In brief

The recently signed United States-Kenya Strategic Trade and Investment Partnership (STIP) focuses on enhanced engagement, increased trade and investment, and sustainable and inclusive growth that is beneficial to both countries. The agreement aligns with the US’s renewed Prosper Africa initiative, announced a year ago.

The United States-Kenya Strategic Trade and Investment Partnership (STIP) was signed on 14 July 2022. The agreement outlines the enhanced engagement and high standard of commitment between the two countries, focuses on increased investment and sustainable and inclusive growth that will be of benefit to both countries’ citizens and businesses. The agreement also includes the intention to support regional economic integration in East Africa. 

A year ago, in July 2021, the United States (US) administration announced that it would renew its Prosper Africa initiative, to increase reciprocal trade and investment between the US and African countries. At that time, the US noted that the initiative would focus on improving trade and investment in sectors such as infrastructure, energy and climate solutions, healthcare and technology. Seventeen US government agencies working as part of this initiative were given a mandate to, among other things, empower African businesses, offer deal support and connect investors from the US with those in Africa.

Also noted at the renewed Prosper Africa launch was the intention to focus on trade projects that support women, and small and medium enterprises in Africa. Under President Biden, US engagement with African countries promised to focus on strengthening these trade relationships in a strategic, co-operative and reciprocal way under the vision of ‘shared prosperity’ between Africa and the US.  The US has also expressed its support for the African Continental Free Trade Area, the Africa-wide free trade zone, stating that it wants to see the growth of Africa’s economic power in the world.

Via the US-Kenya STIP, the two countries have identified key areas that they will develop into “an ambitious roadmap for enhanced cooperation” including agriculture, anti-corruption, digital trade, environment and climate change action, good regulatory practices, a focus on micro, small and medium enterprises (MSMEs), promoting workers’ rights and protections, supporting the participation in trade of women, youth and others, increased collaboration on standards and the facilitation of trade and customs procedures. The agreement has a heightened focus on sustainability, innovation and good governance, and highlights the requirement that all measures introduced under the agreement must be advantageous to local communities, consumers and businesses in both countries.

With regard to the agricultural sector, the agreement notes that an enabling environment for agricultural innovation will be facilitated to increase food security and farm productivity. It also outlines the role of digital inclusion and accessibility, the need for resilient and secure digital infrastructure and online consumer protection in order to foster trust, address discrimination and promote development in the digital economy. Emerging issues in digital trade will also be monitored and considered. Environmental protection, climate change adaptation and mitigation and conservation are also high on the agenda. Both countries have highlighted the importance of sustainability when using natural resources as they strengthen their mutual commitments and trade relationship. A commitment to sound regulatory practices, such as adequate time for public consultations on proposed regulations, basing decisions on science and evidence and regularly undertaking risk and regulatory impact assessments is also noted as a key focus area. 

The agreement outlines the importance of supporting MSMEs, in particular those owned by women, youth and persons with disabilities, stating that this is essential for sustainable economic growth. Best practice exchanges and roundtables are planned in this regard. Issues such as good pay, high quality jobs and the development of trade policies that facilitate the role of women and children in international trade are key focus areas of this agreement. Workers’ rights and protections, in particular compliance with local labour laws and the promotion of dialogues and mutual cooperation in the labour and employer arena, are also regarded as areas of importance.

The two countries stated via the agreement that they will engage in detail on their respective trade processes, and prepare, adopt and apply regulations, standards and procedures based on mutually agreed practices. They also acknowledged the pandemic’s impact on supply chains and the benefits of introducing streamlined and simplified border procedures, especially in terms of access for new entrants to the market. Also acknowledged in the agreement is the importance of accelerating the implementation of the World Trade Organisation Trade Facilitation Agreement, which provides for the expedited movement and clearance of goods, and outlines trade facilitation and customs compliance cooperation measures for customs authorities. The STIP agreement also notes that customs practices and enforcement procedures between the two countries will be considered in a mutually cooperative and transparent way. The introduction of trusted trade benefits for low risk importers, particularly for participants in the Authorized Economic Operator program, will also be considered. This will be a significant development that other African customs authorities will surely take note of and aim to emulate in the future.

The agreement aligns with and reinforces the ideals laid out in the US’s Prosper Africa initiative and, as such, further reciprocal bilateral and regional trade agreements with Africa countries are expected to be signed in the near future. Such agreements are expected to eventually replace the non-reciprocal African Growth and Opportunity Act (AGOA), which allows duty- and quota-free exports from eligible African countries into the US, and which is due to expire in 2025. The enhanced engagement and commitment outlined in the US-Kenya STIP will provide numerous opportunities for the citizens and businesses of both countries to prosper from increased and sustainable trade and investment.

The post Kenya: Shared prosperity – the United States and Kenya sign Strategic Trade and Investment Partnership appeared first on Global Compliance News.


CORRECTION: An earlier version of this story said State Department received a lower grade than they did. The story has been updated to reflect State’s accurate score.

The House Oversight and Reform Committee doesn’t plan to retire the data center category under the Federal IT Acquisition Reform Act (FITARA) scorecard after all.

The 14th version of the bi-annual grades released July 27 shows the committee will indeed retire the data center optimization category, but add a new one around data center consolidation. The committee is holding a hearing on Thursday about the results of the scorecard.

“From fiscal years 2016 through 2021, the Office of Management and Budget and agencies have reported on the closures of several thousand data centers and saved approximately $5 billion. However, as of July 2022, the Federal IT Dashboard reported over a hundred remaining planned data center closures between fiscal 2022 and 2025,” the committee wrote in the scorecard. “Before data center reporting requirement sunsets, demonstration that agencies have closed the maximum number of data centers possible is desired.”

The data center closure requirement is set to sunset Oct. 1, unless Congress extends it.

The decision to evolve the data center category comes after the committee and the Government Accountability Office signaled it was ready to sunset the category altogether during the FITARA 13 hearing.

