Last year, Stryker Corporation joined a rather ignominious list of recidivists under Foreign Corrupt Practices Act (FCPA) enforcement annuls. The company had previously sustained a FCPA enforcement action back in 2013, paying a penalty to the Securities and Exchange Commission (SEC) of $3.2 million, together with disgorgement and interest of $9.7 million for a total fine and penalty to the SEC of $12.9. The first FCPA enforcement action involved conduct in multiple countries from 2003 to 2008 and was settled via a Cease and Desist Order (prior Order). 

In this second penalty in 2018, the company paid a fine of $7.8 million to the SEC. It was settled via a Cease and Desist Order (Order). It involved conduct from 2010 to 2017, each means that the FCPA violative conduct occurred after Stryker had settled its initial FCPA enforcement action. The bribery schemes involved in this second SEC fine were in several countries including India, Kuwait and China. Each of these bribery schemes provides multiple lessons to be learned by the compliance professional. 

Over the next two blog posts, I will discuss this second enforcement action as it has several unique aspects which I wish to drill down in some detail. Stryker’s sales models was the traditional distributor model in China and Kuwait and the dealer model in India. Every Chief Compliance Officer (CCO) which uses these models should study this Stryker enforcement action in some detail. However even if your organization does not use these sales models, it is important that a compliance practitioner understand the risks of these sales models so that if your organization considers using them, you can not only point out the risks but also have a risk management strategy in place. 

India

The largest portion of the Order dealt with the company’s operations in India. The business model Stryker used was dealers and although it does not explicitly state, it appears the dealers were close to a distributorship sales model. The dealers purchased Stryker products at a discount and then sold the products at an uplift over their costs. However in a twist from the standard distributor model, the dealers were not free to negotiate their sales prices with customers: hospitals, doctors and health care providers (HCPs) but rather “Stryker India authorized these dealer transactions only after Stryker India’s management negotiated and approved the price that the hospitals would pay to the dealers. Thus, in determining the price charged to dealers, Stryker India’s management and the dealers specifically negotiated the profit margin such dealers would stand to earn based on the difference between what hospitals paid the dealers and what the dealers paid Stryker India.”

This Stryker policy of negotiating the cost structure would seem to have been a risk management strategy but the purchasers of Stryker products from the dealers would then request and receive from the deals an inflated invoice, with a price at an uplift above the agreed upon pricing. These inflated costs were passed on to the HCP’s patients, customers and their insurers. The HCP would pay the agreed upon price structure and pocket the uplift paid by the patients, customers and their insurers. It is not clear from the Order if this uplift was pocketed by individuals as bribes or simply fraudulent over-charging by the HCPs. 

After complaints were made to Stryker’s India subsidiary (Stryker India), the company initiated an investigation of certain dealers. The internal investigation “uncovered evidence of such overbilling by one dealer when it conducted audits of three dealers in 2012. Yet Stryker failed to devise and maintain a system of internal accounting controls sufficient to detect, address, and prevent this widespread practice at the dealer level, which violated Stryker’s own policies governing the activities of Stryker India’s dealers.”

Even worse for Stryker, in 2015, it “performed audits of other dealers in India. The audits revealed that the practice of Stryker India’s dealers inflating invoices for the sale of Stryker orthopedic products to certain private hospitals – an improper practice identified three years earlier in connection with the 2012 audits – had become more widespread. Certain private hospitals in India (mostly large, corporate hospitals) routinely asked dealers to mark up the cost of the orthopedic products above the price that those hospitals had directly negotiated with Stryker India and actually paid to Stryker India’s dealers. In doing so, dealers allowed these private hospitals to gain a windfall from passing on the higher (invoiced) prices to their patients or their insurance companies.”

