Mon, May 4, 2020

Emerging Risk Trends in the Medical Device Industry: Whistleblowing, Anti-Bribery, Corruption Law and Enforcement

In recent years, the medical device industry has been in the spotlight and subject to increased scrutiny by government regulators. The U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have pursued several companies in the medical device industry for a number of Foreign Corrupt Practices Act (FCPA) violations, including kickbacks with foreign health departments, payments to consultants in hospitals, unjustified fees and using excessive means to influence healthcare professionals.

As the pharmaceutical and medical device industries grow at a significant rate, the potential for bribery and corruption allegations increases. The European Union has identified six main typologies of corruption in the medical device industry:

  • Bribery in medical service delivery

  • Procurement corruption

  • Improper marketing relations

  • Misuse of high-level positions

  • Undue reimbursement claims

  • Fraud and embezzlement of medicines and medical devices

Corruption in the medical industry can range vastly from a pharmaceutical company bribing a doctor to prescribe medicine irrespective of a health need, to a government employee facilitating the infiltration of substandard medicines into the distribution system for kickbacks.

The several surveys have found that across all industries, the highest number of company executives who believe that it is common practice to use bribery to win contracts work in the medical device industry.

In many countries, healthcare professionals (HCPs) or health fund administrators are employees of the government, or work at public institutions and are, therefore, considered “public officials” under many bribery laws. Generally, anytime public officials are involved, there is a greater chance of bribery and other forms of corruption.

Companies in the medical industry also frequently rely on sales intermediaries and other third parties, and this may also lead to a higher risk for corruption because of the greater number of people involved and a greater number of hands in the pot.

The last decade has seen a dramatic rise in the number of whistleblowers in the pharmaceutical industry. The SEC noted a 20% increase in the number of whistleblower tips received in the first quarter of 2015 when compared with the same period in 2014. Enforcement culture is changing, which means compliance culture must also change to keep pace.


A combination of measures is being applied by regulators and enforcement agencies to monitor and encourage compliance with anti-bribery and corruption (ABC) legislation by the life sciences sector.

The expanding workforce and budgets of enforcement agencies, particularly in the UK and U.S., are increasing the capacity of enforcement teams to investigate more cases. Driven by an ethical political mindset, governments are providing extra funding for law-enforcement resources when requested.

The drive for increased enforcement has also led to the issuance of larger fines and other penalties. As such, companies need to consider their global operations and disclosures in multiple jurisdictions.

European Union

The European Commission published its Updated Study on Corruption in the Healthcare Sector in 2017. The study found that bribery associated with medical service delivery remains one of the main challenges of ABC enforcement. This is particularly true in many eastern and southern European member states.

The study also found that corruption related to granting privileged access to healthcare or potential risks is prevalent across the EU and is not isolated to member states with a high perception of corruption.

In an effort to combat corruption, the EU passed Regulation 2017/245 on Medical Devices (MDR) in 2017. The regulation provides that for each device, manufacturers must have a documented risk management plan, identify and analyze known and foreseeable hazards, estimate and evaluate the associated risks and eliminate or control those risks.

The new risk management plan requirements must be in place by May 26, 2020. This regulation adopts a more universally risk-based approach compared to EU Medical Device Directive 93/42/EEC (MDD), which was previously effective (and is still effective during the transition period prior to May 26, 2020).

Anxiety has grown among companies about how to comply fully with stricter standards in time to continue sales in the bloc after the deadline. From an operational standpoint, companies are anticipating a significantly more costly path to compliance. Market access will require companies to conduct deep portfolio audits to determine the full financial impact of the regulation.

United States

For U.S. regulators, the medical sector has been an increasing focus for ABC enforcement, particularly under the FCPA. Charles Cain, FCPA unit Chief of the SEC Enforcement Division, remarked on the prevalence of pay-to-prescribe bribery in the pharmaceutical industry, foreshadowing a continuation of the trend of increased enforcement: “While bribery risk can impact any industry ... more work needs to be done to address the particular risks posed in the pharmaceutical industry.”

Several recent cases illustrate law enforcement’s increasing focus on the medical device industry. For example:

  • In January 2017, medical device maker Zimmer Biomet Holdings Inc. agreed to pay $30.5 million to resolve DOJ and SEC investigations into the company’s “repeat” violations of the FCPA.

