IBC Pharmaceutical Conference - ComplianceShanghai, China

17 March 2015

Maija Burtmanis, LLB/BSc, LLM

Life Sciences Legal / Compliance Executive

EFFECTIVE THIRD PARTY COMPLIANCE STRATEGIES

ThirdPartiesposing anelevatedAB risk

Managed by

Other Functions

Managed by

Procurement

Key Third Parties

• Distributors

• Co-marketing

• Contract Field Forces

• BD&L deals

EXAMPLES

• Contract or Clinical

Research Organizations

(CROs)

• Congress & Events

• Agents (eg Mkt research)

OUT OF SCOPE EXAMPLES

• Insurance/Benefits

• Government Agencies & Tax

Office

• Employee & social-related

expense

EXAMPLE

• Co-promotion

Third Parties within “Due Diligence scope”

OUT OF SCOPE EXAMPLES

• Suppliers of laboratory

equipment

• Warehousing &

transportation

3

Third Party Risks:

Industry Specific, Operational & Transactional

Current regulatory

environment expects, and

regulators are increasingly

demanding that companies

know who is conducting

business on their behalf

and the risks associated

with doing business with

these vendors.

Third party compliance

failures could primarily

threaten a company’s

reputation.

Payments By Third Parties: FCPA AND Local Laws

• Payments to Third Parties (e.g., agents or representatives) made with the knowledge that any portion of the funds might be used to make a corrupt payment to a foreign Govt Official violates the FCPA and local laws.

Test: What would a reasonable observer

assume or suspect after assessing all the facts?

Test: Tendering –

what do local procurement laws say?

Test: Is the payment “legally documented” and traceable?

Current State of Third Party “Risk Management”

• Risks have evolved quickly: regulatory changes, increased scrutiny, more parameters to “manage”.

• Many organizations do not have mature Third Party Risk Management Programs in place

• Many organizations do have “the basics” in place, namely:

(i) Financial controls

(ii) Essential business continuity protocols

(iii) Preservation of data and site security

• Third Party Risk Management is hard to “budget for” – modest investments into people and resources

• There appears to be minimal co-ordination within some companies regarding this “business critical” issue – no one wants to take “ownership” (Finance, Commercial, Legal, Compliance?)

• However, the risks posed by Third Parties are profound and are often the subject of major investigations…….

5

6

Third Party Vendor Management

What are some of the other challenges organisations face?

• Complexity of Third-Party Partnerships – Multiple Parties deal with MNCs

• The volume and diversity of third parties increases the challenge of identifying and prioritizing the riskiest external business partners in an efficient, systematic manner.

• Unclear Organisational Ownership

• Compliance and ethics departments struggle to achieve buy-in across the organization for ensuring third-party compliance and to develop scalable approaches to support internal and external partners in proactively managing third-party risks.

• Insufficient Influence Over “Third-Party Compliance”

• Compliance and ethics officers cite diminishing influence over third parties as the relationship evolves over time, indicating a need for better monitoring processes and incentives to ensure the ongoing health of the partnership.

7

Third Party “Ideal Practice Management”

• Regular Communication – Cement the Relationship!

• Meetings (ideally Face to face) for regular updates

• Assign a “relationship manager” with the Vendor – inform the organization.

• Integrity Agreements

• Whistleblowing

• Do your Vendors have access to an internal hotline or other personnel to report concerns?

• Training

• For the Vendor

• Face to face is best

• Provision of key policies – Code of Conduct & Anti-bribery Policy

• Certification required and tracked as a performance measure

• For the Commercial Folks

• Are the commercial folks fully aware of their roles and responsibilities? Do they have necessary knowledge and skill set? How do Legal & Compliance help?

Work as a “team” for sustainable partnerships & long term success

8

Third Party Vendor Management

Monitoring

• Finding the “right balance” so as not to disrupt or distract the business……

easier said than done.

• Data collection challenges

• Databases – legal concerns?

• Field or “live” visits

• Questionnaires from vendors

• Manual intelligence gathering

• Some key focus areas:

• Percentage and value of “inventory” held

• Records pertaining to inventory management

• Client base – Public v Private market

10

Monitoring Efforts & Internal Controls

11

Areas for better dealings with Third Parties

12

• Robust contracts: non compliance with law amounts to a “material breach”; disclosure of any / all conflicts of interest mandatory; introduce an “Integrity Agt” as a key contractual obligation; always include a mandatory right to audit books & records.

• Prohibit the exportation of products outside of defined Territories – otherwise, you face issues like parallel importation (or questionable counterfeits).

• Prohibit payments in cash in any circumstance: a standing instruction.

• Take careful note of any Third Parties who have been prosecuted or who face public prosecution; or have been sanctioned / fined by an Govt agency. Sourcing information coming from the public domain (which is voluminous).

• Take a strong and very public stand against rogue Third Parties who may use intimidator tactics to “withhold” company owned MAHs / licenses for ransom.

“Winning with Integrity”

means being vigilant, transparent, honest, and in constant communication

on material issues with key Business Partners and Stakeholders.

Thank you.

Questions?