Kuwait

Here the company had a traditional distributor model which sold Stryker products to state-owned hospitals. The bribery scheme was more straight-forward, as “From 2015 through 2017, the Kuwait Distributor made over $32,000 in improper “per diem” payments to Kuwaiti HCPs to attend Stryker events, when Stryker had directly paid the costs for lodging, meals, and local transportation for these individuals. Stryker had in place certain internal accounting controls relating to third parties that limited transactions to those that complied with their contractual undertakings to adhere to Stryker’s anti-corruption policies and procedures.”

During this time period Stryker attempted to audit its third-party distributor and the distributor denied the attempted audit. The Order stated, “When Stryker sought to exercise its audit rights under its distribution agreement with the Kuwait Distributor to review records to determine whether improper payments had been made to any government official, the Kuwait Distributor denied access.” Stryker had not before attempted to audit or otherwise review the Kuwait Distributor’s records to determine whether it was complying with Stryker’s policies even though Stryker had previously received a complaint from a former employee of the Kuwait Distributor alleging that the “Kuwait Distributor paid bribes in connection with the sale of Stryker products.” The Order went on to state, “Stryker failed to sufficiently implement policies to test or otherwise assess whether the Kuwait Distributor would allow the company to exercise its audit right to review records”. 

China

Once again, the sales model for Stryker in China was through the distributor model. There was one state-owned distributor who would then distribute the company’s products through sub-distributors. The Order noted, “From 2015 through 2017, at least 21 sub-distributors of Stryker’s Sonopet products in China were not vetted, approved, and trained by Stryker in accordance with its internal accounting controls. During that time, the sale of some Sonopet products to hospitals involved third, fourth, and even fifth tier sub-distributors, none of which were subjected to due diligence approval or training.” Moreover,  “Stryker China employees worked directly with these unauthorized sub-distributors, and at other times installation records were falsified to hide the involvement of the unauthorized sub-distributors in the sale of Sonopet products.”

Stryker had a third-party management system which consisted of the five-steps of risk management: (1) business justification, (2) questionnaire, (3) due diligence, (4) compliance terms and conditions and (5) management after contract execution. There was no evidence presented in the Order that, of the 21 unauthorized distributors identified, the company followed this process. 

Statutory Violations

In India, Stryker was hit with the double whammy of both books and records violations and lack of effective internal controls. Under the books and records, from 2010 through 2015, Stryker’s Indian subsidiary “failed to make and keep complete and accurate books and records that reflected its transactions and disposition of assets. In particular, Stryker India recorded potentially problematic payments to its dealers and to HCPs [health care providers], some of which lacked any supporting documentation reflecting a clear business purpose.” Even when the company did perform a forensic review of the subsidiaries “general ledger for the period 2010 through 2015 found a complete lack of documentation for 144 out of 533 transactions selected as a sample of Stryker India’s highest-risk and most compliance-sensitive accounts. The missing documentation encompassed transactions of nearly every high-risk category, including: consulting payments to HCPs, payments of travel and lodging for HCPs, payments to event organizers, discounts on the price of Stryker products to dealers, commissions awarded to dealers, and marketing expenses.”

In the area of ineffective internal controls the Order stated, “even after the 2012 audits revealed evidence of dealers not complying with Stryker policies — as required by their contracts with Stryker India — and of hospitals requesting invoices with prices higher than the prices that Stryker India had specifically negotiated with such hospitals, Stryker failed to devise and maintain a system of internal accounting controls designed to detect and prevent dealers from engaging in the practice of inflating invoices to certain private hospitals for the sale of Stryker orthopedic products.”

In both China and Kuwait, the company failed in its internal control regime. In China, “Stryker’s failure to vet, approve, train, and monitor its distributors and sub-distributors in China in accordance with the company’s policies, increased the risk of bribery and other improper payments in connection with the sale of Stryker products. Stryker failed to implement its internal accounting controls to detect and prevent the use of these unauthorized sub-distributors in China.” In Kuwait, “Stryker failed to implement its policies to test or otherwise assess whether the Kuwait Distributor was complying with Stryker’s anti-corruption policies.”

