Hidden compliance risks for life sciences companies
The life sciences industry has some unique challenges when it comes to compliance. But if you think third party compliance risks are bad, don’t take your eye off fourth and fifth parties, says Allan Matheson.
Early life science pioneers in foreign markets earned a reputation for lax ethical behaviour, making them a prime target for regulators. Though pharmaceutical firms and medical device makers have cleaned up their acts, regulatory hasn't really let up. The industry's multi-level relationships with government-linked customers, such as hospitals and doctors, puts them squarely in the sights of enforcement agencies like the Department of Justice (DOJ) and Securities and Exchange Commission (SEC).
In 2020, life science firms accounted for a third of the SEC's enforcement actions. Against this backdrop, it's surprising that many life sciences companies — particularly small- to medium-sized ones — still don't have a firm grip on their whole universe of partner risks.
Some have an unfounded belief that enforcement agencies don't care much about smaller companies. Others take compliance seriously but invest the lion's share of their efforts into monitoring direct third parties while overlooking risky relationships those parties might have with other business partners. This is a risky strategy because it leaves companies open to ethics violations of the broader universe of agents and distributors. Medical device makers and pharmaceutical companies are just two of many life sciences sectors that must be on guard.
No matter whether a partner is a third party or a tenth party, ignorance is no excuse if regulators come knocking in response to bribery or other corrupt practices carried out on a company's behalf.
When companies target new markets, most will ensure their distribution partners sign legal agreements stating they won't engage in corrupt practices. But the implementation of these arrangements tends to be shaky, especially in certain parts of the world including Asia, Africa, the Middle East and Eastern Europe. That distributor may go on to engage their own agents who may have very different ethical standards.
Get control back
It's easy to see how quickly things can get out of control when life science companies have tangential business relationships with fourth and even fifth parties. The only solution is a thorough, proactive due diligence program that asks detailed questions of partners. The programme should account for market access, government relations and other relationships that are endemic to the life sciences industry.
Also, the programme should provide a clear picture of other companies with which their partners are working and the nature of the relationship. It needs to be able to raise red flags, such as a distributor having a former health ministry official on its board. It should also provide an ongoing picture of which fourth or fifth party agents are operating in a country on your behalf.
Another requirement: your company’s compliance program needs the ability to track and confirm the identity of partners to ensure they are who they claim. Bad actors on official government blacklists will often go to great lengths to re-invent themselves and obscure their real identity through creative corporate structures. Seeing through these tricks is a difficult task, but not impossible.
A decade ago, life sciences firms were early adopters of robust compliance technology — far ahead of other industries. Now that advantage has become a disadvantage. Many firms have outdated methods. In the meantime, other industries that also rely on international agents and distributors — such as tech startups — are implementing up-to-date programmes. Running a strong compliance programme that truly covers all the risks isn’t impossible without updated technology; but it is a lot harder.
The most important thing to remember is that your company is liable for the actions of rogue agents, sub-distributors or even consultants who are working for a third party. Rigorous and focused due diligence is a requirement. Ignorance is not a defence when it comes to DOJ or SEC enforcement actions.
About the author
Allan Matheson is CEO of Blue Umbrella.