Shop Talk: Compliance in Life Sciences

Corporate compliance in the life sciences industry can be quite the headache these days.

THE PANELISTS

The following executives participated in the March 25 roundtable on compliance, risk, and liability in the Life Sciences industry:

Yusuf Azizullah,

Former IT Compliance Officer,

AstraZeneca

Frank Bigley,

Chief Compliance Officer,

Novo Nordisk

Andrew Dahlinghaus,

Senior Corporate Counsel & Compliance Officer,

Covidien

Dan Dunham,

Chief Compliance Officer,

Astellas U.S.

William Farran,

General Counsel,

Innophus Holdings

Daniel Garen,

Chief Compliance Officer,

Siemens Healthcare Sector USA

Gary Giampetruzzi,

Assistant General Counsel,

Pfizer

David Hodgson,

Partner,

Deloitte & Touche

Ty Howton,

Chief Compliance Officer,

Vertex Pharmaceuticals

Elizabeth Jobes,

Chief Compliance Officer,

Adolor Corp.

Christina Reisinger,

Director, Risk Management,

Cephalon

Michelle Scharfenberg,

Senior Corporate Counsel,

Integra LifeSciences

Mark Stehr,

Partner,

Deloitte & Touche

First is the stepped up pressure from regulators for better corporate behavior, like public companies in all industries are enduring. Then comes the extra burden of being in a highly regulated business, which the drug and healthcare sectors certainly are. And finally, there is the matter of strict vicarious liability for compliance failures, uniquely forced onto the life sciences industry thanks to the Food, Drug, and Cosmetic Act.

Little surprise, then, that when Compliance Week and Deloitte co-hosted an editorial roundtable in March to talk about compliance challenges in the life sciences sector, frustrations occasionally ran high.

“Most companies want to do the right thing. They want to be responsible corporate citizens,” said David Hodgson, a partner at Deloitte and head of its enterprise risk services for the life sciences sector. The problem? “It can be difficult for companies and individuals to have a clear understanding of what the government wants them to do.”

The threat of vicarious liability in the life sciences sector (often known in the industry as “Park liability,” after a court case affirming the principle) is case in point. At least in theory, the Food and Drug Administration or the Justice Department can use that doctrine to punish executives for compliance failures elsewhere in their company—even if the executives had no knowledge of the misconduct, and the business had a compliance function that at least tried to prevent such behavior.

In reality, regulators have never used Park liability to hold an executive personally liable for a mistake he or she did not know about. But they could, and that is what has compliance officers worried.

“Because the Park doctrine … has only recently been revived by the government, and is based on limited case law, no one knows how it will be applied or the actions necessary to avoid its use,” said Ty Howton, chief compliance officer of Vertex Pharmaceuticals. “While the case law raises defenses for `extraordinary measures’ taken to prevent or stop activity, companies need additional instruction from the government so that appropriate steps can be taken to comport with prosecutorial expectations.”

Other participants at the roundtable went further, fearing that an especially bold prosecutor might push Park liability to extremes that a company simply couldn’t address.

“When you read the Park case, even extraordinary measures may or may not be enough to prevent prosecutions,” said Gary Giampetruzzi, assistant general counsel and head of government investigations for Pfizer. “Discretion has presumably been exercised in the past, but in the current environment you could potentially have individuals being pursued under a strict liability doctrine for something they have no practical ability to prevent, and despite the existence of a state of the art compliance program.”

“Is that really the kind of policy that should be promoted?” he added.

What the industry really needs, attendees said, is productive dialogue with regulators to understand what the government’s expectations are. One chief compliance officer at the event likened that conversation to how a police officer might lecture juveniles about how to be responsible citizens. “Why doesn’t the Justice Department have responsibility to engage in discussions with general counsels and compliance officers and really set some guidelines?” she asked.

That executive—who, not surprisingly, did not want to be named—continued that “there is something wrong, intuitively, if the way you know the rules is by reading what everybody else did wrong … Just tell us what the rules are. We’ll try to follow them.”

Others advocated for the creation of safe-harbor provisions, to encourage companies to come forward with misconduct and otherwise nurture the growth of compliance programs.

“Enforcement is always necessary for those failing to take even minimal efforts to comply,” said William Farran, general counsel at Innophos Holdings, a maker of biochemicals. “But if no-fault, vicarious liability is the only tool used by government, one must ask just what the objective is.”

Education of Boards

Many attendees said vicarious liability is a top concern for their boards as well, especially as more and more senior executives end up in the headlines for non-compliance. Others said their boards are still trying to understand the idea, and perhaps aren’t as concerned about it as they should be.

The challenge, they said, is that boards by their nature are separate from the behavior in the local business market. That means compliance and risk officers must sometimes steer board members toward understanding which issues are most important, Howton said. And because the composition and experience of board members vary, the actual messages presented to board members will vary as well.

Mark Stehr, another partner at Deloitte in the contract risk and compliance practice, warned that boards prioritize and have limited attention spans due to the many demands on their time. That can force a compliance officer to plan accordingly to keep the board focused on what’s important. For example, he said, the best compliance program in the world won’t matter much if weak controls allow noncompliance to go undetected.

Elizabeth Jobes, chief compliance officer at Adolor Corp.

Ty Howton, chief compliance officer at Vertex Pharmaceuticals, makes a point as Christina Reisinger, head of risk management at Cephalon, looks on.

Third-Party Risks

And, as always, risks posed by third-party intermediaries—distributors, suppliers, joint venture partners, and the like—was another popular topic of discussion. Life sciences companies have little choice but to compete in international markets, with the growing middle classes in China, India Brazil and elsewhere. But that inevitably requires a company to employ business strategies that include third parties.

That, in turn, heightens the risk of violating the Foreign Corrupt Practices Act, since so many healthcare systems around the world are controlled by the state. Indeed, Justice Department officials have already warned the pharmaceutical industry that they plan to pay more attention to how U.S. companies win business with state-run healthcare systems, with the FCPA clearly in mind.

One executive said that trust in your employees is paramount, since they are the ones interacting with customers and the ones who could offer an improper payment. “Knowing that they are solid people, and that compliance matters to them, gives me comfort in what they are offering,” he said.

Attendees also wondered about how to change the behavior of employees in other parts of the world, especially when their practices and customs differ substantially from norms in the United States.

“It’s about understanding the DNA in those countries,” Stehr said. “How is training done in other parts of the world where compliance is viewed differently? How do you put incentives in place to reward employees to follow corporate policies, U.S. laws and regulations?”

Making people feel like they own the compliance program is crucial, Farran said. “It is a line responsibility.”

And do not make the mistake of turning a blind eye (or even assuming you can turn a blind eye) if a company agent does something wrong. “It is not uncommon for a company to be held responsible for the performance of individuals in the supply chain, including the behavior of third-party intermediaries,” Stehr said. “Ignorance is not a defense.”