Most companies have growth ambitions and often growth requires investment. Why would your Chief Compliance Officer (CCO) be essential in this ambition? Simply put, your Chief Compliance Officer should make sure you have money for investment and growth by mitigating or eliminating the risk of fines and even criminal charges.
With heavily regulated industries such as the pharmaceutical industry, being compliant is not straight forward. This is because the regulations are highly complex and frequently changing, and also because the larger organisations are very complex and multi-dimensional. Compliance in one jurisdiction may mean non-compliance in another. For a company and its investors, there is a huge risk difference between a good and a great Chief Compliance Officer. So what makes a great CCO?
Holistic view of risk – not being tempted into point solutions
It is easy to make point solutions to problems by making small policy or process changes. However, good compliance management considers the wider context and balances abiding by restrictive regulations with being innovative in solutions that do not stifle the organisation. Thinking across the entire risk chain/ compliance chain can also help the CCO discover new opportunities for raising quality and effectiveness.
Be ahead of regulatory changes and influence where possible
A proactive approach to identifying regulatory changes is, of course, essential. This may mean working with external parties such as law or consulting firms to ensure horizon scanning is done regularly. Visibility of the future regulatory landscape will ensure better alignment with the organisation’s strategy. Furthermore, it is important for the CCO to be ahead of new regulations, ensuring that when opportunities arise to influence regulations these are capitalised upon.
Develop integrated solutions and try to make compliance easy
It is essential for the CCO to make compliance as easy as possible for the organisation to achieve adoption and adherence. This means that it is crucial that the process is underpinned by tools to drive efficiency. Another way of making compliance easy is by establishing central compliance services areas so that associates are not overburdened or responsible for tasks that are not within their core skill set. One example would be a central function for ensuring vendor compliance and due diligence.
Consider culture and people to ensure compliance
It is important to consider the organisational culture to ensure compliance programs are successful. Establishing or changing a company’s culture of compliance, whether that is in reaction to a compliance event or for a different reason, requires active management. It is also important to accept that compliance starts right at the very top of the organisation. While in a compliant culture everyone is responsible, the tone is set by the leadership team and by organisation’s role models. To paraphrase Warren Bennis, just as leaders are people who do the right thing and managers merely do things right, in a compliant culture associates are expected to do the right thing because they understand what the right thing is. Apart from leading from the front line and influencing the compliance culture, the other advantage in having senior executive focused on compliance is that it simply carries more weight with regulatory and law enforcement organisations.
Good awareness of global and local activities
Pharmaceutical companies are often global, which adds complexity in managing compliance. It is therefore essential to have mechanisms in place through which the compliance function can maintain an overview of the company’s activities and initiatives, local as well as global. This can be done by ensuring representation at key committees or other methods such as monitoring programs. It is always suboptimal to determine a compliance breach through external inspection because this generally results in costly and highly reactive remediation programs. A great CCO normally has a good grasp of the ever changing initiatives within his company.
Consider consequence and HR
When considering compliance programs, it is essential to think about the consequence of non-compliance for individuals. This is an area where it is important that the compliance function works closely with HR to ensure that HR policies are updated and managers are briefed about how to handle non-compliance events. It is important that the consequence of non-compliance for employees is appropriate to ensure the desired behaviours are achieved. The desired culture has to be supported by the right incentives and disincentives–another objective of a great CCO.
Governance and structure
It is essential that the compliance function has the right structure. For example, CCOs are more effective if they have direct access to the board of directors. By giving compliance a voice at board level, a chief executive signals to the organisation that compliance is more than a cost of doing business.
Being a great compliance officer is not easy. It requires not only focus and specialist skills, but also a well-considered organisational supporting structure. When these requirements are met, a CCO will have the opportunity to ensure that the business can spend the money where they prefer – not on big fines but on growth.
Ben Enejo and Natalia Misciattelli are life sciences experts at PA Consulting Group