In the meantime, Sen. Jacky Rosen (D-Nev.) plans to introduce the Federal Data Center Enhancement Act in the coming days that would require agencies to do more to secure their remaining data centers. The Senate Homeland Security and Governmental Affairs Committee plans to mark up the bill at its Aug. 3 business meeting.

The bill, according to a draft summary obtained by Federal News Network, would require OMB to develop minimum requirements for federal data centers related to cyber intrusions, data center availability, mission-critical uptime and resilience against physical attacks, wildfires and other natural disasters. The bill also would remove a provision in FITARA that requires agencies to focus on cost savings or cost avoidance through data center consolidation and optimization.

While Rep. Gerry Connolly (D-Va.), chairman of the government operations subcommittee and co-author of FITARA, hasn’t given up on pressing agencies to close more data centers, he is ready to wind up the CIO authorities category under the scorecard.

This one attempts to hold agencies’ secretaries and administrators accountable to ensure chief information officers have a “seat at the table” with other senior executives to influence and impact decisions.

“Of the 24 major agencies, 16 CIOs report to the head of their agency (or the deputy) and six CIOs have established agency policies that allow for direct reporting over some, but not all, IT decisions,” the committee wrote. “CIOs that do not report to the head of the agency weakens their ability to effectively manage IT. Given the history of federal IT failures, this is a concern.”

Only two agencies, from the departments of Justice and Labor, do not report directly to the secretary or deputy secretary.

The committee hasn’t said why it plans to sunset this category given 8 of 24 CIOs don’t have a direct report to agency senior leadership.

“As discussed during the January 2022 FITARA hearing, a variety of factors including changing data availability, agency resolve and an advancing IT landscape catalyzed the subcommittee to once more evolve the scorecard,” Connolly said at the hearing. “Since then, the subcommittee engaged a multitude of stakeholders and the Government Accountability Office to explore potential improvements to the scorecard’s data and methodology. These conversations have resulted in our latest effort to use the scorecard to incentivize agencies to advance their IT and acquisition priorities.”

Beyond the two category changes, the FITARA 14 scorecard shows a significant downward trend among eight agencies. Only one agency, the U.S. Agency for International Development, received an “A” grade, while the departments of Transportation and Defense dropped to “D+,” marking only the third “D” grades given since July 2020.

Source: House Oversight and Reform Committee July 2022 FITARA 14 scorecard.

“Notably, many agencies’ grades were impacted by the removal of the data center optimization initiative methodology sunset and absence of available data for cybersecurity cross-agency priority goals,” the committee wrote. “If the same methodology from the prior scorecard had been used, four agencies’ grades would have increased and 20 would have remained the same.”

The committee said OMB stopped tracking the metrics under the Trump administration’s cross-agency priorities for cybersecurity. So instead, the committee relied solely on inspector general reports on the Federal Information Security Management Act (FISMA).

Based on the IG reports, 10 agencies received “F” grades for cybersecurity, while nine received “D” marks. In the December 2021 scorecard, no agency received an “F” grade and the committee handed out six “D” marks.

Source: House Oversight and Reform Committee FITARA 14 scorecard.

OMB spokeswoman Isabel Aldunate said in a statement that the Biden administration has made significant progress in transforming federal cybersecurity over the last year through the move to zero trust architecture and addressing long-standing problems.

“These grades for federal agencies are based on an outdated, compliance-oriented approach and no longer reflect the progress agencies have made, which is why we’re working with Congress to recommend an approach that reflects the rapidly evolving nature of the threats that agencies face,” she said.

Additionally, OMB is working with the Cybersecurity and Infrastructure Security Agency and the National Cyber Director in the White House to determine the cyber data can be published publicly without putting agencies at risk of  exposing potential vulnerabilities.

The other reason for an agency’s scores is continued struggles with the transition to the Enterprise Infrastructure Solutions (EIS) contract.

The committee said seven agencies improved overall, but still handed out 11 “Fs” and three “Ds.”

This story will be updated.





In brief

In an attempt to protect its oil and gas industry, Texas has passed legislation that seeks to punish investment firms that divest from fossil fuel related investments.

On 16 March 2022, the Texas Comptroller of Public Accounts, Glenn Hegar, sent a letter to 19 major financial companies which was not limited to US or Texas-based companies and included Japanese companies requesting verification that they do not engage in investment policies that result in the boycott of fossil fuel-based energy. This request was made pursuant to Texas Government Code Chapter 809: recent legislation prohibiting the Texas Government from investing in financial companies that take any action intended to penalize, inflict economic harm, or limit commercial relations with a company based on the company’s involvement in fossil fuel-based energy.


  1. Definition of boycott energy company
  2. SEC scrutiny of ESG disclosure to investors
  3. What happens next?

If the Comptroller determines that any of these companies is “boycotting energy company”, the consequences are severe. The names of a financial company boycotting energy company will be published on a public list. Unless such financial companies cease boycotting energy companies within certain period thereafter, Texas Government entities will be prohibited from contracting with that company, will need to divest any interest held in that company and will be prohibited from further investing in that company. The ramifications of Chapter 809 are significant because the state-run investment funds that Texas is threatening to divest from impacted investments collectively hold hundreds of billions of dollars in assets. For example, some of the funds identified in the bill include the USD 214 billion Texas Permanent School Fund; and the Employees Retirement System of Texas and Texas Municipal Retirement System funds, both of which manage around USD 35 billion. As Texas Government Code Chapter 809 does not rely on extraterritorial application, rather it governs  the application of investment policy, companies which do not have any subsidiary, branch or representative office in Texas will still be subject to this legislation.

Importantly, financial companies that fail to provide a response to the Comptroller’s request before the 61st day from receipt are presumed to be boycotting energy companies and will be included on a public list. Since the original 19 letters, Comptroller Hegar has sent similar letters to around 160 other publicly traded investment companies, and he intends to send more in the near future.

In a Press Release, Comptroller Hegar stated that his frustration is rooted in financial companies that claim they are committed to the fossil fuel sector when directed to conservative, energy states, while conversely also pushing net-zero and other environmental, social, and governance (ESG) policies addressed towards the public sector. In an Open Letter to the Comptroller, the Lieutenant Governor of Texas, Dan Patrick, reiterated these sentiments, targeting specific companies he believed to be counteracting Texas fossil fuel-based energy companies’ best interests.

