5 minute read 18 Dec 2019
Robotic arm holding pills

Why compliance should be embedded into the pharmaceutical industry

By Tom Gregory

EY Americas Forensic & Integrity Services, Health, Sciences & Wellness Leader

Helps leading companies avoid and resolve business disputes. Sports and travel enthusiast. Father of four.

5 minute read 18 Dec 2019

As scrutiny of drug companies increases, leaders can use data to keep their companies from being caught up in the headlines or in the courts.

The pharmaceutical industry continues to be the target of unprecedented scrutiny and criticism. Regulators, politicians and patient groups allege unchecked profiteering, misleading sales and marketing tactics along with inappropriate financial relationships with prescribers.

These allegations are played out in courtrooms in the US as the public sorts through responsibility for the opioid crisis. They are reflected in the tens of billions of dollars of settlements that the U.S. Department of Justice (DOJ) and the state attorneys general have extracted from pharmaceutical companies for abusive promotional practices.

Earlier this year, the EY organization and the Financial Times organized a six-event series called “Enhancing corporate integrity” around the world. One of the events took place in Princeton, New Jersey. Here, a group of senior legal and compliance executives from the pharmaceutical industry participated in the gathering.

The attendees frequently voiced their frustration on how the industry that delivers so much to patients was suffering under the weight of such bad publicity. They were searching for solutions to stop their companies from being caught up in the headlines or in the courts.
Despite the different issues the industry faced, participants were united in their desire to highlight the many public achievements of the pharmaceutical sector and in their willingness to find, and share, solutions.

The truth is that the industry has long put forth massive efforts to develop compliance frameworks and guidances; individual companies have invested significantly to strengthen their compliance program oversight and corporate integrity.

This is borne out by the latest EY Global Fraud Survey conducted in 2018, in which 2,550 executives from 55 countries participated. Although businesses see fraud and corruption as one of the greatest risks to their business, many believe that they have reached a high level of maturity in their compliance programs.  

Risk assessments need data. An assessment’s quality has a lot to do with the data that it uses, how it analyzes the data, what output the analysis generates and the utility of that analysis in identifying compliance issues.

The pressure has intensified

While scrutiny of the industry has increased, regulators have become more sophisticated at detecting fraud and abuse. Regulators have also raised their expectations of what companies should do to promote compliance and integrity within their own organizations.

In April 2019, the Criminal Division of the DOJ updated its guidance for prosecutors on assessing an organization’s compliance program. The guidance sets out three fundamental questions:

  • Is the program well-designed?
  • Is it being implemented effectively?
  • Does it work?

At the center of DOJ guidance are three key elements: data, policies and procedures, and culture.

Data is at the heart of today’s compliance programs

Quantifying risk is a vital part of risk assessment, a key topic in the DOJ guidance. Risk assessments need data. An assessment’s quality has a lot to do with the data that it uses, how it analyzes the data, what output the analysis generates and the utility of that analysis in identifying compliance issues.

Pharmaceutical companies now have access to unprecedented amounts of data. Advancements in AI, data analytics and automation, aided by the gigantic leap in computing power, have made it possible to amass large amounts of data and to quickly identify hidden relationships and risk patterns.

AI and data analytics technologies can not only help detect existing risks, but also help predict and prevent future risks — thus enabling the compliance function to take a more proactive approach. Data is also crucial to address many other compliance issues, such as reporting, measuring training programs and vendor due diligence.

What compliance executives need to ask themselves next is: do we have a strategy

Policies and procedures need modernization

A good portion of the guidance touches upon policies and procedures — written statements of corporate intent. The DOJ emphasizes the need to “give both content and effect to ethical norms.”
“One hallmark of an effective compliance program is its capacity to improve and evolve.” What this means is that compliance officers need to keep abreast of evolving business models, organizational culture and market demands. Both external and internal factors can alter the organization’s risk profile, and those factors need to be continually assessed against existing compliance policies and procedures.

Policy guidance provided to employees needs to be more personalized and should happen in real time. In the digital age, employees are inundated with enormous amounts of information. Targeted and “just-in-time” compliance policy communication is critical so that the guidelines resonate with the employees and they stick with them. For example, leading companies are already using AI and automation technologies to deliver information about relevant compliance policies to employees ahead of a potential risk event.

Culture is the glue that holds the organization together

The DOJ guidance states that the company’s policies and procedures need to “incorporate the culture of compliance into its day-to-day operations. It is important for a company to create and foster a culture of ethics and compliance with the law.”

Leadership commitment, training and communication have long been acknowledged as indispensable to promote a culture of integrity. More and more companies are taking it further by using data and technology to help them gain insights into their organizations’ cultures. “Is culture quantifiable?” is a question that has been asked, tested and slowly put into practice by some of the leading global companies.

Implementing the Integrity Agenda

The message is clear: to improve their image among patients, providers and politicians, pharmaceutical companies must continue to enhance their compliance efforts. This includes modernization, continuous risk assessments and monitoring, and the use of sophisticated data analytics.

Companies must monitor the gap between corporate intention and actual employee behavior. Effective compliance programs can reduce that gap — this is the essence of the Integrity Agenda. An effective Integrity Agenda includes governance, culture, controls and data-based insights that align actions with the company’s goals.

Good governance means leaders setting the right example and tone from the top-down and everyone knowing who is accountable for what and why. Corporate culture should be focused on integrity with appropriate guidance and training. Effective controls for managing legal and regulatory risk should be embedded into daily operations, enabled by data and technology.

Finally, data is crucial to provide insights into potential misconduct and compliance risks, and how well behavior matches intent.

By promoting the Integrity Agenda, companies can bridge the gap between corporate intentions and actual behavior.

Summary

As scrutiny of drug companies increases, leaders can use data to keep their companies from being caught up in the headlines or in the courts.

About this article

By Tom Gregory

EY Americas Forensic & Integrity Services, Health, Sciences & Wellness Leader

Helps leading companies avoid and resolve business disputes. Sports and travel enthusiast. Father of four.