Implementing an Effective Global Anti-Bribery Program Implementing an Effective Global Anti-Bribery Program Elaine Murphy, MBA Director Health Care Compliance Johnson & Johnson Medical Devices & Diagnostics, UK Sue Seferian, Esq. Assistant General Counsel, Worldwide Office of Health Care Compliance, Johnson & Johnson, USA Keith M. Korenchuk, JD, MPH Covington & Burling LLP, Washington, DC, USA

Discussion Key Elements of an effective program, incorporating touch points on:  Roles & Responsibilities, Structure/Organisation Factors  Leadership  Third Party Due Diligence  Change Management Global Anti Bribery Policy – A Major Challenge

Elements of an Effective Compliance Program 1. Written Policies & Procedures 7. Response to detected problems & corrective action initiatives 2. Assigned Compliance Officer & Committees 6. Enforcement & Disciplinary Guidelines 3. Training & Education Compliance Office Law Department Internal Audit 7 Key Elements of an Effective Compliance Program Source: Adapted from various models & tools 5. Monitoring & Testing 4. Communication

Elements of an Effective Compliance Program 1. Written Policies & Procedures 7. Response to detected problems & corrective action initiatives 2. Assigned Compliance Officer & Committees 6. Enforcement & Disciplinary Guidelines Compliance Office Law Department Internal Audit 1. Written Policies & Procedures Source: Adapted from various models & tools 5. Monitoring & Testing 4. Communication 3. Training & Education

1. Written Policies & Procedures Regional policies In country Standard Operating Procedures Local anti-bribery laws & practice U.S. based laws (FCPA) & procedures Cross-border interactions People follow people… not paper policies & processes

Elements of an Effective Compliance Program 1. Written Policies & Procedures 7. Response to detected problems & corrective action initiatives 2. Assigned Compliance Officer & Committees 6. Enforcement & Disciplinary Guidelines Compliance Office Law Department Internal Audit 2. Assigned Compliance Officer & Committees Source: Adapted from various models & tools 5. Monitoring & Testing 4. Communication 3. Training & Education

2. Assigned Compliance Officer & Committees, Roles & Responsibilities Appropriate & most effective reporting structure Governance Defining boundaries of Compliance vs.  Legal  Internal Audit  Human Resources  Finance  Security Responsibility vs. Accountability Responsibility at country & regional/global level

Leadership - Key Success Indicator Leadership - Key Success Indicator “Tone at The Top” Walk the Talk Openness & honesty Regular updates to, & buy-in from, Audit & Governance Committees

Elements of an Effective Compliance Program 1. Written Policies & Procedures 7. Response to detected problems & corrective action initiatives 2. Assigned Compliance Officer & Committees 6. Enforcement & Disciplinary Guidelines Compliance Office Law Department Internal Audit 3. Training & Education Source: Adapted from various models & tools 5. Monitoring & Testing 4. Communication 3. Training & Education

3. Training & Education – Practical Considerations Learning platforms – what, how, who, when Tools to track global training & education requirements Systems & documentation methods – ensure attendance & comprehension Recipients Customisation/tailoring at local level Different languages – challenges around translation of company policy & training

Third Parties – A Critical Challenge What standards should apply? How can Third parties demonstrate compliance? Level of due diligence required Use of contractual representatives & warranties Practical & relationship issues Ongoing monitoring

Elements of an Effective Compliance Program 1. Written Policies & Procedures 7. Response to detected problems & corrective action initiatives 2. Assigned Compliance Officer & Committees 6. Enforcement & Disciplinary Guidelines Compliance Office Law Department Internal Audit 4. Communication Source: Adapted from various models & tools 5. Monitoring & Testing 4. Communication 3. Training & Education

4. Communication 4. Communication Management, anonymity, communication & tracking at a global level of hotlines Effective communication across cultures & languages Who is responsible for “delivering the compliance message” in various countries & is it consistent with corporate standards? Use of confidential information

Implementing the Program: Effecting Change Resistance to change: implementing behaviour change Comprehensive review of core activities & controls raises key issues that mirror global compliance challenges generally Resource constraints: a time intensive activity, by activity process Ensuring company wide consistency of process: a major challenge

Elements of an Effective Compliance Program 1. Written Policies & Procedures 7. Response to detected problems & corrective action initiatives 2. Assigned Compliance Officer & Committees 6. Enforcement & Disciplinary Guidelines Compliance Office Law Department Internal Audit 5. Monitoring & Testing Source: Adapted from various models & tools 5. Monitoring & Testing 4. Communication 3. Training & Education

5. Monitoring & Testing Considerations Risk analysis Identify areas for potential monitoring & testing Development of areas of focus Written protocols Development & use of metrics Deployment of resources Utilisation of technology Effective communication of results

Challenges to Developing Effective Monitoring & Testing Functions Data quality Systems integration Under-developed key performance indicators Budget support/financial resources Resource for performing monitoring & testing Training of personnel Collaboration across legal, internal audit, etc Follow-on investigations & Corrective Action

Elements of an Effective Compliance Program 1. Written Policies & Procedures 7. Response to detected problems & corrective action initiatives 2. Assigned Compliance Officer & Committees 6. Enforcement & Disciplinary Guidelines Compliance Office Law Department Internal Audit 6. Enforcement & Disciplinary Guidelines Source: Adapted from various models & tools 5. Monitoring & Testing 4. Communication 3. Training & Education

Appropriate objectives set Consistency across disciplinary actions – rules need teeth Reporting systems in place, e.g. telephone hotlines, well communicated & understood Investigations conducted systematically Good working relationship with HR required 6. Enforcement & Disciplinary Guidelines

Elements of an Effective Compliance Program 1. Written Policies & Procedures 7. Response to detected problems & corrective action initiatives 2. Assigned Compliance Officer & Committees 6. Enforcement & Disciplinary Guidelines Compliance Office Law Department Internal Audit 7. Response to Detected Problems & Correct Action Source: Adapted from various models & tools 5. Monitoring & Testing 4. Communication 3. Training & Education

7. Response to Detected Problems & Correct Action Risk Management process Incident response team & plan Detective controls From “lessons learned” develop training & education tools

Global Antibribery Policy: A Major Challenge Local laws & customs, applying local law on a global level Different country cultures & languages, respect for autonomy & “differences” Different organisational challenges, structures & cultures Does “one size fit all” & where do you set the bar: high or low?

Global Antibribery Policy: A Major Challenge Applying developed/developing country standards to an under developed country Competing resources & priorities, organisational complexities Operational silos risk-based approach Consistency & simplicity across functions & geographies Effect on competition

Thank you Elaine Murphy, MBA Director Health Care Compliance Johnson & Johnson Medical Devices & Diagnostics, UK Sue Seferian, Esq. Assistant General Counsel, Worldwide Office of Health Care Compliance, Johnson & Johnson, USA Keith M. Korenchuk, JD, MPH Covington & Burling LLP, Washington, DC, USA