The thrust of all of this is simple: Texas is attempting to push back on these new investment trends using its influence as a powerful institutional investor.

Definition of boycott energy company

While the potential consequences of being deemed a “boycotting energy company” by the Comptroller are intimidating, the terms within the legislation are still ambiguous enough to warrant uncertainty regarding whether a company is truly at risk.

For example, in Section 809.001(1), refusing to deal with a fossil fuel-based energy company is not considered boycotting if it is committed pursuant to an “ordinary business purpose.” The state of Texas has yet to define what conduct would constitute an “ordinary business purpose,” and it is unclear how this standard will be applied in practice. For example, based on the language of the statute, it is undecided as to whether refusing to invest in a risky fossil fuel industry, such as arctic oil drilling, would be allowable. Moreover, it is also uncertain whether Texas would consider hedging between green and fossil fuel-based energy for regular diversification purposes as an ordinary business purpose or a full-blown boycott.

While Texas was undoubtedly inspired to pass this legislation due to policy motivations surrounding its prominent oil and gas industry, the extent to which other fossil fuel industries are protected is uncertain. Boycotting an industry such as coal may not cause a similarly targeted response from Texas legislators, but based on the language of the legislation, it would still be considered to be boycotting energy companies.

SEC scrutiny of ESG disclosure to investors

In connection with capital markets, in the event that financial companies publicly declare their ESG policy, such financial companies must ensure that their response to the Comptroller is harmonized with any similar disclosure to investors or filing with The U.S. Securities and Exchange Commission.

Through the initiation of recent Enforcement Actions by the SEC, it is clear that the SEC plans to thoroughly investigate funds that claim to be environmentally responsible in order to ensure that they are accurately incorporating ESG factors into their investment selection process. Thus, ensuring that a response to the Comptroller is in line with any similar disclosure to investors or filing with the SEC is important. 

What happens next?

Texas legislators have proven their willingness to protect the state’s oil and gas sector, but it is unclear how they will apply the reach of Chapter 809 in the process. 

We expect the Comptroller’s office to provide further clarity over the coming months.  We also predict that the Comptroller’s office will continue to serve these questionnaires upon various financial institutions, both before and after the formalization and publication of the initial list of financial institutions that “boycott energy companies.”

If your firm receives a letter from the Comptroller’s office, action is imperative.  The strict 60-day deadline to respond to the request excludes the possibility of extensions, so it is important that a carefully-tailored response is provided on a timely basis.  Your firm should also consider what, if any, further actions can be taken to ease the Comptroller’s concerns.

If your firm has not yet been contacted by the Comptroller’s office, we recommend considering whether Chapter 809 poses a material risk and if so, developing an action plan.  As noted above, the deadline cannot be extended, so it is better to begin to gather documents and brainstorm potential responses before the clock starts running.

Finally, Texas is not alone in the fight to keep its fossil fuel industry entrenched. Similar bills that punish fossil fuel divestment and discourage carbon-neutral commitments have been introduced in other states, including West Virginia, Oklahoma, Indiana, and Louisiana. It appears that legislation to protect the fossil fuel industry is a primary goal for the Republican party this year, but the enforcement process remains uncertain. Thus, financial firms invested in states that have prominent fossil fuel-based energy industries should also begin to think about how they would respond to a similar request.

The post Japan: Summary of Texas Government Code Chapter 809 appeared first on Global Compliance News.


In brief

On 8 July 2022, the Department of Justice (DOJ) announced a settlement of cybersecurity fraud charges against Aerojet Rocketdyne Inc. (Aerojet) following an action under the False Claims Act (FCA). Aerojet agreed to pay USD 9 million to the US government to settle allegations that it misrepresented its compliance with cybersecurity requirements when entering into federal government contracts with NASA and the Department of Defense. The case started when Aerojet’s former employee, Brian Markus, filed a qui tam action against the company under the FCA after it allegedly failed to protect sensitive information pursuant to government rules about cybersecurity. The case was settled on the second day of trial. This is the DOJ’s second settlement in the last nine months under its Civil Cyber-Fraud Initiative, thus signaling the government’s sustained focus on combatting cybersecurity fraud through the FCA.


  1. Background
  2. Procedural history
  3. Trial
  4. Settlement
  5. Why it matters
  6. Client takeaways


Aerojet manufactures products for the aerospace and defense industry, and it contracts with federal government agencies including the Department of Defense (DoD) and the National Aeronautics and Space Administration (NASA). Both the DoD and NASA impose regulations on defense contractors to implement specific controls to protect sensitive government information from cybersecurity threats, namely, Defense Federal Acquisition Regulation 48 C.F.R. § 252.204-7012 (DFARS) and NASA Federal Acquisition Regulation 48 C.F.R. § 1852.204-76 (NASA FARS).1

From June 2014 to September 2015, the relator Brian Markus (“Relator“) was employed by Aerojet as its senior director for Cyber Security, Compliance & Controls.2 Relator claimed that, as early as 2014, Aerojet was not compliant with the relevant regulations and that the government awarded Aerojet contracts based on its misrepresentations of compliance. In July 2015, Relator refused to sign documents that Aerojet was compliant with cybersecurity requirements, contacted the company’s ethics hotline, and filed an internal report. Aerojet terminated Relator’s employment on 14 September 2015.3

Procedural history

On 29 October 2015, Relator filed a qui tam action under the FCA,4 alleging that Aerojet misrepresented its compliance with cybersecurity regulations and fraudulently entered into government contracts with DoD and NASA, despite knowing that it did not meet the minimum standards to be awarded government contracts.5 In June 2018, the government declined to intervene in Relator’s action, after which the case was unsealed.

