Author: Jonathan J. Rusch

On April 9, the United States Department of Justice announced that a federal grand jury in the Western District of Virginia had returned an indictment charging United Kingdom-based Indivior PLC (formerly known as Reckitt Benckiser Pharmaceuticals Inc.) and Indivior PLC (Indivior) with “engaging in an illicit nationwide scheme to increase prescriptions of Suboxone Film, an opioid drug used in the treatment of opioid addiction.”

The Department stated that according to the 47-page indictment,

Indivior obtained billions of dollars in revenue from Suboxone Film prescriptions by deceiving health care providers and health care benefit programs into believing that Suboxone Film was safer, less divertible, and less abusable than other opioid-addiction treatment drugs. Indivior also is alleged to have sought to boost profits by using a “Here to Help” program to connect opioid-addicted patients to doctors the company knew were prescribing opioids at high rates and in a clinically unwarranted manner.

The indictment also alleged that

Indivior developed Suboxone Film around 2007 as a patent-protected alternative to the tablet form of Suboxone, which was then about to face generic drug competition. The primary ingredient in both Suboxone Film and tablets is buprenorphine, a highly potent opioid. Indivior promoted Suboxone Film as safer and less-divertible than its tablet form, even though the company lacked any scientific evidence to support those claims. In particular, Indivior aggressively marketed Suboxone Film, without an established basis, as having a “lower risk of child exposure” and a “less divertible/abusable formulation.”  Indivior made these and other false and misleading claims in marketing materials and through representations to physicians, pharmacists, and health care benefit programs throughout the country. The indictment also alleges that, to further its scheme, Indivior announced a “discontinuance” of its tablet form of Suboxone based on supposed “concerns regarding pediatric exposure to” tablets, when in fact Indivior executives knew the primary reason for the discontinuance was to delay the Food and Drug Administration’s approval of generic tablet forms of the drug.

In addition, according to the Department, Indivior allegedly “used its ‘Here to Help’ internet and telephone program as part of its scheme to induce physicians to write prescriptions for Suboxone Film.” Although it touted the program as a resource for opioid-addicted patients, Indivior allegedly “used the program in part to connect patients to doctors it knew were prescribing Suboxone and other opioids to more patients than allowed by federal law, at high doses, and in suspect circumstances.” The indictment also alleges “that Indivior executives and employees knew from statistical and numerous firsthand reports that some doctors in the Here to Help referral system were issuing prescriptions in a careless and clinically unwarranted manner.”

The indictment charges Indivior with a total of 28 felony counts consisting of conspiracy to commit mail fraud, wire fraud, and health care fraud, and substantive counts of health care fraud, mail fraud, and wire fraud.  It also contains a notice of forfeiture that indicates that the Department is seeking via forfeiture (1) a monetary judgment of not less than $3 billion, (2) seven Indivior-related business entities and all assets, inventory, and property related thereto (i.e., Indivior Finance (2014) LLC; Indivior Finance SARL; Indivior Global Holdings Ltd (a/k/a RBP Global Holdings Limited); Indivior Inc. (a/k/a Reckitt Benckiser Pharmaceuticals Inc.); Indivior PLC; Indivior Solutions Inc. (a/k/a Reckitt Benckiser Pharmaceuticals Solutions Inc.); and Indivior US Holdings Inc_. (f/k/a RBP US Holdings Inc.); (3) certain specified Indivior-related bank accounts; (4) and certain specified trademarks and patents.

In response, Indivior issued a lengthy press release, in which it stated that it was

extremely disappointed in this action by the Justice Department, which is wholly unsupported by either the facts or the law. Key allegations made by the Justice Department are contradicted by the government’s own scientific agencies, they are almost exclusively based on years-old events from before Indivior became an independent company in 2014, and they are wrong. The department has apparently decided it would rather pursue self-serving headlines on a matter of national significance than achieve an appropriate resolution, but we will contest this case vigorously and we look forward to the full facts coming out in court.

The press release, which set forth specific rebuttals to the indictment’s allegations, stated that Indivior “has cooperated extensively with the Justice Department’s investigation for several years” and had

turned over millions of pages of documents and spent extensive time explaining the company’s operations to the department. In the interest of resolving this matter and providing certainty to our shareholders, we have made numerous attempts to reach a settlement that went far beyond what we believe the facts of this case support. It is unfortunate the Justice Department decided to choose an alternative path, but we will fight these allegations on the facts and on the law in court, and we are confident of our position.