The Comeback

How did Stryker make a sufficient comeback from these abject failures even though it had sustained a prior FCPA violation and some of the conduct in this second FCPA enforcement action occurred after the prior Order was entered into in 2014? It apparently started with a robust internal investigation and extensive cooperation with the SEC. However, the company also worked quite diligently to remediate its compliance program. 

The Order related a wide range of remedial actions engaged in by Stryker. These included:

1. enhanced and updated compliance policies, procedures, and best practices for Stryker India; 
2. new compliance measures with additional internal controls around (i) the monitoring of Stryker’s relationship with HCPs and indirect sales channels, including dealers and distributors, (ii) reducing the risk of unauthorized business practices in India, and (iii) due diligence of third-parties, including all sales models used by the company; 
3. increased compliance training of all Stryker India employees and local management, including an FCPA compliance workshop for Stryker India’s leadership team; 
4. a new centralized system for dealer documentation [Document, Document, and Document] and a modified dealer commission structure which was designed to increase transparency around the payment of commissions to dealers in India; 
5. compliance audits related to marketing events, event documentation, and employee reimbursements in India; and 
6. audits of dealers’ and distributors’ business practices in India. Further, Stryker terminated certain senior employees at Stryker India, appointed new leadership to head Stryker India, and sent a notice of termination to the Kuwait Distributor.

The company also “fortified its existing compliance program, which is designed to prevent, detect, and remediate potential misconduct. This program develops, maintains, and implements corporate policies and standard operating procedures setting forth specific due diligence and documentation requirements for relationships with foreign officials, HCPs, consultants, and distributors.”

The fact that Stryker was under a previous FCPA enforcement action (prior Order) may have actually helped it in this situation as it was able to bring the matter to the attention of the SEC and most probably had at least a working relationship with them that allowed it to move swiftly and expeditiously on these remediation elements. 

Lessons Learned

The dealer sales model is not one which has previously been the subject of a FCPA enforcement action. It therefore behooves any business using this sales model to study the Stryker FCPA enforcement action. It would have appeared the dealer model was a risk management strategy to protect against the abuses seen in other FCPA enforcement actions involving distributors where the discount granted to the distributor was used as the pot to generate funds for bribery. However, Stryker apparently had not considered the fraud and corruption of the customer in this equation. It is not clear from the Order if the dealer approached the customers with this bribery and fraud scheme or if the customer approached the dealers but the fact pattern makes clear the need for controls around billing by dealers even if the corporate parent sets the pricing. 

In Kuwait the bribery scheme was outlandish per diems, which were paid to HCPs when they attended conferences. This is a well-known bribery scheme. But the greater problem for Stryker was that its distributor rejected any attempts to audits its books and records for suspicious or corrupt payments. This is different from having an audit clause and not invoking it. The clear bottom line in this scenario is that if any third-party fails to (1) allow the insertion of an audit clause into your contract or (2) fails to allow an audit, even in the face of a legally existing right to do so; run, don’t walk, away from this third-party. 

In China there was a combination of corruption schemes that we have previously seen. The first was to append corrupt sub-distributors to a previously approved distributor. This was close to one of the schemes in the 2018 Panasonic Avionics FCPA enforcement action, there corrupt agents were appended to previously approved agents. A similar scheme involving sub-agents was found in 2014 Hewlett-Packard FCPA enforcement action. In the Stryker case the company had actual knowledge that the corrupt sub-distributors were being used, as the Order stated, “At times, Stryker China employees worked directly with these unauthorized sub-distributors, and at other times installation records were falsified to hide the involvement of the unauthorized sub-distributors in the sale of Sonopet products.”

When you have business unit employees defrauding the corporate office en masse you have a very big problem. Whether the Chinese business unit employees were instructed to do so by subsidiary management or it was just antipathy for the home office, it portends a much larger cultural problem which may well take some time to remedy. 

The second Stryker FCPA enforcement action provides multiple lessons for every compliance practitioner. You should study this and the prior Order so that hopefully your company will not move into the FCPA recidivist category.