Eli Lilly’s Remedial Efforts for FCPA Compliance – After the Fact

Yesterday, we covered the news of the $29 million plus settlement entered into by Eli Lilly and Company to stave allegations brought by the Securities and Exchange Commission for violations of the Foreign Corrupt Practices Act (“FCPA”). 

Today, let’s consider the list of remedial efforts undertaken by Eli Lilly to its existing compliance program.  The key for your focus is that Eli Lilly had a compliance program in place during the years that the violations took place in several foreign countries, including internal review and reporting.  The allegations of the Complaint reference transactions 1994 – 2009.  {note that the FCPA went in to effect back in 1977.}

The list of remedial efforts undertaken by Eli Lilly following the alleged misconduct included:
o  enhancing anti-corruption due diligence requirements for relationships with third parties;
o  implementing compliance monitoring and corporate auditing specifically tailored to anti-corruption;
o  enhancing financial controls and governance; and,
o  expanding anti-corruption training throughout the organization.

Even so, the terms of settlement with the SEC include a provision for Eli Lilly to hire an independent consultant to review and make recommendations about its FCPA policies and procedures.  Implication?  Eli Lilly’s own remediation continued to be insufficient for the SEC.

The Eli Lilly case is a textbook example of what compliance is all about:  having policies and procedures in place that function to ensure a prompt investigation of warning signs and an expedient remediation of faulty transactions and systems.  It’s about creating a true culture of compliance throughout an organization.

There is little question in the Eli Lilly case that a compliance program existed throughout the years at issue.  The faults lay in the level of depth of the compliance program being insufficient to curtail and respond to FCPA violations and, more so, for the failure to respond appropriately when blatant problems came to light.

In one such instance, an internal business review of the Russian subsidiary was sent to the Indianapolis headquarters.  A fairly standard response was had from the executive who reviewed it; a notation was made to the effect that “attention” was given to guidelines and training and tightening of use of third-party marketing agreements.  The problem, of course, was that the practices on the ground at the subsidiary continued.  As characterized in the Complaint, “Lilly’s audit department, based out of Indianapolis, had no procedures specifically designed to assess the FCPA or bribery risks of sales and purchases.”

To create a compliance offense that can double as a good legal defense, the lesson from Eli Lilly is to avoid a corporate culture that only gives lip service to compliance and check-the-box to compliance policies.  The SEC is making clear that it’s not just what you put on paper.  It’s what you demonstrate you understand.