Indivior’s former parent, Reckett Benckiser Pharmaceuticals, issued a separate statement in which it briefly stated that the indictment “is not against RB Group Plc or any other group company and we currently have no additional or new information in respect of this matter, apart from what has been publicly issued by the Department of Justice and Indivior Plc.”

Note: This indictment represents the second major case that the Justice Department has brought in this Administration against pharma companies for allegedly fraudulently marketing and promoting opioids.  In the first case, involving Insys Therapeutics, the Justice Department last year joined a series of whistleblower lawsuits against Insys, and is now awaiting the jury’s verdict in a criminal racketeering case against Insys founder John Kapoor and other former Insys executives.

Despite Indivior’s aggressive press response to the indictment, its share price, which The Times reported “had already declined sharply over the past year,” plummeted 73 percent in one day to 28p.  According to The Times, one U.S. brokerage firm has opined that Indivior did not have the financial resources to pay a $3 billion fine.  Since Indivior had previously stated that it had “set aside $438 million to cover legal matters, most of which relates to the [Department’s] investigation” and Reckitt had separately reserved £303 million ($390 million) in connection with the investigation, those numbers may be closer to what the Department ultimately would seek from both companies in any further settlement negotiations.

On April 9, the United States Department of Justice announced that the London-based financial institution Standard Chartered Bank (SCB) had agreed to pay a total of more than $1 billion to the Justice Department and other U.S. and foreign authorities, for conspiring to violate the International Emergency Economic Powers Act (IEEPA).  According to the Justice Department, the reported conspiracy, which lasted from 2007 through 2011, “resulted in SCB processing approximately 9,500 financial transactions worth approximately $240 million through U.S. financial institutions for the benefit of Iranian entities.”

The breakdown of the various settlements into which SCB entered is as follows:

• U.S. Department of Justice: Forfeiture of $240 million, a fine of $480 million, and to the amendment and extension of its existing deferred prosecution agreement (DPA) with the Justice Department for an additional two years;
• New York County District Attorney’s Office (DANY): Amendment of its DPA with DANY and extension of that DPA for two additional years, and an additional financial penalty of $292,210,160;
• Other Settlement Agreements: SCB entered into separate settlement agreements with the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), the Board of Governors of the Federal Reserve System (the Federal Reserve), the New York State Department of Financial Services (DFS), and the United Kingdom’s Financial Conduct Authority (FCA) under which SCB shall pay additional penalties totaling more than $477 million. The Justice Department has agreed to credit a portion of these related payments and, after crediting, will collect $52,210,160 of the fine, in addition to SCB’s $240 million forfeiture.

In connection with the conspiracy, the Justice Department filed a superseding information regarding SCB in the U.S. District Court for the District of Columbia, charging SCB with two counts of conspiracy to violate IEEPA.  In addition, an unnamed former employee of the SCB branch in Dubai, United Arab Emirates (UAE) (referred to as Person A), pleaded guilty in the same U.S. District Court for conspiring to defraud the United States and to violate IEEPA, and that court unsealed a two-count criminal indictment charging Mahmoud Reza Elyassi, an Iranian national and former customer of SCB Dubai, with participating in the conspiracy.

The Justice Department stated that, as part of the amended DPA,

SCB admitted that, from 2007 through 2011, two former employees of its branch in Dubai, willfully conspired to help Iran-connected customers conduct U.S. dollar transactions through the U.S. financial system for the benefit of Iranian individuals and entities.  One of these Iran-connected customers was Elyassi, an Iranian national who operated business accounts with SCB’s Dubai branch while residing in Iran.  SCB’s former employees helped Elyassi manage these accounts, concealed their Iranian connections, and facilitated foreign currency transactions in U.S. dollars.  SCB’s former employees knew that Elyassi’s business organizations operated from Iran and conducted U.S. dollar transactions for the benefit of Iranian interests, and helped Elyassi disguise his Iranian connections to avoid suspicion.

According to the unsealed indictment of Elyassi,

Elyassi and his co-conspirators registered numerous supposed general trading companies in the UAE, and used those companies as fronts for a money exchange business located in Iran.  Between November 2007 and August 2011, Elyassi used a business account at SCB’s Dubai branch to cause U.S. dollar transactions to be sent and received through the U.S. financial system for the benefit of individuals and entities ordinarily resident in Iran in violation of U.S. economic sanctions.

SCB admitted that on behalf of Elyassi’s companies between 2007 and 2011, it had processed approximately 9,500 U.S. dollar transactions through the United States that totaled approximately $240 million.  More than half of these U.S. dollar transactions, the Justice Department stated, “were the result of deficiencies in SCB’s compliance program which allowed customers to request U.S. dollar transactions from within sanctioned countries, including Iran.”

