The IBA’s response to the war in Ukraine  

Disclosure of an Indian issuer’s potential FCPA violations: the implications for other Indian companies

Friday 29 October 2021

Avik Biswas
IndusLaw, Bangalore

Rithika Reddy
IndusLaw, Bangalore

Arunima Kumar
IndusLaw, New Delhi


Dr Reddy’s Laboratories Ltd ('Dr Reddy’s'), a large Indian pharmaceutical company, has American Depositary Receipts (ADRs) listed on the New York Stock Exchange and is an ‘issuer’ under the Foreign Corrupt Practices Act, 1977 (FCPA). In November 2020, Dr Reddy’s made a filing before the United States Securities and Exchange Commission (SEC) stating that it had begun an investigation into an anonymous complaint alleging breaches of anti-corruption laws, specifically the FCPA.[1]

This was followed by another filing on 27 July 2021, which disclosed that the anonymous complaint alleged that healthcare professionals in Ukraine and potentially in other countries were provided with improper payments by or on behalf of Dr Reddy’s. The 27 July filing also stated that Dr Reddy’s had received a summons from the SEC, ordering it to produce documents pertaining to certain other locations.[2] While Dr Reddy’s embarks on a journey of investigations, regulatory scrutiny and legal costs, its investigation will be keenly followed by India’s corporate world and may, perhaps, be used as a benchmark for FCPA violations.

Impact of past violations

While it is difficult to anticipate the outcome of the investigation at this point given the limited information available in the public domain, it is pertinent to note that this disclosure will be the subject of intense scrutiny by the authorities concerned. A number of media outlets have alleged that the pharmaceutical sector is believed to be under an ‘industry sweep’ since 2016, which is a strategy through which FCPA enforcement authorities focus on a specific industry suspected of FCPA violations.[3] The period of 2016-2020 witnessed several enforcement actions against pharmaceutical giants such as AstraZeneca, Teva Pharmaceutical, Sanofi and other leading names. In 2020 alone, three of the eight SEC’s FCPA enforcement actions included reputed pharmaceutical companies namely, Novartis AG, Alexion Pharmaceuticals and Cardinal Health.[4]

Under the FCPA, both the US Department of Justice (DoJ) and the SEC can bring civil enforcement actions against violators. If a civil enforcement action is brought against Dr Reddy’s, significant monetary fines could be imposed on the company as reflected by recent enforcement settlements in the pharmaceutical industry. For example, Novartis AG paid US$345m to the SEC and the DoJ to settle the FCPA charges against them,[5] while Teva Pharmaceuticals parted with US$519m to settle charges against them.[6] Dr Reddy’s could also face an array of penalties including the forfeiture of the proceeds of crime or disgorgement of profits generated from the crimes. Despite past instances involving pharmaceutical companies, a company has to demonstrate obvious mitigating factors such as voluntary disclosure, initiation of an independent investigation by a law firm and the existence of a compliance programme. That said, the authorities have discretion when it comes to the importance attributed to such mitigating factors.

Recommended corporate behaviour for Indian companies

At the very outset, every Indian company including their foreign subsidiaries, should be extremely watchful of their operations and practices. Pharmaceutical companies in particular may always be in the spotlight as the very nature of the sector requires frequent interaction with government officials. The operational realities of India, given that the country has ranked 86th on the Corruption Perception Index of 2020,[7] may of course draw the attention of FCPA enforcement authorities. Accordingly, all Indian companies covered by the FCPA should evaluate their preparedness and consider the following recommendations in relation to their conduct, both before and after the discovery of potential misconduct, if any.

Pre-discovery of misconduct

At the outset, prior to the discovery of any FCPA violation(s), it is imperative that every Indian company adopts a robust compliance programme. A thorough and detailed corporate compliance programme not only assists in the prevention and detection of potential violations, but both the DoJ and the SEC often consider this a mitigating factor when deciding on enforcement action.[8] An effective compliance programme is one which translates from mere words to an undercurrent of compliance that guides all corporate actions by ensuring that senior business executives have established a culture that encourages FCPA compliance. The compliance programme should also include comprehensive anti-bribery training regimens, and adoption of a due diligence system for the recruitment of consultants, distributors and vendors inter alia.

