Aziz Rahman explains

why the latest pharmaceutical bribery scandal emphasises the need for companies

to have a strong compliance policy.

AstraZeneca has become the latest global drug maker to face

financial penalties as part of a probe into companies that paid bribes to boost

sales. In paying $5.5M to settle the allegations, it has shown both the damage

bribery can cause to a company and the authorities’ determination to punish

such behaviour.

According to US legal papers, the firm had been accused of

making improper payments to health care providers in Russia and China. Perhaps

most tellingly, the papers show that from 2005 until at least 2010, AstraZeneca’s

internal accounting controls were incapable of tracking interactions between

its China and Russia subsidiaries and state-appointed healthcare officials in

those countries.

AstraZeneca sales and marketing staff and company managers

at the subsidiaries designed and authorised schemes to use gifts, conference

expenses, travel and cash to influence drug purchasing.

Confirming the settling of the accusations, an AstraZeneca

spokeswoman, announced: “We began enhancing our compliance programme prior to

the start of the investigation. Strong ethics and acting with integrity are

central to AstraZeneca’s code of conduct.”

Prevention

This seems like a classic case of closing the barn door

after the horse has bolted. In recent years, several drugs companies have

reached multi-million dollar settlements in the US for allegedly violating the

Foreign Corrupt Practices Act. In 2014 Chinese authorities fined

GlaxoSmithKline nearly $500 million for bribery offences.

It’s fair to assume that many, if not all, of those

companies wish that they had had enhanced compliance procedures in place before

rather than after incidents of bribery became apparent. Some of them have had

compliance procedures in place but, as the AstraZeneca statement indicates, it

is clear these were either not fit for purpose or properly enforced.

A carefully devised and well-enforced compliance programme

will go a long way towards preventing bribery being carried out in a company’s

name; regardless of where the company is based or where it trades. At the very

least, it gives the company a chance to identify any wrongdoing which, although

the bribery may have occurred, can still be very valuable.

Leniency

If a company can show that it did all it reasonably could to

be legally compliant, this will be taken into account by investigators. This

can be reflected in a lenient sentence.

But such leniency will only be granted if the authorities

can see evidence of:

* A strong anti-fraud culture in the workplace that has been

promoted at all levels of the company.

* A commitment to being aware of (and combating) the risks

of bribery in the geographical areas and business sectors in which the company

trades.

* Commitment to carrying out due diligence regarding anyone

who works with or on behalf of the company – agents, business partners and those

in temporary roles.

* Clear procedures for reporting wrongdoing, which have been

implemented, regularly reviewed and publicised to all staff and associates.

Self-report

At present, the authorities are keen for companies to

self-report any wrongdoing. With Deferred Prosecution Agreements (DPA’s) now part

of the British legal system, a thorough compliance procedure can help a company

identify problems with bribery and enter into negotiations with the relevant

authorities.

And with the UK’s Bribery Act covering the worldwide

activities of any company based in or doing business in the UK, its scope for

prosecutions is large. This makes it particularly important for every company

with a UK connection to make sure its house is in order – wherever it does

business.

As part of a DPA, the prosecutor can tell a company that has

been acting illegally that a prosecution will be deferred or postponed if

certain conditions are met. The conditions could be a fine, payment of reparation

to victims, introducing new preventative measures or subjecting the company to

reviews or ongoing monitoring.

If a company complies with the DPA, it will suffer a far

lesser punishment than if it did not comply with it – or it was not given the

chance to enter into one. But the chances of a company being given the chance

to enter a DPA will be very slim if its compliance procedures are weak or

non-existent.

At a time when bribery is high on the authorities’ agenda,

compliance has to be seen as the prescription for companies looking to ensure a

healthy and legal future.