Last week we reviewed the background facts of the Johnson & Johnson (J&J) Deferred Prosecution Agreement (DPA) and the issue of self-reporting. In this posting we will review some of specific compliance program best practices which Johnson & Johnson agreed to implement.
As with other DPA’s entered into by the Department of Justice (DOJ) since, at least, last summer, Attachment C to the DPA sets out the minimum best practice Foreign Corrupt Practices Act (FCPA) compliance program. Attachment C lists nine factors, set out below, which Johnson & Johnson agreed to implement or modify their existing compliance program:
1. A clearly articulated corporate policy against violations of the FCPA, including its anti-bribery, books and records, and internal controls provisions, and other applicable counterparts (collectively, the “anticorruption laws”).
2. Promulgation of compliance standards and procedures designed to reduce the prospect of violations of the anticorruption laws and J&J’s compliance code. These standards and procedures shall apply to all directors, officers, and employees and, where necessary and appropriate, outside parties acting on behalf of J&J in a foreign jurisdiction, including but not limited to, agents, consultants, representatives, distributors, teaming partners, and joint venture partners (collectively, “agents and business partners”);
3. The assignment of responsibility to one or more senior corporate executives of J&J for the implementation and oversight of compliance with policies, standards, and procedures regarding the anticorruption laws. Such corporate official(s) shall have the authority to report matters directly to J&J’s Board of Directors or any appropriate committee of the Board of Directors;
4. Mechanisms designed to ensure that the policies, standards, and procedures of J&J regarding the anticorruption laws are effectively communicated to all directors, officers, employees, and, where appropriate, agents and business partners. These mechanisms shall include: (a) periodic training for all directors, officers, and employees, and, where necessary and appropriate, agents and business partners; and (b) annual certifications by all such directors, officers, and employees, and, where necessary and appropriate, agents, and business partners, certifying compliance with the training requirements;
5. An effective system for reporting suspected criminal conduct and/or violations of the compliance policies, standards, and procedures regarding the anticorruption laws for directors, officers, employees, and, where necessary and appropriate, agents and business partners;
6. Appropriate disciplinary procedures to address, among other things, violations of the anticorruption laws and J&J’s compliance code by J&J’s directors, officers, and employees;
7. Appropriate due diligence requirements pertaining to the retention and oversight of agents and business partners;
8. Standard provisions in agreements, contracts, and renewals thereof with all agents and business partners that are reasonably calculated to prevent violations of the anticorruption laws, which may, depending upon the circumstances, include: (a) anti-corruption representations and undertakings relating to compliance with the anti-corruption laws; (b) rights to conduct audits of the books and records of the agent or business partner to ensure compliance with the foregoing; and (c) rights to terminate an agent or business partner as a result of any breach of anticorruption laws, and regulations or representations and undertakings related to such matters; and
9. Periodic testing of the compliance code, standards, and procedures designed to evaluate their effectiveness in detecting and reducing violations of anticorruption laws and J&J’s compliance code.
The nine points will not be unfamiliar to the FCPA compliance practitioner. These points are recognized to be in most ‘good to best’ compliance programs. However, the Johnson & Johnson DPA goes much further by adding an Attachment D, entitled “Enhanced Compliance Obligations” which is designed to be in addition to, and to build upon, the commitments made by Johnson & Johnson in Attachment C. These enhanced obligations include the following:
This Attachment D “Enhanced Compliance Obligations” is an excellent road map for the FCPA practitioner in which to establish, enhance, or simply review a FCPA compliance program. The Johnson & Johnson DPA demonstrates that a company’s commitment to ongoing FCPA remediation and program enhancement will help it reduce its overall FCPA liability in a case with facts as bad as those presented in this matter. We commend the DOJ for presenting such detailed information for those in the compliance field and hope that they will learn from the lessons of Johnson & Johnson.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.© Thomas R. Fox, 2011
He was most recently the General Counsel at Drilling Controls, Inc., a worldwide oilfield manufacturing and service company. He was previously Division Counsel with Halliburton Energy Services, Inc. where he supported Halliburton’s software division and its downhole division, which included the logging, directional drilling and drill bit business units.
Tom attended undergraduate school at the University of Texas, graduate school at Michigan State University and law school at the University of Michigan.
Tom writes and speaks nationally and internationally on a wide variety of topics, ranging from FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets.
Thomas Fox can be contacted via email at email@example.com or through his website www.tfoxlaw.com.
Follow this link to see all of his articles.