In June 2020, the DoJ updated its 2017 version of its guidance document titled ‘Evaluation of Corporate Compliance Programs’ (2020 Guidance), which provides US federal prosecutors with guidance on how to evaluate corporate compliance programmes when making charging decisions.[9] It focuses on moving away from having a ‘paper program’ in place to a programme that is ‘adequately resourced and empowered to function effectively’. Therefore, companies must ensure that their compliance programmes have adequate funding, resources and support throughout the organisation. Perhaps the most important point is that a ‘one-size-fits-all’ approach to compliance programmes is ineffective. Every company should create tailor-made compliance programmes depending on the risks that are specific to their sector. The 2020 Guidance also lays importance on periodic review and enhancement of compliance programmes, not only based on operational data but also the ‘lessons learned’ from experience. Consequently, Indian companies must endeavour to design effective compliance programmes which are dynamic and constantly evolving to keep up with real-world challenges.

Post-discovery of misconduct

Regardless of how thorough and detailed a compliance programme may be, it is often impossible for any such programme to guarantee that corporations will not come into conflict with FCPA violations. If a company commits an FCPA violation, it is advised that they follow this two-prong strategy as soon as they learn of misconduct, which can significantly reduce their exposure: (1) voluntary self-disclosure and give full cooperation; and (2) provide timely and appropriate remediation.

Both the SEC and the DoJ place a great deal of importance on these factors while determining whether to seek an indictment and the appropriate form of resolution of the investigation.[10] The FCPA Corporate Enforcement Policy (CEP) also provides additional benefits that would accrue to the companies based on their corporate behaviour once they learn of misconduct.[11]

Voluntary self-disclosure and full cooperation

Enforcement settlements have in the past, often made it clear that self-disclosures have been rewarded with reduced penalties. Companies are strongly advised to disclose improper conduct voluntarily, promptly after becoming aware of the offence. The CEP provides that if a criminal resolution is appropriate, where a company voluntarily self-discloses, fully cooperates, and promptly and appropriately remediates, the DoJ will accord, or recommend to the sentencing court a 50 per cent reduction off the low end of the US Sentencing Guidelines fine range, except in the case of a criminal reoffender. Therefore, the relief provided in case of self-disclosures should not be underestimated by companies.

Full cooperation extended by companies during the investigation is encouraged and often incentivised by the FCPA authorities. Companies are advised to provide proactive rather than reactive cooperation. For instance, companies must disclose all facts that are relevant to the investigation promptly, even when not specifically asked to do so, make company officers and employees available for interviews whenever requested, provide real-time updates of the internal investigation and so on, in order to satisfy the threshold of full cooperation. Companies, therefore, must be cognisant of the fact that they stand to gain significant and tangible benefits accruing from self-reporting and full cooperation.

Timely and appropriate remediation          

Remediation means resolving a problem to prevent its reoccurrence or further damage. The CEP provides that in order for a company to receive full credit for remediation, the company must have effectively redressed the cause of the problem at the time of resolution. This means that companies must commence their remediation measures during the ongoing investigation itself to display their recognition of the seriousness of the misconduct. Some of the measures that companies can take are:

  • establishing and implementing an effective compliance programme or improving an existing one;
  • taking disciplinary measures including but not limited to dismissing employees involved in the misconduct as well as those with supervisory authority over the area in which the criminal conduct occurred; and
  • paying restitution and appropriately compensating those who are adversely affected due to the misconduct.

Furthermore, the CEP provides that where a company voluntarily self-discloses misconduct, fully cooperates, and remediates in a timely manner, there will be a presumption that the DoJ will decline prosecution of the company, lacking aggravating circumstances. In fact, the DoJ has announced 14 declinations in accordance with this principle from 2016 to date.[12] For instance, in 2019, the DoJ declined to prosecute Cognizant Technology Solutions Corporation[13] ('Cognizant') which was found to have authorised its agents to pay a US$2m bribe to government officials in India in exchange for securing statutory permits. The decision was made based on factors including:

  • Cognizant’s voluntary self-disclosure within two weeks of the Board of Directors learning of the criminal conduct;
  • Cognizant’s thorough and comprehensive investigation; and
  • Cognizant’s full and proactive cooperation in the matter (including the provision of all known relevant facts about the misconduct) and its agreement to continue to cooperate with the DoJ’s ongoing investigations and any prosecutions that may result from them.