  • In September 2017, Alere agreed to pay more than $13 million to settle charges that it committed accounting fraud through its subsidiaries to meet revenue targets and made improper payments to foreign officials to increase sales in certain countries.

  • In February 2012, Smith &Nephew PLC’s U.S. subsidiary, Smith & Nephew Inc., agreed to pay a $16.8 million fine to settle parallel criminal charges announced by the U.S. Department of Justice. For its subsidiaries bribing public doctors in Greece for more than a decade. 


Other Laws and Standards

Other laws and standards to be aware of include:

  • The revised Code of Practice issued by the International Federation of Pharmaceutical Manufacturers & Associations (IFPMA). This revised code went into effect on January 1, 2019. It provides for ethical practices in line with societal expectations and has historically been revised as general societal standards change. Though the IFPMA does not make laws, regulators may look to its standards to set the tone for enforcement. 
  • Generalized national ABC outside of the U.S., including the UK Bribery Act, South Korea’s Kim Young-ran Act or Brazil’s Clean Companies Act. Although these laws are not specific to the medical device industry (much like the FCPA prosecutions described above), prosecutors in countries with ABC laws are also keeping a close watch on medical companies.


C-Suite Changes

Due to increased regulations holding high-level medical device employees such as CEOs, board chairs and other c-suite executives responsible for corrupt company activities, these high-level employees have increasingly been subject to heavy sanctions. Prosecutors have charged several of these executives with the misuse of company funds for bribes as a form of embezzlement of company funds, as well as a form of tax evasion.

For example, in 2016, Swiss company Novartis AG agreed to pay $25 million to settle SEC charges that it violated the FCPA when its “China-based subsidiaries engaged in pay-to-prescribe schemes to increase sales.” The SEC investigation “found that employees of two China-based Novartis subsidiaries gave money, gifts and other items of value to healthcare professionals, which led to several million dollars in sales of pharmaceutical products to China’s state health institutions.”

This and other recent investigations into executives in connection with corrupt activity has resulted in companies changing their c-suites, possibly at least in part to allow for leadership more closely aligned with the new compliance mandates and the resulting need for compliance-focused risk management.

Recent changes to regulations and enforcement priorities related to information or cyber security also create increased risk for high-level executives who may have liability for company policies that do not adequately address security of patient information.

Examples of recent changes include the following:

  • Abbott Laboratories announced in November 2019 that a new CEO and CFO, both long time Abbott employees, would be taking over. 

  • BD and Medtronic both announced in the second half of 2019 that their CEOs would be stepping down, to be replaced by in-house hires. 

  • Smith & Nephew, Roche, CMR Surgical, B. Braun Medical, TransEnterix, BrainsWay, T2 Biosystems and Qiagen have all announced new c-suite executives within the past year.

  • NuVasive recently announced a new organizational structure with a number of changes to the responsibilities and roles of its high-level executives.


Kroll Can Help

Keeping compliance and monitoring programs up to date is a significant challenge for medical device companies in the current enforcement climate. Companies need to ensure that they have an even stronger corporate culture to monitor compliance and fight the risks of fraud, bribery and corruption.

Transparent procedures are key in addressing corruption in procurement processes. These should include both effective control mechanisms and the centralization of procurement processes.

Kroll, a division of Duff & Phelps, is uniquely equipped to help companies in the medical device industry handle these compliance challenges. Kroll can help with ABC compliance, cyber security and compliance programs in specific medical device regulatory areas.

Kroll’s clients include in-house and outside counsel, compliance departments and business units in various areas of industry. Within the past year alone, our services in the industry have included:

  • Third-party vendor due diligence

  • Vendor management software platform

  • Pre-transactional due diligence

  • Environmental, social and governance (ESG) due diligence

  • Commercial intelligence

  • Sanction list screening and monitoring

  • Bespoke research 

  • Investigations

For assistance with your company’s particular compliance needs, please contact one of our specialists.

Compliance Risk and Diligence

The Kroll Investigations, Diligence and Compliance team partners with clients to anticipate, detect and manage regulatory and reputational risks associated with global ethics and compliance obligations.