In an environment where medical product regulations seem to be expanding continuously, proportional investment in compliance infrastructure and controls runs the risk of diminishing returns. The key to achieving the right balance of commercial success and compliance is to focus on continuous improvement, specifically root-cause analysis. This focus creates a culture that views compliance as a positive, critically important part of the business. In fact, a recent study showed a distinct correlation between a positive approach to compliance and positive financial results.
When the authors examined 10 years of annual reports and other public documentation from the top 25 (by revenue) global pharmaceutical companies, we found senior managers in these companies are taking control of the organization’s approach to regulation. These proactive leaders believe that by embracing regulations and collaborating with authorities, pharmaceutical companies have the opportunity to help shape the regulatory landscape. Conversely, underperforming companies routinely focus on the negative aspects of compliance and blame regulators for slow growth, setbacks or lack of innovation.
This research does not provide a detailed roadmap through the regulatory challenges to financial success, but it does raise important questions that highly regulated companies need to address.
Global regulation is here to stay. Companies that prioritize a thorough understanding of each country’s requirements thrive within compliance—not in spite of it—and have the opportunity to leapfrog combative competitors.
Tying together qualitative and quantitative perspectives
Robust, effective Quality Management Systems (QMS) enable companies to implement their quality policies and processes. A QMS provides much more than quality assurance as product is released for distribution; it sets the stage for the constructive and collaborative cross-functional relationships fundamental to quality improvement across the organization. QMS processes, tools and techniques support the concepts of continuous improvement and operational excellence to meet the highest standards of product quality, safety and efficiency. Periodic review of operational and quality systems, quantitative data and key performance indicators for positive and negative trends will prompt management to take actions needed for consistent operations, cost-effectiveness and high product quality in all operational areas.
But, good quantitative results are not necessarily indicative of a quality-minded and compliance-aware culture that routinely strives to “do the right thing.” To sustain improvements documented by metrics, companies must build a culture that makes quality everyone’s responsibility. To be truly effective, leadership must move from the mindset of a rules-based culture that accepts the minimum, to a value-based culture that strives to make a broader impact.
Management can transform the compliance culture successfully by training employees and engaging them in problem-solving techniques including root-cause analysis and effective corrective and preventive actions that foster continuous improvement.
Specific requirements must be met. First and foremost, companies must insist on quality, clarity and integrity of submissions and communications with regulatory authorities. Ignoring known facts (or suspicious data) or providing a rationale that is only partially true undermines the sincerity and integrity of the approach, leading to an erosion of the desired culture.
Consistency is essential to a strong culture. Employees only need to observe one decision based on expediency or cost and their confidence in the root-cause analysis process will be shaken. For example, if a company incorrectly categorizes variations, especially in a high-profile submission, employees will get the wrong message about how to apply the rules and where corporate priorities lie.
Management also must ensure a regularly scheduled, independent review of root-cause analyses of issues and corrective and/or preventive actions. This review should include monitoring processes to ensure objective analysis and consistent application of effective corrective and preventive actions (CAPAs). An independent review also might uncover patterns of recurring issues and ineffective CAPAs, which indicate the need for further investigation.
Management should be wary of root-cause analysis results that point to insufficient user training or user error, since these tend to be symptoms, not true causes. For example, a company that consistently misses variation submission deadlines to regulatory agencies may focus on correcting individual shortcomings. Assigning a root cause to an individual, however, fails to address the underlying process or system failure. A more comprehensive look at communication and interaction among the processes and functions of departments such as regulatory, quality and operations management is warranted.
Root causes that are too broad and aggressive also should be eyed skeptically, as they may be hiding multiple, specific issues. For instance, companies often overcommit to regulatory authorities during inspections and product approvals without considering the implications of their promises. Only after the commitments are made do they realize the ramifications and then struggle to meet deadlines. Senior management should set aggressive but achievable goals and communicate (when appropriate) the status of the actions to the regulatory authorities.
Building an environment of trust
The common thread running through these efforts is trust, which becomes the most critical factor internally and externally. The authors believe the internal atmosphere of integrity carries over to regulatory relationships. A corporate environment that enables and encourages transparency and open communication will go a long way toward fostering trust among regulators. On the other hand, losing credibility with a regulatory agency can be costly and require more compliance efforts by the company over a long period while trust is re-established.
