Speaking at the American Bar Association’s 10th National Institute on the Civil False Claims Act and Qui Tam Enforcement in Washington, DC, Civil Division Assistant Attorney General Stuart Delery stressed that the DOJ will use the FCA to incentivize companies to do business “the right way” and motivate them to employ best practices to prevent unlawful conduct from reoccurring. Delery specifically cited remedial measures prescribed in the government’s $1.5 billion criminal and civil resolution with Abbott Laboratories around off-label marketing, false claims and kickbacks related to its anti-seizure drug Depakote. In the resolution, Abbott agreed to maintain a standardized risk assessment and mitigation process, self-report all “probable” FDA compliance violations, and have its Board and CEO certify the compliance program.
WHY IS THIS IMPORTANT TO COMPANIES?
Timely and effective remediation can save companies from criminal prosecution and regulatory enforcement proceedings; obviate a government-imposed compliance monitor or independent consultant; and substantially reduce fines, civil penalties and other sanctions.
Companies will not only need to demonstrate that they have identified and quantified the impact of any potential violations, but also that they have conducted a root cause analysis of what went wrong and have taken appropriate corrective measures.
Moreover, enhancing compliance programs has a positive impact from an anti-fraud perspective, which is good for the bottom line. According to the Association of Certified Fraud Examiners’ 2014 Report to the Nations, organizations lose approximately five percent of revenues to occupational fraud and abuse. This estimate does not include waste, abuse, fines, investigative and legal fees, insurance premiums or lost opportunities.
WHAT’S IN IT FOR COUNSEL?
Remediation affords outside counsel with an opportunity to convert individual assignments into long-term business adviser relationships, while also providing in-house counsel with a mechanism to take a more strategic role in investigations and add greater value to the organization.
KEY ACTIONS AND CONSIDERATIONS
DO NOT DELAY – Government expectations are clear: commence remediation immediately. Do not wait until the investigation is complete. It is one thing to assert that the organization will take steps to prevent recurrence; it is quite another to prove that those steps have been identified, considered, and put into action, albeit preliminarily, as the investigation progresses.
MAINTAIN PRIVILEGE – The attorney / client privilege is essential as remediation often uncovers other misconduct. Consider forming two attorney-led work streams: one for the FCA investigation and another for remediation. Separate teams enable counsel to waive privilege to report on remediation, while protecting privilege for the investigation.
CONSIDER A REMEDIATION ADVISER – The United States Sentencing Guidelines suggest that companies include professional advisers in their remediation efforts. Remediation is very different from forensic accounting. Remediation experts work in the absence of a specific allegation or suspicion, and apply specialized knowledge, skills and training to promote recovery and prevent recurrence. Independent assessment of the organization’s remediation efforts carries more weight. Also, the remediation team cannot audit is own work. The government will not consider a remediation adviser to be independent if it develops or implements the remediation plan or serves as the company’s advocate.
CONDUCT A ROOT CAUSE ANALYSIS – The company must understand “why” in addition to the “who, what, where, when and how.” The “Cressey Fraud Triangle” provides a useful and simple framework for conducting root cause analysis in simple matters. The 2013 COSO Internal Control Integrated Framework is recommended for more complex and significant misconduct.
FLUSH OUT OTHER MISCONDUCT – Imagine the consequences if the company, or worse, the government, subsequently discovers that the perpetrators engaged in other wrongdoing or misconduct the company claimed was isolated actually pervades across the organization. With this in mind, companies can gain comfort through an auditing process called “negative assurance,” or conducting audit procedures to search for risk indicators or “red flags.”
LEVERAGE FORENSIC DATA ANALYTICS – Forensic data analytics is an essential tool to prevent possible misconduct in a timely manner. Working with forensic data analytics experts, counsel and the company can develop data-driven “smoke detectors” to prevent recurrence.
REASSESS PERIODICALLY – Remediation programs require periodic review to ensure the effectiveness of remedial efforts.