Slide Notes From CCC Presentation At Zinc Forum - PRT Efficiency - Turbo-Char...
3rd Party Vendor Mgt - IBC Pres'n - 17 March 2015 (PM)
1. IBC Pharmaceutical Conference - Compliance
Shanghai, China
17 March 2015
Maija Burtmanis, LLB/BSc, LLM
Life Sciences Legal / Compliance Executive
EFFECTIVE THIRD PARTY
COMPLIANCE STRATEGIES
2. Third
Parties
posing an
elevated
AB risk
Managed by
Other Functions
Managed by
Procurement
Key Third Parties
• Distributors
• Co-marketing
• Contract Field Forces
• BD&L deals
EXAMPLES
• Contract or Clinical
Research Organizations
(CROs)
• Congress & Events
• Agents (eg Mkt research)
OUT OF SCOPE EXAMPLES
• Insurance/Benefits
• Government Agencies & Tax
Office
• Employee & social-related
expense
EXAMPLE
• Co-promotion
Third Parties within “Due Diligence scope”
OUT OF SCOPE EXAMPLES
• Suppliers of laboratory
equipment
• Warehousing &
transportation
3. 3
Third Party Risks:
Industry Specific, Operational & Transactional
Current regulatory
environment expects, and
regulators are increasingly
demanding that companies
know who is conducting
business on their behalf
and the risks associated
with doing business with
these vendors.
Third party compliance
failures could primarily
threaten a company’s
reputation.
4. Payments By Third Parties: FCPA AND Local Laws
• Payments to Third Parties (e.g., agents or representatives) made with the knowledge
that any portion of the funds might be used to make a corrupt payment to a foreign
Govt Official violates the FCPA and local laws.
Test: What would a reasonable observer
assume or suspect after assessing all the facts?
Test: Tendering –
what do local procurement laws say?
Test: Is the payment “legally documented” and traceable?
5. Current State of Third Party “Risk Management”
• Risks have evolved quickly: regulatory changes, increased scrutiny, more parameters to
“manage”.
• Many organizations do not have mature Third Party Risk Management Programs in place
• Many organizations do have “the basics” in place, namely:
(i) Financial controls
(ii) Essential business continuity protocols
(iii) Preservation of data and site security
• Third Party Risk Management is hard to “budget for” – modest investments into people
and resources
• There appears to be minimal co-ordination within some companies regarding this
“business critical” issue – no one wants to take “ownership” (Finance, Commercial, Legal,
Compliance?)
• However, the risks posed by Third Parties are profound and are often the subject of
major investigations…….
5
7. Third Party Vendor Management
What are some of the other challenges organisations face?
• Complexity of Third-Party Partnerships – Multiple Parties deal with MNCs
• The volume and diversity of third parties increases the challenge of identifying and
prioritizing the riskiest external business partners in an efficient, systematic manner.
• Unclear Organisational Ownership
• Compliance and ethics departments struggle to achieve buy-in across the organization for
ensuring third-party compliance and to develop scalable approaches to support internal and
external partners in proactively managing third-party risks.
• Insufficient Influence Over “Third-Party Compliance”
• Compliance and ethics officers cite diminishing influence over third parties as the
relationship evolves over time, indicating a need for better monitoring processes and
incentives to ensure the ongoing health of the partnership.
7
8. Third Party “Ideal Practice Management”
• Regular Communication – Cement the Relationship!
• Meetings (ideally Face to face) for regular updates
• Assign a “relationship manager” with the Vendor – inform the organization.
• Integrity Agreements
• Whistleblowing
• Do your Vendors have access to an internal hotline or other personnel to report
concerns?
• Training
• For the Vendor
• Face to face is best
• Provision of key policies – Code of Conduct & Anti-bribery Policy
• Certification required and tracked as a performance measure
• For the Commercial Folks
• Are the commercial folks fully aware of their roles and responsibilities? Do they
have necessary knowledge and skill set? How do Legal & Compliance help?
Work as a “team” for sustainable partnerships & long term success
8
9.
10. Third Party Vendor Management
Monitoring
• Finding the “right balance” so as not to disrupt or distract the business……
easier said than done.
• Data collection challenges
• Databases – legal concerns?
• Field or “live” visits
• Questionnaires from vendors
• Manual intelligence gathering
• Some key focus areas:
• Percentage and value of “inventory” held
• Records pertaining to inventory management
• Client base – Public v Private market
10
12. Areas for better dealings with Third Parties
12
• Robust contracts: non compliance with law amounts to a “material breach”; disclosure
of any / all conflicts of interest mandatory; introduce an “Integrity Agt” as a key
contractual obligation; always include a mandatory right to audit books & records.
• Prohibit the exportation of products outside of defined Territories – otherwise, you face
issues like parallel importation (or questionable counterfeits).
• Prohibit payments in cash in any circumstance: a standing instruction.
• Take careful note of any Third Parties who have been prosecuted or who face public
prosecution; or have been sanctioned / fined by an Govt agency. Sourcing information
coming from the public domain (which is voluminous).
• Take a strong and very public stand against rogue Third Parties who may use intimidator
tactics to “withhold” company owned MAHs / licenses for ransom.
13. “Winning with Integrity”
means being vigilant, transparent, honest, and in constant communication
on material issues with key Business Partners and Stakeholders.
Thank you.
Questions?