Dr Reddy’s recent disclosure should serve as a cautionary alert for Indian companies that come under the ambit of the FCPA. For instance, shares of Dr Reddy’s fell over ten per cent on BSE Ltd post disclosure of the anonymous complaint.[14] Additionally, depending on the nature of the improper conduct, Indian companies could also face contemporaneous domestic prosecution under Indian law, including the Prevention of Corruption Act, 1988 and/or the Indian Penal Code, 1860. The heightened FCPA enforcement environment demands that Indian companies continue their focus on their pre-indictment conduct such as investing in robust compliance programmes, rather than relying on the ability to pay monetary penalties later and resorting to self-reporting and full cooperation after the violation is discovered.



[1] SEC Form 6-K, Dr Reddys Laboratories Ltd, published 19 November 2020, see https://sec.report/Document/0001575872-20-000308 accessed 9 October 2021.

[2] SEC Form 6-K, Dr Reddys Laboratories Ltd, published 19 November 2020, see https://sec.report/Document/0001575872-20-000308 accessed 9 October 2021.

[3] SEC Form 6-K, Dr Reddys Laboratories Ltd, published 27 July 2021, see https://sec.report/Document/0001575872-21-000154 accessed 9 October 2021.

[4] On 19 February 2016, at the annual SEC Speaks conference, the then head of the SEC’s FCPA unit, Kara Brockmeyer said, ‘The SEC is going back to the pharma industry after a break for a period of years’, see Compliance Online, 29 March 2016, www.complianceonline.co.za/category/healthcare-mca-code-of-practice accessed 9 October 2021.

[5] See, Alexion Pharmaceuticals, Novartis AG, Cardinal Health, SEC Enforcement Actions: FCPA Cases (2020), www.sec.gov/enforce/sec-enforcement-actions-fcpa-cases accessed 9 October 2021.

[6] ‘SEC Charges Novartis AG with FCPA Violations’, SEC press release, 25 June 2020, available at www.sec.gov/news/press-release/2020-144 accessed 9 October 2021.

[7] Richard L Cassin, ‘Teva Announces $519 million FCPA settlement’, The FCPA Blog, 22 December 2016, https://fcpablog.com/2016/12/22/teva-announces-519-million-fcpa-settlement accessed 9 October 2021.

[8] See Transparency International, Corruption Perceptions Index, 2020, www.transparency.org/en/cpi/2020/index/nzl.

[9] See The Principles of Federal Prosecution of Business Organisations, Chapter 9-28.000 of the Justice Manual; see also Seaboard Report, www.sec.gov/rules/ policy/2010/34-61340.pdf. Both lay emphasis on an effective compliance programme as one of the factors in deciding the form of resolution and monetary penalty.

[10] US DoJ, Criminal Division, Evaluation of Corporate Compliance Programs, June 2020, see www.justice.gov/criminal-fraud/page/file/937501/download accessed 9 October 2021.

[11] 'A Resource Guide to the US Foreign Corrupt Practices Act', (2nd edn), see www.justice.gov/criminal-fraud/file/1292051/download accessed 9 October 2021.

[12] 'FCPA Corporate Enforcement Policy', see https://www.justice.gov/criminal-fraud/file/838416/download accessed 9 October 2021.

[13] US DoJ, DoJ Declination letters, see https://www.justice.gov/criminal-fraud/corporate-enforcement-policy/declinations accessed 9 October 2021.

[14] DoJ Declination letter, Cognizant Technology Solutions Corporation, 13 February 2019, see www.justice.gov/criminal-fraud/file/1132666/download accessed 9 October 2021.

[15] ‘Dr Reddy's slips over 10% post June quarter results, anonymous complaint’, Business Standard (Mumbai, 27 July 2021) https://www.business-standard.com/article/markets/dr-reddys-slips-8-post-june-quarter-results-stock-hits-over-3-month-low-121072700557_1.html accessed 9 October 2021.