On 4 January 2019, Relator filed his Second Amended Complaint (SAC) which alleged claims for: (1) promissory fraud in violation of 31 U.S.C. § 3729(a)(1)(A); (2) false or fraudulent statement or record in violation of 31 U.S.C. § 3729(a)(1)(B); (3) conspiracy to submit false claims in violation of 31 U.S.C. § 3729(a)(1)(C); (4) retaliation in violation of 31 U.S.C. § 3730(h); (5) misrepresentation in violation of California Labor Code § 970; and (6) wrongful termination.

Aerojet responded to the SAC by filing a motion to dismiss the complaint and moving to compel the employment-related claims to arbitration. On 8 May 2019, Judge William B. Shubb of the District Court for the Eastern District of California dismissed Relator’s conspiracy claim and granted Aerojet’s request to compel the employment-related claims to arbitration. However, the Court denied Aerojet’s motion to dismiss the first two counts under the FCA. Particularly, the court found that Relator had sufficiently pled materiality under the FCA, noting that although Aerojet had disclosed certain areas of noncompliance to the government, it had allegedly failed to disclose the full extent of its noncompliance. 

The parties cross-moved for summary judgment or adjudication on the remaining FCA claims. The government also filed a statement of interest in which it opposed Aerojet’s arguments. On 1 February 2022, the Court granted Aerojet’s motion as to Relator’s false certification claim, but denied Aerojet’s motion as to the promissory fraud claim. The Court also denied motions for summary judgment from both parties on the issue of damages.


On 26 April 2022, jury trial commenced on Relator’s promissory fraud claim. A jury was selected, and the parties delivered their respective opening statements.

Under the FCA, persons who violate the Act may be liable for up to three times the actual damages “which the Government sustains because of the act” giving rise to liability.6 Heading into trial, Relator claimed that Aerojet owed damages of USD 19 billion, or three times the sum of each invoice paid under each contract that was obtained through the allegedly false statements or fraudulent conduct.7 In addition, had Aerojet been found to have violated the FCA, it would have been subject to debarment or suspension and civil penalties, which are also provided for under the FCA. Aerojet claimed that the government had suffered no actual damages since Aerojet had provided the goods and services the government had contracted to receive.


Aerojet agreed to pay USD 9 million to the US government to settle the cyber-fraud allegations.

The settlement agreement does not include any admission of fault or liability on the part of Aerojet.

Why it matters

Aerojet is the first cybersecurity compliance FCA case to move past a motion to dismiss, a motion for summary judgment, and then to trial and settlement. This demonstrates a judicial willingness to recognize cyber-fraud as a viable basis for a qui tam FCA lawsuit.

This is the second settlement announced in connection with the DOJ’s Civil Cyber-Fraud Initiative, which it launched in October 2021. The Civil Cyber-Fraud Initiative was created to increase cybersecurity compliance by using the FCA to pursue cybersecurity-related violations committed by government contractors, subcontractors, and grant recipients. The first such settlement was in March 2022 and involved Comprehensive Health Services (CHS), which was accused of failing to store government employees’ medical records on a secure electronic medical record system in violation of government contract requirements. The CHS allegations were also raised via a qui tam lawsuit, in which the government partially intervened.

Client takeaways

  • Trial risk is a significant motivation to settle. Facing uncertainty regarding damages, the parties decided to settle on just the second day of trial, despite over three years of litigation and investigation.
  • Under the Civil Cyber-Fraud Initiative, the federal government will continue to use the FCA to hold government contractors accountable if they make false, misleading or incomplete representations regarding cybersecurity compliance in their government contracts.  
  • Given the uptick in cybersecurity enforcement, government contractors must be diligent in their compliance with cybersecurity regulations and careful in their assurances to the government when entering into government contracts.
  • Appropriate disclosures to the government regarding non-compliance can be key to determining materiality under the FCA.  Disclosures to and any waivers from the government must be carefully crafted and documented. Here, the parties agreed that the government contractor had not fully complied with cybersecurity requirements and that it had in fact disclosed the non-compliance to the government.  Nonetheless, Relator and the government relied on their claim that these disclosures did not fully reveal the extent of the non-compliance at the motion to dismiss and summary judgment stages.
  • As with other areas of FCA enforcement, enforcement of cybersecurity-related fraud will rely significantly on qui tam actions. Accordingly, government contractors should have systems in place to properly respond to internal warnings.  This includes, inter alia, having sufficient resources to investigate allegations raised through internal reporting mechanisms. It also involves ensuring that the functions responsible for cybersecurity receive adequate resources to assess risk, mitigate cyber threats and ensure compliance with government requirements. 

1. United States ex rel. Markus v. Aerojet Rocketdyne Holdings, Inc., No. 2:15-cv-02245 WBS AC, 2022 US Dist. LEXIS 18505, at *3-4 (E.D. Cal. 1 February 2022).

2. Id. at 2.

3. United States ex rel. Markus v. Aerojet Rocketdyne Holdings, Inc., 381 F. Supp. 3d 1240, 1244 (E.D. Cal. 2019).

4. 31 U.S.C. §§ 3729 – 3733.

5.  The defendants were Aerojet Rocketdyne Holdings, Inc. and Aerojet Rocketdyne, Inc. a wholly-owned subsidiary thereof. For purposes of simplicity, the defendants will be collectively referred to as “Aerojet.”

6. 31 U.S.C. § 3729(a).

7. United States ex rel. Markus v. Aerojet Rocketdyne Holdings, Inc., No. 2:15-cv-02245 WBS AC, 2022 US Dist. LEXIS 18505, at *21 (E.D. Cal. 1 February 2022).

The post United States: Aerojet settlement signals DOJ’s sustained focus on combatting cyber-fraud through the False Claims Act appeared first on Global Compliance News.


The FTC’s new direction in pharmaceutical and PBM enforcement

In brief

Over the past few months, the Federal Trade Commission (FTC) has engaged in a comprehensive review of how the agency should evaluate antitrust issues affecting the pharmaceutical distribution stack.


