Federal prosecutors have finally brought charges against executives of companies that aggressively pushed addictive prescription opioids and helped fuel the opioid crisis. In Massachusetts, five executives from Insys, including founder and former billionaire John Kapoor, were convicted of racketeering charges in connection with how Subsys, a fentanyl-based painkiller spray, was marketed. And in Manhattan, two Rochester Drug Co-Operative (RDC) executives—former CEO Laurence Doud and ex–chief compliance officer William Pietruszewski—face felony drug distribution charges for distributing dangerous opioids without raising red flags about illicit drug-dispensing practices.
The RDC charges carry a maximum sentence of life in prisonand a mandatory minimumof 10 years. The Insys executives, for their part, face up to 20 years in prison.
Tough prosecutions that can put criminal executives in prison are a welcome change for the DOJ, where white-collar prosecutions in January reached an all-time low. But another aspect of these cases is deeply troubling: the Justice Department’s agreements to refrain from prosecuting the corporations themselves. With both Insys and RDC, prosecutors opted to enter into five-year deferred prosecution agreements (DPAs).
These agreements, along with even more lenient non-prosecution agreements (NPAs), have become standard in America over the past two decades. They allow corporations to avoid prosecution so long as they meet a set of conditions set forth by the Department of Justice. This way, corporate entities can avoid the consequences of being brought to justice when they commit crimes.
If law enforcement officials are serious about fighting corporate crime, they can’t stop at prosecuting individuals. Corporations must also be held accountable for the criminal actions of executives and employees whose crimes were committed in pursuit of boosting the company’s profits.
Hundreds of these agreements were executed during and after the last financial crisis, and yet bank fraud continues virtually unmolested. The DOJ has entered multiple successive DPAs and NPAs with the same corporate wrongdoers—including JPMorgan Chase (two NPAs, one DPA), Deutsche Bank (two NPAs, one DPA), HSBC (two DPAs), Las Vegas Sands (two DPAs), and Pfizer (two DPAs)—demonstrating that these agreements offer little deterrent effect.
Furthermore, if a corporation is found to have breached one of these agreements, prosecutors negotiate whether to hold the corporation accountable, behind closed doors, with broad and unilateral discretion. Contrast this to when corporations plead guilty in a court of law. These corporations are sentenced by a judge and can be placed on probation, the conditions of which generally include strict internal reforms. If the corporation violates probation, it must argue its case for leniency in a public court, and can face strict consequences. Carnival Cruise Lines, which recently admitted to violating its probation after previously being found guilty of felony environmental violations, is a recent example of this kind of public accountability.
RDC’s DPA required it to assert that the facts filed in the DOJ’s criminal case are true. The company agreed to cooperate with further federal investigations, revamp compliance processes, be overseen by an independent monitor for three years, and pay $20 million. But this is not the first time the Justice Department has brought an enforcement action against RDC for its reckless opioid distribution practices. In 2015, the company paid $360,000 in civil penalties for failing to adequately track and report the opioids it distributed to pharmacies, an admitted violation of the Controlled Substances Act.
Insys, meanwhile, agreed to sacrifice one of its subsidiaries to prosecution while the parent corporation entered its DPA, which also required it to agree that the facts of the DOJ’s criminal case are true. Insys will not be overseen by a monitor, but it will be required to abide by a detailed corporate integrity agreement and pay $225 million in criminal and civil penalties. In response to the news of the enforcement action, its stock value jumped 135 percent.
Yes, $225 million and $20 million are a lot of money. But read past the headlines of the DOJ’s press releases and you’ll find that RDC’s crimes earned the company $20 million and that Insys made $315 million in profits from sales of the drug it illegally marketed in just the past two years.
This should be obvious, but the basic concept that “crime shouldn’t pay” means the penalty should exceed the amount the criminal profited from the crime. The U.S. Criminal Code allows for penalties up to twice the amount of a crime’s pecuniary gain. The sentencing document for the Insys subsidiary that pleaded guilty notes that, according to U.S. sentencing guidelines, an appropriate fine for Insys would be between $250 million and $550 million.
In other words, the fine Insys was sentenced to pay falls well below the conservative criminal justice standard set by U.S. law. The sentencing document goes on to say the fine against Insys was reduced because of its inability to pay. This is a privilege reserved for large corporations, not poor nonviolent drug offenders or others without political power and influence.
As long as RDC and Insys don’t violate their agreements with the DOJ—the terms of which state the corporations must not commit any crimes whatsoever (as if it was not obvious committing crimes was already forbidden)—the prosecutor will dismiss the charges at the end of the agreements’ five-year terms. The DOJ almost never finds that corporations violate these agreements.
There are uncanny similarities between this case and the federal case against OxyContin manufacturer Purdue Pharma. In 2007, the Department of Justice fined three former Purdue Pharma executives a collective $34.5 million. They avoided spending any time in jail, and Purdue subsequently paid them at least $9 million.
Meanwhile, the DOJ agreed to let Purdue Pharma sacrifice a subsidiary that had been emptied of its assets with a guilty plea to a felony charge of misbranding OxyContin. The Justice Department agreed to protect the more than 200 corporate entities comprising the Purdue Pharma enterprise by allowing them to enter a collective non-prosecution agreement.
John Brownlee, the U.S. attorney at the time, admitted in an interview with Corporate Crime Reporter that the reason the corporation was permitted to avoid prosecution was the fear that prosecution would result in an effective ban on OxyContin. Brownlee is now a white-collar defense attorney at law firm Holland & Knight.
Fast-forward to today. Purdue Pharma’s reckless, aggressive, and deceptive marketing continued largely unabated after 2007, and the opioid crisis has claimed hundreds of thousands of lives, costing society in excess of $1 trillion. Purdue Pharma and the Sackler family that owns it are facing more than 2,000 lawsuits, a reckoning for their leading role in sparking the opioid crisis. If the 2007 prosecution of Purdue Pharma had been tough enough to deter future wrongdoing, we wouldn’t be where we are today.
The prosecutions of Insys and RDC executives show the Justice Department is now clearly getting tougher on businesses that violate the law in pursuit of opioid profits. But if prosecutors are truly serious about deterring future crimes in the opioid supply chain, they should take future enforcements a step further by prosecuting both the executives andthe corporations on whose behalf they work. Because if the enforcements fail to deter future corporate crime, tougher is still not nearly tough enough.
Update: Insys filed for Chapter 11 bankruptcy, just five days after the Department of Justice asserted in its June 5 press release that the company will pay $225 million in criminal and civil penalties. The federal government is now Insys's largest creditor. It will have to compete for payment with the company's own defense attorneys.
Insys has already asked the bankruptcy judge to shave off at least $35 million from its settlement with the government, and the government, for its part, has acknowledged it does not expect full payment. The corporation intends to complete the fire sale of its assets in just 90 days.
The circumstance of Insys’s bankruptcy makes the DPA even more absurd. If prosecutors knew Insys was on the brink of collapse, why would they go through the trouble of entering into a DPA? Leaving aside the idea that to prosecute a corporation equals putting it out of business—which is a stubborn, inaccurate myth—the question remains: If the DOJ prosecutors knew Insys was going to go out of business anyway, then what stopped them from prosecuting?