In the latest settlement to come out of an ongoing enforcement focus on Foreign Corrupt Practices Act (FCPA) violations in the medical device industry, Biomet Inc. agreed March 26 to pay more than $22 million to settle Securities Exchange Commission (SEC) and parallel criminal charges related to the company’s activities in Argentina, Brazil and China.

The SEC charged Biomet with violating the FCPA, alleging that its subsidiaries paid bribes to publicly employed doctors in Latin America and China between 2000 and 2008; that company executives and internal auditors failed to stop the payments after becoming aware of them as early as 2000; and that the company routinely concealed the payments though false documents. In Brazil alone, the company paid a total of $1.1 million in bribes.

As part of a deferred prosecution agreement with the Department of Justice (DOJ), Biomet agreed to implement a corporate compliance program addressing deficiencies in FCPA internal controls, policies and procedures, and to hire an independent corporate compliance monitor with reporting duties to both the company and the DOJ.

In its complaint, the SEC blasted Biomet executives and auditors for not stopping the illegal payments.

“A company’s compliance and internal audit should be the first line of defense against corruption, not part of the problem,” said Kara Novaco Brockmeyer, chief of the SEC’s Enforcement Division’s FCPA unit, in an SEC release.

Audit Failure

The SEC’s complaint details how, beginning in 2000, executives and auditors on the ground in the foreign countries and at Biomet’s Warsaw, Ind., headquarters became aware of payments to doctors in Latin America and China, but the practice continued.

For instance, after a 2003 audit that Biomet’s U.S.-based auditors conducted of Biomet Argentina, the company’s Warsaw-based director of internal audit circulated reports describing the payment of royalties to surgeons “if requested,” but he only confirmed the amount paid was accurately recorded in the book. Biomet internal auditors did not explore why the payments were made or whether services were provided for them, instead concluding that “there were adequate controls in place to properly account for royalties paid to surgeons without any supporting documents,” the complaint says.

Similarly, the SEC says payments to doctors in Brazil were “openly discussed” among employees, executives and auditors, as were cash payments and travel accommodations a Biomet distributor provided to Chinese doctors.

“When an executive in Indiana … is presented with red flags, such as, ‘We are paying commissions as high as 20 percent to doctors in Argentina,’ that should trigger further questions,” says Matteson Ellis, an FCPA attorney and founder of Matteson Ellis Law. “Based on the complaint, information was communicated to executives, and they weren’t exercising the oversight role they should have been exercising to ensure that this didn’t happen.”

Even in high-risk countries, there’s nothing wrong in theory with paying doctors for expert consulting services, Ellis says. But if that were the case, Biomet should have had contracts with doctors clearly spelling out and justifying the level of compensation doctors received and should have kept accurate records of the consulting that occurred and what value it provided the company.

Front-end Prevention

The SEC may have come down hard on Biomet’s auditors, but the company also lacked basic preventive controls. Traditional internal controls have been based upon detection, says Henry Mixon, an FCPA consultant. It’s a concept rooted in the Sarbanes-Oxley Act and a focus of financial reporting controls.

“It’s good for financial reporting, but it’s not what you need to prevent bribery,” Mixon says. “There should be eyes on [high-risk transactions] before the money is spent.”

In the case of Biomet, it should have been pretty clear that the surgeons were high-risk contacts from an FCPA standpoint, Mixon says, and in the medical device industry in particular, it’s not difficult to analyze historical practices and figure out where the risks are.

“As a former auditor, I certainly agree from what I read that different things could have been done to get to the substance of the transactions, but even if Biomet had done all of that, they still would have only detected something,” Mixon says. “They still would have faced a three-year investigation; they still would have had all the problems. The accounting would have been a little better, but that wouldn’t have solved the problem from an FCPA standpoint.”

Device Sweep

Biomet’s is the third FCPA settlement in the medical device industry, following Johnson & Johnson in April 2011 and Smith & Nephew in February. Medtronic Inc., Stryker Corp., Zimmer Holdings Inc. and Wright Medical have also disclosed FCPA investigations.

Johnson & Johnson’s $77 million settlement and Smith & Nephew’s $22 million settlement also both stemmed from payments the companies made to public-sector doctors considered “government officials” for FCPA purposes.

“The government is interpreting the Foreign Corrupt Practices Act very broadly in terms of what constitutes a foreign official and what constitutes a payment,” says Thaddeus McBride, a partner in Sheppard Mullin’s international trade group. “It’s also another example of the government conducting one of these industrywide investigations.”

Industrywide sweeps are one example of the government’s aggressive enforcement of FCPA violations, McBride says. In one fell swoop and accumulating industry knowledge all along the way, enforcers are able to investigate numerous companies they think may be engaged in similar practices because they’re in the same industry.

“If you’re in an industry that’s being investigated [for FCPA violations], even if you haven’t already been contacted by the government, it would make sense to be proactive,” McBride says. “Take a look at whether some of the things the government has called out with respect to companies that are under investigation are things that are going on in your company.”