A. Key takeaways

B. In depth

1. Pharmacy Benefit Managers (PBMs)

2. Pharmaceuticals

3. Scrutiny of the Interplay Between PBMs and Pharmaceutical Companies

C. Recommended actions

On 7 June, the FTC unanimously approved a Section 6(b) study into the business practices of pharmacy benefit managers (PBMs).1 A week later, the FTC hosted a two-day workshop entitled, “The Future of Pharmaceuticals” on June 14th and 15th that purported “to explore new approaches to enforcement the antitrust laws in the pharmaceutical industry.”2 The very next day, the FTC issued a unanimous policy statement on ramping up enforcement against any illegal rebate schemes by brand-name pharmaceutical companies that might stifle competition from generic or biosimilar drugs.3 The FTC also has shown glimpses of new policy changes in recent enforcement actions in the pharmaceutical industry, including a closer look at the nascent competition.

Key takeaways

These various initiatives highlight a number of areas where the agency has shown an interest in reinvigorating its approach:

  • Greater scrutiny of nascent competition, including pre-clinical pipeline activities;
  • Broader consideration of post-merger R&D incentives even where a specific product overlap or market has not been defined;
  • Increased consideration of past conduct in assessing harm that might emerge as a result of a merger;
  • Heightened interest in whether companies with large portfolios of products can use that ownership to harm competition;
  • New attention to certain business practices—particularly rebates; and
  • Deeper focus on vertical integration—particularly with respect to “conflicts of interest” that may arise post-integration.

Although these initiatives are varied and target different parts of the pharmaceutical stack, the FTCs actions signal a broader interest in adopting new approaches and a more aggressive enforcement posture when evaluating competition in markets involving pharmaceuticals.

In depth

Pharmacy Benefit Managers (PBMs)

On 7 June 2022, the FTC issued special orders to the country’s six largest PBMs,4 intermediaries that negotiate reimbursement rates and dispense fees with retail pharmacies, manage drug costs, and package these various services into a pharmacy benefit sold to health plans and plan sponsors. The special orders were issued under Section 6(b) of the FTC Act, which allows the FTC to study broader industry practices. These orders broadly probe three areas of concern:

Conflicts of interest concerning vertically integrated PBM/pharmacies

  • Do PBMs that are vertically integrated with retail pharmacies charge special fees and issue clawbacks to unaffiliated pharmacies?
  • Do PBMs employ anticompetitive methods to steer patients away from rival pharmacies and towards their own pharmacies?
  • Do vertically integrated PBMs unfairly audit independent pharmacies?

Complex and opaque pricing structures

  • Do PBMs employ unduly complex or opaque pricing structures for determining pharmacy reimbursement?
  • Do PBMs take rebates and fees from drug manufacturers to create a formulary design that favors higher-costing pharmaceuticals over lower-costing ones?

Administrative complexity

  • Do PBMs use prior authorizations and specialty-drug policies to restrict access to certain drugs?

While this study targets the purported effects of PBM practices, FTC Chair Lina Khan and Commissioner Rebecca Slaughter previously (and unsuccessfully) tried to authorize a broader study that also sought to examine whether “a range of [PBMs’] commercial practices” contributed to “troubling trend[s] in the drug retailing and fulfillment sectors.”5


For the Biden Administration, starting under then Acting Chair Slaughter and continuing under current Chair Khan, the pharmaceutical industry has been a significant priority for the FTC. Whether it is a two-day workshop on pharmaceutical mergers, a policy statement, or enforcement actions, the FTC is signaling an interest in taking a new approach in this space. In particular, participants in the workshop on “The Future of Pharmaceuticals: Examining the Analysis of Pharmaceutical Mergers” highlighted some new areas of emphasis:

  • Nascent Competition. Chair Khan raised concerns around nascent competition, stating, “[w]e … have seen empirical reports showing that killer acquisitions, or acquisitions made for the purpose of shutting down potential competitors, may be relatively common in the pharmaceutical industry.”6 Accordingly, the FTC alleged a lessening of competition from a “nascent, innovative competitor” in a recent consent decree.7
  • Innovation Competition. In her keynote remarks, Commissioner Slaughter signaled an intention for a closer review of mergers that reduce R&D, stating that “we must not limit our enforcement to existing products and pipeline products.” Commissioner Slaughter suggested that the FTC take a more expansive view of “innovation harms.” For example, she called for scrutiny at the level of “how clinical trials are conducted” and “how drugs are delivered.” She also called for scrutiny of “platform technologies” that could have applications in “different” treatment fields beyond those that are currently being contemplated by the transacting parties.
  • Reduced Availability of Capital to Fund Innovation. Commissioner Slaughter raised concerns that mergers can negatively affect the incentives of smaller non-merging parties. She observed that “if a merger reduces the number of large firms that are the target sales audience for a new innovation being developed by a pharmaceutical startup,” it could “affect the availability of capital to those startups.”
  • Past Conduct Informing Predictions of Future Conduct. Commissioner Slaughter stated that “the pharmaceutical industry has a particularly checkered legacy of anticompetitive conduct” and that the FTC “do[es] not pretend this anticompetitive activity does not exist when [] considering parties proposing to acquire their competitors.”8
  • Portfolio Effects. Other panelists also noted that so-called “conglomerate mergers” where a company acquires a portfolio of pharmaceuticals that are not direct substitutes might allow the merged firm to use bundling to ensure their whole line of products gains preferred status on a PBMs formulary.

In sum, these comments reflect a more wide-ranging view of the potential competitive concerns presented by pharmaceutical mergers and the need for the FTC to take a more aggressive enforcement posture than it has in the past.