The Justice Department credited SCB with having engaged in significant remediation since mid-2013, “including the comprehensive enhancement of its U.S. economic sanctions compliance program and significant improvements to its financial crime compliance program.”  It also acknowledged that after SCB was “presented with evidence of potential post-2007 sanctions violations, SCB provided substantial cooperation in the government’s investigation, including by producing significant evidence of criminal wrongdoing perpetrated by its employees and customers.”

Note: This amendment and extension of the SCB DPA is a substantial expansion of the original DPA that SCB had reached with the Justice Department in 2012. That DPA, as indicated in Count One of the superseding information, addressed SCB’s participation in a criminal conspiracy from 2001 through 2007 and resulted in SCB’s paying a $227 penalty under the terms of that DPA.  Count Two of the superseding information addressed SCB’s participation in a criminal conspiracy to violate IEEPA from 2007 through 2011, which the Justice Department alleged “resulted in SCB intentionally processing U.S. dollar transactions through the U.S. financial system for the benefit of Iranian individuals and entities worth approximately $240 million.”

It may be instructive to compare and contrast the SCB resolution with the Justice Department’s November 2018 sanctions-related DPA and resolution with Société Générale S.A. (SG), with regard to the three factors that are central to corporate resolutions under the Justice Department’s Corporate Enforcement Policy:

• Voluntary Self-Disclosure: Neither institution engaged in voluntary self-disclosure.  In  SG’s case, the U.S. Attorney’s Office for the Southern District of New York specifically stated that “[d]espite the awareness of both SG’s senior management and Group Compliance that SG had engaged in this unlawful conduct, SG did not disclose its conduct to OFAC or any other U.S. regulator or law enforcement agency until well after the commencement of the Government’s investigation.”
• Cooperation: In SCB’s case, the Justice Department credited it with “substantial cooperation.”  In SG’s case, the U.S. Attorney’s Office credited it with “undertaking . . . a thorough internal investigation, [and] collecting and producing voluminous evidence located in other countries to the full extent permitted under applicable laws and regulations . . . .”
• Remediation: In SCB’s case, the Department credited it with “significant remediation.”  In SG’s case, the U.S. Attorney’s Office credited it with “enhancement of its compliance program and sanctions-related internal controls both before and after it became the subject of a U.S. law enforcement investigation.”

In the end, both institutions ended up paying, due to total forfeitures and financial penalties, more than $1 billion each to resolve their sanctions-related misconduct.  That fact alone should prompt other financial institutions that operate globally to take their sanctions compliance programs utterly seriously, including by regularly and thoroughly reviewing them to determine whether they are operating effectively.  If there are any financial institutions that are still unclear about the reach of U.S. law enforcement and regulators to enforce U.S. sanctions, the SCB and SG resolutions should leave no doubt in anyone’s mind.

Since mid-March, a spate of news coverage in the Baltimore – Washington, D.C. region has brought to light a severe conflict of interest by Baltimore Mayor Catherine Pugh that may oust her from office.  The first part of the story emerged on March 12, when the Baltimore Sun reported that

[n]ine [volunteer] members of the University of Maryland Medical System’s [UMMS’s] Board of Directors — including Baltimore Mayor Catherine Pugh — have business deals with the hospital network that are worth hundreds of thousands of dollars each. . . . [A]bout a third of appointed members receive compensation from the medical system through contracts with their businesses. They provide goods and services to the system, ranging from consulting to pest control and civil engineering, according to financial disclosure forms reviewed by The Sun.

In Mayor Pugh’s case, the Sun initially stated that Pugh reported on her 2017 financial disclosure statement making a profit of $100,000 after the hospitals bought 20,000 copies of one of her self-published children’s books under the title “Healthy Holly.”  In short order, additional reporting disclosed that UMMS had made four previous payments of $100,000 each to Pugh, beginning in 2011 – when she was a state senator serving on a committee that partially funded UMMS —  and then in 2013, 2015, and 2017, totaling $400,000.

