Marc Alain Bohn, Miller & Chevalier

Orthofix International in January entered into its second Foreign Corrupt Practices Act (FCPA) settlement in less than 5 years, resolving allegations with the U.S. Securities and Exchange Commission that the company’s Brazilian subsidiary made improper payments to doctors at government-owned hospitals in Brazil to increase sales.

Orthofix consented to the entry of two SEC orders instituting cease-and-desist proceedings against the company: a $6.1 million order centered on alleged violations of the FCPA and an $8.25 million order focused on non-bribery-related securities violations.

The FCPA prohibits corruptly providing anything of value to a “foreign official,” including doctors at state-owned hospitals, for the purpose of obtaining or retaining business. It also requires U.S. securities issuers to maintain accurate books and records and implement sufficient internal accounting controls.

Orthofix (Lewisville, Texas) self-disclosed the FCPA issues at its Brazilian subsidiary per the terms of its 2012 deferred prosecution agreement (DPA) with the Department of Justice (DOJ).  DOJ and the SEC followed up with new investigations, and DOJ twice extended the DPA term while the investigation was pending. The DOJ ultimately decided to take no further action and allowed the DPA to expire in August 2016.  The SEC came to a different conclusion.

The Orthofix case serves as a cautionary tale for companies trying to stay out of trouble and offers five clear lessons:

1. Standardize or centralize approval of third party commissions and discounts. According to the SEC, Orthofix’s decentralized structure allowed its Brazilian subsidiary to (a) easily evade existing policies and controls to pay high commissions and discounts that funded improper payments; and (b) record these expenses as legitimate.
2. Actively monitor payments and discounts provided to third-party intermediaries to ensure they are reasonable and consistent with contract terms. The SEC alleged that Orthofix channeled bribes through its third-party sales representatives and distributors in several ways, including paying inflated commissions, providing excessive discounts, and paying for services never rendered.
3. Fully and promptly remediate compliance issues when they arise. According to the SEC, Orthofix failed to remediate the compliance issues identified in its 2012 enforcement action. As a result, gaps in the company’s third party controls persisted and were not addressed until after the discovery of the Brazil conduct in late 2013.
4. Ensure periodic training to relevant employees and, where appropriate, key third parties to prioritize compliance and keep channels of communication open. The SEC Order asserts that in addition to gaps in controls, Orthofix lacked adequate training and a corporate culture to enable Brazilian employees to raise compliance concerns to the parent level.
5. Conduct periodic compliance-focused audits and assessments, particularly in high-risk markets. The SEC Order suggests that Orthofix ultimately identified the Brazil conduct in late 2013 because of efforts the company was making to improve its compliance program following its 2012 enforcement action.

While it is not possible to eliminate corruption risk, medical device companies are much more likely to avoid running afoul of the FCPA if they can learn from Orthofix’s missteps and continue to update their programs to confront evolving compliance challenges.

Marc Bohn is Counsel in the FCPA & International Anti-Corruption Practice at Miller & Chevalier in Washington, D.C.