Scrutiny of the Interplay Between PBMs and Pharmaceutical Companies

On 16 June, the FTC released a Policy Statement titled “Rebates and Fees in Exchange for Excluding Lower Cost Drug Products.” The Statement references complaints regarding the rebates and fees that drug manufacturers pay to PBMs. At the same time, the statement distinguishes between payments that “incentivize PBMs and other intermediaries to steer patients to higher-cost drugs over less expensive alternatives” from “good-faith rebates and fees for legitimate services that increase value to payers and patients.”9 The statement then outlines how the FTC may challenge the former type of payments:

  • As “Exclusionary agreements” that constitute either (1) an “unreasonable agreement” under Section 1 of the Sherman Act, (2) “monopolization” under Section 2 of the Sherman Act, (3) unlawful “exclusive dealing” under Section 3 of the Clayton Act, or (4) “unfair methods of competition” under Section 5 of the FTC Act;10 or
  • Under Section 2(c) of the Robinson-Patman Act (RPA), which prohibits certain kinds of price discrimination and commercial bribery in connection with the purchase or sale of goods.11 Commissioner Alvaro Bedoya, in a separate statement, elaborated that “[i]f buyers (say, an insurer and their insured customers) use an agent (say, a PBM) to negotiate on their behalf, and that agent takes payment from the seller (say, a drug manufacturer), this may create a conflict of interest. It may also be commercial bribery violating [the RPA].”12

Overall, this interplay of rebating practices between drug manufacturers and PBMs may become a factor in future investigations into PBM and/or pharmaceutical mergers.

Recommended actions

  • Anticipate that antitrust authorities will look at a broader set of evidence in identifying harms to the competition, including previous conduct and ownership of a portfolio of products or services in the same space;
  • Among harms that the antitrust authorities have always considered, such as innovation harms, expect them to engage in more sedulous inquiries into how companies compete to innovate;
  • Be prepared for agencies to probe deeper into pipeline productions for an assessment of whether the merger harms nascent competition; and 
  • Be aware of perceived entanglements with other parts of the pharmaceutical stack, such as rebates from drug manufacturers to PBMs or vertical integration between PBMs and retail pharmacies, as those interrelationships may serve as the basis for greater scrutiny.

FTC Launches Inquiry Into Prescription Drug Middlemen Industry, Federal Trade Commission, Press Release (June 7, 2022)
The Future of Pharmaceuticals: Examining the Analysis of Pharmaceutical Mergers, Federal Trade Commission (June 14-15, 2022)
FTC to Ramp Up Enforcement Against Any Illegal Rebate Schemes, Brives to Prescription Drug Middlemen That Block Cheaper Drugs, Federal Trade Commission, Press Release (June 16, 2022)
6(b) orders were issued to CVS Caremark, Express Scripts, OptumRx, Humana, Prime Therapeutics, and MedImpact Healthcare Systems. FTC Launches Inquiry Into Prescription Drug Middlemen Industry, Federal Trade Commission, Press Release (June 7, 2022)
Remarks by Chair Lina M. Khan, Transcript of Open Commission Meeting, pg. 28 (February 17, 2022)
Remarks by Chair Lina M. Khan, The Future of Pharmaceuticals: Examining the Analysis of Pharmaceutical Mergers, pg. 3 (June 14, 2022)
7 Compl., In the Matter of Medtronic plc/Intersect ENT, Inc., Dkt. No. C-4763 at ¶ 7 (F.T.C. May 7, 2022)
Remarks by Commissioner Rebecca Kelly Slaughter, The Future of Pharmaceuticals: Examining the Analysis of Pharmaceutical Mergers, pg. 8-9 (June 14, 2022)
Policy Statement of the Federal Trade Commission on Rebates and Fees in Exchange for Excluding Lower-Cost Drug Products, Federal Trade Commission, pg. 4 (June 16, 2022)
10 Id. at 5.
11 Id. at 5-6.
12 Statement of Commissioner Alvaro M. Bedoya Regarding the Commission’s Rebate Policy Statement, pg. 2 (June 16, 2022)

The post United States: Shaking up the pharmaceutical stack appeared first on Global Compliance News.


On June 30, 2022, the US Department of Commerce’s Bureau of Industry and Security (“BIS”) announced four key policy changes to strengthen the administrative enforcement program and tackle external threats. These policy changes prioritize the “most serious violations” and cases that pose the greatest danger to US security.

The four policy changes made to the BIS’s Administrative Enforcement Program include:

Imposition of Significantly Higher Penalties

The most serious administrative violations will trigger more stringent penalties to deter future bad actors and level the playing field. BIS is expected to update aggravating and mitigating factors in the existing settlement guidelines to address this policy change and ensure the guidelines are more uniformly applied.

Using Non-Monetary Resolutions for Less Serious Violations

Violators whose breaches do not pose “serious national security harm” but exceed a warning letter or no-action letter, will be offered non-monetary settlement agreement resolutions to rectify the violation in return for violators accepting responsibility, admitting to the conduct, and committing to enhanced compliance measures.

Elimination of “No Admit, No Deny” Settlements

Violators will no longer be able to settle allegations against them without having to admit to the underlying factual conduct. However, admission will grant the resolving party a reduced penalty. This policy change is another effort to promote transparency and accountability among all relevant parties.

Dual-Track Processing of Voluntary Self-Disclosures (“VSDs”)

VSDs involving minor or technical infractions will be resolved on a “fast-track” with a warning letter or no-action letter within 60 days of receipt of a final submission. Conversely, VSDs that indicate potentially more serious violations will be assigned to both a field agent and an Office of Chief Counsel attorney for an in-depth investigation. The Department of Justice’s Counterintelligence and Export Controls Section will assign an attorney as well in the most serious cases.

The post United States: BIS announces new policy changes to strengthen its existing administrative enforcement program appeared first on Global Compliance News.


Heightened focus on sustainability and social impact

In brief

The Partnership for Global Infrastructure Initiative (PGII) was launched in June 2022 at the G7 Summit in Germany. See our insight on the topic here – International: G7 unveils the Partnership for Global Infrastructure a – Baker McKenzie InsightPlus. The PGII is a USD 600 billion lending initiative to fund infrastructure projects in the developing world, with a particular focus on Africa. One of the aims of the initiative is to help address the massive infrastructure investment gap in Africa.

In depth

In late June 2022, it was announced at the G7 Summit in Germany that a USD 600 billion lending initiative, the Partnership for Global Infrastructure Initiative (PGII), would be launched to fund infrastructure projects in the developing world, with a particular focus on Africa. The G7 countries – Canada, France, Germany, Italy, Japan, the United Kingdom (UK) and the United States (US) – explained the PGII would help address the infrastructure gap in developing countries.