Additional disclosures within the past two weeks have now made the controversy a matter of intense city- and statewide attention:

• March 18: Mayor Pugh resigned from the UMMS board.
• March 20: Mayor Pugh told a Baltimore radio station that she had returned the most recent payment of $100,000 for her latest “Healthy Holly” book, which she said was “still in the works.”  The Mayor also said that she planned to self-publish the latest book, but a mayoral spokesman told the media that the Mayor had returned the money because “[t]he publisher and illustrator had a medical emergency and the order had to be canceled.”
• April 1: The Washington Post reported that the healthcare company Kaiser Permanente paid Mayor Pugh more than $100,000 for copies of a “Healthy Holly” book “at the same time it was seeking a $48 million contract from a city board controlled by the mayor.” That same day, the Post reported, Mayor Pugh decided to take “an indefinite leave of absence” – according to her spokesman, because the Mayor was battling pneumonia and her doctors had told the Mayor that she “needs to take time to recover and focus on her health.”  Nonetheless, the Associated Press reported that Maryland Governor Larry Hogan, calling the allegations “deeply disturbing,” called on the Maryland state prosecutor to investigate allegations of self-dealing by the Mayor, and Maryland Comptroller Peter Franchot called on her to resign.
• April 3: The Sun’s editorial board called on Pugh to resign, describing her as ”deeply unethical.”
• April 7: A top aide to Mayor Pugh, James T. Smith, submitted his resignation to acting Mayor Bernard Young.
• April 8: The Baltimore City Council called on Pugh to resign as Mayor, but Pugh said she intends to return to her job.

Note:  Ethics and compliance officers in public- and private-sector entities should incorporate this situation, as a classic case of serious conflict of interest, into briefings and training sessions for their entities’ management and employees.  There is no room for debate – other than, apparently, with Mayor Pugh and the UMMS —  that this kind of profitable self-dealing by a public official with fiduciary responsibilities to the public and UMMS is a blatant and long-running actual conflict of interest.

Moreover, ethics and compliance officers should take the opportunity to review their organization’s conflict-of-interest policies and determine whether they clearly state that certain conflicts are prohibited and, in appropriate circumstances, may require corrective action.  In this case, a spokesman for UMMS management maintained that UMMS “has a consistently enforced Conflict of Interest Policy.” Those words, however, must be read closely.  Perusal of that Policy reveals that the only significant obligation of a UMMS board member is to disclose the financial interest in question, after which that board member must leave the room “while the determination of a conflict of interest is discussed and voted upon” and the remaining board members “decide how to manage the conflict.”

By that standard, UMMS may well have “consistently enforced” the Policy, in the sense that the board allowed Mayor Pugh and eight other board members to obtain and retain direct financial benefits from their relationship with UMMS.  If that is the case, UMMS needs to rethink its Policy completely.  Nowhere in the Policy does the phrase “actual conflict of interest” appear, but it is actual conflicts of interest that, as the UMMS Board is now seeing, pose the greatest reputational and financial risk to any enterprise.

UMMS had been resisting pending legislation in the Maryland legislature that reportedly “would make it illegal for [state hospital] board members to profit from contracts with the hospitals they govern.”  But it need not wait for legislative action to demonstrate, by revising its Policy, that  its professed commitment to “the public trust” is genuine.  As for Mayor Pugh, if she were to value the health of city government more highly than she values the profitability of her health-themed books, her own choice should be clear.

This week, Europol issued its Cyber-Telecom Crime Report 2019.  The 57-page report, by cybersecurity firm Trend Micro Research and Europol’s European Cybercrime Centre (EC3), states that it was “written to serve as a guide of sorts to help stakeholders in the industry navigate the telecom threat landscape.”

The report is divided into seven principal sections:

• The Perpetrators: This section states that telecom fraud “is increasingly originating in countries normally considered ‘third world’ or failed states” and is “increasingly being used to prop up failing economies.” It cites several factors as drivers of telecom fraud, including “the reduced cost and increased availability of telecom equipment capable of hacking intercarrier trust, the availability of information on the topic, and the flattening (homogenization) of telecom deployments in 4G,” as well as “the overlap of specific economies — the cost of telecom deployments drops due to economic commonalities driven by the need for automation. Examples of these include rising telecom costs, competition from nontraditional telecom providers, and market saturation.”  The report also states that the annual cost of telecommunications subscription fraud “is estimated by some to reach up to more than US$12 billion, while others foresee the actual losses to be far greater, estimating it to be between 3 percent and 10 percent of the operators’ gross revenues.”  It reviews the principal means of “cashing out” SIM card accounts for the criminals’ benefit, including SIM card billing fraud, customer self-management website accounts, enterprise telecom management, and insider trading.
• Evolution of Telecom Fraud: This section explains the evolution of network operations, from circuit switching to packet switching to “data-switched” network.
• Threat Model Components for Telecom Crime: This section sets out the threat model components for SIM fraud, device types, network types, telecom application types, and customer application types.
• Threat Modeling Telecom Infrastructure: This section covers SIM card accounts, SMS and premium SMS, trunking (i.e., the establishment of bulk call management routing), roaming, and radio.
• Physical Telecom Infrastructure Attacks Facilitating Telecom Fraud: This section describes significant categories of attacks, such as SIM box fraud, international revenue share fraud, prepaid charging abuse, intermarket/interconnect bypass fraud, tromboning (i.e., modifying a running call to make it faster and better) and reverse bypass fraud
• Network-Based Telecom Fraud: This section discusses other attacks, such as Private Branch Exchange (PBX) (i.e., a computer responsible for routing revenue-generating traffic) hacking, subscription fraud, wangiri fraud (i.e., use of an automated fraud infrastructure or autodialer that calls many people, and, for each victim who calls that number back, “becomes the originator of the call (and therefore the one who has responsibility to pay for it)”), and voice phishing (“vishing”).
• Noteworthy Real-World Cases of Telecom Fraud: This section presents two cases that have been anonymized and made generic, but that provide details about the approaches the criminals used.

