review Organization” to assess and evaluate Promotion and Product Related Functions: IROs conduct two types of reviews: A Systems Review and a Transactions Review with detailed requirements for each |
No specific requirement |
|
Disclosure and Complaints |
Company must maintain disclosure and complaint process to report suspected violations outside supervisory chain which shall include non-retaliation policy and anonymous reporting mechanism; and requirement that Company review allegations and maintain log of review and any actions |
Same except for action requirement and log of actions taken |
|
Reportable Events |
Mandates disclosure of potential civil or criminal violation |
Same for anti-corruption violations |
|
Field Force Monitoring Program |
Detailed system to evaluate and monitor sales force interactions with health care providers and institutions, including speaker monitoring, record gathering, observations |
Conduct periodic review and testing of its anti-corruption compliance program; Due diligence review of third parties and monitoring; specific audits of high-risk operations |
|
Health Care Provider, Research, Publication and Medical Education Monitoring |
Company is required to monitor activities of health care providers hired as consultants and company-financed research activities |
Same as above |
|
Disclosure Requirements |
Company is required to disclose medical education grants, charitable contributions, payments to consultants, clinical trials, and post-marketing research |
No requirement |
|
Reporting |
Implementation Report within 180 days; annual reports |
Annual report |
|
OIG Inspection, Audit and Review Rights |
OIG has detailed rights to audit, review and inspect any aspect of the Company’s operations related to the CIA |
None |
|
Stipulated Penalties |
Range from $1500 to $5000 per day per violation depending on type of violation |
None |
|
Material Breach and Exclusion |
Company may be excluded from industry for a material breach, subject to right to cure and dispute resolution procedures |
If DPA, contempt power |
|
Risk Assessments |
None |
Basic requirement and targeted requirement in high-risk countries on periodic basis |
|
Acquisitions |
Applies to all acquired companies |
Applies to acquired companies but one year to 18 month period for integrating new company into anti-corruption compliance program |
|
|
|
|