The US

The US has recently renewed its focus on impact-building and financing strategic, long-term infrastructure projects in Africa, with the Export-Import Bank of the United States (EXIM) supporting infrastructure development on the continent. According to a 2020 report by McKinsey and Company – Solving Africa’s infrastructure paradox – the US accounts for 38% of global investors who have an appetite for African investment, by far the most of any country. In 2021, the US launched a refreshed “Prosper Africa initiative”, focusing on improving reciprocal trade and investments that create jobs and build infrastructure between the two regions. In 2022, the US announced it would mobilise USD 200 billion over the next five years as part of the PGII, in the form of grants, financing and private sector investments. Some deals have already been announced, including, for example, a USD 2 billion solar energy project in Angola, and the building of multiple hospitals in Côte d’Ivoire.   

The EU

In February 2022, the European Commission announced investment funding for Africa worth EUR 150 billion. The funding package is part of the EU Global Gateway Investment Scheme and is said to be in the form of EU combined member funds, member state investments and capital from investment banks.

In early 2020, the European Commission published its Comprehensive Strategy with Africa, outlining the region’s plans for its new, stronger relationship with the continent. The strategy document laid out five top priorities for the EU in Africa: the green transition and improving access to energy; digital transformation; sustainable growth and jobs; peace and governance; and migration and mobility.

The UK

The UK is also making a strong play for influence, investment and trade with Africa, post-Brexit. Further to key summits in 2020 and 2021, finance is being redirected into Africa from the UK. In 2022, UK development finance institution (DFI), British International Investment (formerly CDC Group), announced it had exceeded its pledge to invest GBP 2 billion in Africa over the last two years. The UK’s Global Infrastructure Programme helps partner countries (including in the African continent) to build capacity to develop major infrastructure projects, setting up infrastructure projects for success and paving the way for UK companies to support these projects.

Further, in November 2021, it was announced that the governments of South Africa, France, Germany, the United Kingdom and the United States of America, along with the European Union, were in negotiations to form a long-term Just Energy Transition Partnership. The partnership focuses on boosting the decarbonisation of the South African economy, with a commitment of USD 8.5 billion for first round financing. It is expected that 1-1.5 gigatonnes of emissions will be prevented over the next 20 years, assisting South Africa to accelerate its just transition. Discussions are also currently taking place to establish a similar partnership in Senegal.

African solutions

The African Development Bank noted in early 2022 that Africa’s infrastructure investment gap is estimated at more than USD 100 billion per year.  

DFIs are increasingly anchoring the infrastructure ecosystem in Africa – serving a critical function for project finance as investment facilitator and a check on capital. DFIs can shoulder political risk and access government protections in a way that others cannot, enter markets others cannot and are uniquely capable of facilitating long-term lending. The large amount of capital needed to fill the infrastructure gap, however, means that DFIs cannot bridge it alone. Private equity, local and regional banks, debt finance and specialist infrastructure funds are primed to enter the market, and multi-finance and blended solutions are expected to grow in popularity as a way to de-risk deals.

The African Union’s 55 member states have stated that their primary funding needs include support in terms of safety and security on the continent, as well help in implementing the African Continental Free Trade Agreement (AfCFTA) and the massive infrastructure investment it needs to be successful. The development of supporting infrastructure is key to boosting AfCFTA’s free trade potential, especially in terms of transportation, energy provision, internet access and data services, education and healthcare infrastructure projects.

Infrastructure projects in Africa now also have a heightened focus on improving Africa’s capacity for green, low-carbon and sustainable development, via, for example, clean energy, community healthcare and support, green transport, sustainable water, wildlife protection and low-carbon development projects. Funding such projects comes with responsibility –  projects must not only be bankable and yield attractive returns, but must also be sustainable and provide tangible benefits to local economies and communities. All of Africa’s major partners have noted they will prioritise projects that commit to Environmental, Social and Governance principles, and access to capital for large infrastructure projects is likely to contain sustainability requirements.

That the focus of the PGII is on the sustainability and the social impact of these projects in Africa is further evidenced in the White House briefing room statement issued at the launch in June 2022, where it was stated that the PGII will “mobilize hundreds of billions of dollars and deliver quality, sustainable infrastructure that makes a difference in people’s lives around the world…”

The post Africa: The impact of the G7’s multi-billion dollar plan on the continent’s infrastructure gap appeared first on Global Compliance News.


By Michael Moore, Sr. Manager of Digital Innovation, HITRUST

As part of the HITRUST mission to foster Rely-Able assurances through a transparent assurance program methodology, HITRUST recently revamped the MyCSF help site to include a number of useful (and free) resources. This blog post highlights just a few of these exciting additions with a focus on the new HITRUST calculator tools.

Requirement Scoring Calculator

Accurately performing HITRUST Assessments requires a firm grasp of not only the HITRUST Scoring Rubric, but also an understanding of the HITRUST Assurance Program Advisories with important user-impacting updates (i.e., rubric versions, control maturity weights, and CAP vs. gap scoring thresholds). If you’ve ever been involved in a HITRUST assessment, chances are you have a go-to spreadsheet template to answer the following types of assessment-dependent questions:

  • Would a CAP be needed if a requirement scored out at 0% policy, 50% process, and 100% implemented? (Answer: Maybe, depending on the assessment type and how the rest of the requirements in the control reference also scored.)
  • What PRISMA grade would result from a requirement that scores at 25% policy, 75% process, 0% implemented, 50% measured, and 25% managed? (Answer: 2 – using the current control maturity weights of 15/20/40/10/15 and 2 using the legacy weights of 25/25/25/15/10.)
  • How does requirement-level scoring differ between Basic, Current-state (bC) assessments and Implemented, 1-year (i1) assessments? (Answer: bC uses a 1×3 model and i1 uses a 1×5 model.)