In conclusion, the report notes that

[t]he emphasis at hacker conferences are on the low-risk ease of attacks, the financial revenue from attacks, interesting information learned as a side effect of attacks as all motivators for this uptick in cybertelecom attacks. Additional motivators drawing attention to this class of attack are the very lucrative employment opportunities for individuals with CyTel security/hacking/fraud skills.

The report recommends that telecommunications companies “provide the needed types of support, training, and investment to engage entities like the Europol EC3 CyTel working group.”  It notes that intelligence and techniques can be shared in that group “for the greater good,” and that [n]on-European entities and national law enforcement groups have joined as well, and benefit from the reduced effort and complexity in performing law enforcement actions.”  It also touts the importance of cyber-telecom intelligence fusion through three approaches: (1) the concept of a global telecom network with unified threat intelligence between telecommunications service providers, between law enforcement, and between providers themselves”; and (2 “[o]ther Europol criminology- and intelligence-sharing groups such as Airline Fraud (Global Airline Action Days) and Euro Money Mule Action (EMMA) operations.

Note: Both information-security and fraud compliance teams should read the report closely – whether to establish or update their understanding of cyber-telecom fraud trends and techniques.  The sophistication of many of these techniques makes it all the more important that companies maintain robust cyber-defenses and include key information from the Europol report in internal briefings and training for executives and employees.

Over the last three weeks, domestic and international media have focused rapt attention on the recent U.S. federal indictment of dozens of parents who, among other actions, allegedly paid substantial bribes to secure their children’s admission to top-flight universities.   Those who track corruption trends around the world might be forgiven for experiencing some bemusement, given the fact that bribery of educators is a deeply entrenched practice in countries across multiple regions, including Africa, Asia-Pacific, Europe and Central Asia, and Latin America and the Caribbean.

A recent report by Global Press Journal about bribery in Ugandan schools provides a timely perspective on the practice, despite official condemnation.  Government policy is reflected in Ugandan Ministry of Education and Sports guidelines, which require “that teachers who favor certain children based on gifts they get receive warnings [and] can even be fired if the problem persists.” At local levels, each school’s head teacher supposedly has responsibility for seeing that teachers are not bribed.

In practice, however,

[c]ash, luxury items and even bags of groceries are now so commonly passed from parents to teachers in Uganda that some teachers now boldly request those items. In exchange, the children of parents who give gifts often sit at the front of the class and receive high marks, whether or not those marks are earned.

While Uganda suffers from widespread corruption in general, one likely reason for public-school teachers’ acceptance of bribes by parents is their low salary range. One teacher stated that “she expects to get at least 200,000 Ugandan shillings [(USh] (about $54) from parents during this season” – the equivalent, for some teachers, of almost one month’s salary.  Another teacher said that she has seen “some parents at her child’s baby class give cash – 10,000 ($2.70), 20,000 ($5.40) and even 50,000 ($13.51) shilling notes – to teachers.”

Ugandan primary school teachers on average earn USh 250,000 (approximately $67) a month, secondary-school teachers have starting salaries of USh 536,000 (approximately $145), and teachers with a degree can be paid approximately USh 600,000 (about $162).  As a point of comparison, entry-level health workers receive approximately USh 313,000 (about $85), and police and prison officers receive between USh 467,000 (approximately $126) and USh 573,000 (approximately $155).

The Global Press Journal article provides a cogent reminder of how deeply corruption can infect and persist in people’s everyday lives, and how difficult it can be to eliminate corruption in the face of significant economic inequalities.