Swiss pharmaceutical giant Novartis is paying $345 million to settle civil and criminal FCPA charges for misconduct in Greece, Korea, and Vietnam. As usual, compliance professionals have an abundance of lessons to learn about internal controls, policies and procedures, and effective compliance programs.
The breakdown is $233 million to the Justice Department for the criminal case, plus another $112 million to the Securities and Exchange Commission for related civil charges. Novartis will not need to hire a compliance monitor, but will have a three-year deferred prosecution agreement.
The misconduct happened in the early and mid-2010s in several ways. In Greece, Novartis executives paid to send doctors and hospital officials to medical conferences, including conferences in the United States and elsewhere in the world. In Korea, Novartis executives funneled improper payments to medical professionals via third-party medical journals that passed along the payments to the doctors.
In Vietnam, Novartis’ eye care subsidiary Alcon worked with local distributors to bribe healthcare professionals there. Novartis spun off Alcon as an independent business in 2019, so technically the Vietnam subsidiary Alcon Pte Ltd. has its own three-year DPA for this misconduct. For our purposes here we’re going to treat all of this as one big mess of misconduct and teachable moments.
Indeed, there are so many nooks and crannies of FCPA enforcement in this settlement that we’ll probably explore the case across several posts. For today, in honor of Greece reopening to international tourists, we’ll start there.
The Conference Travel Scheme
One scheme in Greece was to send doctors and other healthcare professionals, who are government employees in that country, to medical conferences in Europe and the United States.
For example, Novartis would pay a sponsorship fee for a conference, which would entitle the company to send a certain number of people to the event. Then Novartis would cover all travel costs for selected doctors, usually through a third-party travel service. According to the Justice Department criminal information against Novartis, those costs would typically run at least $6,000 per doctor sent.
Of course these trips were not simply to further the frontiers of medical knowledge. In exchange for Novartis sending the Greek doctors to these conferences, the doctors were expected to purchase or prescribe more of Novartis’ drug Lucentis, used to treat macular degeneration.
At this juncture, let’s remember that a company can spend money to court government officials — including travel costs to bring said official to a symposium or conference. Such a move is risky and unwise, and you’d need extensive documentation to demonstrate that your motivations are pure; but at least in theory, you can do it. It’s not an ipso facto violation of the FCPA.
Novartis executives, however, actually documented the opposite: that the travel costs they were showering on Greek doctors were specifically so that the doctors would buy more from Novartis, and if that didn’t happen, neither would the free trips.
For example, at one meeting of the sales team in 2012, the minutes stated that Greek doctors “must understand that their participation in [specific congresses in the United States and Europe] will be cancelled if sales performance is not improved significantly.” Further down, another note said that Novartis sales execs “must make clear to their [HCP] customers that Lucentis is facing real difficulties in the market and for this reason there will be serious consequences.”
You get the picture. Executives knew that they were handing out travel goodies to medical professionals with the express intent of driving up drug sales. So there’s the criminal trouble.
‘Investments’ in High-Value Customers
Once Novartis executives were using the conferences as a vehicle to entice doctors to prescribe more Lucentis, they were also violating the books-and-records portion of the FCPA too. The company was recording those sponsorship and travel costs as legitimate advertising and promotion expenses, when the whole operation was a front to provide the doctors something of value in exchange for buying more product.
Even more interesting is that Novartis had a rather sophisticated system to track the spending habits of these doctors. Executives flagged certain doctors as “Key Opinion Leaders” and then devised action plans to influence these “KOLs.” Those action plans would include providing the doctors with “investments” to induce them to prescribe more Lucentis. As the SEC settlement order said:
This was internally described as a return on investment (“ROI”), and sales and marketing staff were encouraged to plan their activities so as to maximize ROI. In strategy planning documents within the Ophtha business franchise, sales staff remarked that HCPs were reminded of their investment and obligation to prescribe. If an HCP was not meeting their return on investment, investment activities were reduced or eliminated.
This intrigues me so much because it’s the type of misconduct that astute data analytics could uncover, even if your accounting controls and documentation lagged behind.
If the marketing team can rank the company’s most promising customers (and rest assured, it can); and accounting can track the company’s spend per customer (which it should) — then clever data analytics can cross-reference those lists to see which high-value targets are getting showered with “investments.”
You’d still need some policies in place to assure that you’re collecting the necessary data to perform the right analysis. For example, you would need a list of all persons attending a conference where the company has paid a sponsorship, including non-employees. You’d need clarity that an invoice from Joe’s Travel Agent Inc. related to which specific event, attended by which actual people, and so forth.
Still, as data analytics goes, if you have all that data the analysis isn’t hard to do. Then you can see the high-value sales prospects who are getting lots of corporate “investments,” and start asking more questions.
All of this presumes, however, that the compliance officer has access to all this data in the first place — which is exactly what the Justice Department just stressed in its latest guidance about effective compliance programs. As that fresh guidance said:
Do compliance and control personnel have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions? Do any impediments exist that limit access to relevant sources of data and, if so, what is the company doing to address the impediments?
That might be the most useful lesson from this particular branch of the Novartis settlement. We’ll save the rest for another day.