The new HITRUST Requirement Scoring Calculator lets you explore different scoring scenarios for a single requirement across all HITRUST assessment types, including the i1 and bC Assessments. It supports both the current and legacy control maturity weights, and allows measured and managed to be optionally excluded for r2, custom, and targeted assessments. Its logic is up-to-date on HITRUST Assurance Program Advisories and is reflective of requirement-level scoring in MyCSF. To use, simply click on a score for each control maturity level and watch the calculator determine the requirement’s raw score, PRISMA grade (e.g. 2+, 1-), and HITRUST CSF framework compliance status.

HITRUST Inheritance Calculator

The HITRUST Shared Responsibility and Inheritance Program allows organizations to place reliance on shared information protection controls that are available from internal shared IT services and external third-party organizations, including: service providers, vendors and suppliers of cloud-enabled applications and technology platforms (SaaS and IaaS/PaaS), colocation (colo) data center hosting services, and other managed services.

A critical component of this program is the MyCSF inheritance workflow, which allows IT service providers to share their HITRUST Assessment results with their customers in an efficient and controlled manner. It’s the best implementation of control inheritance out there. However, calculating the overall score of a HITRUST CSF requirement inherited from another HITRUST Assessment can be complex. When you add in scenarios like cross-assessment-type inheritance (e.g., from an i1 into an r2) or multiple inheritance providers with varying weights, it’s easy to get lost in the scoring math.

The HITRUST Inheritance Calculator enables you to run a wide range of inheritance scenarios and see how the requirement-level score is calculated. It supports:

  • Cross-assessment-type inheritance (example: from an i1 into an r2),
  • Inheriting from multiple inheritance providers,
  • Varied weights per inheritance provider,
  • Converting a raw requirement score to a rubric-normalized score,
  • Inheriting from an N/A requirement into an applicable requirement (and vice versa), and
  • All HITRUST Assessment types (r2, i1, bC, targeted, and custom).

The HITRUST Inheritance Calculator logic mirrors that of MyCSF, allowing you to explore a scenario without having to actually originate inheritance requests in a real assessment. This is a must-have tool in your HITRUST toolbelt.

HITRUST Sampling Calculator

Online sample size calculators have long been a thing, as have random sampling tools. Until now, none have been freely available that incorporate the HITRUST prescriptive sampling guidance outlined in the HITRUST Scoring Rubric and discussed in the HITRUST Assurance Program Requirements.

The new HITRUST Sampling Calculator can be used in the numerous sampling scenarios encountered in HITRUST r2 and i1 Validated Assessments, including:

  • Sampling from a point-in-time population,
  • Sampling control occurrences of controls operating at a defined frequency (such as daily, weekly, monthly, quarterly),
  • Sampling control occurrences of controls operating at an undefined frequency (like as needed controls), and
  • Testing automated controls.

Not only does the HITRUST Sampling Calculator define the minimum sample size required, it also can be used to randomly generate sample selections based on the population size or testing date. The selections can be copied to a clipboard for easy importing into Excel, and the whole calculator can be exported for optional inclusion in the HITRUST Assessment documentation. If you’ve been using something like or a custom spreadsheet for sample size determination and random sample selection in your HITRUST Assessments, consider giving the Sampling Calculator a go.

We’re pretty jazzed about these new calculators and hope you are too – we’d love to hear your feedback. If you have ideas for other utilities that would aid the HITRUST ecosystem, please let us know.

Follow HITRUST on Twitter.
Follow HITRUST on LinkedIn.


About the Author

Michael MooreMichael Moore, Sr. Manager of Digital Innovation, HITRUST

Michael is a Senior Manager in the Digital Innovation group at HITRUST with a specific focus on delivering new and powerful capabilities through technology enablement. Michael has spent most of his career developing prototypes for clients as a technology consultant using cloud services, web technologies, and machine learning.

The post New Calculators Add Transparency and Ease-of-Use to HITRUST Assessment Scoring, Inheritance Math, and Sampling appeared first on HITRUST Alliance.


In brief

The use of endorsements and reviews in advertising continues to be an area of active Federal Trade Commission (FTC) enforcement. The FTC has proposed updates to its Endorsement Guides to strengthen advertising guides related to endorsements and reviews.

Key takeaways

As we have previously reported, the FTC has been very active in enforcing its endorsement and testimonial guides and procuring significant penalties. Any company posting reviews or working with influencers will want to consider the proposed updates to the FTC Endorsement Guides. These updates are not necessarily new but rather clarifications and further examples of existing principles. Given that FTC penalties can be high, and a single marketing promotion may give rise to many individually actionable offenses, whether or not the proposed guides are ultimately adopted as written, we can expect that the underlying principles will remain the same.


In the proposed revisions to the guides, the FTC has:

  • Added a new section of the guides regarding consumer reviews and clarified that fake reviews can subject advertisers to liability as both deceptive endorsements and false advertising;
  • Stated that computer-generated fictional characters may be “endorsers” under the guides and that social media posts and tags can be endorsements;
  • Explained that advertising agencies, public relations firms and other intermediaries may be liable for their roles in publishing deceptive endorsements;
  • Changed definition of “clear and conspicuous” to “a disclosure that is difficult to miss and easily understood by ordinary people” and added explanations regarding what this may mean to a particular group, for example, older consumers;
  • Clarified that reliance on social media platform’s disclosure tools may not be enough and that representations made both visually and by ear must include disclosures by both means; and
  • Required disclosures of “material connection” includes disclosure of non-monetary benefits, for example, sweepstakes entry or media appearances.

In addition, the FTC also has proposed adding a new section about advertising to children and the recognition that children may react differently than adults to endorsements.

These proposed guides, invitations for comments and recent enforcement activities illustrate that this remains a focus of the FTC.

The post United States: FTC proposes updates to social media advertising review guidelines appeared first on Global Compliance News.


Baker McKenzie’s Sanctions Blog published the alert titled US Government Sanctions More than 100 Russia-Related Parties and Prohibits the Import of Russian Gold in Coordination with G7 Allies on 1 July 2022. Read the article via the link here. Please also visit our Sanctions Blog for the most recent updates.

The post US Government Sanctions More than 100 Russia-Related Parties and Prohibits the Import of Russian Gold in Coordination with G7 Allies appeared first on Global Compliance News.