Last week Bristol-Myers Squibb announced that the Justice Department has decided to prosecute the company for a criminal Foreign Corrupt Practices Act.  The news was tucked away in a Form 10-Q, which BSM had filed with the Securities and Exchange Commission on Oct. 27. It stated in part, “The company has also been advised by the Department of Justice that it has closed its inquiry into this matter.”

Earlier in October the SEC had announced an FCPA enforcement against the company for the actions of BSM’s joint venture in China, which made cash payments and provided other benefits to healthcare providers at state-owned and state-controlled hospitals in exchange for prescription sales. The matter was settled through a SEC administrative proceeding, which granted an agreed-upon cease and desist order, based upon a BSM’s settlement offer that the SEC accepted.

For its conduct violative of the FCPA, BSM agreed to a total fine and penalty of $14 million, which included the return of $11.4 million of profits plus prejudgment interest of $500,000 and payment of a civil penalty of $2.75 million.

This enforcement action continues the trend of “SEC only” enforcement actions for internal controls violations of the FCAP. From the previously released SEC order, the following facts were divulged about the company’s conduct.

Bristol-Myers Squibb failed to respond effectively to red flags indicating that sales personnel provided bribes and other benefits to generate sales from health care providers in China.

Bristol-Myers Squibb did not investigate claims by certain terminated employees of BMS China that faked invoices, receipts, and purchase orders were widely used to fund improper payments to health care providers.

The company failed to install adequate internal controls, and those which were deemed insufficient by company’s own internal audit group were never properly remediated even though “repeatedly identified substantial gaps in internal controls, and the results, were reported to the Audit Committee and senior management of” the company.

How such conduct did not rise to the level of a criminal violation of the FCPA, I don’t know. Perhaps there were problems of proof because of the location of the misconduct in China. Perhaps the company demonstrated extraordinary cooperation during the pendency of the investigation or had extensive remediation ongoing as well.

Whatever the answer might be, any chief compliance officer should study this matter quite closely for the lessons to be learned on what to do, and what not to do, around the FCPA.