FCPA Due Diligence in Healthcare M&A

By Joseph A. Spinelli, F. Lisa Murtha

July 31, 2018


At a conference recently, Sandra Moser, the acting Chief of the Fraud Section of the Department of Justice (DOJ) announced that the prosecutors from the agencies’ Foreign Corrupt Practices Act (FCPA) Unit would be collaborating with the Corporate Strike Force of DOJ’s Health Care Fraud Unit to investigate healthcare corruption here in the United States and abroad.

She further stated that “Investigations have revealed that healthcare companies overseas frequently interact with state-employed doctors and foreign public officials who worked for government-owned hospitals and medical institutions. As a result, we have seen a number of significant FCPA cases involving the payment of bribes and kickbacks by healthcare companies to foreign officials to obtain a wide variety of improper business advantages”.

Moser also noted that it is imperative that healthcare companies conduct FCPA due diligence in mergers and acquisitions and pay strict attention to DOJ’s Opinion Releases regarding this subject.

In June 2008, the DOJ issued Opinion Release 08-02 in which it set forth the due diligence measures required in order to avoid potential FCPA liability for the activities of its acquisition targets. The Opinion (concerning an overseas acquisition by a non-healthcare company) stated that companies need to conduct extensive FCPA due diligence when acquiring organizations that operate in a high-risk industry, in high-risk countries, and that deal with government owned customers.

Now what does all this mean for healthcare companies seeking to merge or make acquisitions?

Officials at the DOJ have sent a clear and consistent message: Healthcare companies must conduct robust FCPA due diligence in connection with mergers, acquisitions and for all joint venture partners and third-party intermediaries.

Companies must also proactively review their FCPA compliance programs to ensure that their due diligence plan with respect to all third-party relationships and transactions comports with the DOJ’s opinion statements.

In addition, healthcare entities should make certain that they have conducted and documented an Enterprise Wide Risk Assessment that reviews FCPA risk as it relates to their products, services, third party relationships and the geographic locations in which they conduct business. Such a risk-based approach to FCPA pre-merger and acquisition liability assessment should include inquiries into areas such as:

  • Does the target company or its subsidiaries operate in a high-risk country?
  • Does the target company operate in high-risk industries in addition to healthcare (E.g. clinical research, energy, etc.)?
  • What is the target company’s association with foreign governments? Is the target company providing goods or services to a foreign government and is it government controlled or government-owned?
  • Does the target company have clear policies and procedures in place to detect, report and manage FCPA violations?
  • Were there any prior instances of FCPA issues or violations in the target company’s history?

Should any of these inquiries disclose existing or potential FCPA issues pre-merger and /or acquisition, the buying healthcare company should consider effectuating protective measures including negotiating specific indemnification provisions, and negotiating comprehensive representations and warranties provisions in the merger and acquisition agreement.

One would conclude that FCPA compliance and vendor risk­ ranking and due diligence pre-merger and acquisition can be an expensive undertaking; however, there are tangible economic benefits to be realized from performing FCPA due diligence on target companies and third-party intermediaries. The fines, disgorgement of ill-gotten gains, and drop in market capitalization resulting from acquiring a company implicated in a FCPA enforcement action can result in closer government scrutiny, including the imposition of a court-appointed monitor, which the company must fund for a period of several years in addition to the implementation of extensive workforce training and internal controls.

The DOJ’s diagnosis for healthcare companies involved in mergers and acquisitions is clear and concise: conduct incisive due diligence and have an effective FCPA compliance program. Healthcare companies can be certain that the DOJ will be stepping up its “examination” for those entities that fail to do so.