To build trusting relationships with health authorities, management should encourage the following behaviors (note that this list can be applied to all relationships):
- Share information, especially the rationale for decisions, to show management understands the impact of the information on quality.
- Demonstrate accountability throughout the organization to show that the organization takes ownership of issues and does not blame others.
- Responding honestly: “I don’t know, but I will find out” is an acceptable answer (as long as the employee does, in fact, find out).
- Keep commitments as evidence of sincere intentions and reliable follow-through.
- Acknowledge regulators’ point of view, listen actively to understand their concerns and tailor the responses accordingly.
In the simplest terms, compliance efforts are often designed to stop people from “doing bad things.” In the authors’ experience, most faulty activity is done by otherwise good and honest employees. Employees often say they were only doing what they thought was expected of them. If this is a common response, management may be setting the wrong expectations.
Management must provide an open and safe environment so employees will speak out about issues without fearing negative repercussions. One reason employees do not report issues is that the culture punishes the messenger. These employees are treated as pests or troublemakers, rather than thanked for bringing issues to light that should be fixed. Employees who raise issues or provide suggestions or solutions for improvement should be rewarded. A virtuous cycle of reward following constructive criticism becomes self-perpetuating as others join the effort.
A common response by managers to compliance issues is they “did not know there was a problem.” This is rarely because a colleague refused to provide information, but more likely because management previously ignored problems that were raised or did not provide thorough reviews of reports and data to identify patterns indicative of underlying issues.
The authors had a conversation with a large global pharmaceutical company that had received a Warning Letter, and learned the issue cited in the letter had been raised some months before the inspection during an internal audit. Their response to the audit downplayed the severity of the issue, so preventative actions did not go far enough. As a result, the US Food and Drug Administration (FDA) also identified the issue and took action in the form of a Warning Letter.
Navigating natural conflicts of interest
Leaders know well that compliance carries an inherent conflict of interest between regulatory demands and business demands. It is important to gauge how managers make difficult decisions and provide direct support and intervention to handle specific competing priorities. In effect, management must ensure the culture rewards honesty and punishes opacity.
To help employees succeed, management must train them properly to identify issues and events that need to be escalated. This is the first step to empowering employees to speak up.
Management teams must lead by example. They should not hesitate to escalate potential issues based on investigational data and root-cause analysis so the appropriate resources can be assigned to mitigate risk as soon as possible.
Routine process and system metrics based on departmental key performance indicators should be generated to ensure quality, compliance and operational trends are addressed promptly.
A risk management approach should be in place to support operational processes and systems within a department and across departments (quality, regulatory, clinical, manufacturing, etc.), particularly CAPAs requiring system or process changes.
These cross-checks help mitigate the frequent and numerous examples of misalignment of an approved change and manufactured product. It is easy to understand how this could lead to rejection of product at a country’s border, loss of sales and potentially loss of the product sale as well. A strong risk-management approach is also expected by regulators.
The benefits of a positive culture of compliance are extensive:
- Companies will enjoy improved credibility with regulators, as well as reduction of business process cycle times and improvement in quality, by setting clear objectives, defining roles and responsibilities, establishing consistent processes, and finding and correcting issues and activities that cause rework or sloppy or late submissions.
- Colleagues will operate in a sustainable cycle fueled by an encouraging environment that rewards them for identifying and communicating issues (or potential issues) and searching for root causes and improvement opportunities as a matter of routine.
- Routine monitoring of key performance indicators and data review will ensure consistent and efficient processes and identify negative trends before they become larger, more-expensive problems.
In the end, a focus on continuous improvement, specifically on thorough root-cause analysis and effective CAPAs, directly contributes to a sustainable culture of compliance. It provides a positive atmosphere for better decisions, and is expected to some degree by regulators.
A regulatory-compliant culture is based on a strong foundation of honesty, integrity and trust reflected through a confident company identity and influenced by strong values and leadership. A culture of quality-minded, empowered, satisfied and safe employees leads to the highest standard in compliance, and is carried forward because colleagues want to—not because they have to.
Susan Mozgai and David Lerner are life sciences expert at PA Consulting Group
For more information on PA's work developing the healthcare of the future, click here or contact us now.